{"id":"https://openalex.org/W2553160602","doi":"https://doi.org/10.1109/iscisc.2016.7736447","title":"Notice of Removal: XABA: A zero-knowledge anomaly-based behavioral analysis method to detect insider threats","display_name":"Notice of Removal: XABA: A zero-knowledge anomaly-based behavioral analysis method to detect insider threats","publication_year":2016,"publication_date":"2016-09-01","ids":{"openalex":"https://openalex.org/W2553160602","doi":"https://doi.org/10.1109/iscisc.2016.7736447","mag":"2553160602"},"language":"en","primary_location":{"id":"doi:10.1109/iscisc.2016.7736447","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscisc.2016.7736447","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5086152565","display_name":"Abolfazl Zargar","orcid":null},"institutions":[{"id":"https://openalex.org/I133529467","display_name":"Sharif University of Technology","ror":"https://ror.org/024c2fq17","country_code":"IR","type":"education","lineage":["https://openalex.org/I133529467"]}],"countries":["IR"],"is_corresponding":true,"raw_author_name":"Abolfazl Zargar","raw_affiliation_strings":["Department of Computer Engineering, Sharif University of Technology; Tehran, Iran","Parsa Sharif Research Center, Tehran, Iran","Department of Computer Engineering, Sharif University of Technology, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Sharif University of Technology; Tehran, Iran","institution_ids":["https://openalex.org/I133529467"]},{"raw_affiliation_string":"Parsa Sharif Research Center, Tehran, Iran","institution_ids":["https://openalex.org/I133529467"]},{"raw_affiliation_string":"Department of Computer Engineering, Sharif University of Technology, Tehran, Iran","institution_ids":["https://openalex.org/I133529467"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025284348","display_name":"Alireza Nowroozi","orcid":"https://orcid.org/0000-0002-7214-9280"},"institutions":[{"id":"https://openalex.org/I133529467","display_name":"Sharif University of Technology","ror":"https://ror.org/024c2fq17","country_code":"IR","type":"education","lineage":["https://openalex.org/I133529467"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Alireza Nowroozi","raw_affiliation_strings":["Department of Computer Engineering, Sharif University of Technology; Tehran, Iran","Department of Computer Engineering, Sharif University of Technology, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Sharif University of Technology; Tehran, Iran","institution_ids":["https://openalex.org/I133529467"]},{"raw_affiliation_string":"Department of Computer Engineering, Sharif University of Technology, Tehran, Iran","institution_ids":["https://openalex.org/I133529467"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073154692","display_name":"Rasool Jalili","orcid":"https://orcid.org/0000-0002-9853-1955"},"institutions":[{"id":"https://openalex.org/I133529467","display_name":"Sharif University of Technology","ror":"https://ror.org/024c2fq17","country_code":"IR","type":"education","lineage":["https://openalex.org/I133529467"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Rasool Jalili","raw_affiliation_strings":["Department of Computer Engineering, Sharif University of Technology; Tehran, Iran","Department of Computer Engineering, Sharif University of Technology, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Sharif University of Technology; Tehran, Iran","institution_ids":["https://openalex.org/I133529467"]},{"raw_affiliation_string":"Department of Computer Engineering, Sharif University of Technology, Tehran, Iran","institution_ids":["https://openalex.org/I133529467"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5086152565"],"corresponding_institution_ids":["https://openalex.org/I133529467"],"apc_list":null,"apc_paid":null,"fwci":2.1256,"has_fulltext":false,"cited_by_count":15,"citation_normalized_percentile":{"value":0.88987004,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"26","last_page":"31"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.9719018936157227},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8200085163116455},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.8124680519104004},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6320027112960815},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.606814980506897},{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.6001434922218323},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.46314311027526855},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.46111464500427246},{"id":"https://openalex.org/keywords/behavioral-pattern","display_name":"Behavioral