{"id":"https://openalex.org/W3167347940","doi":"https://doi.org/10.1109/cscwd49262.2021.9437887","title":"DeepMIT: A Novel Malicious Insider Threat Detection Framework based on Recurrent Neural Network","display_name":"DeepMIT: A Novel Malicious Insider Threat Detection Framework based on Recurrent Neural Network","publication_year":2021,"publication_date":"2021-05-05","ids":{"openalex":"https://openalex.org/W3167347940","doi":"https://doi.org/10.1109/cscwd49262.2021.9437887","mag":"3167347940"},"language":"en","primary_location":{"id":"doi:10.1109/cscwd49262.2021.9437887","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cscwd49262.2021.9437887","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103391171","display_name":"Degang Sun","orcid":"https://orcid.org/0009-0003-3418-8558"},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Degang Sun","raw_affiliation_strings":["Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100672863","display_name":"Meichen Liu","orcid":"https://orcid.org/0000-0002-3242-783X"},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Meichen Liu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023313887","display_name":"Meimei Li","orcid":"https://orcid.org/0000-0001-5492-3263"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Meimei Li","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, School of Computer and Information Technology, Beijing Jiaotong University School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, School of Computer and Information Technology, Beijing Jiaotong University School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038","https://openalex.org/I21193070"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108660469","display_name":"Zhixin Shi","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhixin Shi","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100449823","display_name":"Pengcheng Liu","orcid":"https://orcid.org/0000-0002-1860-5118"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Pengcheng Liu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100708433","display_name":"Xu Wang","orcid":"https://orcid.org/0000-0001-7195-5603"},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xu Wang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5103391171"],"corresponding_institution_ids":["https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":3.3412,"has_fulltext":false,"cited_by_count":25,"citation_normalized_percentile":{"value":0.92293323,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":93,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"335","last_page":"341"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.9838740825653076},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.8440385460853577},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7740882635116577},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6978321671485901},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5769084095954895},{"id":"https://openalex.org/keywords/categorical-variable","display_name":"Categorical variable","score":0.5505254864692688},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.46805375814437866},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4253513813018799},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.40722358226776123}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.9838740825653076},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.8440385460853577},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7740882635116577},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6978321671485901},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5769084095954895},{"id":"https://openalex.org/C5274069","wikidata":"https://www.wikidata.org/wiki/Q2285707","display_name":"Categorical variable","level":2,"score":0.5505254864692688},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.46805375814437866},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4253513813018799},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.40722358226776123},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cscwd49262.2021.9437887","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cscwd49262.2021.9437887","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7900000214576721}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W1899504021","https://openalex.org/W1985031012","https://openalex.org/W1991210879","https://openalex.org/W2039157918","https://openalex.org/W2064675550","https://openalex.org/W2094924503","https://openalex.org/W2113997717","https://openalex.org/W2131970275","https://openalex.org/W2170942820","https://openalex.org/W2402268235","https://openalex.org/W2466206609","https://openalex.org/W2585284559","https://openalex.org/W2585367509","https://openalex.org/W2767094836","https://openalex.org/W6674213323","https://openalex.org/W6713098461","https://openalex.org/W6719918161","https://openalex.org/W6733151841"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W2018332730","https://openalex.org/W4387194049","https://openalex.org/W2286217954"],"abstract_inverted_index":{"Currently,":[0],"more":[1,3,17],"and":[2,9,27,70,83,113,130],"malicious":[4,20,52,167,193],"insiders":[5,168],"are":[6,86,96],"making":[7],"threats,":[8],"the":[10,72,84,93,110,115,118,124,144,147,149,152,159],"detection":[11,55],"of":[12,74,109,146,151],"insider":[13,21,53,179,194],"threats":[14],"is":[15,35],"becoming":[16],"challenging.":[18],"The":[19],"often":[22],"uses":[23],"legitimate":[24],"access":[25],"privileges":[26],"mimic":[28,170],"normal":[29,171],"behaviors":[30,66],"to":[31,37,63,80,117,126,157],"evade":[32],"detection,":[33],"which":[34,57,164],"difficult":[36],"be":[38],"detected":[39],"via":[40],"using":[41],"traditional":[42],"defensive":[43],"solutions.":[44,196],"In":[45,138],"this":[46],"paper,":[47],"we":[48],"propose":[49],"DeepMIT,":[50],"a":[51,177],"threat":[54,180,195],"framework,":[56],"utilizes":[58,141],"Recurrent":[59],"Neural":[60],"Network":[61],"(RNN)":[62],"model":[64],"user":[65],"as":[67,98,100,154],"time":[68],"sequences":[69],"predict":[71],"probabilities":[73],"anomalies.":[75],"This":[76],"framework":[77,105],"allows":[78],"DeepMIT":[79,140,188],"continue":[81],"learning,":[82],"detections":[85],"made":[87],"in":[88],"real":[89],"time,":[90],"that":[91,187],"is,":[92],"anomaly":[94,111,128],"alerts":[95],"output":[97],"rapidly":[99],"data":[101],"input.":[102],"Also,":[103],"our":[104],"conducts":[106],"further":[107,132],"insight":[108],"scores":[112,119,129],"provides":[114],"contributions":[116],"and,":[120],"thus,":[121],"significantly":[122],"helps":[123],"operators":[125],"understand":[127],"take":[131],"steps":[133],"quickly(e.g.":[134],"Block":[135],"insider&#x0027;s":[136],"activity).":[137],"addition,":[139],"user-attributes":[142],"(e.g.":[143],"personality":[145],"user,":[148],"role":[150],"user)":[153],"categorical":[155],"features":[156],"identify":[158],"user&#x0027;s":[160],"truly":[161],"typical":[162],"behavior,":[163],"help":[165],"detect":[166],"who":[169],"behaviors.":[172],"Extensive":[173],"experimental":[174],"evaluations":[175],"over":[176],"public":[178],"dataset":[181],"CERT":[182],"(version":[183],"6.2)":[184],"have":[185],"demonstrated":[186],"has":[189],"outperformed":[190],"other":[191],"existing":[192]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":2}],"updated_date":"2026-03-12T08:34:05.389933","created_date":"2025-10-10T00:00:00"}