{"id":"https://openalex.org/W4387886031","doi":"https://doi.org/10.1109/access.2023.3326750","title":"Insider Threat Detection Model Using Anomaly-Based Isolation Forest Algorithm","display_name":"Insider Threat Detection Model Using Anomaly-Based Isolation Forest Algorithm","publication_year":2023,"publication_date":"2023-01-01","ids":{"openalex":"https://openalex.org/W4387886031","doi":"https://doi.org/10.1109/access.2023.3326750"},"language":"en","primary_location":{"id":"doi:10.1109/access.2023.3326750","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2023.3326750","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10290890.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10290890.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069238097","display_name":"Taher Al\u2010Shehari","orcid":"https://orcid.org/0000-0002-9783-919X"},"institutions":[{"id":"https://openalex.org/I28022161","display_name":"King Saud University","ror":"https://ror.org/02f81g417","country_code":"SA","type":"education","lineage":["https://openalex.org/I28022161"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Taher Al-Shehari","raw_affiliation_strings":["Computer Skills, Department of Self-Development Skills, Common First Year Deanship, King Saud University, Riyadh, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0002-9783-919X","affiliations":[{"raw_affiliation_string":"Computer Skills, Department of Self-Development Skills, Common First Year Deanship, King Saud University, Riyadh, Saudi Arabia","institution_ids":["https://openalex.org/I28022161"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030457122","display_name":"Muna Al\u2010Razgan","orcid":"https://orcid.org/0000-0002-9705-3867"},"institutions":[{"id":"https://openalex.org/I28022161","display_name":"King Saud University","ror":"https://ror.org/02f81g417","country_code":"SA","type":"education","lineage":["https://openalex.org/I28022161"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Muna Al-Razgan","raw_affiliation_strings":["Department of Software Engineering, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0002-9705-3867","affiliations":[{"raw_affiliation_string":"Department of Software Engineering, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia","institution_ids":["https://openalex.org/I28022161"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022154403","display_name":"Taha Alfakih","orcid":"https://orcid.org/0000-0003-0366-5932"},"institutions":[{"id":"https://openalex.org/I28022161","display_name":"King Saud University","ror":"https://ror.org/02f81g417","country_code":"SA","type":"education","lineage":["https://openalex.org/I28022161"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Taha Alfakih","raw_affiliation_strings":["Department of Information Systems, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0003-0366-5932","affiliations":[{"raw_affiliation_string":"Department of Information Systems, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia","institution_ids":["https://openalex.org/I28022161"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042889892","display_name":"Rakan A. Alsowail","orcid":null},"institutions":[{"id":"https://openalex.org/I28022161","display_name":"King Saud University","ror":"https://ror.org/02f81g417","country_code":"SA","type":"education","lineage":["https://openalex.org/I28022161"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Rakan A. Alsowail","raw_affiliation_strings":["Computer Skills, Department of Self-Development Skills, Common First Year Deanship, King Saud University, Riyadh, Saudi Arabia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Computer Skills, Department of Self-Development Skills, Common First Year Deanship, King Saud University, Riyadh, Saudi Arabia","institution_ids":["https://openalex.org/I28022161"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001629698","display_name":"Saravanan Pandiaraj","orcid":"https://orcid.org/0000-0002-9744-2926"},"institutions":[{"id":"https://openalex.org/I28022161","display_name":"King Saud University","ror":"https://ror.org/02f81g417","country_code":"SA","type":"education","lineage":["https://openalex.org/I28022161"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Saravanan Pandiaraj","raw_affiliation_strings":["Computer Skills, Department of Self-Development Skills, Common First Year Deanship, King Saud University, Riyadh, Saudi Arabia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Computer Skills, Department of Self-Development Skills, Common First Year Deanship, King Saud University, Riyadh, Saudi Arabia","institution_ids":["https://openalex.org/I28022161"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":7.207,"has_fulltext":true,"cited_by_count":38,"citation_normalized_percentile":{"value":0.97544187,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":"11","issue":null,"first_page":"118170","last_page":"118185"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9800000190734863,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.9166470766067505},{"id":"https://openalex.org/keywords/overfitting","display_name":"Overfitting","score":0.8375169634819031},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7863177061080933},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7453018426895142},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.6104056239128113},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.5916997194290161},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.4982001781463623},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.48820048570632935},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.44898656010627747},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.4269106388092041},{"id":"https://openalex.org/keywords/range","display_name":"Range (aeronautics)","score":0.4220786392688751},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.39619797468185425},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.07192760705947876}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.9166470766067505},{"id":"https://openalex.org/C22019652","wikidata":"https://www.wikidata.org/wiki/Q331309","display_name":"Overfitting","level":3,"score":0.8375169634819031},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7863177061080933},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7453018426895142},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.6104056239128113},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.5916997194290161},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.4982001781463623},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.48820048570632935},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.44898656010627747},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.4269106388092041},{"id":"https://openalex.org/C204323151","wikidata":"https://www.wikidata.org/wiki/Q905424","display_name":"Range (aeronautics)","level":2,"score":0.4220786392688751},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.39619797468185425},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.07192760705947876},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C159985019","wikidata":"https://www.wikidata.org/wiki/Q181790","display_name":"Composite material","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2023.3326750","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2023.3326750","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10290890.