{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,13]],"date-time":"2026-06-13T05:45:53Z","timestamp":1781329553242,"version":"3.54.1"},"reference-count":82,"publisher":"MDPI AG","issue":"10","license":[{"start":{"date-parts":[[2021,9,27]],"date-time":"2021-09-27T00:00:00Z","timestamp":1632700800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100011665","name":"Deanship of Scientific Research, King Saud University","doi-asserted-by":"publisher","award":["RG-1441-401"],"award-info":[{"award-number":["RG-1441-401"]}],"id":[{"id":"10.13039\/501100011665","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Entropy"],"abstract":"<jats:p>Insider threats are malicious acts that can be carried out by an authorized employee within an organization. Insider threats represent a major cybersecurity challenge for private and public organizations, as an insider attack can cause extensive damage to organization assets much more than external attacks. Most existing approaches in the field of insider threat focused on detecting general insider attack scenarios. However, insider attacks can be carried out in different ways, and the most dangerous one is a data leakage attack that can be executed by a malicious insider before his\/her leaving an organization. This paper proposes a machine learning-based model for detecting such serious insider threat incidents. The proposed model addresses the possible bias of detection results that can occur due to an inappropriate encoding process by employing the feature scaling and one-hot encoding techniques. Furthermore, the imbalance issue of the utilized dataset is also addressed utilizing the synthetic minority oversampling technique (SMOTE). Well known machine learning algorithms are employed to detect the most accurate classifier that can detect data leakage events executed by malicious insiders during the sensitive period before they leave an organization. We provide a proof of concept for our model by applying it on CMU-CERT Insider Threat Dataset and comparing its performance with the ground truth. The experimental results show that our model detects insider data leakage events with an AUC-ROC value of 0.99, outperforming the existing approaches that are validated on the same dataset. The proposed model provides effective methods to address possible bias and class imbalance issues for the aim of devising an effective insider data leakage detection system.<\/jats:p>","DOI":"10.3390\/e23101258","type":"journal-article","created":{"date-parts":[[2021,9,27]],"date-time":"2021-09-27T21:40:30Z","timestamp":1632778830000},"page":"1258","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":164,"title":["An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques"],"prefix":"10.3390","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9783-919X","authenticated-orcid":false,"given":"Taher","family":"Al-Shehari","sequence":"first","affiliation":[{"name":"Computer Skills, Self-Development Department, Deanship of Common First Year, King Saud University, Riyadh 11362, Saudi Arabia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Rakan A.","family":"Alsowail","sequence":"additional","affiliation":[{"name":"Computer Skills, Self-Development Department, Deanship of Common First Year, King Saud University, Riyadh 11362, Saudi Arabia"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2021,9,27]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Lee, C., Iesiev, A., Usher, M., Harz, D., and McMillen, D. (2021, February 07). IBM X-Force Threat Intelligence Index. Available online: https:\/\/www.ibm.com\/security\/data-breach\/threat-intelligence.","DOI":"10.1016\/S1353-4858(21)00026-X"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Claycomb, W.R., and Nicoll, A. (2012, January 16\u201320). Insider Threats to Cloud Computing: Directions for New Research Challenges. Proceedings of the 2012 IEEE 36th Annual Computer Software and Applications Conference, Institute of Electrical and Electronics Engineers, Izmir, Turkey.","DOI":"10.1109\/COMPSAC.2012.113"},{"key":"ref_3","first-page":"4","article-title":"Insiders and insider threats an overview of definitions and mitigation techniques","volume":"2","author":"Hunker","year":"2011","journal-title":"J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Silowash, G., Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T.J., and Flynn, L. (2012). Common Sense Guide to Mitigating Insider Threats, Software Engineering Institute. [4th ed.]