{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,25]],"date-time":"2025-10-25T12:09:08Z","timestamp":1761394148976},"reference-count":46,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2012,2,27]],"date-time":"2012-02-27T00:00:00Z","timestamp":1330300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/2.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Secur Inform"],"published-print":{"date-parts":[[2012,12]]},"DOI":"10.1186\/2190-8532-1-5","type":"journal-article","created":{"date-parts":[[2012,2,27]],"date-time":"2012-02-27T19:14:06Z","timestamp":1330370046000},"source":"Crossref","is-referenced-by-count":21,"title":["Specializing network analysis to detect anomalous insider actions"],"prefix":"10.1186","volume":"1","author":[{"given":"You","family":"Chen","sequence":"first","affiliation":[]},{"given":"Steve","family":"Nyemba","sequence":"additional","affiliation":[]},{"given":"Wen","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Bradley","family":"Malin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2012,2,27]]},"reference":[{"key":"5_CR1","doi-asserted-by":"publisher","first-page":"4","DOI":"10.1016\/j.websem.2007.11.011","volume":"6","author":"T Gruber","year":"2007","unstructured":"Gruber T: Collective knowledge systems: where the social web meets the semantic web. Journal of Web Semantics 2007, 6: 4\u201313.","journal-title":"Journal of Web Semantics"},{"key":"5_CR2","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1145\/769800.769821","volume":"46","author":"H Chen","year":"2003","unstructured":"Chen H, Zeng D, Atabakhsh H, Wyzga W, Schroeder J: COPLINK: managing law enforcement data and knowledge. Communications of the ACM 2003, 46: 28\u201334.","journal-title":"Communications of the ACM"},{"key":"5_CR3","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1016\/j.ipm.2006.12.003","volume":"44","author":"M Reddy","year":"2008","unstructured":"Reddy M, Spence P: Collaborative information seeking: A field study of a multidisciplinary patient care team. Information Processing and Management 2008, 44: 242\u2013255. 10.1016\/j.ipm.2006.12.003","journal-title":"Information Processing and Management"},{"key":"5_CR4","doi-asserted-by":"publisher","first-page":"1103","DOI":"10.1377\/hlthaff.24.5.1103","volume":"24","author":"R Hillestad","year":"2005","unstructured":"Hillestad R, Bigelow J, Bower A, Girosi F, Meili R, Scoville R, Taylor R: Can electronic medical record systems transform health care? Health Affairs 2005, 24: 1103\u20131107. 10.1377\/hlthaff.24.5.1103","journal-title":"Health Affairs"},{"key":"5_CR5","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1109\/TVCG.2009.104","volume":"16","author":"E Bier","year":"2010","unstructured":"Bier E, Card S, Bodnar J: Principles and tools for collaborative entity-based intelligence analysis. IEEE Transactions on Visualization and Computer Graphics 2010, 16: 178\u2013191.","journal-title":"IEEE Transactions on Visualization and Computer Graphics"},{"key":"5_CR6","volume-title":"CRC Press","author":"CR Westphal","year":"2008","unstructured":"Westphal CR: Data Mining for Intelligence, Fraud & Criminal Detection: Advanced Analytics & Information Sharing Technologies. CRC Press 2008."},{"key":"5_CR7","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1016\/j.aos.2009.07.005","volume":"35","author":"L Eldenburg","year":"2010","unstructured":"Eldenburg L, Soderstrom N, Willis V, Wu A: Behavioral changes following the collaborative development of an accounting information system. Accounting, Organizations and Society 2010, 35: 222\u2013237. 10.1016\/j.aos.2009.07.005","journal-title":"Accounting, Organizations and Society"},{"key":"5_CR8","first-page":"24","volume-title":"Proceedings of the 8th International Workshop on Database and Expert Systems Applications","author":"A Sheth","year":"1997","unstructured":"Sheth A: From contemporary workflow process automation to adaptive and dynamic work activity coordination and collaboration. Proceedings of the 8th International Workshop on Database and Expert Systems Applications 1997, 24\u201327."