{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T01:04:35Z","timestamp":1760231075862,"version":"build-2065373602"},"reference-count":22,"publisher":"MDPI AG","issue":"17","license":[{"start":{"date-parts":[[2022,8,28]],"date-time":"2022-08-28T00:00:00Z","timestamp":1661644800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Natural Science Foundation of China (NSFC)","award":["61901447","E25467U2"],"award-info":[{"award-number":["61901447","E25467U2"]}]},{"name":"Xiejialin Project of Institute of High Energy Physics","award":["61901447","E25467U2"],"award-info":[{"award-number":["61901447","E25467U2"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>With the wide application of Internet of things (IoT) devices in enterprises, the traditional boundary defense mechanisms are difficult to satisfy the demands of the insider threats detection. IoT insider threat detection can be more challenging, since internal employees are born with the ability to escape the deployed information security mechanism, such as firewalls and endpoint protection. In order to detect internal attacks more accurately, we can analyze users\u2019 web browsing behaviors to identify abnormal users. The existing web browsing behavior anomaly detection methods ignore the dynamic change of the web browsing behavior of the target user and the behavior consistency of the target user in its peer group, which results in a complex modeling process, low system efficiency and low detection accuracy. Therefore, the paper respectively proposes the individual user behavior model and the peer-group behavior model to characterize the abnormal dynamic change of user browsing behavior and compare the mutual behavioral inconsistency among one peer-group. Furthermore, the fusion model is presented for insider threat detection which simultaneously considers individual behavioral abnormal dynamic changes and mutual behavioral dynamic inconsistency from peers. The experimental results show that the proposed fusion model can accurately detect insider threat based on the abnormal user web browsing behaviors in the enterprise networks.<\/jats:p>","DOI":"10.3390\/s22176471","type":"journal-article","created":{"date-parts":[[2022,8,30]],"date-time":"2022-08-30T01:37:55Z","timestamp":1661823475000},"page":"6471","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Fusion Model Based on Dynamic Web Browsing Behavior Analysis for IoT Insider Threat Detection"],"prefix":"10.3390","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5164-5023","authenticated-orcid":false,"given":"Jiarong","family":"Wang","sequence":"first","affiliation":[{"name":"Institute of High Energy Physics, Chinese Academy of Sciences, 19B Yuquan Road, Shijingshan District, Beijing 100049, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7739-371X","authenticated-orcid":false,"given":"Junyi","family":"Liu","sequence":"additional","affiliation":[{"name":"Institute of High Energy Physics, Chinese Academy of Sciences, 19B Yuquan Road, Shijingshan District, Beijing 100049, China"}]},{"given":"Tian","family":"Yan","sequence":"additional","affiliation":[{"name":"Institute of High Energy Physics, Chinese Academy of Sciences, 19B Yuquan Road, Shijingshan District, Beijing 100049, China"}]},{"given":"Mingshan","family":"Xia","sequence":"additional","affiliation":[{"name":"Institute of High Energy Physics, Chinese Academy of Sciences, 19B Yuquan Road, Shijingshan District, Beijing 100049, China"}]},{"given":"Jianshu","family":"Hong","sequence":"additional","affiliation":[{"name":"Institute of High Energy Physics, Chinese Academy of Sciences, 19B Yuquan Road, Shijingshan District, Beijing 100049, China"}]},{"given":"Caiqiu","family":"Zhou","sequence":"additional","affiliation":[{"name":"Institute of High Energy Physics, Chinese Academy of Sciences, 19B Yuquan Road, Shijingshan District, Beijing 100049, China"}]}],"member":"1968","published-online":{"date-parts":[[2022,8,28]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Ning, Z., Sun, S., Wang, X., Guo, L., Guo, S., Hu, X., Hu, B., and Kwok, R.Y.K. (2021). Blockchain-enabled Intelligent Transportation Systems: A Distributed Crowdsensing Framework. IEEE Trans. Mob. Comput.","DOI":"10.1109\/TMC.2021.3079984"},{"key":"ref_2","unstructured":"Wang, F. (2021). Research on the Detection and Discovery of Malicious Nodes in the Internet of Things. [Master\u2019s Thesis, North China University of Water Resources and Electric Power]."},{"key":"ref_3","first-page":"1065","article-title":"Anomaly IoT Node Detection Based on Local Outlier Factor and Time Series","volume":"64","author":"Wang","year":"2020","journal-title":"Comput. Mater. Contin."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1046","DOI":"10.1016\/j.procs.2019.09.273","article-title":"Energy Consumption Metrics for Mobile Device Dynamic Malware Detection","volume":"159","author":"Fasano","year":"2019","journal-title":"Procedia Comput. Sci."},{"key":"ref_5","unstructured":"Ning, Z., Yang, Y., Wang, X., Guo, L., Gao, X., Guo, S., and Wang, G. (2021). Dynamic Computation Offloading and Server Deployment for UAV-Enabled Multi-Access Edge Computing. IEEE Trans. Mob. Comput."