{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T10:19:49Z","timestamp":1779099589687,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":18,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Research Foundation"},{"name":"ST Electronics"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3139923.3139929","type":"proceedings-article","created":{"date-parts":[[2017,10,31]],"date-time":"2017-10-31T14:58:58Z","timestamp":1509461938000},"page":"45-56","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":42,"title":["TWOS"],"prefix":"10.1145","author":[{"given":"Athul","family":"Harilal","sequence":"first","affiliation":[{"name":"Singapore University of Technology and Design, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Flavio","family":"Toffalini","sequence":"additional","affiliation":[{"name":"Singapore University of Technology and Design, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Castellanos","sequence":"additional","affiliation":[{"name":"Singapore University of Technology and Design, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Juan","family":"Guarnizo","sequence":"additional","affiliation":[{"name":"Singapore University of Technology and Design, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ivan","family":"Homoliak","sequence":"additional","affiliation":[{"name":"Singapore University of Technology and Design, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mart\u00edn","family":"Ochoa","sequence":"additional","affiliation":[{"name":"Singapore University of Technology and Design, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Accenture. 2016. Accenture. (2016). showURL%https:\/\/www.accenture.com\/t20160704T014005Z__w__\/us-en\/_acnmedia\/PDF-23\/Accenture-State-Cybersecurity-and-Digital-Trust-2016-Report-June.pdf#zoom=50shownoteAccessed on Jul\/2017.  Accenture. 2016. Accenture. (2016). showURL%https:\/\/www.accenture.com\/t20160704T014005Z__w__\/us-en\/_acnmedia\/PDF-23\/Accenture-State-Cybersecurity-and-Digital-Trust-2016-Report-June.pdf#zoom=50shownoteAccessed on Jul\/2017."},{"key":"e_1_3_2_1_2_1","unstructured":"Amazon Web Services Inc. 2017natexlaba. Amazon Elastic Compute Cloud (EC2). (2017). showURL%https:\/\/aws.amazon.com\/ec2\/shownoteAccessed on Jul\/2017.  Amazon Web Services Inc. 2017natexlaba. Amazon Elastic Compute Cloud (EC2). (2017). showURL%https:\/\/aws.amazon.com\/ec2\/shownoteAccessed on Jul\/2017."},{"key":"e_1_3_2_1_3_1","unstructured":"Amazon Web Services Inc. 2017natexlabb. Amazon Web Servicies (AWS). (2017). showURL%https:\/\/aws.amazon.comshownoteAccessed on Jul\/2017.  Amazon Web Services Inc. 2017natexlabb. Amazon Web Servicies (AWS). (2017). showURL%https:\/\/aws.amazon.comshownoteAccessed on Jul\/2017."},{"key":"e_1_3_2_1_4_1","unstructured":"Amazon Web Services Inc. 2017natexlabc. Amazon WorkSpaces. (2017). showURL%https:\/\/aws.amazon.com\/workspaces\/shownoteAccessed on Jul\/2017.  Amazon Web Services Inc. 2017natexlabc. Amazon WorkSpaces. (2017). showURL%https:\/\/aws.amazon.com\/workspaces\/shownoteAccessed on Jul\/2017."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"crossref","unstructured":"Maureen L Ambrose Mark A Seabright and Marshall Schminke. 2002. Sabotage in the workplace: The role of organizational injustice. Organizational behavior and human decision processes Vol. 89 1 (2002) 947--965.  Maureen L Ambrose Mark A Seabright and Marshall Schminke. 2002. Sabotage in the workplace: The role of organizational injustice. Organizational behavior and human decision processes Vol. 89 1 (2002) 947--965.","DOI":"10.1016\/S0749-5978(02)00037-7"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCSS.2014.2377811"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Malek Ben Salem and Salvatore J Stolfo 2011. Modeling user search behavior for masquerade detection International Workshop on Recent Advances in Intrusion Detection. Springer 181--200.  