},{"key":"5_CR9","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1145\/1378704.1378720","volume":"51","author":"D Spinellis","year":"2008","unstructured":"Spinellis D, Louridas P: The collaborative organization of knowledge. Communications of the ACM 2008, 51: 68\u201373.","journal-title":"Communications of the ACM"},{"key":"5_CR10","first-page":"400","volume-title":"Proceedings of the International Symposium on Collaborative Technologies and Systems","author":"G Horvath","year":"2009","unstructured":"Horvath G, Bolinger J, Ramanathan J, Ramnath R: Document-centric collaborative spaces for increased traceability in knowledge-intensive processes. Proceedings of the International Symposium on Collaborative Technologies and Systems 2009, 400\u2013407."},{"key":"5_CR11","first-page":"31","volume-title":"Proceedings of International conference on Advanced Learning Technologies and Technology-enhanced Learning","author":"CC Huang","year":"2007","unstructured":"Huang CC, Li TY, Wang HC, Chang CY: A collaborative support tool for creativity learning: idea storming cube. Proceedings of International conference on Advanced Learning Technologies and Technology-enhanced Learning 2007, 31\u201335."},{"key":"5_CR12","doi-asserted-by":"publisher","first-page":"197","DOI":"10.2753\/MIS0742-1222260108","volume":"26","author":"J Leimeister","year":"2009","unstructured":"Leimeister J, Huber M, Bretschneider U, Krcmar H: Leveraging crowdsourcing: activation-supporting components for IT-based ideas competition. Journal of Management Information Systems 2009, 26: 197\u2013224. 10.2753\/MIS0742-1222260108","journal-title":"Journal of Management Information Systems"},{"key":"5_CR13","first-page":"1233","volume-title":"Proceedings of the 28th International Conference on Human Factors in Computing Systems","author":"P Bao","year":"2010","unstructured":"Bao P, Gerber E, Gergle D, Hoffman D: Momentum: getting and staying on topic during a brainstorm. Proceedings of the 28th International Conference on Human Factors in Computing Systems 2010, 1233\u20131236."},{"key":"5_CR14","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1016\/j.ipm.2006.12.010","volume":"44","author":"M Reddy","year":"2008","unstructured":"Reddy M, Jansen B: A model for understanding collaborative information behavior in context: a study of two healthcare teams. Information Processing and Management 2008, 44: 256\u2013273. 10.1016\/j.ipm.2006.12.010","journal-title":"Information Processing and Management"},{"key":"5_CR15","first-page":"107","volume-title":"Proceedings of IEEE International Conference on Intelligence and Security Informatics","author":"G Doss","year":"2009","unstructured":"Doss G, Tejay G: Developing insider attack detection model: a grounded approach. Proceedings of IEEE International Conference on Intelligence and Security Informatics 2009, 107\u2013112."},{"key":"5_CR16","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/s10916-005-7988-x","volume":"30","author":"N Menachemi","year":"2008","unstructured":"Menachemi N, Brooks R: Reviewing the benefits and costs of electronic health records and associated patient safety technologies. Journal of Medical Systems 2008, 30: 159\u2013168.","journal-title":"Journal of Medical Systems"},{"key":"5_CR17","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-77322-3","volume-title":"Insider attack and cyber security: beyond the hacker","author":"S Stolfo","year":"2008","unstructured":"Stolfo S, Bellovin S, Hershkop S, Keromytis A, Sinclair S, Smith SW: Insider attack and cyber security: beyond the hacker. Springer; 2008."