{"id":"https://openalex.org/W2263395280","doi":"https://doi.org/10.1007/978-3-319-25744-0_12","title":"Poisson-Based Anomaly Detection for Identifying Malicious User Behaviour","display_name":"Poisson-Based Anomaly Detection for Identifying Malicious User Behaviour","publication_year":2015,"publication_date":"2015-01-01","ids":{"openalex":"https://openalex.org/W2263395280","doi":"https://doi.org/10.1007/978-3-319-25744-0_12","mag":"2263395280"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-319-25744-0_12","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-319-25744-0_12","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047826517","display_name":"Andrey Sapegin","orcid":"https://orcid.org/0000-0002-6895-1692"},"institutions":[{"id":"https://openalex.org/I176453806","display_name":"University of Potsdam","ror":"https://ror.org/03bnmw459","country_code":"DE","type":"education","lineage":["https://openalex.org/I176453806"]},{"id":"https://openalex.org/I143288331","display_name":"Hasso Plattner Institute","ror":"https://ror.org/058rn5r42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I143288331","https://openalex.org/I176453806"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Andrey Sapegin","raw_affiliation_strings":["Hasso Plattner Institute (HPI), University of Potsdam, P.O.Box 900460, 14440, Potsdam, Germany"],"affiliations":[{"raw_affiliation_string":"Hasso Plattner Institute (HPI), University of Potsdam, P.O.Box 900460, 14440, Potsdam, Germany","institution_ids":["https://openalex.org/I143288331","https://openalex.org/I176453806"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015264930","display_name":"Aragats Amirkhanyan","orcid":null},"institutions":[{"id":"https://openalex.org/I143288331","display_name":"Hasso Plattner Institute","ror":"https://ror.org/058rn5r42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I143288331","https://openalex.org/I176453806"]},{"id":"https://openalex.org/I176453806","display_name":"University of Potsdam","ror":"https://ror.org/03bnmw459","country_code":"DE","type":"education","lineage":["https://openalex.org/I176453806"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Aragats Amirkhanyan","raw_affiliation_strings":["Hasso Plattner Institute (HPI), University of Potsdam, P.O.Box 900460, 14440, Potsdam, Germany"],"affiliations":[{"raw_affiliation_string":"Hasso Plattner Institute (HPI), University of Potsdam, P.O.Box 900460, 14440, Potsdam, Germany","institution_ids":["https://openalex.org/I143288331","https://openalex.org/I176453806"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039946973","display_name":"Marian Gawron","orcid":null},"institutions":[{"id":"https://openalex.org/I143288331","display_name":"Hasso Plattner Institute","ror":"https://ror.org/058rn5r42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I143288331","https://openalex.org/I176453806"]},{"id":"https://openalex.org/I176453806","display_name":"University of Potsdam","ror":"https://ror.org/03bnmw459","country_code":"DE","type":"education","lineage":["https://openalex.org/I176453806"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Marian Gawron","raw_affiliation_strings":["Hasso Plattner Institute (HPI), University of Potsdam, P.O.Box 900460, 14440, Potsdam, Germany"],"affiliations":[{"raw_affiliation_string":"Hasso Plattner Institute (HPI), University of Potsdam, P.O.Box 900460, 14440, Potsdam, Germany","institution_ids":["https://openalex.org/I143288331","https://openalex.org/I176453806"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107387385","display_name":"Feng Cheng","orcid":null},"institutions":[{"id":"https://openalex.org/I176453806","display_name":"University of Potsdam","ror":"https://ror.org/03bnmw459","country_code":"DE","type":"education","lineage":["https://openalex.org/I176453806"]},{"id":"https://openalex.org/I143288331","display_name":"Hasso Plattner Institute","ror":"https://ror.org/058rn5r42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I143288331","https://openalex.org/I176453806"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Feng Cheng","raw_affiliation_strings":["Hasso Plattner Institute (HPI), University of Potsdam, P.O.Box 900460, 14440, Potsdam, Germany"],"affiliations":[{"raw_affiliation_string":"Hasso Plattner Institute (HPI), University of Potsdam, P.O.Box 900460, 14440, Potsdam, Germany","institution_ids":["https://openalex.org/I143288331","https://openalex.org/I176453806"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102919398","display_name":"Christoph