{"id":"https://openalex.org/W4415369731","doi":"https://doi.org/10.1002/spy2.70122","title":"An Efficient Insider Threat Detection Framework Using Bayesian\u2010Optimized <scp>XGBoost</scp>","display_name":"An Efficient Insider Threat Detection Framework Using Bayesian\u2010Optimized <scp>XGBoost</scp>","publication_year":2025,"publication_date":"2025-10-20","ids":{"openalex":"https://openalex.org/W4415369731","doi":"https://doi.org/10.1002/spy2.70122"},"language":"en","primary_location":{"id":"doi:10.1002/spy2.70122","is_oa":false,"landing_page_url":"https://doi.org/10.1002/spy2.70122","pdf_url":null,"source":{"id":"https://openalex.org/S4210233143","display_name":"Security and Privacy","issn_l":"2475-6725","issn":["2475-6725"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320595","host_organization_name":"Wiley","host_organization_lineage":["https://openalex.org/P4310320595"],"host_organization_lineage_names":["Wiley"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"SECURITY AND PRIVACY","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5027321726","display_name":"Ambairam Muthu Sivakrishna","orcid":"https://orcid.org/0000-0002-0984-9890"},"institutions":[{"id":"https://openalex.org/I122964287","display_name":"National Institute of Technology Tiruchirappalli","ror":"https://ror.org/047x65e68","country_code":"IN","type":"education","lineage":["https://openalex.org/I122964287"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Ambairam Muthu Sivakrishna","raw_affiliation_strings":["Department of CSE National Institute of Technology  Tiruchirappalli India"],"raw_orcid":"https://orcid.org/0000-0002-0984-9890","affiliations":[{"raw_affiliation_string":"Department of CSE National Institute of Technology  Tiruchirappalli India","institution_ids":["https://openalex.org/I122964287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001178161","display_name":"R. Mohan","orcid":null},"institutions":[{"id":"https://openalex.org/I122964287","display_name":"National Institute of Technology Tiruchirappalli","ror":"https://ror.org/047x65e68","country_code":"IN","type":"education","lineage":["https://openalex.org/I122964287"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"R. Mohan","raw_affiliation_strings":["Department of CSE National Institute of Technology  Tiruchirappalli India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of CSE National Institute of Technology  Tiruchirappalli India","institution_ids":["https://openalex.org/I122964287"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019453821","display_name":"Valaparla Rohini","orcid":"https://orcid.org/0000-0002-4585-2886"},"institutions":[{"id":"https://openalex.org/I122964287","display_name":"National Institute of Technology Tiruchirappalli","ror":"https://ror.org/047x65e68","country_code":"IN","type":"education","lineage":["https://openalex.org/I122964287"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Valaparla Rohini","raw_affiliation_strings":["Department of CSE National Institute of Technology  Tiruchirappalli India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of CSE National Institute of Technology  Tiruchirappalli India","institution_ids":["https://openalex.org/I122964287"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5027321726"],"corresponding_institution_ids":["https://openalex.org/I122964287"],"apc_list":{"value":3140,"currency":"USD","value_usd":3140},"apc_paid":null,"fwci":2.5506,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.90836021,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":"8","issue":"6","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.995199978351593,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/overfitting","display_name":"Overfitting","score":0.6766999959945679},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.6510999798774719},{"id":"https://openalex.org/keywords/oversampling","display_name":"Oversampling","score":0.554099977016449},{"id":"https://openalex.org/keywords/feature-engineering","display_name":"Feature engineering","score":0.5241000056266785},{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.5194000005722046},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.512499988079071},{"id":"https://openalex.org/keywords/boosting","display_name":"Boosting (machine