. Available online: https:\/\/apps.dtic.mil\/sti\/pdfs\/ADA585500.pdf.","DOI":"10.21236\/ADA585500"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"112","DOI":"10.1016\/j.istr.2010.11.002","article-title":"Assessing insider threats to information security using technical, behavioural and organisational measures","volume":"15","author":"Sarkar","year":"2010","journal-title":"Inf. Secur. Tech. Rep."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Erdin, E., Aksu, H., Uluagac, S., Vai, M., and Akkaya, K. (2018, January 29\u201331). OS Independent and Hardware-Assisted Insider Threat Detection and Prevention Framework. Proceedings of the 2018 IEEE Military Communications Conference (MILCOM2018), Los Angeles, CA, USA.","DOI":"10.1109\/MILCOM.2018.8599719"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"40626","DOI":"10.1109\/ACCESS.2018.2857450","article-title":"Micromovement Behavior as an Intention Detection Measurement for Preventing Insider Threats","volume":"6","author":"Almehmadi","year":"2018","journal-title":"IEEE Access"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Kim, J., Park, M., Cho, S., and Kang, P. (2019). Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms. Appl. Sci., 9.","DOI":"10.3390\/app9194018"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"472","DOI":"10.1016\/j.cose.2005.05.002","article-title":"The insider threat to information systems and the effective-ness of ISO17799","volume":"24","author":"Theoharidou","year":"2005","journal-title":"Comput. Secur."},{"key":"ref_10","unstructured":"Wong, W.K., Moore, A., Cooper, G., and Wagner, M. (2021, September 20). Rule-Based Anomaly Pattern Detection for Detecting Disease Outbreaks. Available online: https:\/\/www.aaai.org\/Papers\/AAAI\/2002\/AAAI02-034.pdf."},{"key":"ref_11","unstructured":"Cappelli, D.M., Moore, A.P., and Trzeciak, R.F. (2012). The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud), Addison-Wesley."},{"key":"ref_12","first-page":"39","article-title":"Multi-source fusion for anomaly detection: Using across-domain and across-time peer-group consistency checks","volume":"5","author":"Eldardiry","year":"2014","journal-title":"J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1080\/19361610.2011.529413","article-title":"Insider threat detection using a graph-based approach","volume":"6","author":"Eberle","year":"2010","journal-title":"J. Appl. Secur. Res."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Mayhew, M., Atighetchi, M., Adler, A., and Greenstadt, R. (2015, January 26\u201328). Use of machine learning in big data analytics for insider threat detection. Proceedings of the MILCOM 2015\u20142015 IEEE Military Communications Conference, Tampa, FL, USA.","DOI":"10.1109\/MILCOM.2015.7357562"},{"key":"ref_15","unstructured":"Alpaydin, E. (2020). Introduction to Machine Learning, MIT Press."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Silowash, L.F.G., Cappelli, D., Moore, A.P., Trzeciak, R.F., and Shimeall, T.J. (2012). Common Sense Guide to Mitigating Insider Threats, Software Engineering Institute, Carnegie Mellon University. [4th ed.]. Available online: http:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?AssetID=34017.","DOI":"10.21236\/ADA585500"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1397","DOI":"10.1109\/COMST.2018.2800740","article-title":"Detecting and Preventing Cyber Insider Threats: A Survey","volume":"20","author":"Liu","year":"2018","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"ref_18","first-page":"30","article-title":"Insight into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures","volume":"52","author":"Homoliak","year":"2018","journal-title":"ACM Comput. Surv."