pattern","score":0.45456886291503906},{"id":"https://openalex.org/keywords/raw-data","display_name":"Raw data","score":0.42738738656044006},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4121791422367096},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.13599246740341187}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.9719018936157227},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8200085163116455},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.8124680519104004},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6320027112960815},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.606814980506897},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.6001434922218323},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.46314311027526855},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.46111464500427246},{"id":"https://openalex.org/C83804111","wikidata":"https://www.wikidata.org/wiki/Q1063558","display_name":"Behavioral pattern","level":2,"score":0.45456886291503906},{"id":"https://openalex.org/C132964779","wikidata":"https://www.wikidata.org/wiki/Q2110223","display_name":"Raw data","level":2,"score":0.42738738656044006},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4121791422367096},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.13599246740341187},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iscisc.2016.7736447","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscisc.2016.7736447","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7900000214576721}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W33933511","https://openalex.org/W1458873377","https://openalex.org/W1898491644","https://openalex.org/W1964723226","https://openalex.org/W1973704753","https://openalex.org/W1986566755","https://openalex.org/W1991210879","https://openalex.org/W1995976200","https://openalex.org/W2025519999","https://openalex.org/W2101173463","https://openalex.org/W2126189917","https://openalex.org/W2144584907","https://openalex.org/W4246793006"],"related_works":["https://openalex.org/W4205304595","https://openalex.org/W1499596878","https://openalex.org/W2075012963","https://openalex.org/W2600341711","https://openalex.org/W2984824917","https://openalex.org/W2161754059","https://openalex.org/W1489373009","https://openalex.org/W2147780605","https://openalex.org/W2901692908","https://openalex.org/W123276507"],"abstract_inverted_index":{"Insider":[0],"threat":[1],"is":[2,34,103,124],"a":[3,43,120],"significant":[4],"security":[5],"risk":[6],"for":[7,91],"organizations":[8],"and":[9,36,51,61,73,95,126],"hard":[10],"to":[11,28,81,109],"detect.":[12],"Most":[13],"introduced":[14],"detection":[15],"methods":[16],"need":[17],"contextual":[18],"data":[19],"entries":[20],"about":[21],"users,":[22],"or":[23,146],"preprocessed":[24,147],"user":[25,71],"activity":[26,148],"logs":[27,60,79],"detect":[29,134],"insider":[30,56],"threats":[31,57],"which":[32],"it":[33,89],"costly":[35],"time-consuming.":[37],"In":[38],"this":[39],"paper,":[40],"we":[41],"introduce":[42],"behavior":[44],"analysis":[45],"method":[46],"that":[47],"learns":[48,70],"its":[49],"context":[50],"detects":[52],"multiple":[53],"types":[54,136],"of":[55,85,114,137],"from":[58],"raw":[59,78],"network":[62,83,115],"traffic":[63],"in":[64,139],"real-time.":[65],"This":[66],"method,":[67],"named":[68],"XABA,":[69,119],"roles":[72],"exclusive":[74],"behaviors,":[75],"through":[76],"analyzing":[77],"related":[80],"each":[82],"session":[84],"the":[86,99,106],"user.":[87],"Then":[88],"checks":[90],"some":[92],"abnormal":[93],"patterns,":[94],"if":[96],"so,":[97],"triggers":[98],"appropriate":[100],"alert.":[101],"XABA":[102,132],"implemented":[104],"on":[105,111],"big-stream":[107],"platform":[108],"operate":[110],"high":[112],"rates":[113],"sessions.":[116],"To":[117],"evaluate":[118],"real":[121],"traitor":[122],"scenario":[123],"designed":[125],"detected":[127],"with":[128],"low":[129],"false":[130],"positive.":[131],"can":[133],"diverse":[135],"scenarios":[138],"many":[140],"contexts":[141],"without":[142],"any":[143],"predefined":[144],"information":[145],"logs.":[149]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":4},{"year":2017,"cited_by_count":2}],"updated_date":"2026-03-25T13:04:00.132906","created_date":"2025-10-10T00:00:00"}