},{"key":"5_CR18","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1016\/S0167-4048(02)01009-X","volume":"21","author":"E Schultz","year":"2002","unstructured":"Schultz E: A framework for understanding and predicting insider attacks. Computers and Security 2002, 21: 526\u2013531. 10.1016\/S0167-4048(02)01009-X","journal-title":"Computers and Security"},{"key":"5_CR19","first-page":"166","volume-title":"Proceedings of the 11th IFIP International Conference on Database Security XI: Status and Prospects","author":"RK Thomas","year":"1997","unstructured":"Thomas RK, Sandhu SR: Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented autorization management. Proceedings of the 11th IFIP International Conference on Database Security XI: Status and Prospects 1997, 166\u2013181."},{"key":"5_CR20","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/11760146_11","volume-title":"Proceedings of IEEE International Conference on Intelligence and Security Informatics","author":"YW Seo","year":"2006","unstructured":"Seo YW, Sycara K: Cost-sensitive access control for illegitimate confidential access by insiders. Proceedings of IEEE International Conference on Intelligence and Security Informatics 2006, 117\u2013128."},{"key":"5_CR21","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1109\/MSP.2011.72","volume":"9","author":"CA Gunter","year":"2011","unstructured":"Gunter CA, Liebovitz DM, Malin B: Experience-based access management: a life-cycle framework for identity and access management systems. IEEE Security and Privacy Magazine 2011, 9: 48\u201355.","journal-title":"IEEE Security and Privacy Magazine"},{"key":"5_CR22","doi-asserted-by":"publisher","first-page":"603","DOI":"10.1007\/s00778-006-0023-0","volume":"17","author":"JW Byun","year":"2008","unstructured":"Byun JW, Li N: Purpose based access control for privacy protection in relational database systems. International Journal on Very Large Data Bases 2008, 17: 603\u2013619. 10.1007\/s00778-006-0023-0","journal-title":"International Journal on Very Large Data Bases"},{"key":"5_CR23","first-page":"21","volume-title":"Proceedings of ACM Symposium on Access Control Models and Technologies","author":"C Georgiadis","year":"2001","unstructured":"Georgiadis C, Mavridis I, Pangalos G, Thomas R: Flexible team-based access control using contexts. Proceedings of ACM Symposium on Access Control Models and Technologies 2001, 21\u201327."},{"key":"5_CR24","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1145\/1377836.1377854","volume-title":"Proceedings of ACM Symposium on Access Control Models and Technologies","author":"D Kulkarni","year":"2008","unstructured":"Kulkarni D, Tripathi A: Context-aware role-based access control in pervasive computing systems. Proceedings of ACM Symposium on Access Control Models and Technologies 2008, 113\u2013122."},{"key":"5_CR25","doi-asserted-by":"publisher","first-page":"1475","DOI":"10.1109\/TKDE.2009.161","volume":"10","author":"D Beimel","year":"2010","unstructured":"Beimel D, Peleg M: The context and the SitBAC models for privacy preservation - an experimental comparison of model understanding and synthesis. IEEE Transactions on Knowledge and Data Engineering 2010, 10: 1475\u20131488.","journal-title":"IEEE Transactions on Knowledge and Data Engineering"},{"key":"5_CR26","doi-asserted-by":"publisher","first-page":"498","DOI":"10.1136\/amiajnl-2011-000217","volume":"18","author":"AA Boxwala","year":"2011","unstructured":"Boxwala AA, Kim J, Grillo JM, Machado LO: Using statistical and machine learning to help institutions detect suspicious access to electronic health records. Journal of the American Medical Informatics Association 2011, 18: 498\u2013505. 