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"78385","DOI":"10.1109\/ACCESS.2020.2989739","article-title":"Empirical Detection Techniques of Insider Threat Incidents","volume":"8","author":"Alsowail","year":"2020","journal-title":"IEEE Access"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"102221","DOI":"10.1016\/j.cose.2021.102221","article-title":"Deep learning for insider threat detection: Review, challenges and opportunities","volume":"104","author":"Yuan","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"78847","DOI":"10.1109\/ACCESS.2020.2990195","article-title":"A Review of Insider Threat Detection Approaches with IoT Perspective","volume":"8","author":"Kim","year":"2020","journal-title":"IEEE Access"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Al-Mhiqani, M., Ahmad, R., Abidin, Z., Yassin, W., Hassan, A., Abdulkareem, K., Ali, N., and Yunos, Z. (2020). A Review of Insider Threat Detection: Classification, Machine Earning Techniques, Datasets, Open Challenges, and Recommendations. Appl. Sci., 10.","DOI":"10.3390\/app10155208"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","article-title":"A survey of data mining and machine learning methods for cyber security intrusion detection","volume":"18","author":"Buczak","year":"2016","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"303","DOI":"10.1109\/SURV.2013.052213.00046","article-title":"Network Anomaly Detection: Methods, Systems and Tools","volume":"16","author":"Bhuyan","year":"2013","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_25","first-page":"57","article-title":"Improving Operating System Fingerprinting using Machine Learning Techniques","volume":"6","author":"Shahzad","year":"2014","journal-title":"Int. J. Comput. Theory Eng."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"1917","DOI":"10.1007\/s10586-018-2817-4","article-title":"An empirical study of web browsers\u2019 resistance to traffic analysis and website fingerprinting attacks","volume":"21","author":"Zhioua","year":"2018","journal-title":"Clust. Comput."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Eberle, W., Holder, L., and Cook, D. (2009). Identifying Threats Using Graph-based Anomaly Detection. Machine Learning in Cyber Trust, Springer.","DOI":"10.1007\/978-0-387-88735-7_4"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/MSP.2009.110","article-title":"Detecting Insider Theft of Trade Secrets","volume":"7","author":"Caputo","year":"2009","journal-title":"IEEE Secur. Priv. Mag."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Parveen, P., and Thuraisingham, B. (2012, January 11\u201314). Unsupervised incremental sequence learning for insider threat detection. Proceedings of the 2012 IEEE International Conference on Intelligence and Security Informatics, Washington, DC, USA.","DOI":"10.1109\/ISI.2012.6284271"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"1393","DOI":"10.1145\/2487575.2488213","article-title":"Detecting insider threats in a real corporate database of computer usage activity","volume":"Volume Part F1288","author":"Senator","year":"2013","journal-title":"Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Rashid, T., Agrafiotis, I., and Nurse, J.R. (2016, January 28). A New Take on Detecting Insider Threats. Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, Vienna, Austria.","DOI":"10.1145\/2995959.2995964"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Thompson, H., Stolfo, S.J., Keromytis, A.D., and Hershkop, S. (2011). Anomaly Detection at Multiple Scales (ADAMS), Defense Technical Information Center (DTIC).","DOI":"10.21236\/ADA552461"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Eldardiry, H., Bart, E., Liu, J., Hanley, J., Price, B., and Brdiczka, O. (2013, January 23\u201324). Multi-domain information fusion for insider threat detection. Proceedings of the 2013 IEEE Security and Privacy Workshops, San Francisco, CA, USA.","DOI":"10.1109\/SPW.2013.14"},{"key":"ref_34","unstructured":"Gavai, G., Sricharan, K., Gunning, D., Hanley, J., Singhal, M., and Rolleston, R. Supervised and unsupervised methods to detect insider threat from enterprise social and online activity data. Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats (MIST \u201915), Dallas, TX, USA, 30 October 2017."},{"key":"ref_35","unstructured":"Goldberg, H., Young, W., Reardon, M., Phillips, B., and Senator, T. (2021, September 20). Insider Threat Detection in PRODIGAL. Available online: https:\/\/aisel.aisnet.org\/hicss-50\/eg\/insider_threat\/3\/."