{"id":"https://openalex.org/W2752334090","doi":"https://doi.org/10.1007/978-3-319-67208-3_9","title":"Insider Threat Detection Using Time-Series-Based Raw Disk Forensic Analysis","display_name":"Insider Threat Detection Using Time-Series-Based Raw Disk Forensic Analysis","publication_year":2017,"publication_date":"2017-01-01","ids":{"openalex":"https://openalex.org/W2752334090","doi":"https://doi.org/10.1007/978-3-319-67208-3_9","mag":"2752334090"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-319-67208-3_9","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-319-67208-3_9","pdf_url":null,"source":{"id":"https://openalex.org/S4210185096","display_name":"IFIP advances in information and communication technology","issn_l":"1868-422X","issn":["1868-422X","1868-4238"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IFIP Advances in Information and Communication Technology","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://inria.hal.science/hal-01716401","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011800243","display_name":"Nicole Beebe","orcid":"https://orcid.org/0000-0002-0151-1617"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Nicole Beebe","raw_affiliation_strings":["University of Texas at San Antonio, San Antonio, TX, USA"],"affiliations":[{"raw_affiliation_string":"University of Texas at San Antonio, San Antonio, TX, USA","institution_ids":["https://openalex.org/I45438204"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037625122","display_name":"Lishu Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lishu Liu","raw_affiliation_strings":["University of Texas at San Antonio, San Antonio, TX, USA"],"affiliations":[{"raw_affiliation_string":"University of Texas at San Antonio, San Antonio, TX, USA","institution_ids":["https://openalex.org/I45438204"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100341722","display_name":"Zi Ye","orcid":"https://orcid.org/0000-0003-1002-0315"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zi Ye","raw_affiliation_strings":["University of Texas at San Antonio, San Antonio, TX, USA"],"affiliations":[{"raw_affiliation_string":"University of Texas at San Antonio, San Antonio, TX, USA","institution_ids":["https://openalex.org/I45438204"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5011800243"],"corresponding_institution_ids":["https://openalex.org/I45438204"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.14724401,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"149","last_page":"167"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.8366385102272034},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.687717080116272},{"id":"https://openalex.org/keywords/autoregressive-model","display_name":"Autoregressive model","score":0.5891809463500977},{"id":"https://openalex.org/keywords/computer-forensics","display_name":"Computer forensics","score":0.5797513127326965},{"id":"https://openalex.org/keywords/digital-evidence","display_name":"Digital evidence","score":0.5552510619163513},{"id":"https://openalex.org/keywords/autoregressive-integrated-moving-average","display_name":"Autoregressive integrated moving average","score":0.5457860231399536},{"id":"https://openalex.org/keywords/outlier","display_name":"Outlier","score":0.5199524164199829},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4917026162147522},{"id":"https://openalex.org/keywords/profiling","display_name":"Profiling (computer programming)","score":0.48401686549186707},{"id":"https://openalex.org/keywords/time-series","display_name":"Time series","score":0.4539955258369446},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.445676326751709},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34746792912483215},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3402002453804016},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.3198244571685791},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.2551382780075073},{"id":"https://openalex.org/keywords/econometrics","display_name":"Econometrics","score":0.16972953081130981},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.13513720035552979}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.8366385102272034},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.687717080116272},{"id":"https://openalex.org/C159877910","wikidata":"https://www.wikidata.org/wiki/Q2202883","display_name":"Autoregressive model","level":2,"score":0.5891809463500977},{"id":"https://openalex.org/C556601545","wikidata":"https://www.wikidata.org/wiki/Q878553","display_name":"Computer forensics","level":3,"score":0.5797513127326965},{"id":"https://openalex.org/C2781357168","wikidata":"https://www.wikidata.org/wiki/Q5276084","display_name":"Digital evidence","level":3,"score":0.5552510619163513},{"id":"https://openalex.org/C24338571","wikidata":"https://www.wikidata.org/wiki/Q2566298","display_name":"Autoregressive integrated moving average","level":3,"score":0.5457860231399536},{"id":"https://openalex.org/C79337645","wikidata":"https://www.wikidata.org/wiki/Q779824","display_name":"Outlier","level":2,"score":0.5199524164199829},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4917026162147522},{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.48401686549186707},{"id":"https://openalex.org/C151406439","wikidata":"https://www.wikidata.org/wiki/Q186588","display_name":"Time series","level":2,"score":0.4539955258369446},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.445676326751709},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34746792912483215},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3402002453804016},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.3198244571685791},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2551382780075073},{"id":"https://openalex.org/C149782125","wikidata":"https://www.wikidata.org/wiki/Q160039","display_name":"Econometrics","level":1,"score":0.16972953081130981},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.13513720035552979},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/978-3-319-67208-3_9","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-319-67208-3_9","pdf_url":null,"source":{"id":"https://openalex.org/S4210185096","display_name":"IFIP advances in information and communication technology","issn_l":"1868-422X","issn":["1868-422X","1868-4238"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IFIP Advances in Information and Communication Technology","raw_type":"book-chapter"},{"id":"pmh:oai:HAL:hal-01716401v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-01716401","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IFIP Advances in Information and Communication Technology","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":{"id":"pmh:oai:HAL:hal-01716401v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-01716401","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IFIP Advances in Information and Communication Technology","raw_type":"info:eu-repo/semantics/conferenceObject"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7900000214576721,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W161685832","https://openalex.org/W246652017","https://openalex.org/W317973280","https://openalex.org/W324885528","https://openalex.org/W1513436691","https://openalex.org/W1562591834","https://openalex.org/W1575046377","https://openalex.org/W1684492806","https://openalex.org/W1994736698","https://openalex.org/W2013587720","https://openalex.org/W2049652236","https://openalex.org/W2076342816","https://openalex.org/W2099876181","https://openalex.org/W2129249398","https://openalex.org/W2337703333","https://openalex.org/W2523635132","https://openalex.org/W4205806204","https://openalex.org/W4230681702","https://openalex.org/W4236135181","https://openalex.org/W4237382446","https://openalex.org/W4240144763","https://openalex.org/W4300528607"],"related_works":["https://openalex.org/W2598491911","https://openalex.org/W2181728705","https://openalex.org/W4247205791","https://openalex.org/W4283205458","https://openalex.org/W2489557937","https://openalex.org/W4238452393","https://openalex.org/W2536999591","https://openalex.org/W4242633011","https://openalex.org/W93745046","https://openalex.org/W4244711387"],"abstract_inverted_index":null,"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}