{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T07:01:31Z","timestamp":1760598091611,"version":"3.41.0"},"reference-count":31,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2021,10,22]],"date-time":"2021-10-22T00:00:00Z","timestamp":1634860800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2022,3,31]]},"abstract":"<jats:p>\n            Advances on differentiating between malicious intent and natural \u201corganizational evolution\u201d to explain observed anomalies in operational workplace patterns suggest benefit from evaluating collective behaviors observed in the facilities to improve\n            <jats:bold>insider threat detection and mitigation (ITDM).<\/jats:bold>\n            Advances in\n            <jats:bold>artificial neural networks (ANN)<\/jats:bold>\n            provide more robust pathways for capturing, analyzing, and collating disparate data signals into quantitative descriptions of operational workplace patterns. In response, a joint study by Sandia National Laboratories and the University of Texas at Austin explored the effectiveness of commercial artificial neural network (ANN) software to improve ITDM. This research demonstrates the benefit of learning patterns of organizational behaviors, detecting off-normal (or anomalous) deviations from these patterns, and alerting when certain types, frequencies, or quantities of deviations emerge for improving ITDM. Evaluating nearly 33,000 access control data points and over 1,600 intrusion sensor data points collected over a nearly twelve-month period, this study's results demonstrated the ANN could recognize operational patterns at the Nuclear Engineering Teaching Laboratory (NETL) and detect off-normal behaviors\u2014suggesting that ANNs can be used to support a data-analytic approach to ITDM. Several representative experiments were conducted to further evaluate these conclusions, with the resultant insights supporting collective behavior-based analytical approaches to quantitatively describe insider threat detection and mitigation.\n          <\/jats:p>","DOI":"10.1145\/3457909","type":"journal-article","created":{"date-parts":[[2021,10,22]],"date-time":"2021-10-22T23:56:43Z","timestamp":1634947003000},"page":"1-20","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Results From Invoking Artificial Neural Networks to Measure Insider Threat Detection &amp; Mitigation"],"prefix":"10.1145","volume":"3","author":[{"given":"Adam D.","family":"Williams","sequence":"first","affiliation":[{"name":"Sandia National Laboratories"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shannon N.","family":"Abbott","sequence":"additional","affiliation":[{"name":"Sandia National Laboratories"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nathan","family":"Shoman","sequence":"additional","affiliation":[{"name":"Sandia National Laboratories"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"William S.","family":"Charlton","sequence":"additional","affiliation":[{"name":"University of Texas, Nuclear Engineering Teaching Laboratory"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,10,22]]},"reference":[{"key":"e_1_3_2_3_2","unstructured":"Federal Register Vol. 76 No. 198. 2011. Presidential documents. Retrieved from https:\/\/www.dni.gov\/files\/NCSC\/documents\/nittf\/EO_13587.pdf."},{"key":"e_1_3_2_4_2","volume-title":"Insider Threat Guide: A Compendium of Best Practices to Accompany the National Insider Threat Minimum Standards","author":"National Insider Threat Task Force","year":"2017","unstructured":"National Insider Threat Task Force. 2017. Insider Threat Guide: A Compendium of Best Practices to Accompany the National Insider Threat Minimum Standards. Washington, DC."},{"key":"e_1_3_2_5_2","volume-title":"Encyclopedia of Security and Emergency Management","author":"Williams Adam D.","year":"2019","unstructured":"Adam D. Williams, Shannon N. Abbott, and Adriane C. Littlefield. 2019. Insider threat. In Encyclopedia of Security and Emergency Management, eds. L. Shapiro and M. H. Maras, Springer, Cham."},{"key":"e_1_3_2_6_2","unstructured":"International Atomic Energy Agency. 2008. Preventive and Protective Measures Against Insider Threats . IAEA Nuclear Security Series No. 8: Implementing Guide."},{"key":"e_1_3_2_7_2","unstructured":"World Institute for Nuclear Security. 2018. Countering Violent Extremism and Insider Threats in the Nuclear Sector ."},{"key":"e_1_3_2_8_2","unstructured":"Carolynn P. Scherer and Christy E. Ruggiero. 2019. Overview of Tools for Insider Threat: Analysis and Mitigation . Retrieved from https:\/\/permalink.lanl.gov\/object\/tr?what=info:lanl-repo\/lareport\/LA-UR-19-22069."