{"id":"https://openalex.org/W2981808134","doi":"https://doi.org/10.1109/access.2019.2948490","title":"Anomaly Detection Using Pattern-of-Life Visual Metaphors","display_name":"Anomaly Detection Using Pattern-of-Life Visual Metaphors","publication_year":2019,"publication_date":"2019-01-01","ids":{"openalex":"https://openalex.org/W2981808134","doi":"https://doi.org/10.1109/access.2019.2948490","mag":"2981808134"},"language":"en","primary_location":{"id":"doi:10.1109/access.2019.2948490","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2019.2948490","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08877786.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08877786.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5010044405","display_name":"Jassim Happa","orcid":"https://orcid.org/0000-0002-0860-5130"},"institutions":[{"id":"https://openalex.org/I184558857","display_name":"Royal Holloway University of London","ror":"https://ror.org/04g2vpn86","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I184558857"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Jassim Happa","raw_affiliation_strings":["Information Security Group, Royal Holloway, University of London, London, UK"],"affiliations":[{"raw_affiliation_string":"Information Security Group, Royal Holloway, University of London, London, UK","institution_ids":["https://openalex.org/I184558857"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019694462","display_name":"Thomas Bashford\u2010Rogers","orcid":"https://orcid.org/0000-0003-4669-0417"},"institutions":[{"id":"https://openalex.org/I178535277","display_name":"University of the West of England","ror":"https://ror.org/02nwg5t34","country_code":"GB","type":"education","lineage":["https://openalex.org/I178535277"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Thomas Bashford-Rogers","raw_affiliation_strings":["Department of Computer Science and Creative Technologies, University of the West of England, Bristol, UK"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Creative Technologies, University of the West of England, Bristol, UK","institution_ids":["https://openalex.org/I178535277"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061046049","display_name":"Ioannis Agrafiotis","orcid":null},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Ioannis Agrafiotis","raw_affiliation_strings":["Department of Computer Science, University of Oxford, Oxford, UK"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, Oxford, UK","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063148097","display_name":"Michael Goldsmith","orcid":"https://orcid.org/0000-0001-7808-0600"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Michael Goldsmith","raw_affiliation_strings":["Department of Computer Science, University of Oxford, Oxford, UK"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, Oxford, UK","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5004437304","display_name":"Sadie Creese","orcid":"https://orcid.org/0000-0002-2414-9657"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Sadie Creese","raw_affiliation_strings":["Department of Computer Science, University of Oxford, Oxford, UK"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, Oxford, UK","institution_ids":["https://openalex.org/I40120149"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5010044405"],"corresponding_institution_ids":["https://openalex.org/I184558857"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.1857,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.57146437,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"7","issue":null,"first_page":"154018","last_page":"154034"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8540017604827881},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7523207664489746},{"id":"https://openalex.org/keywords/glyph","display_name":"Glyph (data visualization)","score":0.6652295589447021},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.6643474102020264},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.6097486019134521},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.5639420747756958},{"id":"https://openalex.org/keywords/visual-analytics","display_name":"Visual analytics","score":0.5211922526359558},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5043395757675171},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.45085611939430237},{"id":"https://openalex.org/keywords/data-visualization","display_name":"Data