{"id":"https://openalex.org/W3124014468","doi":"https://doi.org/10.1108/ics-12-2019-0142","title":"An improved feature extraction algorithm for insider threat using hidden Markov model on user behavior detection","display_name":"An improved feature extraction algorithm for insider threat using hidden Markov model on user behavior detection","publication_year":2020,"publication_date":"2020-07-03","ids":{"openalex":"https://openalex.org/W3124014468","doi":"https://doi.org/10.1108/ics-12-2019-0142","mag":"3124014468"},"language":"en","primary_location":{"id":"doi:10.1108/ics-12-2019-0142","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-12-2019-0142","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5061265309","display_name":"Xiaoyun Ye","orcid":"https://orcid.org/0000-0002-7465-9882"},"institutions":[{"id":"https://openalex.org/I12832649","display_name":"Gachon University","ror":"https://ror.org/03ryywt80","country_code":"KR","type":"education","lineage":["https://openalex.org/I12832649"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Xiaoyun Ye","raw_affiliation_strings":["Department of Computer Science, Gachon University, Seongnam, South Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Gachon University, Seongnam, South Korea","institution_ids":["https://openalex.org/I12832649"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101795943","display_name":"Myung-Mook Han","orcid":"https://orcid.org/0000-0002-0017-7944"},"institutions":[{"id":"https://openalex.org/I12832649","display_name":"Gachon University","ror":"https://ror.org/03ryywt80","country_code":"KR","type":"education","lineage":["https://openalex.org/I12832649"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Myung-Mook Han","raw_affiliation_strings":["Gachon University, Seongnam, South Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Gachon University, Seongnam, South Korea","institution_ids":["https://openalex.org/I12832649"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.9479,"has_fulltext":false,"cited_by_count":16,"citation_normalized_percentile":{"value":0.81866649,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":"30","issue":"1","first_page":"19","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9896000027656555,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9896000027656555,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9760000109672546,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9706000089645386,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/hidden-markov-model","display_name":"Hidden Markov model","score":0.9245836138725281},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.709186315536499},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5778029561042786},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.5553393959999084},{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.5030035376548767},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.49636703729629517},{"id":"https://openalex.org/keywords/feature-extraction","display_name":"Feature extraction","score":0.4929075241088867},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.4882960319519043},{"id":"https://openalex.org/keywords/markov-model","display_name":"Markov model","score":0.44607993960380554},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4260508418083191},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.41497132182121277},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.40219995379447937},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.3279530704021454},{"id":"https://openalex.org/keywords/markov-chain","display_name":"Markov chain","score":0.2617392838001251}],"concepts":[{"id":"https://openalex.org/C23224414","wikidata":"https://www.wikidata.org/wiki/Q176769","display_name":"Hidden Markov model","level":2,"score":0.9245836138725281},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.709186315536499},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5778029561042786},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.5553393959999084},{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.5030035376548767},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.49636703729629517},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.4929075241088867},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.4882960319519043},{"id":"https://openalex.org/C163836022","wikidata":"https://www.wikidata.org/wiki/Q6771326","display_name":"Markov model","level":3,"score":0.44607993960380554},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4260508418083191},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.41497132182121277},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.40219995379447937},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3279530704021454},{"id":"https://openalex.org/C98763669","wikidata":"https://www.wikidata.org/wiki/Q176645","display_name":"Markov chain","level":2,"score":0.2617392838001251},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/ics-12-2019-0142","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-12-2019-0142","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6899999976158142,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W1575431606","https://openalex.org/W1986569439","https://openalex.org/W1996700726","https://openalex.org/W2007321142","https://openalex.org/W2021998574","https://openalex.org/W2032005922","https://openalex.org/W2034541289","https://openalex.org/W2077574412","https://openalex.org/W2084416457","https://openalex.org/W2086699924","https://openalex.org/W2093135704","https://openalex.org/W2097266580","https://openalex.org/W2108217496","https://openalex.org/W2113152757","https://openalex.org/W2116742812","https://openalex.org/W2127151297","https://openalex.org/W2153910388","https://openalex.org/W2580290980","https://openalex.org/W2590050480","https://openalex.org/W2964180302"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W2018332730","https://openalex.org/W4387194049","https://openalex.org/W2286217954"],"abstract_inverted_index":{"Purpose":[0],"By":[1],"using":[2,14],"a":[3,15,36,72,88,143],"new":[4,144],"feature":[5,145],"extraction":[6,41,146],"method":[7,147],"on":[8],"the":[9,24,31,46,57,62,67,79,84,113,121,128,131,134,153,156,161,164,178],"Cert":[10],"data":[11,129,165],"set":[12],"and":[13,22,51,70,97,109,148,172,174],"hidden":[16,114,122,157],"Markov":[17],"model":[18,21,69,74,85,135],"(HMM)":[19],"to":[20,28,60,93,127,160],"analyze":[23],"behavior":[25,32,73,182],"of":[26,42,45,133,155,163,180],"users":[27],"distinguish":[29,94],"whether":[30],"is":[33,124],"normal":[34,96],"within":[35],"continuous":[37],"period.":[38],"Design/methodology/approach":[39],"Feature":[40],"five":[43],"parts":[44],"time":[47],"series":[48],"by":[49,66,106],"rules":[50],"sorting":[52],"in":[53,175],"chronological":[54],"order.":[55],"Use":[56],"obtained":[58,105],"features":[59],"calculate":[61],"probability":[63,91],"parameters":[64,103],"required":[65],"HMM":[68,102,169],"establish":[71],"for":[75],"each":[76],"user.":[77],"When":[78,120],"user":[80,181],"has":[81],"abnormal":[82,98],"behavior,":[83],"will":[86,136],"return":[87],"very":[89],"low":[90],"value":[92],"between":[95],"information.":[99],"Findings":[100],"Generally,":[101],"are":[104],"supervised":[107],"learning":[108],"unsupervised":[110],"learning,":[111],"but":[112],"state":[115,123,158],"cannot":[116],"be":[117,137],"clearly":[118],"defined.":[119],"determined":[125],"according":[126,159],"set,":[130,166],"accuracy":[132,179],"improved.":[138],"Originality/value":[139],"This":[140],"paper":[141],"proposes":[142],"analysis":[149],"mode,":[150],"which":[151],"determines":[152],"shape":[154],"situation":[162],"making":[167],"subsequent":[168],"modeling":[170],"simple":[171],"efficient":[173],"turn":[176],"improving":[177],"detection.":[183]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}