learning)","score":0.48579999804496765},{"id":"https://openalex.org/keywords/baseline","display_name":"Baseline (sea)","score":0.37950000166893005},{"id":"https://openalex.org/keywords/feature-extraction","display_name":"Feature extraction","score":0.36820000410079956}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7348999977111816},{"id":"https://openalex.org/C22019652","wikidata":"https://www.wikidata.org/wiki/Q331309","display_name":"Overfitting","level":3,"score":0.6766999959945679},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6751999855041504},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.6510999798774719},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6103000044822693},{"id":"https://openalex.org/C197323446","wikidata":"https://www.wikidata.org/wiki/Q331222","display_name":"Oversampling","level":3,"score":0.554099977016449},{"id":"https://openalex.org/C2778827112","wikidata":"https://www.wikidata.org/wiki/Q22245680","display_name":"Feature engineering","level":3,"score":0.5241000056266785},{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.5194000005722046},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.512499988079071},{"id":"https://openalex.org/C46686674","wikidata":"https://www.wikidata.org/wiki/Q466303","display_name":"Boosting (machine learning)","level":2,"score":0.48579999804496765},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4625999927520752},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.37950000166893005},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.36820000410079956},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.3662000000476837},{"id":"https://openalex.org/C160920958","wikidata":"https://www.wikidata.org/wiki/Q7662746","display_name":"Synthetic data","level":2,"score":0.36010000109672546},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.34540000557899475},{"id":"https://openalex.org/C107673813","wikidata":"https://www.wikidata.org/wiki/Q812534","display_name":"Bayesian probability","level":2,"score":0.33959999680519104},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3246999979019165},{"id":"https://openalex.org/C152124472","wikidata":"https://www.wikidata.org/wiki/Q1204361","display_name":"Redundancy (engineering)","level":2,"score":0.30230000615119934},{"id":"https://openalex.org/C52001869","wikidata":"https://www.wikidata.org/wiki/Q812530","display_name":"Naive Bayes classifier","level":3,"score":0.30149999260902405},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.2992999851703644},{"id":"https://openalex.org/C70153297","wikidata":"https://www.wikidata.org/wiki/Q5591907","display_name":"Gradient boosting","level":3,"score":0.2831000089645386},{"id":"https://openalex.org/C177148314","wikidata":"https://www.wikidata.org/wiki/Q170084","display_name":"Generalization","level":2,"score":0.27970001101493835},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.2669999897480011},{"id":"https://openalex.org/C148483581","wikidata":"https://www.wikidata.org/wiki/Q446488","display_name":"Feature selection","level":2,"score":0.265500009059906},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.26350000500679016},{"id":"https://openalex.org/C85617194","wikidata":"https://www.wikidata.org/wiki/Q2072794","display_name":"Particle swarm optimization","level":2,"score":0.2630000114440918},{"id":"https://openalex.org/C83665646","wikidata":"https://www.wikidata.org/wiki/Q42139305","display_name":"Feature vector","level":2,"score":0.2540000081062317},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.25380000472068787}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1002/spy2.70122","is_oa":false,"landing_page_url":"https://doi.org/10.1002/spy2.70122","pdf_url":null,"source":{"id":"https://openalex.org/S4210233143","display_name":"Security and Privacy","issn_l":"2475-6725","issn":["2475-6725"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320595","host_organization_name":"Wiley","host_organization_lineage":["https://openalex.org/P4310320595"],"host_organization_lineage_names":["Wiley"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"SECURITY AND