Malek Ben Salem and Salvatore J Stolfo 2011. Modeling user search behavior for masquerade detection International Workshop on Recent Advances in Intrusion Detection. Springer 181--200.","DOI":"10.1007\/978-3-642-23644-0_10"},{"key":"e_1_3_2_1_9_1","unstructured":"Salem Ben. 2009. RUU dataset. (2009). showURL%http:\/\/sneakers.cs.columbia.edu\/ids\/RUU\/data\/shownoteAccessed on May\/2017.  Salem Ben. 2009. RUU dataset. (2009). showURL%http:\/\/sneakers.cs.columbia.edu\/ids\/RUU\/data\/shownoteAccessed on May\/2017."},{"key":"e_1_3_2_1_10_1","unstructured":"Matthias Schonlau. 2001. Masquerading User Data. (2001). showURL%http:\/\/www.schonlau.net\/shownoteAccessed on May\/2017.  Matthias Schonlau. 2001. Masquerading User Data. (2001). showURL%http:\/\/www.schonlau.net\/shownoteAccessed on May\/2017."},{"key":"e_1_3_2_1_11_1","unstructured":"Matthias Schonlau William DuMouchel Wen-Hua Ju Alan F Karr Martin Theus and Yehuda Vardi. 2001. Computer intrusion: Detecting masquerades. Statistical science (2001) 58--74.  Matthias Schonlau William DuMouchel Wen-Hua Ju Alan F Karr Martin Theus and Yehuda Vardi. 2001. Computer intrusion: Detecting masquerades. Statistical science (2001) 58--74."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.01.006"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Robert W Shirey. 2007. Internet security glossary version 2. bibinfotypeRFC 4949.  Robert W Shirey. 2007. Internet security glossary version 2. bibinfotypeRFC 4949.","DOI":"10.17487\/rfc4949"},{"key":"e_1_3_2_1_14_1","unstructured":"David A Solomon and Helen Custer 1998. Inside Windows NT. Vol. Vol. 2. Microsoft Press Redmond.  David A Solomon and Helen Custer 1998. Inside Windows NT. Vol. Vol. 2. Microsoft Press Redmond."},{"key":"e_1_3_2_1_15_1","unstructured":"Squid-Cache. 2017. Squid Proxy. (2017). showURL%http:\/\/www.squid-cache.org\/shownoteAccessed on Jul\/2017.  Squid-Cache. 2017. Squid Proxy. (2017). showURL%http:\/\/www.squid-cache.org\/shownoteAccessed on Jul\/2017."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Paul J Taylor Coral J Dando Thomas C Ormerod Linden J Ball Marisa C Jenkins Alexandra Sandham and Tarek Menacere 2013. Detecting insider threats through language change. Law and human behavior Vol. 37 4 (2013) 267.  Paul J Taylor Coral J Dando Thomas C Ormerod Linden J Ball Marisa C Jenkins Alexandra Sandham and Tarek Menacere 2013. Detecting insider threats through language change. Law and human behavior Vol. 37 4 (2013) 267.","DOI":"10.1037\/lhb0000032"},{"key":"e_1_3_2_1_17_1","unstructured":"Tcpdump 2017. Tcpdump. (2017). showURL%http:\/\/www.tcpdump.org\/shownoteAccessed on Jul\/2017.  Tcpdump 2017. Tcpdump. (2017). showURL%http:\/\/www.tcpdump.org\/shownoteAccessed on Jul\/2017."},{"key":"e_1_3_2_1_18_1","unstructured":"Verizon 2016. 2016 Data Breach Investigations Report. (2016). showURL%http:\/\/www.verizonenterprise.com\/verizon-insights-lab\/dbir\/2016\/shownoteAccessed on Jul\/2017.  Verizon 2016. 2016 Data Breach Investigations Report. (2016). showURL%http:\/\/www.verizonenterprise.com\/verizon-insights-lab\/dbir\/2016\/shownoteAccessed on Jul\/2017."},{"key":"e_1_3_2_1_19_1","unstructured":"Windows 2017. Process Monitor. (2017). showURL%https:\/\/technet.microsoft.com\/en-us\/sysinternals\/processmonitor.aspxshownoteAccessed on Jul\/2017.endthebibliography  Windows 2017. Process Monitor. (2017). showURL%https:\/\/technet.microsoft.com\/en-us\/sysinternals\/processmonitor.aspxshownoteAccessed on Jul\/2017.endthebibliography"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 International Workshop on Managing Insider Security Threats"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3139923.3139929","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3139923.3139929","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:30:39Z","timestamp":1750217439000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3139923.3139929"}},"subtitle":["A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition"],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":18,"alternative-id":["10.1145\/3139923.3139929","10.1145\/3139923"],"URL":"https:\/\/doi.org\/10.1145\/3139923.3139929","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}