visualization","score":0.4158993363380432},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.40067172050476074},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.37154918909072876}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8540017604827881},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7523207664489746},{"id":"https://openalex.org/C142816647","wikidata":"https://www.wikidata.org/wiki/Q5573018","display_name":"Glyph (data visualization)","level":3,"score":0.6652295589447021},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.6643474102020264},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.6097486019134521},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.5639420747756958},{"id":"https://openalex.org/C59732488","wikidata":"https://www.wikidata.org/wiki/Q2528440","display_name":"Visual analytics","level":3,"score":0.5211922526359558},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5043395757675171},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.45085611939430237},{"id":"https://openalex.org/C172367668","wikidata":"https://www.wikidata.org/wiki/Q6504956","display_name":"Data visualization","level":3,"score":0.4158993363380432},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.40067172050476074},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.37154918909072876}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/access.2019.2948490","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2019.2948490","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08877786.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:93ade28ec9b5475f9c05ed365c061854","is_oa":true,"landing_page_url":"https://doaj.org/article/93ade28ec9b5475f9c05ed365c061854","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 7, Pp 154018-154034 (2019)","raw_type":"article"},{"id":"pmh:oai:ora.ox.ac.uk:uuid:95c975aa-c99e-45a9-8947-cbf7e5e7eca3","is_oa":true,"landing_page_url":"https://ora.ox.ac.uk/objects/uuid:95c975aa-c99e-45a9-8947-cbf7e5e7eca3","pdf_url":null,"source":{"id":"https://openalex.org/S4306402636","display_name":"Oxford University Research Archive (ORA) (University of Oxford)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I40120149","host_organization_name":"University of Oxford","host_organization_lineage":["https://openalex.org/I40120149"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Journal article"}],"best_oa_location":{"id":"doi:10.1109/access.2019.2948490","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2019.2948490","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08877786.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320332972","display_name":"Defence Science and Technology Laboratory","ror":"https://ror.org/04jswqb94"},{"id":"https://openalex.org/F4320335334","display_name":"Defence Science and Technology Group","ror":null}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2981808134.pdf","grobid_xml":"https://content.openalex.org/works/W2981808134.grobid-xml"},"referenced_works_count":58,"referenced_works":["https://openalex.org/W42722137","https://openalex.org/W53176000","https://openalex.org/W262436420","https://openalex.org/W625463995","https://openalex.org/W1492667596","https://openalex.org/W1503936910","https://openalex.org/W1527945070","https://openalex.org/W1536432326","https://openalex.org/W1552584884","https://openalex.org/W1573510870","https://openalex.org/W1588957466","https://openalex.org/W1969045498","https://openalex.org/W1982983730","https://openalex.org/W1983853219","https://openalex.org/W1985251578","https://openalex.org/W1995891749","https://openalex.org/W1999222617","https://openalex.org/W2062555448","https://openalex.org/W2091244316","https://openalex.org/W2098150601","https://openalex.org/W2101109743","https://openalex.org/W2106442760","https://openalex.org/W2109639989","https://openalex.org/W2112468969","https://openalex.org/W2114870486","https://openalex.org/W2122000630","https://openalex.org/W2122646361","https://openalex.org/W2128599810","https://openalex.org/W2131304405","https://openalex.org/W2132068130","https://openalex.org/W2134511994","https://openalex.org/W2139262486","https://openalex.org/W2141254179","https://openalex.org/W2142889610","https://