},{"key":"ref_36","first-page":"181","article-title":"Modeling User Search Behavior for Masquerade Detection","volume":"Volume 6961","author":"Stolfo","year":"2011","journal-title":"Programming Languages and Systems"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Toffalini, F., Homoliak, I., Harilal, A., Binder, A., and Ochoa, M. (2018, January 24). Detection of Masqueraders Based on Graph Partitioning of File System Access Events. Proceedings of the 2018 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA.","DOI":"10.1109\/SPW.2018.00037"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Alsowail, R., and Al-Shehari, T. (2021). A Multi-Tiered Framework for Insider Threat Prevention. Electronics, 10.","DOI":"10.3390\/electronics10091005"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Georgiadou, A., Mouzakitis, S., and Askounis, D. (2021). Detecting Insider Threat via a Cyber-Security Culture Framework. J. Comput. Inf. Syst., 1\u201311.","DOI":"10.1080\/08874417.2021.1903367"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Alhajjar, E., and Bradley, T. (2021). Survival analysis for insider threat. Comput. Math. Organ. Theory, 1\u201317.","DOI":"10.1007\/s10588-021-09341-0"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"136","DOI":"10.1007\/s41635-020-00092-z","article-title":"USB-Watch: A Generalized Hardware-Assisted Insider Threat Detection Framework","volume":"4","author":"Denney","year":"2020","journal-title":"J. Hardw. Syst. Secur."},{"key":"ref_42","unstructured":"Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., and Robinson, S. (2017, January 4\u20135). Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. Proceedings of the Artificial Intelligence for Cyber Security Workshop (AAAI-2017), San Francisco, CA, USA."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"471","DOI":"10.1109\/JSYST.2016.2558507","article-title":"Detecting Insider Threats Using RADISH: A System for Real-Time Anomaly Detection in Heterogeneous Data Streams","volume":"11","author":"Bose","year":"2017","journal-title":"IEEE Syst. J."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Le, D.C., Khanchi, S., Zincir-Heywood, A.N., Heywood, M.I., and Le, D.C. (2018, January 15\u201319). Benchmarking evolutionary computation approaches to insider threat detection. Proceedings of the Genetic and Evolutionary Computation Conference, Kyoto, Japan.","DOI":"10.1145\/3205455.3205612"},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1109\/TNSM.2020.2967721","article-title":"Analyzing Data Granularity Levels for Insider Threat Detection Using Machine Learning","volume":"17","author":"Le","year":"2020","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Tian, Z., Shi, W., Tan, Z., Qiu, J., Sun, Y., Jiang, F., and Liu, Y. (2020). Deep Learning and Dempster-Shafer Theory Based Insider Threat Detection. Mob. Netw. Appl., 1\u201310.","DOI":"10.1007\/s11036-020-01656-7"},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Sav, U., and Magar, G. (2020). Insider Threat Detection Based on Anomalous Behavior of User for Cybersecurity. Inventive Computation and Information Technologies, Springer.","DOI":"10.1007\/978-981-15-5309-7_3"},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"102314","DOI":"10.1016\/j.cose.2021.102314","article-title":"Using alternate reality games to find a needle in a haystack: An approach for testing insider threat detection methods","volume":"107","author":"Wasko","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_49","unstructured":"CERT (2020). Insider Threat Test Dataset, Software Engineering Institute, Carnegie Mellon University. Available online: https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetid=508099."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Glasser, J., and Lindauer, B. (2013, January 23\u201324). Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data. Proceedings of the 2013 IEEE Security and Privacy Workshops, San Francisco, CA, USA.","DOI":"10.1109\/SPW.2013.37"},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"El Affendi, M.A., and Al Rajhi, K.H.S. Text encoding for deep learning neural networks: A reversible base 64 (Tetrasexagesimal) Integer Transformation (RIT64) alternative to one hot encoding with applications to Arabic morphology. Proceedings of the 2018 Sixth International Conference on Digital Information, Networking and Wireless Communications (DINWC), Beirut, Lebanon, 25\u201327 April 2018.","DOI":"10.1109\/DINWC.2018.8356998"},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"538","DOI":"10.4028\/www.scientific.net\/AMR.179-180.538","article-title":"Windows-Based Analysis for HFS+ File System","volume":"179\u2013180","author":"Su","year":"2011","journal-title":"Adv. Mater. Res."