},{"key":"ref_6","unstructured":"Wang, X., Ning, Z., Guo, S., Wen, M., Guo, L., and Poor, H.V. (2021). Dynamic UAV Deployment for Differentiated Services: A Multi-Agent Imitation Learning Based Approach. IEEE Trans. Mob. Comput."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"162303","DOI":"10.1007\/s11432-020-3125-y","article-title":"Intelligent Resource Allocation in Mobile Blockchain for Privacy and Security Transactions: A Deep Reinforcement Learning based Approach","volume":"64","author":"Ning","year":"2021","journal-title":"Sci. China Inf. Sci."},{"key":"ref_8","unstructured":"Cappelli, D.M., Moore, A.P., and Trzeciak, R.F. (2012). The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud), Addison-Wesley."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Liang, N., and Biros, D. (2016, January 5\u20138). Validating common characteristics of malicious insiders: Proof of concept study. Proceedings of the 2016 49th Hawaii International Conference on System Sciences (HICSS), Koloa, HI, USA.","DOI":"10.1109\/HICSS.2016.463"},{"key":"ref_10","unstructured":"Stolfo, S.J., Bellovin, S.M., Hershkop, S., Keromytis, A., Sinclair, S., and Smith, S.W. (2010). Insider Attack and Cyber Security: Beyond the Hacker, Springer Publishing Company."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1109\/JSYST.2012.2223531","article-title":"Anomaly detection based secure in-network aggregation for wireless sensor networks","volume":"7","author":"Sun","year":"2013","journal-title":"IEEE Syst. J."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"78847","DOI":"10.1109\/ACCESS.2020.2990195","article-title":"A Review of Insider Threat Detection Approaches With IoT Perspective","volume":"8","author":"Kim","year":"2020","journal-title":"IEEE Access"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Erdem, I., Oguz, R.F., Olmezogullari, E., and Aktas, M.S. (2021, January 15\u201318). Test Script Generation Based on Hidden Markov Models Learning from User Browsing Behaviors. Proceedings of the 2021 IEEE International Conference on Big Data (Big Data), Orlando, FL, USA.","DOI":"10.1109\/BigData52589.2021.9671312"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"266","DOI":"10.2991\/ijcis.d.201126.002","article-title":"User Community Detection from Web Server Log Using between User Similarity Metric","volume":"14","author":"Bhuvaneswari","year":"2021","journal-title":"Int. J. Comput. Intell. Syst."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"2547","DOI":"10.1016\/j.eswa.2014.10.032","article-title":"Dynamic user profiles for web personalisation","volume":"42","author":"Hawalah","year":"2015","journal-title":"Expert Syst. Appl."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Radinsky, K., Svore, K., Dumais, S., Teevan, J., Bocharov, A., and Horvitz, E. (2012, January 16\u201320). Modeling and predicting behavioral dynamics on the web. Proceedings of the International Conference on World Wide Web, Lyon, France.","DOI":"10.1145\/2187836.2187918"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Al-Bataineh, A., and White, G. (2012, January 16\u201318). Analysis and detection of malicious data exltration in web traffic. Proceedings of the 2012 7th International Conference on Malicious and Unwanted Software, Fajardo, PR, USA.","DOI":"10.1109\/MALWARE.2012.6461004"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"100034","DOI":"10.1016\/j.hcc.2021.100034","article-title":"User behaviour analysis using data analytics and machine learning to predict malicious user versus legitimate user","volume":"2","author":"Ranjan","year":"2022","journal-title":"High-Confid. Comput."},{"key":"ref_19","unstructured":"Vassio, L., and Mellia, M. (2019, January 8\u201312). Data Analysis and Modelling of Users\u2019 Behavior on the Web. Proceedings of the 2019 IFIP\/IEEE Symposium on Integrated Network and Service Management (IM), Arlington, VA, USA."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"261","DOI":"10.1016\/j.dss.2010.03.001","article-title":"Web User Behavioral Profiling for User Identification","volume":"49","author":"Yang","year":"2010","journal-title":"Decis. Support Syst."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Fan, X., Chow, K., and Xu, F. (2014). Web User Profiling Based on Browsing Behavior Analysis. Advances in Digital Forensics X, Springer.","DOI":"10.1007\/978-3-662-44952-3_5"},{"key":"ref_22","unstructured":"Pavan, M., and Pelillo, M. (2003, January 18\u201320). A new graph-theoretic approach to clustering and segmentation. Proceedings of the 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR\u201903), Madison, WI, USA."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/17\/6471\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:19:00Z","timestamp":1760141940000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/17\/6471"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,28]]},"references-count":22,"journal-issue":{"issue":"17","published-online":{"date-parts":[[2022,9]]}},"alternative-id":["s22176471"],"URL":"https:\/\/doi.org\/10.3390\/s22176471","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2022,8,28]]}}}