PRIVACY","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W2025519999","https://openalex.org/W2771022952","https://openalex.org/W2790664081","https://openalex.org/W2888160480","https://openalex.org/W2984000590","https://openalex.org/W2985983260","https://openalex.org/W3000429356","https://openalex.org/W3044818515","https://openalex.org/W3093545390","https://openalex.org/W3102089875","https://openalex.org/W3128317221","https://openalex.org/W3145733289","https://openalex.org/W3153493802","https://openalex.org/W3185290060","https://openalex.org/W3200821063","https://openalex.org/W3202733154","https://openalex.org/W3217083123","https://openalex.org/W4220705580","https://openalex.org/W4221006043","https://openalex.org/W4288083473","https://openalex.org/W4317569503","https://openalex.org/W4323262326","https://openalex.org/W4328053447","https://openalex.org/W4377093659","https://openalex.org/W4383103607","https://openalex.org/W4385076040","https://openalex.org/W4387365242","https://openalex.org/W4389270910","https://openalex.org/W4390343272","https://openalex.org/W4391842269","https://openalex.org/W4396909769","https://openalex.org/W4406063523","https://openalex.org/W4407185277","https://openalex.org/W4407214439","https://openalex.org/W4408527302","https://openalex.org/W4412748217"],"related_works":[],"abstract_inverted_index":{"ABSTRACT":[0],"Insider":[1],"threats":[2],"remain":[3],"one":[4],"of":[5,31,43,110,207,222,233],"the":[6,41,157,193,218,223,230,234],"most":[7],"challenging":[8],"issues":[9],"in":[10],"cybersecurity,":[11],"as":[12],"malicious":[13],"activities":[14],"are":[15,22,131],"carried":[16],"out":[17],"by":[18],"legitimate":[19],"users":[20],"and":[21,48,58,107,144,160,169,204,215,220],"difficult":[23],"to":[24,36,104,133],"distinguish":[25],"from":[26,55],"normal":[27],"behavior.":[28],"The":[29,96,113,138,176],"rarity":[30],"insider":[32,67],"events":[33],"further":[34,99],"leads":[35],"highly":[37],"imbalanced":[38,170],"datasets,":[39],"reducing":[40],"effectiveness":[42],"conventional":[44],"rule\u2010based,":[45],"machine":[46],"learning,":[47],"deep":[49],"learning":[50],"approaches,":[51],"which":[52],"often":[53],"suffer":[54],"low":[56],"precision":[57],"high":[59],"false":[60],"positive":[61],"rates.":[62],"This":[63],"work":[64],"proposes":[65],"an":[66],"threat":[68],"detection":[69,185],"framework":[70,97,236],"based":[71],"on":[72,118,142,149,156,191,213],"Extreme":[73],"Gradient":[74],"Boosting":[75],"(XGBoost)":[76],"optimized":[77],"with":[78,91],"Bayesian":[79],"Optimization":[80],"(BO).":[81],"Class":[82],"imbalance":[83],"is":[84,98,116,140,164,211],"addressed":[85],"using":[86],"Synthetic":[87],"Minority":[88],"Oversampling":[89],"Technique":[90],"Edited":[92],"Nearest":[93],"Neighbors":[94],"(SMOTEENN).":[95],"strengthened":[100],"through":[101],"feature":[102,136,181],"engineering":[103,182],"capture":[105],"behavioral":[106],"temporal":[108],"patterns":[109],"user":[111],"activity.":[112],"proposed":[114,235],"methodology":[115],"assessed":[117],"Carnegie":[119],"Mellon":[120],"University's":[121],"(CMU)":[122],"CERTr4.2":[123],"synthetic":[124],"dataset,":[125],"where":[126],"single\u2010day":[127],"sequential":[128],"activity":[129],"logs":[130],"processed":[132],"obtain":[134],"numerical":[135],"vectors.":[137],"model":[139,194],"trained":[141],"r4.2":[143,150],"subsequently":[145],"evaluated":[146,190],"not":[147],"only":[148],"but":[151],"also":[152],"tested":[153],"for":[154],"generalization":[155],"newer":[158],"r5.2":[159,214],"r6.2":[161],"datasets.":[162,226],"Performance":[163],"measured":[165],"under":[166],"both":[167],"balanced":[168],"configurations":[171],"across":[172,225],"different":[173],"data":[174],"ratios.":[175],"results":[177],"consistently":[178],"demonstrate":[179],"that":[180],"significantly":[183],"improves":[184],"capability.":[186],"In":[187],"particular,":[188],"when":[189],"r4.2,":[192],"achieves":[195],"99.0%":[196],"accuracy,":[197],"96.2%":[198],"precision,":[199],"96.9%":[200],"recall,":[201],"96.6%":[202],"F1\u2010score,":[203],"a":[205],"ROC\u2010AUC":[206],"99.7%.":[208],"Comparable":[209],"robustness":[210],"observed":[212],"r6.2,":[216],"confirming":[217],"reliability":[219],"transferability":[221],"approach":[224],"These":[227],"findings":[228],"establish":[229],"clear":[231],"advantage":[232],"over":[237],"current":[238],"baseline":[239],"models.":[240]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2025-11-19T23:35:23.961156","created_date":"2025-10-21T00:00:00"}