Meinel","orcid":"https://orcid.org/0000-0002-3410-3193"},"institutions":[{"id":"https://openalex.org/I176453806","display_name":"University of Potsdam","ror":"https://ror.org/03bnmw459","country_code":"DE","type":"education","lineage":["https://openalex.org/I176453806"]},{"id":"https://openalex.org/I143288331","display_name":"Hasso Plattner Institute","ror":"https://ror.org/058rn5r42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I143288331","https://openalex.org/I176453806"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christoph Meinel","raw_affiliation_strings":["Hasso Plattner Institute (HPI), University of Potsdam, P.O.Box 900460, 14440, Potsdam, Germany"],"affiliations":[{"raw_affiliation_string":"Hasso Plattner Institute (HPI), University of Potsdam, P.O.Box 900460, 14440, Potsdam, Germany","institution_ids":["https://openalex.org/I143288331","https://openalex.org/I176453806"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5047826517"],"corresponding_institution_ids":["https://openalex.org/I143288331","https://openalex.org/I176453806"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":null,"fwci":2.8906,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.90244608,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"134","last_page":"150"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8327590227127075},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7162117958068848},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.6690743565559387},{"id":"https://openalex.org/keywords/login","display_name":"Login","score":0.6633891463279724},{"id":"https://openalex.org/keywords/poisson-distribution","display_name":"Poisson distribution","score":0.5069680213928223},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.44164055585861206},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4140450656414032},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.40367797017097473},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3413732051849365},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.20442253351211548}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8327590227127075},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7162117958068848},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.6690743565559387},{"id":"https://openalex.org/C113324615","wikidata":"https://www.wikidata.org/wiki/Q472302","display_name":"Login","level":2,"score":0.6633891463279724},{"id":"https://openalex.org/C100906024","wikidata":"https://www.wikidata.org/wiki/Q205692","display_name":"Poisson distribution","level":2,"score":0.5069680213928223},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.44164055585861206},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4140450656414032},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.40367797017097473},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3413732051849365},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.20442253351211548},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/978-3-319-25744-0_12","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-319-25744-0_12","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6499999761581421,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W132347231","https://openalex.org/W1489073918","https://openalex.org/W1598874232","https://openalex.org/W1898491644","https://openalex.org/W1982563504","https://openalex.org/W1983291981","https://openalex.org/W2005769304","https://openalex.org/W2012169431","https://openalex.org/W2013745554","https://openalex.org/W2035291537","https://openalex.org/W2039729742","https://openalex.org/W2043178675","https://openalex.org/W2047350783","https://openalex.org/W2061525263","https://openalex.org/W2080378870","https://openalex.org/W2103448012","https://openalex.org/W2117492729","https://openalex.org/W2118931532","https://openalex.org/W2119463329","https://openalex.org/W2120617515","https://openalex.org/W2130802299","https://openalex.org/W2139669429","https://openalex.org/W2142889610","https://openalex.org/W2144256475","https://openalex.org/W2161792382","https://openalex.org/W2166683449","https://openalex.org/W2218242280","https://openalex.org/W2678934292"],"related_works":["https://openalex.org/W2883256816","https://openalex.org/W2171408034","https://openalex.org/W3003320923","https://openalex.org/W2106140982","https://openalex.org/W2152313554","https://openalex.org/W2064303750","https://openalex.org/W1509300825","https://openalex.org/W3092582874","https://openalex.org/W2338718585","https://openalex.org/W2054620577"],"abstract_inverted_index":null,"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}