openalex.org/W2152762220","https://openalex.org/W2153160300","https://openalex.org/W2158685692","https://openalex.org/W2162693768","https://openalex.org/W2165321675","https://openalex.org/W2546250533","https://openalex.org/W2765106252","https://openalex.org/W2803476375","https://openalex.org/W2912428137","https://openalex.org/W2940786301","https://openalex.org/W2964634704","https://openalex.org/W2988790801","https://openalex.org/W4244614157","https://openalex.org/W4256206781","https://openalex.org/W6602121429","https://openalex.org/W6629711124","https://openalex.org/W6631489968","https://openalex.org/W6633095192","https://openalex.org/W6634368875","https://openalex.org/W6676401221","https://openalex.org/W6677304110","https://openalex.org/W6677814687","https://openalex.org/W6682424397","https://openalex.org/W6761830203"],"related_works":["https://openalex.org/W4214835788","https://openalex.org/W2026649925","https://openalex.org/W1893118838","https://openalex.org/W2019433909","https://openalex.org/W2290503983","https://openalex.org/W1966969226","https://openalex.org/W2158984754","https://openalex.org/W3149127250","https://openalex.org/W2152762220","https://openalex.org/W2564956852"],"abstract_inverted_index":{"Complex":[0],"dependencies":[1,141],"exist":[2,238],"across":[3],"the":[4,36,58,76,217],"technology":[5],"estate,":[6],"users":[7],"and":[8,129,142,166,193,256,263],"purposes":[9],"of":[10,30,38,60,168,196,219],"machines.":[11,169],"This":[12],"can":[13,103,115,181,264],"make":[14,64],"it":[15],"difficult":[16],"to":[17,22,27,34,49,53,63,108,126,138,144,177,187,208,210,227,231,249,262],"efficiently":[18],"detect":[19,188,211,228],"attacks.":[20],"Visualization":[21],"date":[23],"is":[24,206],"mainly":[25],"used":[26,186],"communicate":[28],"patterns":[29],"raw":[31],"logs,":[32],"or":[33],"visualize":[35],"output":[37],"detection":[39,194],"systems.":[40],"In":[41],"this":[42,182],"paper":[43],"we":[44,56,171],"explore":[45],"a":[46,112,123,133,136,145],"novel":[47],"approach":[48,184,205,242,260],"presenting":[50],"cybersecurity-related":[51],"information":[52],"analysts.":[54,120],"Specifically,":[55],"investigate":[57,250],"feasibility":[59,179],"using":[61,69,93],"visualizations":[62,77],"analysts":[65],"become":[66],"anomaly":[67],"detectors":[68],"Pattern-of-Life":[70],"Visual":[71],"Metaphors.":[72],"Unlike":[73],"glyph":[74],"metaphors,":[75,255],"themselves":[78],"(rather":[79],"than":[80],"any":[81],"single":[82],"visual":[83],"variable":[84],"on":[85,132,224],"screen)":[86],"transform":[87],"complex":[88,214],"systems":[89],"into":[90],"simpler":[91],"ones":[92],"different":[94],"mapping":[95,101,252],"strategies.":[96],"We":[97,121,147],"postulate":[98],"that":[99,114,162,202],"such":[100],"strategies":[102],"yield":[104],"new,":[105],"meaningful":[106],"ways":[107],"showing":[109],"anomalies":[110,189,212],"in":[111,190,213,239],"manner":[113],"be":[116,185],"easily":[117],"identified":[118],"by":[119],"present":[122,149,172],"classification":[124],"system":[125],"describe":[127],"machine":[128,140],"human":[130],"activities":[131,143],"host":[134],"machine,":[135],"strategy":[137],"map":[139],"metaphor.":[146],"then":[148],"two":[150],"examples,":[151],"each":[152],"with":[153],"three":[154,173],"attack":[155],"scenarios,":[156],"running":[157],"data":[158],"generated":[159],"from":[160],"attacks":[161],"affect":[163],"confidentiality,":[164],"integrity":[165],"availability":[167],"Finally,":[170],"in-depth":[174],"use-case":[175],"studies":[176],"assess":[178],"(i.e.":[180],"general":[183,204,241],"systems?),":[191],"usability":[192],"abilities":[195],"our":[197,203,240,259],"approach.":[198],"Our":[199],"findings":[200],"suggest":[201],"easy":[207],"use":[209],"systems,":[215],"but":[216],"type":[218],"metaphor":[220],"has":[221],"an":[222],"impact":[223],"user's":[225],"ability":[226],"anomalies.":[229],"Similar":[230],"other":[232,254],"anomaly-detection":[233],"techniques,":[234],"false":[235],"positives":[236],"do":[237],"as":[243],"well.":[244],"Future":[245],"work":[246],"will":[247],"need":[248],"optimal":[251],"strategies,":[253],"examine":[257],"how":[258],"compares":[261],"complement":[265],"existing":[266],"techniques.":[267]},"counts_by_year":[{"year":2023,"cited_by_count":2},{"year":2021,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}