10.1136\/amiajnl-2011-000217","journal-title":"Journal of the American Medical Informatics Association"},{"issue":"1","key":"5_CR27","doi-asserted-by":"publisher","first-page":"1","DOI":"10.14778\/2047485.2047486","volume":"5","author":"D Fabbri","year":"2011","unstructured":"Fabbri D, LeFevre K: Explanation-based auditing. Proceedings of the VLDB Endowment 2011,5(1):1\u201312.","journal-title":"Proceedings of the VLDB Endowment"},{"key":"5_CR28","first-page":"119","volume-title":"Proceedings of the IEEE International Conference on Surveillance and Security Informatics","author":"Y Chen","year":"2011","unstructured":"Chen Y, Nyemba S, Zhang W, Malin B: Leveraging social networks to detect anomalous insider actions in collaborative environments. Proceedings of the IEEE International Conference on Surveillance and Security Informatics 2011, 119\u2013124."},{"key":"5_CR29","volume-title":"Carnegie Mellon University CyLab","author":"D Cappelli","year":"2009","unstructured":"Cappelli D, Moore A, Shimeall T, Trzeciak R: Common sense guide to prevention and detection of insider threats. Carnegie Mellon University CyLab 2009."},{"key":"5_CR30","first-page":"874","volume-title":"Proceedings of the American Medical Informatics Association Annual Symposium","author":"D Beimel","year":"2008","unstructured":"Beimel D, Peleg M: Comparing the context and the SitBAC models for privacy preservation in terms of model understanding and synthesis. Proceedings of the American Medical Informatics Association Annual Symposium 2008, 874."},{"key":"5_CR31","doi-asserted-by":"publisher","first-page":"1028","DOI":"10.1016\/j.jbi.2008.03.014","volume":"41","author":"M Peleg","year":"2008","unstructured":"Peleg M, Beimel D, Dori D, Denekamp Y: Situation-based access control: privacy management via modeling of patient data access scenarios. Journal of Biomedical Informatics 2008, 41: 1028\u20131040. 10.1016\/j.jbi.2008.03.014","journal-title":"Journal of Biomedical Informatics"},{"key":"5_CR32","doi-asserted-by":"publisher","first-page":"4","DOI":"10.1145\/270152.270159","volume-title":"Proceedings of the first ACM Workshop on Role-based Access Control","author":"E Coyne","year":"1996","unstructured":"Coyne E: Role engineering. Proceedings of the first ACM Workshop on Role-based Access Control 1996, 4."},{"key":"5_CR33","first-page":"33","volume-title":"Proceedings of the 7th ACM Symposium on Access Control Models and Technologies","author":"G Neumann","year":"2002","unstructured":"Neumann G, Strembeck M: A scenario-driven role engineering process for functional RBAC roles. Proceedings of the 7th ACM Symposium on Access Control Models and Technologies 2002, 33\u201342."},{"key":"5_CR34","first-page":"179","volume-title":"Proceedings of the 8th ACM Symposium on Access Control Models and Technologies","author":"M Kuhlmann","year":"2003","unstructured":"Kuhlmann M, Shohat D, Schimpf G: Role mining - revealing business roles for security administration using data mining technology. Proceedings of the 8th ACM Symposium on Access Control Models and Technologies 2003, 179\u2013186."},{"key":"5_CR35","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1145\/1266840.1266870","volume-title":"Proceedings of the 12th ACM Symposium on Access Control Models and Technologies","author":"J Vaidya","year":"2007","unstructured":"Vaidya J, Atluri V, Guo Q: The role mining problem: finding a minimal descriptive set of roles. Proceedings of the 12th ACM Symposium on Access Control Models and Technologies 2007, 175\u2013184."},{"key":"5_CR36","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1016\/j.jbi.2011.01.007","volume":"44","author":"B Malin","year":"2011","unstructured":"Malin B, Nyemba S, Paulett J: Learning relational policies from electronic health record access logs. Journal of Bimedical Informatics 2011, 44: 333\u2013342. 