{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T12:00:38Z","timestamp":1780056038223,"version":"3.54.0"},"reference-count":117,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100003630","name":"Nuclear Safety and Security Commission","doi-asserted-by":"publisher","award":["10.13039\/501100003630"],"award-info":[{"award-number":["10.13039\/501100003630"]}],"id":[{"id":"10.13039\/501100003630","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2020]]},"DOI":"10.1109\/access.2020.2990195","type":"journal-article","created":{"date-parts":[[2020,4,24]],"date-time":"2020-04-24T19:35:25Z","timestamp":1587756925000},"page":"78847-78867","source":"Crossref","is-referenced-by-count":72,"title":["A Review of Insider Threat Detection Approaches With IoT Perspective"],"prefix":"10.1109","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1030-3534","authenticated-orcid":false,"given":"Aram","family":"Kim","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0783-852X","authenticated-orcid":false,"given":"Junhyoung","family":"Oh","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4782-7692","authenticated-orcid":false,"given":"Jinho","family":"Ryu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5183-5927","authenticated-orcid":false,"given":"Kyungho","family":"Lee","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2015.2438442"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93698-7_4"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2013.14"},{"key":"ref32","first-page":"224","article-title":"Deep learning for unsupervised insider threat detection in structured cybersecurity data streams","author":"tuor","year":"2017","journal-title":"Proc 31st AAAI Conf Artif Intell"},{"key":"ref31","first-page":"1722","article-title":"Advanced insider threat detection model to apply periodic work atmosphere","volume":"13","author":"oh","year":"2019","journal-title":"KSII Trans Internet Inf Syst"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/DSC.2018.00092"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/1943513.1943544"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2012.6284271"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2015.7357562"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/PASSAT\/SocialCom.2011.211"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/MPRV.2018.03367731"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1177\/1541931218621056"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2959047"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/2487575.2488213"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1037\/lhb0000032"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/1943513.1943524"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15512-3_20"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2995959.2995964"},{"key":"ref101","author":"go","year":"2013","journal-title":"Sentiment"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/7243296"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15152-1_3"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1155\/2019\/3898951"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2015.2424677"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/2179298.2179386"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1186\/s41044-016-0006-0"},{"key":"ref58","article-title":"SoK: Applying machine learning in security–a survey","author":"jiang","year":"2016","journal-title":"arXiv 1611 03186"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/1541880.1541882"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-77322-3_5"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/5906368"},{"key":"ref54","first-page":"19","article-title":"Toward an insider threat detection framework using honey permissions","volume":"5","author":"kaghazgaran","year":"2015","journal-title":"J Internet Services Inf Secur"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/TCSS.2018.2857473"},{"key":"ref52","article-title":"Insider threat simulation and performance analysis of insider detection algorithms with role based models","author":"nellikar","year":"2010"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2012.29"},{"key":"ref4","year":"2014","journal-title":"Edward Snowden Leaks That Exposed US Spy Programme"},{"key":"ref3","year":"2018","journal-title":"Breach Level Index 2018"},{"key":"ref6","year":"2001","journal-title":"Famous Cases & Criminals Robert Hanssen"},{"key":"ref5","year":"2013","journal-title":"Bradley Manning Prosecutors Say Soldier ‘Leaked Sensitive Information’"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1002\/sec.795"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2015.423"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2014.11.011"},{"key":"ref9","first-page":"1","article-title":"Leading the IoT, gartner insights on how to lead in a connected world","author":"hung","year":"2017"},{"key":"ref46","article-title":"A graph based framework for malicious insider threat detection","author":"gamachchi","year":"2018","journal-title":"arXiv 1809 00141"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1080\/19361610.2011.529413"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2014.40"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-7133-3_5"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2808783.2808792"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/2517840.2517865"},{"key":"ref44","article-title":"An ontology for insider threat indicators development and applications","author":"costa","year":"2014"},{"key":"ref43","first-page":"47","article-title":"Supervised and unsupervised methods to detect insider threat from enterprise social and online activity data","volume":"6","author":"gavai","year":"2015","journal-title":"J Wireless Mobile Netw Ubiquitous Comput Dependable Appl"},{"key":"ref73","first-page":"131","article-title":"Applying correlation and regression analysis to detect security incidents in the Internet of Things","volume":"7","author":"lavrova","year":"2015","journal-title":"Int J Commun Netw Inf Secur"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/I-SMAC.2017.8058395"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/ICCSEE.2012.373"},{"key":"ref70","first-page":"14","article-title":"The Internet of Things in an enterprise context","author":"haller","year":"2008","journal-title":"Proc Future Internet Symp"},{"key":"ref76","volume":"43","author":"shelby","year":"2011","journal-title":"6LoWPAN The Wireless Embedded Internet"},{"key":"ref77","first-page":"1","article-title":"Intrusion