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:f8bfb587c5964fcf856b85baa7d0e471","is_oa":true,"landing_page_url":"https://doaj.org/article/f8bfb587c5964fcf856b85baa7d0e471","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 11, Pp 118170-118185 (2023)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2023.3326750","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2023.3326750","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10290890.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.6499999761581421,"id":"https://metadata.un.org/sdg/15","display_name":"Life in Land"}],"awards":[{"id":"https://openalex.org/G741875929","display_name":null,"funder_award_id":"RSP2023R206","funder_id":"https://openalex.org/F4320321145","funder_display_name":"King Saud University"}],"funders":[{"id":"https://openalex.org/F4320321145","display_name":"King Saud University","ror":"https://ror.org/02f81g417"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387886031.pdf","grobid_xml":"https://content.openalex.org/works/W4387886031.grobid-xml"},"referenced_works_count":47,"referenced_works":["https://openalex.org/W91476413","https://openalex.org/W1679074130","https://openalex.org/W1991210879","https://openalex.org/W2025519999","https://openalex.org/W2048697945","https://openalex.org/W2050829396","https://openalex.org/W2116825089","https://openalex.org/W2148143831","https://openalex.org/W2164341120","https://openalex.org/W2295598076","https://openalex.org/W2296719434","https://openalex.org/W2512144135","https://openalex.org/W2534887021","https://openalex.org/W2606665849","https://openalex.org/W2771022952","https://openalex.org/W2790664081","https://openalex.org/W2805557887","https://openalex.org/W2888160480","https://openalex.org/W2896308136","https://openalex.org/W2900104313","https://openalex.org/W2914623161","https://openalex.org/W2963582967","https://openalex.org/W2979829384","https://openalex.org/W2983901715","https://openalex.org/W2985983260","https://openalex.org/W2996799748","https://openalex.org/W3000429356","https://openalex.org/W3010384713","https://openalex.org/W3014071235","https://openalex.org/W3020736316","https://openalex.org/W3044818515","https://openalex.org/W3044936352","https://openalex.org/W3045880080","https://openalex.org/W3114329625","https://openalex.org/W3128317221","https://openalex.org/W3130625521","https://openalex.org/W3153493802","https://openalex.org/W3185050219","https://openalex.org/W3197991612","https://openalex.org/W3202156390","https://openalex.org/W4237881051","https://openalex.org/W4243367342","https://openalex.org/W4249684472","https://openalex.org/W4285081609","https://openalex.org/W4288083473","https://openalex.org/W4296339575","https://openalex.org/W4312222414"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W2018332730","https://openalex.org/W4387194049","https://openalex.org/W2286217954"],"abstract_inverted_index":{"Insider":[0],"attacks":[1],"may":[2],"inflict":[3],"far":[4],"greater":[5],"damage":[6],"to":[7,30,45,73,93,180,215,219,250],"an":[8,66,100,119,206],"organization":[9],"than":[10],"outsider":[11],"threats":[12,33,247],"since":[13],"insiders":[14],"are":[15,19,39,178,213],"authorized":[16],"users":[17],"who":[18],"acquainted":[20],"with":[21,158,205],"the":[22,59,75,83,86,107,112,126,136,148,182,196,200,216,222,230,238,241],"business\u2019s":[23],"system,":[24],"making":[25,62],"detection":[26,65,103,226],"harder.":[27],"Many":[28],"techniques":[29,71],"detecting":[31],"insider":[32,63,101,133,151,246],"have":[34],"been":[35],"developed,":[36],"but":[37],"they":[38],"neither":[40],"flexible":[41],"nor":[42],"resilient":[43],"owing":[44],"different":[46],"obstacles":[47],"(e.g.,":[48],"lack":[49],"of":[50,58,85,128,162,169,175,188,209,232,240],"real-world":[51],"dataset":[52,201],"and":[53,95,228],"highly":[54],"skewed":[55,129],"class":[56,108,130,202],"distribution":[57,131],"available":[60],"dataset),":[61],"threat":[64,102,134,152],"understudied":[67],"research":[68],"field.":[69],"Previous":[70],"attempted":[72],"solve":[74],"dataset\u2019s":[76,87],"imbalance":[77,109,203],"issue":[78],"by":[79],"increasing":[80],"or":[81],"lowering":[82],"observations":[84],"classes,":[88],"however":[89],"this":[90],"might":[91],"lead":[92],"underfitting":[94],"overfitting":[96],"problems.":[97],"We":[98],"present":[99],"model":[104,144,198,224],"that":[105,195],"addresses":[106,229],"problem":[110,204,231],"at":[111],"algorithm":[113],"level":[114],"using":[115,147],"anomaly-based":[116],"techniques,":[117],"as":[118],"enhancement":[120],"over":[121],"previous":[122,251],"approaches.":[123],"To":[124],"limit":[125],"effect":[127],"on":[132],"detection,":[135],"Isolation":[137],"Forest":[138],"(IF)":[139],"technique":[140,218],"is":[141,145,155],"used.":[142],"The":[143,191,211,235],"verified":[146],"benchmarked":[149],"CERT\u2019s":[150],"dataset,":[153],"which":[154],"significantly":[156],"unbalanced,":[157],"a":[159,166,186],"small":[160],"number":[161,168],"malicious":[163],"cases":[164],"vs":[165],"large":[167],"non-malicious":[170],"instances.":[171],"Several":[172],"contamination":[173],"ratios":[174],"IF\u2019s":[176],"parameters":[177],"used":[179],"verify":[181],"model\u2019s":[183],"performance":[184,227],"throughout":[185],"range":[187],"anomaly":[189],"scores.":[190],"experimental":[192],"findings":[193,212,236],"reveal":[194],"suggested":[197,242],"handles":[199],"accuracy":[207],"score":[208],"98%.":[210],"compared":[214,249],"baseline":[217],"demonstrate":[220],"how":[221],"proposed":[223],"enhances":[225],"data":[233],"imbalance.":[234],"indicate":[237],"usefulness":[239],"approach":[243],"for":[244],"identifying":[245],"when":[248],"studies.":[252]},"counts_by_year":[{"year":2026,"cited_by_count":12},{"year":2025,"cited_by_count":19},{"year":2024,"cited_by_count":7}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}