{"id":"https://openalex.org/W4200319597","doi":"https://doi.org/10.1109/iscc53001.2021.9631445","title":"BS-Net: A Behavior Sequence Network for Insider Threat Detection","display_name":"BS-Net: A Behavior Sequence Network for Insider Threat Detection","publication_year":2021,"publication_date":"2021-09-05","ids":{"openalex":"https://openalex.org/W4200319597","doi":"https://doi.org/10.1109/iscc53001.2021.9631445"},"language":"en","primary_location":{"id":"doi:10.1109/iscc53001.2021.9631445","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscc53001.2021.9631445","pdf_url":null,"source":{"id":"https://openalex.org/S4363605778","display_name":"2021 IEEE Symposium on Computers and Communications (ISCC)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE Symposium on Computers and Communications (ISCC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101091974","display_name":"Dali Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Dali Zhu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067044786","display_name":"Hongju Sun","orcid":null},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hongju Sun","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100341104","display_name":"Nan Li","orcid":"https://orcid.org/0000-0003-1091-0086"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Nan Li","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057603422","display_name":"Baoxin Mi","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Baoxin Mi","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5076318622","display_name":"Tong Xi","orcid":"https://orcid.org/0000-0002-9142-9253"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tong Xi","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5101091974"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":0.924,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.66807664,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.8467857241630554},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7581713795661926},{"id":"https://openalex.org/keywords/sequence","display_name":"Sequence (biology)","score":0.649423360824585},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.6301020383834839},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6147802472114563},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.5171746611595154},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.5104562044143677},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5042086839675903},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.48993462324142456},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.46446484327316284},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4579523801803589},{"id":"https://openalex.org/keywords/recall-rate","display_name":"Recall rate","score":0.4182819724082947},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.3735559582710266},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3427588939666748},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.30357372760772705},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.21225133538246155}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.8467857241630554},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7581713795661926},{"id":"https://openalex.org/C2778112365","wikidata":"https://www.wikidata.org/wiki/Q3511065","display_name":"Sequence (biology)","level":2,"score":0.649423360824585},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.6301020383834839},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6147802472114563},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.5171746611595154},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.5104562044143677},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5042086839675903},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.48993462324142456},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.46446484327316284},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4579523801803589},{"id":"https://openalex.org/C2987098735","wikidata":"https://www.wikidata.org/wiki/Q3808900","display_name":"Recall rate","level":2,"score":0.4182819724082947},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3735559582710266},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3427588939666748},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.30357372760772705},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.21225133538246155},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C54355233","wikidata":"https://www.wikidata.org/wiki/Q7162","display_name":"Genetics","level":1,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iscc53001.2021.9631445","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscc53001.2021.9631445","pdf_url":null,"source":{"id":"https://openalex.org/S4363605778","display_name":"2021 IEEE Symposium on Computers and Communications (ISCC)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE Symposium on Computers and Communications (ISCC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.47999998927116394,"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities"},{"score":0.47999998927116394,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G7943558643","display_name":null,"funder_award_id":"2019YFBI005204","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"}],"funders":[{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W2288293293","https://openalex.org/W2529435904","https://openalex.org/W2536393303","https://openalex.org/W2538737552","https://openalex.org/W2583874385","https://openalex.org/W2585284559","https://openalex.org/W2754117742","https://openalex.org/W2767094836","https://openalex.org/W2849849680","https://openalex.org/W2887799638","https://openalex.org/W2897960084","https://openalex.org/W2919493784","https://openalex.org/W6733151841","https://openalex.org/W7043733301"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W2018332730","https://openalex.org/W4387194049","https://openalex.org/W2286217954"],"abstract_inverted_index":{"In":[0,50],"view":[1],"of":[2,7,21,48,142,176,179,183],"the":[3,19,55,62,68,73,94,112,139,149,161,165,187],"concealment":[4],"and":[5,23,43,67,98,125,148,164,181,185],"destructiveness":[6],"insider":[8,12,74],"threats,":[9],"to":[10,31,72,137],"detect":[11],"threats":[13],"is":[14,27,80,116],"very":[15],"important":[16],"for":[17],"protecting":[18],"security":[20],"enterprises":[22],"organizations.":[24],"However,":[25],"it":[26],"still":[28],"a":[29,33,45,81,103,107],"challenge":[30],"design":[32],"practical":[34],"detection":[35,76,82,135],"scheme":[36],"which":[37,60],"can":[38],"accurately":[39],"mine":[40],"abnormal":[41],"clues":[42],"has":[44],"high":[46],"level":[47],"automation.":[49],"this":[51],"paper,":[52],"we":[53],"propose":[54],"Behavior":[56],"Sequence":[57],"Network":[58],"(BS-Net)":[59],"applies":[61],"one-class":[63],"support":[64],"vector":[65],"machine":[66],"recurrent":[69],"neural":[70],"network":[71],"threat":[75],"problem.":[77],"The":[78],"BS-Net":[79,169],"framework":[83],"based":[84,159],"on":[85,160],"user":[86],"behavior":[87,122,128],"portrait":[88],"that":[89,168],"learns":[90],"representative":[91],"features":[92,147],"from":[93,144],"raw":[95],"log":[96],"data":[97,114],"then":[99],"makes":[100],"discrimination":[101],"by":[102],"unified":[104],"standard.":[105],"Through":[106],"flow":[108,115],"sequence":[109,126],"division":[110],"method,":[111],"original":[113],"divided":[117],"into":[118,132],"short":[119],"sequences.":[120],"After":[121],"feature":[123],"extraction":[124],"matching,":[127],"sequences":[129],"are":[130],"sent":[131],"two":[133],"anomaly":[134],"models":[136],"analyze":[138],"occurrence":[140],"possibility":[141],"behaviors":[143],"local":[145],"detail":[146],"global":[150],"dependence":[151],"relationship":[152],"between":[153],"businesses":[154],"respectively.":[155],"We":[156],"conduct":[157],"experiments":[158],"CERT":[162],"dataset":[163],"results":[166],"show":[167],"achieves":[170],"an":[171],"excellent":[172],"performance":[173],"(recall":[174],"rate":[175],"0.94,":[177,180],"accuracy":[178],"FPR":[182],"0.12)":[184],"outperforms":[186],"state-of-the-art":[188],"methods.":[189]},"counts_by_year":[{"year":2024,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}