{"id":"https://openalex.org/W2285691998","doi":"https://doi.org/10.1109/ccst.2015.7389698","title":"AD2: Anomaly detection on active directory log data for insider threat monitoring","display_name":"AD2: Anomaly detection on active directory log data for insider threat monitoring","publication_year":2015,"publication_date":"2015-09-01","ids":{"openalex":"https://openalex.org/W2285691998","doi":"https://doi.org/10.1109/ccst.2015.7389698","mag":"2285691998"},"language":"en","primary_location":{"id":"doi:10.1109/ccst.2015.7389698","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccst.2015.7389698","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 International Carnahan Conference on Security Technology (ICCST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5111972005","display_name":"Chih-Hung Hsieh","orcid":null},"institutions":[{"id":"https://openalex.org/I3141939062","display_name":"Institute for Information Industry","ror":"https://ror.org/01d8kr740","country_code":"TW","type":"nonprofit","lineage":["https://openalex.org/I3141939062"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Chih-Hung Hsieh","raw_affiliation_strings":["Institute of Informaiton Industry, Taipei, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Informaiton Industry, Taipei, Taiwan","institution_ids":["https://openalex.org/I3141939062"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000777348","display_name":"Chia-Min Lai","orcid":null},"institutions":[{"id":"https://openalex.org/I3141939062","display_name":"Institute for Information Industry","ror":"https://ror.org/01d8kr740","country_code":"TW","type":"nonprofit","lineage":["https://openalex.org/I3141939062"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Chia-Min Lai","raw_affiliation_strings":["Institute of Informaiton Industry, Taipei, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Informaiton Industry, Taipei, Taiwan","institution_ids":["https://openalex.org/I3141939062"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020533893","display_name":"Ching-Hao Mao","orcid":null},"institutions":[{"id":"https://openalex.org/I3141939062","display_name":"Institute for Information Industry","ror":"https://ror.org/01d8kr740","country_code":"TW","type":"nonprofit","lineage":["https://openalex.org/I3141939062"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Ching-Hao Mao","raw_affiliation_strings":["Institute of Informaiton Industry, Taipei, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Informaiton Industry, Taipei, Taiwan","institution_ids":["https://openalex.org/I3141939062"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039117505","display_name":"Tien-Cheu Kao","orcid":null},"institutions":[{"id":"https://openalex.org/I3141939062","display_name":"Institute for Information Industry","ror":"https://ror.org/01d8kr740","country_code":"TW","type":"nonprofit","lineage":["https://openalex.org/I3141939062"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Tien-Cheu Kao","raw_affiliation_strings":["Institute of Informaiton Industry, Taipei, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Informaiton Industry, Taipei, Taiwan","institution_ids":["https://openalex.org/I3141939062"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5087859642","display_name":"Kuo-Chen Lee","orcid":null},"institutions":[{"id":"https://openalex.org/I3141939062","display_name":"Institute for Information Industry","ror":"https://ror.org/01d8kr740","country_code":"TW","type":"nonprofit","lineage":["https://openalex.org/I3141939062"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Kuo-Chen Lee","raw_affiliation_strings":["Institute of Informaiton Industry, Taipei, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Informaiton Industry, Taipei, Taiwan","institution_ids":["https://openalex.org/I3141939062"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.4026,"has_fulltext":false,"cited_by_count":21,"citation_normalized_percentile":{"value":0.84961751,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"287","last_page":"292"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.7849688529968262},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7840410470962524},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6986526250839233},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6502768397331238},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5507093071937561},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.539284884929657},{"id":"https://openalex.org/keywords/directory","display_name":"Directory","score":0.5135984420776367},{"id":"https://openalex.org/keywords/directory-service","display_name":"Directory service","score":0.48250865936279297},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4604499936103821},{"id":"https://openalex.org/keywords/haystack","display_name":"Haystack","score":0.4442096948623657},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4171648323535919},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.41385072469711304},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.1750337779521942}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.7849688529968262},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7840410470962524},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6986526250839233},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6502768397331238},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5507093071937561},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.539284884929657},{"id":"https://openalex.org/C2777683733","wikidata":"https://www.wikidata.org/wiki/Q201456","display_name":"Directory","level":2,"score":0.5135984420776367},{"id":"https://openalex.org/C138338577","wikidata":"https://www.wikidata.org/wiki/Q756230","display_name":"Directory service","level":3,"score":0.48250865936279297},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4604499936103821},{"id":"https://openalex.org/C13424479","wikidata":"https://www.wikidata.org/wiki/Q5687237","display_name":"Haystack","level":2,"score":0.4442096948623657},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4171648323535919},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.41385072469711304},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.1750337779521942},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ccst.2015.7389698","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccst.2015.7389698","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 International Carnahan Conference on Security Technology (ICCST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.4300000071525574,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":4,"referenced_works":["https://openalex.org/W2116494851","https://openalex.org/W2116702966","https://openalex.org/W2125838338","https://openalex.org/W2532942693"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W2018332730","https://openalex.org/W4387194049","https://openalex.org/W2286217954"],"abstract_inverted_index":{"What":[0],"you":[1],"see":[2],"is":[3,7,91,106],"not":[4,8,117],"definitely":[5],"believable":[6],"a":[9,85,126,137],"rare":[10],"case":[11],"in":[12,74,110],"the":[13,49,78,121],"cyber":[14,131],"security":[15,132],"monitoring.":[16],"However,":[17],"due":[18],"to":[19,65,93,101,141,145],"various":[20,146],"tricks":[21],"of":[22,58,80],"camouflages,":[23],"such":[24],"as":[25],"packing":[26],"or":[27],"virutal":[28],"private":[29],"network":[30],"(VPN),":[31],"detecting":[32],"\"advanced":[33],"persistent":[34],"threat\"(APT)":[35],"by":[36,52],"only":[37,118],"signature":[38],"based":[39],"malware":[40],"detection":[41],"system":[42],"becomes":[43],"more":[44,46],"and":[45,72,100],"intractable.":[47],"On":[48],"other":[50],"hand,":[51],"carefully":[53],"modeling":[54],"users'":[55],"subsequent":[56],"behaviors":[57],"daily":[59],"routines,":[60],"probability":[61],"for":[62,130],"one":[63],"account":[64],"generate":[66],"certain":[67],"operations":[68],"can":[69],"be":[70],"estimated":[71],"used":[73],"anomaly":[75],"detection.":[76],"To":[77],"best":[79],"our":[81],"knowledge":[82],"so":[83],"far,":[84],"novel":[86],"behavioral":[87],"analytic":[88],"framework,":[89],"which":[90],"dedicated":[92],"analyze":[94],"Active":[95],"Directory":[96],"domain":[97],"service":[98],"logs":[99],"monitor":[102],"potential":[103],"inside":[104],"threat,":[105],"now":[107],"first":[108],"proposed":[109,122],"this":[111,143],"project.":[112],"Experiments":[113],"on":[114,139],"real":[115],"dataset":[116],"show":[119],"that":[120],"idea":[123],"indeed":[124],"explores":[125],"new":[127],"feasible":[128],"direction":[129],"monitoring,":[133],"but":[134],"also":[135],"gives":[136],"guideline":[138],"how":[140],"deploy":[142],"framework":[144],"environments.":[147]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":3},{"year":2016,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}