{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T07:26:48Z","timestamp":1780471608303,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3134003","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"1273-1284","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":32,"title":["Detecting Structurally Anomalous Logins Within Enterprise Networks"],"prefix":"10.1145","author":[{"given":"Hossein","family":"Siadati","sequence":"first","affiliation":[{"name":"New York University, Brooklyn, NY, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Nasir","family":"Memon","sequence":"additional","affiliation":[{"name":"New York University, Brooklyn, NY, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Spark: A lightning-fast cluster computing. https:\/\/spark.apache. org.","author":"APACHE.","year":"2017","unstructured":"APACHE. 2017. Spark: A lightning-fast cluster computing. https:\/\/spark.apache. org. (2017)."},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/357830.357849"},{"key":"e_1_3_2_2_3_1","volume-title":"Credential Stealing as an Attack Vector. https:\/\/www.schneier. com\/blog\/archives\/2016\/05\/credential_stea.html. (2016). [Online","author":"Schneier B.","year":"2017","unstructured":"Schneier B. 2016. Credential Stealing as an Attack Vector. https:\/\/www.schneier. com\/blog\/archives\/2016\/05\/credential_stea.html. (2016). [Online; accessed 15- Feb-2017]."},{"key":"e_1_3_2_2_4_1","volume-title":"Real-World Access Control. https:\/\/www.schneier.com\/blog\/ archives\/2009\/09\/real-world_acce.html. (2016). [Online","author":"Schneier B.","year":"2017","unstructured":"Schneier B. 2016. Real-World Access Control. https:\/\/www.schneier.com\/blog\/ archives\/2009\/09\/real-world_acce.html. (2016). [Online; accessed 19-May-2017]."},{"key":"e_1_3_2_2_5_1","unstructured":"Businessinsider. 2014. How The Hackers Broke Into Sony And Why It Could Happen To Any Company. http:\/\/www.businessinsider.com\/ how-the-hackers-broke-into-sony-2014-12. (2014)."},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920283"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1281192.1281219"},{"key":"e_1_3_2_2_8_1","unstructured":"Benjamin DELPY. 2014. A little tool to play with Windows security. https: \/\/github.com\/gentilkiwi\/mimikatz. (2014)."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1080\/19361610.2011.529413"},{"key":"e_1_3_2_2_10_1","first-page":"2","article-title":"Event labeling combining ensemble detectors and background knowledge","volume":"2","author":"Joao Gama Hadi","year":"2014","unstructured":"Hadi Fanaee-T and Joao Gama. 2014. Event labeling combining ensemble detectors and background knowledge. Progress in Artificial Intelligence 2, 2--3 (2014), 113--127.","journal-title":"Progress in Artificial Intelligence"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2016.014"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23240"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.380"},{"key":"e_1_3_2_2_14_1","volume-title":"Algorithms for association rule mining--a general survey and comparison. ACM sigkdd explorations newsletter 2, 1","author":"Hipp Jochen","year":"2000","unstructured":"Jochen Hipp, Ulrich G\u00fcntzer, and Gholamreza Nakhaeizadeh. 2000. Algorithms for association rule mining--a general survey and comparison. ACM sigkdd explorations newsletter 2, 1 (2000), 58--64."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2004.1301325"},{"key":"e_1_3_2_2_16_1","unstructured":"Krebsonsecurity. 2014. Target Hackers Broke in Via HVAC Company. http: \/\/krebsonsecurity.com\/2014\/02\/target-hackers-broke-in-via-hvac-company\/. (2014)."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1015467.1015492"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(00)00139-0"},{"key":"e_1_3_2_2_19_1","volume-title":"Windows 2000 active directory. O'Reilly & Associates","author":"Lowe-Norris Alistair G","unstructured":"Alistair G Lowe-Norris and Robert Denn. 2000. Windows 2000 active directory. O'Reilly & Associates, Inc."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45248-5_13"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1452520.1452539"},{"key":"e_1_3_2_2_22_1","unstructured":"NYTimes. 2014. Neglected Server Provided Entry for JP- Morgan Hackers. http:\/\/dealbook.nytimes.com\/2014\/12\/22\/ entry-point-of-jpmorgan-data-breach-is-identified\/. (2014)."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.14"},{"key":"e_1_3_2_2_24_1","volume-title":"USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers. https:\/\/www.youtube.com\/watch?v=bDJb8WOJYdA. (2016). [Online","author":"Joyce R.","year":"2017","unstructured":"Joyce R. 2016. USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers. https:\/\/www.youtube.com\/watch?v=bDJb8WOJYdA. (2016). [Online; accessed 15-Feb-2017]."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644895"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/361011.361067"},{"key":"e_1_3_2_2_27_1","volume-title":"Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC. IEEE, 176--183","author":"Shon Taeshik","year":"2005","unstructured":"Taeshik Shon, Yongdae Kim, Cheolwon Lee, and Jongsub Moon. 2005. A machine learning framework for network anomaly detection using SVM and GA. In Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC. IEEE, 176--183."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/VIZSEC.2016.7739582"},{"key":"e_1_3_2_2_29_1","volume-title":"JPMorgan Chase Hack Affects 76 Million Households. New York Times 2","author":"Silver-Greenberg Jessica","year":"2014","unstructured":"Jessica Silver-Greenberg, Matthew Goldstein, and Nicole Perlroth. 2014. JPMorgan Chase Hack Affects 76 Million Households. New York Times 2 (2014)."},{"key":"e_1_3_2_2_30_1","volume-title":"International Workshop on Enterprise Applications and Services in the Finance Industry. Springer, 165--180","author":"Sinclair Sara","year":"2007","unstructured":"Sara Sinclair, Sean W Smith, Stephanie Trudeau, M Eric Johnson, and Anthony Portera. 2007. Information risk in financial institutions: Field study and research roadmap. In International Workshop on Enterprise Applications and Services in the Finance Industry. Springer, 165--180."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"e_1_3_2_2_32_1","unstructured":"Verizon RISK Team. 2017. 2017 Data Breach Investigations Report. (2017)."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2413176.2413217"},{"key":"e_1_3_2_2_34_1","unstructured":"WSJ. 2014. Home Depot Hackers Exposed 53 Mil- lion Email Addresses. http:\/\/www.wsj.com\/articles\/ home-depot-hackers-used-password-stolen-from-vendor-1415309282. (2014)."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523670"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134003","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3134003","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:26Z","timestamp":1750212806000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134003"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":35,"alternative-id":["10.1145\/3133956.3134003","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3134003","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}