{"id":"https://openalex.org/W2154543747","doi":"https://doi.org/10.1109/isi.2011.5984061","title":"Leveraging social networks to detect anomalous insider actions in collaborative environments","display_name":"Leveraging social networks to detect anomalous insider actions in collaborative environments","publication_year":2011,"publication_date":"2011-07-01","ids":{"openalex":"https://openalex.org/W2154543747","doi":"https://doi.org/10.1109/isi.2011.5984061","mag":"2154543747","pmid":"https://pubmed.ncbi.nlm.nih.gov/25621314"},"language":"en","primary_location":{"id":"doi:10.1109/isi.2011.5984061","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isi.2011.5984061","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","pubmed"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://www.ncbi.nlm.nih.gov/pmc/articles/4303584","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100714052","display_name":"You Chen","orcid":"https://orcid.org/0000-0001-8232-8840"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"You Chen","raw_affiliation_strings":["Department of Biomedical Informatics, School of Medicine, Vanderbilt University, Nashville, TN 37203 USA","Department of Biomedical Informatics, School of Medicine, Vanderbilt University, Nashville, TN, 37203, USA"],"affiliations":[{"raw_affiliation_string":"Department of Biomedical Informatics, School of Medicine, Vanderbilt University, Nashville, TN 37203 USA","institution_ids":[]},{"raw_affiliation_string":"Department of Biomedical Informatics, School of Medicine, Vanderbilt University, Nashville, TN, 37203, USA","institution_ids":["https://openalex.org/I200719446"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032086600","display_name":"Steve Nyemba","orcid":"https://orcid.org/0009-0009-5377-0037"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Steve Nyemba","raw_affiliation_strings":["Department of Electrical Engineering and Computer Science, School of Engineering, Vanderbilt University, Nashville, TN 37203 USA","Department of Biomedical Informatics, School of Medicine, Vanderbilt University, Nashville, TN, 37203, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering and Computer Science, School of Engineering, Vanderbilt University, Nashville, TN 37203 USA","institution_ids":[]},{"raw_affiliation_string":"Department of Biomedical Informatics, School of Medicine, Vanderbilt University, Nashville, TN, 37203, USA","institution_ids":["https://openalex.org/I200719446"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115604374","display_name":"Wen Zhang","orcid":"https://orcid.org/0000-0003-0667-7517"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wen Zhang","raw_affiliation_strings":["Department of Electrical Engineering and Computer Science, School of Engineering, Vanderbilt University, Nashville, Nashville TN, USA","Department of Electrical Engineering and Computer Science, School of Engineering, Vanderbilt University, Nashville, TN 37203 USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering and Computer Science, School of Engineering, Vanderbilt University, Nashville, Nashville TN, USA","institution_ids":["https://openalex.org/I200719446"]},{"raw_affiliation_string":"Department of Electrical Engineering and Computer Science, School of Engineering, Vanderbilt University, Nashville, TN 37203 USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5090647314","display_name":"Bradley Malin","orcid":"https://orcid.org/0000-0003-3040-5175"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bradley Malin","raw_affiliation_strings":["Department of Biomedical Informatics, School of Medicine","Department of Electrical Engineering and Computer Science, School of Engineering, Vanderbilt University, Nashville, Nashville TN, USA","Department of Biomedical Informatics, School of Medicine, Vanderbilt University, Nashville, TN, 37203, USA"],"affiliations":[{"raw_affiliation_string":"Department of Biomedical Informatics, School of Medicine","institution_ids":[]},{"raw_affiliation_string":"Department of Electrical Engineering and Computer Science, School of Engineering, Vanderbilt University, Nashville, Nashville TN, USA","institution_ids":["https://openalex.org/I200719446"]},{"raw_affiliation_string":"Department of Biomedical Informatics, School of Medicine, Vanderbilt University, Nashville, TN, 