},{"key":"e_1_3_2_9_2","unstructured":"John E. Landers. 2014. Psychological Profiles of the Malicious Insider . PNNL SA 102669 Pacific Northwest National Laboratory Richland WA. Retrieved from https:\/\/www.osti.gov\/servlets\/purl\/1130774."},{"key":"e_1_3_2_10_2","unstructured":"A. Kolaczkowski J. Forester E. Lois and S. Cooper. 2005. Good Practices for Implementing Human Reliability Analysis (HRA) . NUREG-1792. U.S. Nuclear Regulatory Commission. Retrieved from https:\/\/www.nrc.gov\/docs\/ML0511\/ML051160213.pdf."},{"key":"e_1_3_2_11_2","doi-asserted-by":"crossref","first-page":"301","DOI":"10.1016\/j.anucene.2017.05.006","article-title":"A study of insider threat in nuclear security analysis using game theoretic modeling","volume":"108","author":"Kim Kyo-Nam","year":"2017","unstructured":"Kyo-Nam Kim, Man-Sung Yim, and Erich Schneider. 2017. A study of insider threat in nuclear security analysis using game theoretic modeling. Annals of Nuclear Energy 108 (October 2017), 301\u2013309. DOI:https:\/\/doi.org\/10.1016\/j.anucene.2017.05.006","journal-title":"Annals of Nuclear Energy"},{"key":"e_1_3_2_12_2","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1016\/j.pnucene.2017.08.006","article-title":"Insider threats of physical protection systems in nuclear power plants: Prevention and evaluation","volume":"104","author":"Zou Bowen","year":"2018","unstructured":"Bowen Zou, Ming Yang, Jia Guo, Junbo Wang, Emi-Reynolds Benjamin, Hang Liu, and Wei Li. 2018. Insider threats of physical protection systems in nuclear power plants: Prevention and evaluation. Progress in Nuclear Energy, 104 (April 2018), 8\u201315. DOI:https:\/\/doi.org\/10.1016\/j.pnucene.2017.08.006","journal-title":"Progress in Nuclear Energy"},{"key":"e_1_3_2_13_2","first-page":"19","volume-title":"Proceedings from The Eleventh International Conference on Semantic Technology for Intelligence, Defense, and Security","author":"Greitzer Frank","year":"2016","unstructured":"Frank Greitzer, Muhammad Imran, Justin Purl, Elise Axelrad, Yung Leong, Sunny Becker, Kathryn Laskey, and Paul Sticha. 2016. Developing an ontology for individual and organizational sociotechnical indicators of insider threat risk. In Proceedings from The Eleventh International Conference on Semantic Technology for Intelligence, Defense, and Security (STIDS 2016). November 15\u201316,2016, Fairfax, VA, 19\u201327."},{"key":"e_1_3_2_14_2","volume-title":"Phase I Closeout Report: Invoking Artificial Neural Networks to Measure Insider Threat MitigationSandia Report","author":"Williams Adam D.","year":"2020","unstructured":"Adam D. Williams, Shannon N. Abbott, and William S. Charlton. 2020. Phase I Closeout Report: Invoking Artificial Neural Networks to Measure Insider Threat Mitigation. Sandia Report, SAND2020-8253, Sandia National Laboratories, Albuquerque, NM."},{"key":"e_1_3_2_15_2","volume-title":"A Behavioral Theory of the Firm","author":"Cyert Richard M.","year":"1963","unstructured":"Richard M. Cyert and James G. March. 1963. A Behavioral Theory of the Firm (2nd. Ed.). Prentice-Hall, Malden, MA.","edition":"2"},{"key":"e_1_3_2_16_2","volume-title":"The Constitution of Society: Outline of the Theory of Structuration","author":"Giddens Anthony","year":"1984","unstructured":"Anthony Giddens. 1984. The Constitution of Society: Outline of the Theory of Structuration. University of California Press, Berkley, CA."},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0925-7535(97)00052-0"},{"key":"e_1_3_2_18_2","unstructured":"Fei-Fei Li Ranjay Krishna and Danfei Xu. 2020. CS231n: Convolutional neural networks for visual recognition. Retrieved from https:\/\/cs231n.github.io\/neural-networks-1\/#feedforward."},{"key":"e_1_3_2_19_2","unstructured":"Dan Li Dacheng Chen Jonathan Goh and See-kiong Ng. 2018. Anomaly detection with generative adversarial networks for multivariate time series. arXiv: 1809.04758. Retrieved from https:\/\/arxiv.org\/abs\/1809.04758."},{"key":"e_1_3_2_20_2","unstructured":"Zhiwei Wang Zhengzhang Chem Jingchao Ni Hiu Liu Haifeng Chen and Jiliang Tang. 2020. Multi-Scale one class recurrent neural networks for discrete event sequence anomaly detection. arXiv: 2008.13361. Retrieved from https:\/\/arxiv.org\/abs\/2008.13361."},{"key":"e_1_3_2_21_2","unstructured":"Alexey Bochkovskiy Chien-Yao Wang and Hong-Yuan Mark Liao. 2020. YOLOv4 optimal speed and accuracy of object detection. arXiv: 2004.10934. Retrieved from https:\/\/arxiv.org\/abs\/2004.10934."},{"key":"e_1_3_2_22_2","unstructured":"Alexander Kolesnikov Lucas Beyer Xiaohua Zhai Joan Puigcerver Jessica Yung Sylvain Gelly and Neil Houlsby. 