detection: Host-based and network-based intrusion detection systems","author":"kozushko","year":"2003","journal-title":"Independent Study"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2016.071133"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2012.6384464"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/RFID.2009.4911212"},{"key":"ref79","article-title":"A database of computer attacks for the evaluation of intrusion detection systems","author":"kendall","year":"1999"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/3303771"},{"key":"ref62","article-title":"Understanding the insider threat. Proceedings of a March 2004 workshop","author":"brackney","year":"2004"},{"key":"ref61","first-page":"46","article-title":"Sok: A systematic review of insider threat detection","volume":"10","author":"kim","year":"2019","journal-title":"J Wireless Mobile Netw Ubiquitous Comput Dependable Appl"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/SocialCom-PASSAT.2012.106"},{"key":"ref64","article-title":"Insider threat detection study","author":"kont","year":"2015"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.8"},{"key":"ref66","first-page":"4","article-title":"Insiders and insider threats-an overview of definitions and mitigation techniques","volume":"2","author":"hunker","year":"2011","journal-title":"J Wireless Mobile Netw Ubiquitous Comput Dependable Appl"},{"key":"ref67","volume":"18","year":"2013","journal-title":"Unintentional insider threats A foundational study"},{"key":"ref68","article-title":"Common sense guide to mitigating insider threats, sixth edition","year":"2018","journal-title":"The CERT Insider Threat Center"},{"key":"ref2","author":"schulze","year":"2020","journal-title":"2020 Insider Threat Survey Report"},{"key":"ref69","first-page":"97","article-title":"That ‘Internet of Things’ thing","volume":"22","author":"ashton","year":"2009","journal-title":"RFID J"},{"key":"ref1","author":"cappelli","year":"2012","journal-title":"The CERT Guide to Insider Threats How to Prevent Detect and Respond to Information Technology Crimes (Theft Sabotage Fraud)"},{"key":"ref109","author":"cappelli","year":"2012","journal-title":"The CERT Guide to Insider Threats How to Prevent Detect and Respond to Information Technology Crimes (Theft Sabotage Fraud)"},{"key":"ref95","article-title":"Masquerade attack detection using a search-behavior modeling approach","author":"salem","year":"2009"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1111\/j.1469-8986.2010.01050.x"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1145\/1377836.1377838"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1145\/2491055.2491066"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.17487\/rfc3912"},{"key":"ref106","author":"barret","year":"2008","journal-title":"MediaWiki"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1177\/0261927X09351676"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.4102\/sajip.v29i1.88"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/5254.850825"},{"key":"ref90","year":"2016","journal-title":"Cert Insider Threat Test Dataset"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12331-3_3"},{"key":"ref102","author":"realms","year":"2015","journal-title":"WoW Census"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-61692-245-0.ch007"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1201\/b19094"},{"key":"ref110","first-page":"143","article-title":"The impact of communications data retention on fundamental rights and democracy–the case of the eu data retention directive","author":"mitrou","year":"2010","journal-title":"Surveillance and Democracy"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-16184-2_40"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1007\/s00778-007-0051-4"},{"key":"ref96","year":"1998","journal-title":"1998 DARPA Intrusion Detection Evaluation Data Set"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2013.37"},{"key":"ref10","year":"2016","journal-title":"Forecast The Internet of Things"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/SOCA.2014.58"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-39381-0_21"},{"key":"ref13","year":"2013","journal-title":"Hacked From China Is Your Kettle Spying on You?"},{"key":"ref14","first-page":"1","article-title":"Badusb—On accessories that turn evil","volume":"1","author":"nohl","year":"2014","journal-title":"Black Hat USA"},{"key":"ref15","year":"2019","journal-title":"Alexa and Google Home Devices Leveraged to Phish and Eavesdrop on Users Again"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SIOT.2015.10"},{"key":"ref82","year":"2015","journal-title":"Enron Email Dataset"},{"key":"ref117","volume":"2283","author":"nipkow","year":"2002","journal-title":"Isabelle\/HOL A Proof Assistant for Higher-Order Logic"},{"key":"ref17","article-title":"Pattern-based design of insider threat programs","author":"moore","year":"2014"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_10"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2003.1209911"},{"key":"ref84","author":"schonlau","year":"2020","journal-title":"Masquerading User Data"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1214\/ss\/998929476"},{"key":"ref83","year":"2008","journal-title":"Mc3—Cell Phone Calls"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1109\/THS.2015.7446229"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1145\/344287.344301"},{"key":"ref116","article-title":"A common language for computer security incidents","author":"howard","year":"1998"},{"key":"ref80","author":"ben-salem","year":"2009","journal-title":"RUU Dataset"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1109\/DCOSS.2013.78"},{"key":"ref89","article-title":"Balabit mouse dynamics challenge data set","author":"f\u00fcl\u00f6p","year":"2016"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-7133-3_1"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2004.824828"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2002.1028903"},{"key":"ref88","author":"greenberg","year":"2020","journal-title":"Www and Unix Data Sets"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/8948470\/09078082.pdf?arnumber=9078082","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,17]],"date-time":"2021-12-17T19:51:38Z","timestamp":1639770698000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9078082\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"references-count":117,"URL":"https:\/\/doi.org\/10.1109\/access.2020.2990195","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]}}}