37203, USA","institution_ids":["https://openalex.org/I200719446"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5100714052"],"corresponding_institution_ids":["https://openalex.org/I200719446"],"apc_list":null,"apc_paid":null,"fwci":2.1546,"has_fulltext":false,"cited_by_count":21,"citation_normalized_percentile":{"value":0.88147382,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"2011","issue":null,"first_page":"119","last_page":"124"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.995199978351593,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.995199978351593,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9922999739646912,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9825000166893005,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.8686062097549438},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.8445181250572205},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8323177099227905},{"id":"https://openalex.org/keywords/aggregate","display_name":"Aggregate (composite)","score":0.6155679821968079},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.6093682050704956},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5196872353553772},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.5046871900558472},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4493289291858673},{"id":"https://openalex.org/keywords/social-network","display_name":"Social network (sociolinguistics)","score":0.4288691282272339},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3324071168899536},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.31986263394355774},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.2771608829498291},{"id":"https://openalex.org/keywords/social-media","display_name":"Social media","score":0.22831809520721436},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.20067712664604187}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.8686062097549438},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.8445181250572205},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8323177099227905},{"id":"https://openalex.org/C4679612","wikidata":"https://www.wikidata.org/wiki/Q866298","display_name":"Aggregate (composite)","level":2,"score":0.6155679821968079},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.6093682050704956},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5196872353553772},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.5046871900558472},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4493289291858673},{"id":"https://openalex.org/C4727928","wikidata":"https://www.wikidata.org/wiki/Q17164759","display_name":"Social network (sociolinguistics)","level":3,"score":0.4288691282272339},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3324071168899536},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.31986263394355774},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2771608829498291},{"id":"https://openalex.org/C518677369","wikidata":"https://www.wikidata.org/wiki/Q202833","display_name":"Social media","level":2,"score":0.22831809520721436},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.20067712664604187},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C159985019","wikidata":"https://www.wikidata.org/wiki/Q181790","display_name":"Composite material","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/isi.2011.5984061","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isi.2011.5984061","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics","raw_type":"proceedings-article"},{"id":"pmid:25621314","is_oa":false,"landing_page_url":"https://pubmed.ncbi.nlm.nih.gov/25621314","pdf_url":null,"source":{"id":"https://openalex.org/S4306525036","display_name":"PubMed","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ISI ... : ... IEEE Intelligence and Security Informatics. IEEE International Conference on Intelligence and Security Informatics","raw_type":null},{"id":"pmh:oai:pubmedcentral.nih.gov:4303584","is_oa":true,"landing_page_url":"https://www.ncbi.nlm.nih.gov/pmc/articles/4303584","pdf_url":null,"source":{"id":"https://openalex.org/S2764455111","display_name":"PubMed Central","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ISI","raw_type":"Text"}],"best_oa_location":{"id":"pmh:oai:pubmedcentral.nih.gov:4303584","is_oa":true,"landing_page_url":"https://www.ncbi.nlm.nih.gov/pmc/articles/4303584","pdf_url":null,"source":{"id":"https://openalex.org/S2764455111","display_name":"PubMed