10.1016\/j.jbi.2011.01.007","journal-title":"Journal of Bimedical Informatics"},{"key":"5_CR37","first-page":"127","volume-title":"Proceedings of USENIX Conference on File and Storage Technologies","author":"CW Probst","year":"2006","unstructured":"Probst CW, Hansen RR, Nielson F: Where can an insider attack? Proceedings of USENIX Conference on File and Storage Technologies 2006, 127\u2013142. Edited by 4691 L Edited by 4691 L"},{"key":"5_CR38","first-page":"631","volume-title":"Proceedings of ACM SIGKDD Conference on Knowledge Discovery and Data Mining","author":"CC Noble","year":"2003","unstructured":"Noble CC, Cook DJ: Graph-based anomaly detection. Proceedings of ACM SIGKDD Conference on Knowledge Discovery and Data Mining 2003, 631\u2013636."},{"key":"5_CR39","first-page":"63","volume-title":"Proceedings of ACM Conference on Data and Application Security and Privacy","author":"Y Chen","year":"2010","unstructured":"Chen Y, Malin B: Detection of anomalous insiders in collaborative environments via relational analysis of access logs. Proceedings of ACM Conference on Data and Application Security and Privacy 2010, 63\u201374."},{"key":"5_CR40","first-page":"418","volume-title":"Proceedings of IEEE International Conference on Data Mining","author":"J Sun","year":"2005","unstructured":"Sun J, Qu H, Chakrabarti D, Faloutsos C: Neighborhood formation and anomaly detection in bipartite graph. Proceedings of IEEE International Conference on Data Mining 2005, 418\u2013425."},{"key":"5_CR41","first-page":"206","volume-title":"Proceedings of IEEE International Conference on Intelligence and Security Informatics","author":"W Eberle","year":"2009","unstructured":"Eberle W, Holder LB: Applying graph-based anomaly detection approaches to the discovery of insider threats. Proceedings of IEEE International Conference on Intelligence and Security Informatics 2009, 206\u2013208."},{"key":"5_CR42","first-page":"172","volume-title":"Proceedings of International Conference on Data Mining","author":"ML Shyu","year":"2003","unstructured":"Shyu ML, Chen SC, Sarinnapakorn K, Chang L: A novel anomaly detection scheme based on principal component classifier. Proceedings of International Conference on Data Mining 2003, 172\u2013179."},{"key":"5_CR43","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1016\/S0378-8733(03)00009-1","volume":"25","author":"LA Adamic","year":"2003","unstructured":"Adamic LA, Adar E: Friends and neighbors on the Web. Social Networks 2003, 25: 211\u2013230. 10.1016\/S0378-8733(03)00009-1","journal-title":"Social Networks"},{"key":"5_CR44","first-page":"285","volume-title":"Proceedings of ACM World Wide Web Conference","author":"B Sarwar","year":"2001","unstructured":"Sarwar B, Karypis G, Konstan J, Riedl J: Item-based collaborative filtering recommendation algorithms. Proceedings of ACM World Wide Web Conference 2001, 285\u2013295."},{"key":"5_CR45","unstructured":"Wiki Talk Dataset[\n                    http:\/\/snap.stanford.edu\/\n                    \n                  ]"},{"key":"5_CR46","doi-asserted-by":"publisher","first-page":"1145","DOI":"10.1016\/S0031-3203(96)00142-2","volume":"30","author":"A Bradley","year":"1997","unstructured":"Bradley A: The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recognition 1997, 30: 1145\u20131159. 10.1016\/S0031-3203(96)00142-2","journal-title":"Pattern Recognition"}],"container-title":["Security Informatics"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/2190-8532-1-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/2190-8532-1-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/2190-8532-1-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,1,22]],"date-time":"2019-01-22T04:51:57Z","timestamp":1548132717000},"score":1,"resource":{"primary":{"URL":"https:\/\/security-informatics.springeropen.com\/articles\/10.1186\/2190-8532-1-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,2,27]]},"references-count":46,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2012,12]]}},"alternative-id":["5"],"URL":"https:\/\/doi.org\/10.1186\/2190-8532-1-5","relation":{},"ISSN":["2190-8532"],"issn-type":[{"value":"2190-8532","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,2,27]]},"article-number":"5"}}