},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"5268","DOI":"10.1016\/j.eswa.2010.10.031","article-title":"Comparing machine learning classifiers in potential distribution modelling","volume":"38","author":"Lorena","year":"2011","journal-title":"Expert Syst. Appl."},{"key":"ref_54","first-page":"1","article-title":"An Introduction to Data Mining","volume":"Volume 134","author":"Apostolakis","year":"2009","journal-title":"Data Mining in Crystallography"},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Cutler, A., Cutler, D.R., and Stevens, J.R. (2012). Random forests. Ensemble Machine Learning, Springer.","DOI":"10.1007\/978-1-4419-9326-7_5"},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Korb, K.B., and Nicholson, A.E. (2010). Bayesian Network Classifiers. Bayesian Artificial Intelligence, CRC Press.","DOI":"10.1201\/b10391"},{"key":"ref_57","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1023\/A:1007413511361","article-title":"On the Optimality of the Simple Bayesian Classifier under Zero-One Loss","volume":"29","author":"Domingos","year":"1997","journal-title":"Mach. Learn."},{"key":"ref_58","doi-asserted-by":"crossref","first-page":"567","DOI":"10.1198\/jasa.2004.s339","article-title":"The Elements of Statistical Learning: Data Mining, Inference, and Prediction","volume":"99","author":"Ruppert","year":"2004","journal-title":"J. Am. Stat. Assoc."},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Hussain, M., Wajid, S.K., Elzaart, A., and Berbar, M. (2011, January 17\u201319). A Comparison of SVM Kernel Functions for Breast Cancer Detection. Proceedings of the 2011 Eighth International Conference Computer Graphics, Imaging and Visualization, Singapore.","DOI":"10.1109\/CGIV.2011.31"},{"key":"ref_60","doi-asserted-by":"crossref","unstructured":"Patle, A., and Chouhan, D.S. (2013, January 23\u201325). SVM kernel functions for classification. Proceedings of the 2013 International Conference on Advances in Technology and Engineering (ICATE), Mumbai, India.","DOI":"10.1109\/ICAdTE.2013.6524743"},{"key":"ref_61","unstructured":"Moreno, P.J., Ho, P.P., and Vasconcelos, N. (2021, September 20). A Kullback-Leibler Divergence Based Kernel for SVM Classification in Multimedia Applications. Available online: https:\/\/www.hpl.hp.com\/techreports\/2004\/HPL-2004-4.pdf."},{"key":"ref_62","first-page":"302","article-title":"Book Review-C4. 5: Programs for machine learning","volume":"240","author":"Salzberg","year":"1993","journal-title":"Mach. Learn."},{"key":"ref_63","unstructured":"Le, D.C., and Zincir-Heywood, A.N. (2019, January 8\u201312). Machine learning based insider threat modelling and detection. Proceedings of the 2019 IFIP\/IEEE Symposium on Integrated Network and Service Management (IM 2019), Arlington, VA, USA."},{"key":"ref_64","doi-asserted-by":"crossref","unstructured":"Kubat, M. (2017). An Introduction to Machine Learning, Springer.","DOI":"10.1007\/978-3-319-63913-0"},{"key":"ref_65","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/j.knosys.2011.06.013","article-title":"On the effectiveness of preprocessing methods when dealing with different levels of class imbalance","volume":"25","author":"Mollineda","year":"2012","journal-title":"Knowl.-Based Syst."},{"key":"ref_66","doi-asserted-by":"crossref","first-page":"875","DOI":"10.1007\/978-0-387-09823-4_45","article-title":"Data Mining for Imbalanced Datasets: An Overview","volume":"30","author":"Chawla","year":"2009","journal-title":"Data Min. Knowl. Discov. Handb."},{"key":"ref_67","unstructured":"G\u00e9ron, A. (2019). Hands-on Machine Learning with Scikit-Learn, Keras and TensorFlow: Concepts, Tools, and Techniques to Build Intelligent Systems, O\u2019Reilly Media, Inc."},{"key":"ref_68","doi-asserted-by":"crossref","first-page":"427","DOI":"10.1016\/j.ipm.2009.03.002","article-title":"A systematic analysis of performance measures for classification tasks","volume":"45","author":"Sokolova","year":"2009","journal-title":"Inf. Process. Manag."},{"key":"ref_69","doi-asserted-by":"crossref","unstructured":"Abadi, M. (2016, January 18\u201324). TensorFlow: Learning functions at scale. Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming, Nara, Japan.","DOI":"10.1145\/2951913.2976746"},{"key":"ref_70","doi-asserted-by":"crossref","unstructured":"Farahnakian, F., and Heikkonen, J. (2018, January 11\u201314). A deep auto-encoder based approach for intrusion detection system. Proceedings of the 2018 20th International Conference on Advanced Communication Technology (ICACT), Chuncheon-si, Korea.","DOI":"10.23919\/ICACT.2018.8323688"},{"key":"ref_71","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1016\/j.imavis.2018.04.004","article-title":"Beyond one-hot encoding: Lower dimensional target embedding","volume":"75","author":"Bautista","year":"2018","journal-title":"Image Vis. Comput."