Central","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ISI","raw_type":"Text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W187043655","https://openalex.org/W1527061096","https://openalex.org/W1557080477","https://openalex.org/W1598874232","https://openalex.org/W1967221886","https://openalex.org/W1976088676","https://openalex.org/W2031999958","https://openalex.org/W2032280284","https://openalex.org/W2042281163","https://openalex.org/W2043370600","https://openalex.org/W2046587504","https://openalex.org/W2066905184","https://openalex.org/W2089818795","https://openalex.org/W2093690536","https://openalex.org/W2096632950","https://openalex.org/W2106353924","https://openalex.org/W2110491615","https://openalex.org/W2115403742","https://openalex.org/W2117134415","https://openalex.org/W2120797124","https://openalex.org/W2124080036","https://openalex.org/W2135143063","https://openalex.org/W2141847884","https://openalex.org/W2146488517","https://openalex.org/W2148401131","https://openalex.org/W2154454189","https://openalex.org/W2161516839","https://openalex.org/W2164396200","https://openalex.org/W2202716355","https://openalex.org/W3106359669","https://openalex.org/W6607543680","https://openalex.org/W6635781852","https://openalex.org/W6677612488","https://openalex.org/W6681888679"],"related_works":["https://openalex.org/W26305611","https://openalex.org/W4205304595","https://openalex.org/W1499596878","https://openalex.org/W2075012963","https://openalex.org/W2600341711","https://openalex.org/W2113484497","https://openalex.org/W2147780605","https://openalex.org/W2149086123","https://openalex.org/W3035855456","https://openalex.org/W38206663"],"abstract_inverted_index":{"Collaborative":[0],"information":[1],"systems":[2,20],"(CIS)":[3],"enable":[4],"users":[5,23,75,128],"to":[6,34,38,51,119],"coordinate":[7],"efficiently":[8],"over":[9],"shared":[10],"tasks.":[11],"T":[12],"hey":[13],"are":[14,46,55,147],"often":[15],"deployed":[16],"in":[17,83],"complex":[18],"dynamic":[19],"that":[21,72,129],"provide":[22],"with":[24,141,161,200],"broad":[25],"access":[26,130,163],"privileges,":[27],"but":[28,49],"also":[29],"leave":[30],"the":[31,44,70,78,84,125,139,162,185],"system":[32,45,176],"vulnerable":[33],"various":[35],"attacks.":[36],"Techniques":[37],"detect":[39,52,89,120],"threats":[40,54],"originating":[41],"from":[42,104],"beyond":[43],"relatively":[47],"mature,":[48],"methods":[50,88,203],"insider":[53,62],"still":[56],"evolving.":[57],"A":[58],"promising":[59],"class":[60],"of":[61,80,127,138,165,170,188],"threat":[63],"detection":[64,117],"models":[65],"for":[66],"CIS":[67],"focus":[68],"on":[69,77,211],"communities":[71],"manifest":[73],"between":[74],"based":[76],"usage":[79],"common":[81],"subjects":[82],"system.":[85],"However,":[86],"current":[87],"only":[90],"when":[91,99],"a":[92,111,131,144,152,171],"user's":[93],"aggregate":[94],"behavior":[95],"is":[96,207],"intruding,":[97],"not":[98],"specific":[100],"actions":[101],"have":[102],"deviated":[103],"expectation.":[105],"In":[106],"this":[107],"paper,":[108],"we":[109],"introduce":[110],"method":[112],"called":[113],"specialized":[114],"network":[115],"anomaly":[116],"(SNAD)":[118],"such":[121],"events.":[122],"SNAD":[123,199],"assembles":[124],"community":[126,140],"particular":[132],"subject":[133],"and":[134,142,155,181,184,194,204],"assesses":[135],"if":[136],"similarities":[137],"without":[143],"certain":[145],"user":[146],"sufficiently":[148],"different.":[149],"We":[150,197],"present":[151],"theoretical":[153],"basis":[154],"perform":[156],"an":[157,219],"extensive":[158],"empirical":[159],"evaluation":[160],"logs":[164,187],"two":[166],"distinct":[167],"environments:":[168],"those":[169],"large":[172],"electronic":[173],"health":[174],"record":[175],"(6,015":[177],"users,":[178],"130,457":[179],"patients":[180],"1,327,500":[182],"accesses)":[183],"editing":[186],"Wikipedia":[189],"(2,388,955":[190],"revisors,":[191],"55,200":[192],"articles":[193],"6,482,780":[195],"revisions).":[196],"compare":[198],"several":[201],"competing":[202],"demonstrate":[205],"it":[206,213],"significantly":[208],"more":[209],"effective:":[210],"average":[212],"achieves":[214],"20-30%":[215],"greater":[216],"area":[217],"under":[218],"ROC":[220],"curve.":[221]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":1},{"year":2014,"cited_by_count":2},{"year":2013,"cited_by_count":4},{"year":2012,"cited_by_count":3}],"updated_date":"2026-01-13T01:12:25.745995","created_date":"2025-10-10T00:00:00"}