{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T09:56:05Z","timestamp":1761990965348,"version":"build-2065373602"},"reference-count":11,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,9]]},"DOI":"10.1109\/ccst.2015.7389698","type":"proceedings-article","created":{"date-parts":[[2016,1,25]],"date-time":"2016-01-25T21:35:32Z","timestamp":1453757732000},"page":"287-292","source":"Crossref","is-referenced-by-count":10,"title":["AD2: Anomaly detection on active directory log data for insider threat monitoring"],"prefix":"10.1109","author":[{"given":"Chih-Hung","family":"Hsieh","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chia-Min","family":"Lai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ching-Hao","family":"Mao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tien-Cheu","family":"Kao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kuo-Chen","family":"Lee","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"journal-title":"Microsoft Windows Internals Microsoft Windows Server (TM) 2003 Windows xp and Windows 2000 (Pro-Developer)","year":"2004","author":"russinovich","key":"ref4"},{"journal-title":"Microsoft MSDN Library Tech Rep","article-title":"Directory system agent","year":"2014","key":"ref3"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/34.790429"},{"journal-title":"Microsoft TechNet Library Tech Rep","article-title":"How the kerberos version 5 authentication protocol works","year":"2015","key":"ref6"},{"journal-title":"Markov model and hidden markov model","year":"2015","key":"ref11"},{"journal-title":"Microsoft TechNet Library Tech Rep","article-title":"Active directory collection: Active directory on a windows server 2003 network","year":"2015","key":"ref5"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/5.18626"},{"journal-title":"Markov Chains","year":"1998","author":"norris","key":"ref7"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/TAAI.2010.27"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/34.291449"},{"journal-title":"Trend Micro Inc Tech Rep","article-title":"Trend micro white paper on advanced persistent threat\/apt)","year":"2013","key":"ref1"}],"event":{"name":"2015 International Carnahan Conference on Security Technology (ICCST)","start":{"date-parts":[[2015,9,21]]},"location":"Taipei, Taiwan","end":{"date-parts":[[2015,9,24]]}},"container-title":["2015 International Carnahan Conference on Security Technology (ICCST)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7369421\/7389647\/07389698.pdf?arnumber=7389698","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,3,25]],"date-time":"2017-03-25T02:35:04Z","timestamp":1490409304000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7389698\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,9]]},"references-count":11,"URL":"https:\/\/doi.org\/10.1109\/ccst.2015.7389698","relation":{},"subject":[],"published":{"date-parts":[[2015,9]]}}}