{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,4]],"date-time":"2026-03-04T17:05:22Z","timestamp":1772643922578,"version":"3.50.1"},"reference-count":26,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,10,25]]},"DOI":"10.1109\/vizsec.2015.7312772","type":"proceedings-article","created":{"date-parts":[[2015,11,2]],"date-time":"2015-11-02T23:00:01Z","timestamp":1446505201000},"page":"1-7","source":"Crossref","is-referenced-by-count":34,"title":["Visualizing the insider threat: challenges and tools for identifying malicious user activity"],"prefix":"10.1109","author":[{"given":"Philip A.","family":"Legg","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-8659.2009.01475.x"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/2016904.2016906"},{"key":"ref12","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1007\/978-3-540-30115-8_22","article-title":"The enron corpus: A new dataset for email classification research","volume":"3201","author":"klimt","year":"2004","journal-title":"Machine Learning ECML 2004"},{"key":"ref13","first-page":"1","article-title":"Visual analytics of e-mail sociolinguistics for user behavioural analysis","volume":"4","author":"legg","year":"2014","journal-title":"Journal of Internet Services and Information Security (JISIS)"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2015.2438442"},{"key":"ref15","doi-asserted-by":"crossref","DOI":"10.1109\/THS.2015.7446229","article-title":"Caught in the act of an insider attack: Detection and assessment of insider threat","author":"legg","year":"2015","journal-title":"2015 IEEE International Symposium on Technologies for Homeland Security (HST)"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/TVCG.2013.207"},{"key":"ref17","first-page":"20","article-title":"Towards a conceptual model and reasoning structure for insider threat detection","volume":"4","author":"legg","year":"2013","journal-title":"Journal of Wireless Mobile Networks Ubiquitous Computing and Dependable Applications"},{"key":"ref18","article-title":"I have to trust someone… don't I? Dealing with insider threats to cyber-security","author":"miller","year":"0","journal-title":"Technical Report"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2011.231"},{"key":"ref4","author":"cappelli","year":"2012","journal-title":"The CERT Guide to Insider Threats How to Prevent Detect and Respond to Information Technology Crimes"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2012.29"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2013.14"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1080\/19361610.2011.529413"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.5038\/1944-0472.4.2.2"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2013.37"},{"key":"ref2","article-title":"Insider threat detection by process analysis","author":"bishop","year":"2014","journal-title":"IEEE Security and Privacy Workshops (SPW) IEEE"},{"key":"ref9","article-title":"Visualizing insider activity and uncovering insider threats","author":"harris","year":"2015","journal-title":"Technical Report"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/1595676.1595678"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2014.38"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2487575.2488213"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2012.6284271"},{"key":"ref24","year":"2015","journal-title":"Insider Threats Report"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2517957.2517966"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/TVCG.2014.2346922"},{"key":"ref25","first-page":"17","article-title":"Multiple queries with conditional attributes (QCATs) for anomaly detection and visualization","author":"walton","year":"2014","journal-title":"Science New York NY USA"}],"event":{"name":"2015 IEEE Symposium on Visualization for Cyber Security (VizSec)","location":"Chicago, IL, USA","start":{"date-parts":[[2015,10,25]]},"end":{"date-parts":[[2015,10,25]]}},"container-title":["2015 IEEE Symposium on Visualization for Cyber Security (VizSec)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7310645\/7312757\/07312772.pdf?arnumber=7312772","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,23]],"date-time":"2017-06-23T22:43:53Z","timestamp":1498257833000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7312772\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,10,25]]},"references-count":26,"URL":"https:\/\/doi.org\/10.1109\/vizsec.2015.7312772","relation":{},"subject":[],"published":{"date-parts":[[2015,10,25]]}}}