{"id":"https://openalex.org/W4318186638","doi":"https://doi.org/10.1109/bigdata55660.2022.10020672","title":"A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing","display_name":"A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing","publication_year":2022,"publication_date":"2022-12-17","ids":{"openalex":"https://openalex.org/W4318186638","doi":"https://doi.org/10.1109/bigdata55660.2022.10020672"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata55660.2022.10020672","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata55660.2022.10020672","pdf_url":null,"source":{"id":"https://openalex.org/S4363607709","display_name":"2022 IEEE International Conference on Big Data (Big Data)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5072210863","display_name":"Max Landauer","orcid":"https://orcid.org/0000-0003-3813-3151"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Max Landauer","raw_affiliation_strings":["Austrian Institute of Technology,Digital Safety &#x0026; Security,Vienna,Austria"],"affiliations":[{"raw_affiliation_string":"Austrian Institute of Technology,Digital Safety &#x0026; Security,Vienna,Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088439816","display_name":"Florian Skopik","orcid":"https://orcid.org/0000-0002-1922-7892"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Florian Skopik","raw_affiliation_strings":["Austrian Institute of Technology,Digital Safety &#x0026; Security,Vienna,Austria"],"affiliations":[{"raw_affiliation_string":"Austrian Institute of Technology,Digital Safety &#x0026; Security,Vienna,Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064406425","display_name":"Georg H\u00f6ld","orcid":"https://orcid.org/0000-0001-5350-8543"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Georg Hold","raw_affiliation_strings":["Austrian Institute of Technology,Digital Safety &#x0026; Security,Vienna,Austria"],"affiliations":[{"raw_affiliation_string":"Austrian Institute of Technology,Digital Safety &#x0026; Security,Vienna,Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5029942543","display_name":"Markus Wurzenberger","orcid":"https://orcid.org/0000-0003-3259-6972"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Markus Wurzenberger","raw_affiliation_strings":["Austrian Institute of Technology,Digital Safety &#x0026; Security,Vienna,Austria"],"affiliations":[{"raw_affiliation_string":"Austrian Institute of Technology,Digital Safety &#x0026; Security,Vienna,Austria","institution_ids":["https://openalex.org/I132118926"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5072210863"],"corresponding_institution_ids":["https://openalex.org/I132118926"],"apc_list":null,"apc_paid":null,"fwci":2.1598,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.89835929,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"4285","last_page":"4294"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9929999709129333,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7988845109939575},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7884005904197693},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.7663102149963379},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.6701231598854065},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.6386825442314148},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5995758175849915},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.585468053817749},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5567827224731445},{"id":"https://openalex.org/keywords/data-set","display_name":"Data set","score":0.5162901282310486},{"id":"https://openalex.org/keywords/big-data","display_name":"Big data","score":0.41541314125061035},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1409212350845337},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11775657534599304},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.10473179817199707}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7988845109939575},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7884005904197693},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.7663102149963379},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.6701231598854065},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.6386825442314148},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5995758175849915},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.585468053817749},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5567827224731445},{"id":"https://openalex.org/C58489278","wikidata":"https://www.wikidata.org/wiki/Q1172284","display_name":"Data set","level":2,"score":0.5162901282310486},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.41541314125061035},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1409212350845337},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11775657534599304},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.10473179817199707},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/bigdata55660.2022.10020672","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata55660.2022.10020672","pdf_url":null,"source":{"id":"https://openalex.org/S4363607709","display_name":"2022 IEEE International Conference on Big Data (Big Data)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7400000095367432,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1981738628","https://openalex.org/W1987513422","https://openalex.org/W2039157918","https://openalex.org/W2107263349","https://openalex.org/W2165533158","https://openalex.org/W2557515658","https://openalex.org/W2583862887","https://openalex.org/W2732560875","https://openalex.org/W2767094836","https://openalex.org/W2789828921","https://openalex.org/W2795079039","https://openalex.org/W2803131667","https://openalex.org/W2947815220","https://openalex.org/W2982682021","https://openalex.org/W3102029110","https://openalex.org/W3111542209","https://openalex.org/W3125204069","https://openalex.org/W3212815918","https://openalex.org/W4213009331","https://openalex.org/W4243065151","https://openalex.org/W4283022488","https://openalex.org/W4290716628","https://openalex.org/W4293057307","https://openalex.org/W6712994927"],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W3210364259","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W2667207928","https://openalex.org/W2912112202","https://openalex.org/W4300558037","https://openalex.org/W4377864969","https://openalex.org/W3030345572"],"abstract_inverted_index":{"Cyber":[0],"criminals":[1],"utilize":[2],"compromised":[3],"user":[4,35,93],"accounts":[5],"to":[6,29,72,76,83],"gain":[7],"access":[8],"into":[9],"otherwise":[10],"protected":[11],"systems":[12],"without":[13],"the":[14,86,131,146],"need":[15],"for":[16,53,130,140],"technical":[17],"exploits.":[18],"User":[19],"and":[20,62,88,118,143],"Entity":[21],"Behavior":[22],"Analytics":[23],"(UEBA)":[24],"leverages":[25],"anomaly":[26,152],"detection":[27,153],"techniques":[28],"recognize":[30],"such":[31],"intrusions":[32],"by":[33],"comparing":[34],"behavior":[36,94],"patterns":[37],"against":[38],"profiles":[39],"derived":[40],"from":[41,108],"historical":[42],"log":[43,49,97,105],"data.":[44,98],"Unfortunately,":[45],"hardly":[46],"any":[47],"real":[48,92,103],"data":[50,67,106,128],"sets":[51,68],"suitable":[52],"UEBA":[54],"are":[55,69,81],"publicly":[56],"available,":[57],"which":[58],"prevents":[59],"objective":[60],"comparison":[61],"reproducibility":[63],"of":[64,91,133],"approaches.":[65],"Synthetic":[66],"only":[70],"able":[71],"alleviate":[73],"this":[74],"problem":[75],"some":[77],"extent,":[78],"because":[79],"simulations":[80],"unable":[82],"adequately":[84],"induce":[85],"dynamic":[87],"unstable":[89],"nature":[90],"in":[95],"generated":[96],"We":[99],"therefore":[100],"present":[101],"a":[102,109,138],"system":[104],"set":[107,129],"cloud":[110],"computing":[111],"platform":[112],"involving":[113],"more":[114,121],"than":[115,122],"5000":[116],"users":[117],"spanning":[119],"over":[120],"five":[123],"years.":[124],"To":[125],"evaluate":[126],"our":[127],"scenario":[132],"account":[134],"hijacking,":[135],"we":[136],"outline":[137],"method":[139],"attack":[141],"injection":[142],"subsequently":[144],"disclose":[145],"resulting":[147],"manifestations":[148],"with":[149],"an":[150],"adaptive":[151],"mechanism.":[154]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":2}],"updated_date":"2026-02-25T23:00:34.991745","created_date":"2025-10-10T00:00:00"}