2019. Big Transfer (BiT): General Visual Representation Learning. arXiv: 1912.11370. Retrieved from https:\/\/arxiv.org\/abs\/1912.11370."},{"key":"e_1_3_2_23_2","unstructured":"Jascha Kolberg Marcel Grimmer Marta Gomez-Barrero and Christoph Bush. 2020. Anomaly detection with convolutional autoencoders for fingerprint presentation attack detection. arXiv: 2008.07989. Retrieved from https:\/\/arxiv.org\/abs\/2008.07989."},{"key":"e_1_3_2_24_2","unstructured":"Ian J. Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. arXiv: 1412.6572 . Retrieved from https:\/\/arxiv.org\/abs\/1412.6572."},{"key":"e_1_3_2_25_2","doi-asserted-by":"crossref","unstructured":"Matthias Hein Maksym Andriushchenko and Julian Bitterwolf. 2019. Why ReLU networks yield high-confidence predictions far away from training data and how to mitigate the problem. arXiv: 1812.05720. Retrieved from https:\/\/arxiv.org\/abs\/1812.05720.","DOI":"10.1109\/CVPR.2019.00013"},{"key":"e_1_3_2_26_2","unstructured":"Alexander Meinke and Matthias Hein. 2019. \u201cToward neural networks that probably know when they don't\u201d. arXiv 1909.12180. Retrieved from https:\/\/arxiv.org\/abs\/1909.121180."},{"key":"e_1_3_2_27_2","article-title":"Ten years of TRIGA reactor research at the university of texas","author":"O'Kelly Sean","year":"2002","unstructured":"Sean O'Kelly. 2002. Ten years of TRIGA reactor research at the university of texas. International Atomic Energy Agency International Nuclear Information System. Retrieved from https:\/\/inis.iaea.org\/collection\/NCLCollectionStore\/_Public\/40\/010\/40010598.pdf.","journal-title":"International Atomic Energy Agency International Nuclear Information System"},{"key":"e_1_3_2_28_2","volume-title":"The ReconaSense AI Platform for Physical SecurityReconaSense Report","author":"Carter John","year":"2018","unstructured":"John Carter. 2018. The ReconaSense AI Platform for Physical Security. ReconaSense Report, Austin, TX."},{"key":"e_1_3_2_29_2","unstructured":"ReconaSense. 2020. SmarterAccess: Risk-Adaptive and intelligent access control. Retrieved from https:\/\/reconasense.com\/reconaccess\/."},{"key":"e_1_3_2_30_2","volume-title":"Qualitative Research from Start to Finish","author":"Yin Robert K.","year":"2016","unstructured":"Robert K. Yin. 2016. Qualitative Research from Start to Finish. 2nd Edition. Guilford Press, New York.","edition":"2"},{"issue":"5","key":"e_1_3_2_31_2","doi-asserted-by":"crossref","first-page":"411","DOI":"10.1177\/1745691612454303","article-title":"Hindsight bias","volume":"7","author":"Roese Neal J.","year":"2012","unstructured":"Neal J. Roese and Kathleen D. Vohs. 2012. Hindsight bias. Perspectives on Psychological Science 7, 5 (2012), 411\u2013426. DOI:https:\/\/doi.org\/10.1177\/1745691612454303","journal-title":"Perspectives on Psychological Science"},{"issue":"3","key":"e_1_3_2_32_2","doi-asserted-by":"crossref","DOI":"10.1167\/13.3.33","article-title":"Prevalence effects on newly trained airport checkpoint screeners: Trained observers miss rare targets, too","volume":"13","author":"Wolfe J.","year":"2013","unstructured":"J. Wolfe, D. Rubinstein, and T. Horowitz. 2013. Prevalence effects on newly trained airport checkpoint screeners: Trained observers miss rare targets, too. Journal of Vision 13, 3 (2013), DOI:https:\/\/doi.org\/10.1167\/13.3.33","journal-title":"Journal of Vision"},{"key":"e_1_3_2_33_2","volume-title":"the Proceedings Paper(s) for the Institute for Nuclear Materials Management 60th Annual Meeting","author":"Camp Noelle","year":"2019","unstructured":"Noelle Camp and Adam D. Williams. 2019. Preliminary results from a comparative analysis of counterintelligence and insider threat in nuclear facilities. In the Proceedings Paper(s) for the Institute for Nuclear Materials Management 60th Annual Meeting, Palm Desert, CA, July 14\u201318."}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3457909","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3457909","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:38Z","timestamp":1750195478000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3457909"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,22]]},"references-count":31,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,3,31]]}},"alternative-id":["10.1145\/3457909"],"URL":"https:\/\/doi.org\/10.1145\/3457909","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"type":"print","value":"2692-1626"},{"type":"electronic","value":"2576-5337"}],"subject":[],"published":{"date-parts":[[2021,10,22]]},"assertion":[{"value":"2020-09-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-03-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-10-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}