},{"key":"ref_72","first-page":"735","article-title":"A Novel Synthetic Minority Oversampling Technique for Imbalanced Data Set Learning","volume":"7063","author":"Barua","year":"2011","journal-title":"Program. Lang. Syst."},{"key":"ref_73","first-page":"573","article-title":"An Integrated Imbalanced Learning and Deep Neural Network Model for Insider Threat Detection","volume":"12","author":"Ahmed","year":"2021","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_74","doi-asserted-by":"crossref","unstructured":"Gamachchi, A., and Boztas, S. (2017, January 1\u20134). Insider Threat Detection Through Attributed Graph Clustering. Proceedings of the 2017 IEEE Trustcom\/BigDataSE\/ICESS, Sydney, NSW, Australia.","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.227"},{"key":"ref_75","doi-asserted-by":"crossref","unstructured":"Hall, A.J., Pitropakis, N., Buchanan, W.J., and Moradpoor, N. (2018, January 10\u201313). Predicting malicious insider threat scenarios using organiza-tional data and a heterogeneous stack-classifier. Proceedings of the 2018 IEEE International Conference on Big Data (Big Data), Seattle, WA, USA.","DOI":"10.1109\/BigData.2018.8621922"},{"key":"ref_76","doi-asserted-by":"crossref","first-page":"1152","DOI":"10.1109\/TNSM.2021.3071928","article-title":"Anomaly Detection for Insider Threats Using Unsupervised Ensembles","volume":"18","author":"Le","year":"2021","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_77","doi-asserted-by":"crossref","unstructured":"Sharma, B., Pokharel, P., and Joshi, B. (2020, January 1\u20133). User Behavior Analytics for Anomaly Detection Using LSTM Autoencoder\u2014Insider Threat Detection. Proceedings of the 11th International Conference on Advances in Information Technology, Bangkok, Thailand.","DOI":"10.1145\/3406601.3406610"},{"key":"ref_78","doi-asserted-by":"crossref","unstructured":"Singh, M., Mehtre, B.M., and Sangeetha, S. (2020). Insider Threat Detection Based on User Behaviour Analysis. Machine Learning, Image Processing, Network Security and Data Sciencese, Springer.","DOI":"10.1007\/978-981-15-6318-8_45"},{"key":"ref_79","doi-asserted-by":"crossref","unstructured":"Wang, J., Cai, L., Yu, A., and Meng, D. (2019, January 4\u20136). Embedding Learning with Heterogeneous Event Sequence for Insider Threat Detection. Proceedings of the 2019 IEEE 31st International Conference on Tools with Artificial Intelligence (ICTAI), Portland, OR, USA.","DOI":"10.1109\/ICTAI.2019.00134"},{"key":"ref_80","unstructured":"Ye, X., and Han, M.-M. (2021, September 20). An Improved Feature Extraction Algorithm for Insider Threat Using Hidden Markov Model on User Be-Havior Detection. Available online: https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-12-2019-0142\/full\/html."},{"key":"ref_81","doi-asserted-by":"crossref","unstructured":"Yuan, F., Shang, Y., Liu, Y., Cao, Y., and Tan, J. (2019). Attention-Based LSTM for Insider Threat Detection. Applications and Techniques in Information Security, Springer.","DOI":"10.1007\/978-981-15-0871-4_15"},{"key":"ref_82","doi-asserted-by":"crossref","unstructured":"Yuan, F., Shang, Y., Liu, Y., Cao, Y., and Tan, J. (2020, January 9\u201311). Data Augmentation for Insider Threat Detection with GAN. Proceedings of the 2020 IEEE 32nd International Conference on Tools with Artificial Intelligence (ICTAI), Baltimore, MD, USA.","DOI":"10.1109\/ICTAI50040.2020.00102"}],"container-title":["Entropy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1099-4300\/23\/10\/1258\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T07:05:58Z","timestamp":1760166358000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1099-4300\/23\/10\/1258"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,27]]},"references-count":82,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2021,10]]}},"alternative-id":["e23101258"],"URL":"https:\/\/doi.org\/10.3390\/e23101258","relation":{},"ISSN":["1099-4300"],"issn-type":[{"value":"1099-4300","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,27]]}}}