{"id":"https://openalex.org/W4416962837","doi":"https://doi.org/10.1109/pst65910.2025.11268873","title":"Semantic and Graph-Based Unsupervised Learning for Insider Threat Detection Using User Activity Sequences","display_name":"Semantic and Graph-Based Unsupervised Learning for Insider Threat Detection Using User Activity Sequences","publication_year":2025,"publication_date":"2025-08-26","ids":{"openalex":"https://openalex.org/W4416962837","doi":"https://doi.org/10.1109/pst65910.2025.11268873"},"language":null,"primary_location":{"id":"doi:10.1109/pst65910.2025.11268873","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268873","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5116925572","display_name":"Neda Baghalizadeh-Moghadam","orcid":null},"institutions":[{"id":"https://openalex.org/I45683168","display_name":"Polytechnique Montr\u00e9al","ror":"https://ror.org/05f8d4e86","country_code":"CA","type":"education","lineage":["https://openalex.org/I45683168"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Neda Baghalizadeh-Moghadam","raw_affiliation_strings":["Polytechnique Montreal,Montreal,Canada"],"affiliations":[{"raw_affiliation_string":"Polytechnique Montreal,Montreal,Canada","institution_ids":["https://openalex.org/I45683168"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000132048","display_name":"Christopher Neal","orcid":"https://orcid.org/0000-0002-6953-8728"},"institutions":[{"id":"https://openalex.org/I45683168","display_name":"Polytechnique Montr\u00e9al","ror":"https://ror.org/05f8d4e86","country_code":"CA","type":"education","lineage":["https://openalex.org/I45683168"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Christopher Neal","raw_affiliation_strings":["Polytechnique Montreal,Montreal,Canada"],"affiliations":[{"raw_affiliation_string":"Polytechnique Montreal,Montreal,Canada","institution_ids":["https://openalex.org/I45683168"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120540891","display_name":"Sara Imene Boucetta","orcid":null},"institutions":[{"id":"https://openalex.org/I45683168","display_name":"Polytechnique Montr\u00e9al","ror":"https://ror.org/05f8d4e86","country_code":"CA","type":"education","lineage":["https://openalex.org/I45683168"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Sara Imene Boucetta","raw_affiliation_strings":["Polytechnique Montreal,Montreal,Canada"],"affiliations":[{"raw_affiliation_string":"Polytechnique Montreal,Montreal,Canada","institution_ids":["https://openalex.org/I45683168"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074976207","display_name":"Fr\u00e9d\u00e9ric Cuppens","orcid":"https://orcid.org/0000-0003-1124-2200"},"institutions":[{"id":"https://openalex.org/I45683168","display_name":"Polytechnique Montr\u00e9al","ror":"https://ror.org/05f8d4e86","country_code":"CA","type":"education","lineage":["https://openalex.org/I45683168"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Fr\u00e9d\u00e9ric Cuppens","raw_affiliation_strings":["Polytechnique Montreal,Montreal,Canada"],"affiliations":[{"raw_affiliation_string":"Polytechnique Montreal,Montreal,Canada","institution_ids":["https://openalex.org/I45683168"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5011273434","display_name":"Nora Cuppens","orcid":"https://orcid.org/0000-0001-8792-0413"},"institutions":[{"id":"https://openalex.org/I45683168","display_name":"Polytechnique Montr\u00e9al","ror":"https://ror.org/05f8d4e86","country_code":"CA","type":"education","lineage":["https://openalex.org/I45683168"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Nora Boulahia-Cuppens","raw_affiliation_strings":["Polytechnique Montreal,Montreal,Canada"],"affiliations":[{"raw_affiliation_string":"Polytechnique Montreal,Montreal,Canada","institution_ids":["https://openalex.org/I45683168"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5116925572"],"corresponding_institution_ids":["https://openalex.org/I45683168"],"apc_list":null,"apc_paid":null,"fwci":3.6264,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.95081157,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.4643000066280365,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.4643000066280365,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.0925000011920929,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.06419999897480011,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.7026000022888184},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.582099974155426},{"id":"https://openalex.org/keywords/unsupervised-learning","display_name":"Unsupervised learning","score":0.5593000054359436},{"id":"https://openalex.org/keywords/word2vec","display_name":"Word2vec","score":0.5389000177383423},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.5210000276565552},{"id":"https://openalex.org/keywords/feature-learning","display_name":"Feature learning","score":0.5188999772071838},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.4844000041484833},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.475600004196167},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.4047999978065491}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8054999709129333},{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.7026000022888184},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.582099974155426},{"id":"https://openalex.org/C8038995","wikidata":"https://www.wikidata.org/wiki/Q1152135","display_name":"Unsupervised learning","level":2,"score":0.5593000054359436},{"id":"https://openalex.org/C2776461190","wikidata":"https://www.wikidata.org/wiki/Q22673982","display_name":"Word2vec","level":3,"score":0.5389000177383423},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.5210000276565552},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5205000042915344},{"id":"https://openalex.org/C59404180","wikidata":"https://www.wikidata.org/wiki/Q17013334","display_name":"Feature learning","level":2,"score":0.5188999772071838},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.4844000041484833},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4821000099182129},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.475600004196167},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.4047999978065491},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.40310001373291016},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.3765999972820282},{"id":"https://openalex.org/C2780150774","wikidata":"https://www.wikidata.org/wiki/Q252500","display_name":"User profile","level":2,"score":0.3734999895095825},{"id":"https://openalex.org/C2777530160","wikidata":"https://www.wikidata.org/wiki/Q41796","display_name":"Sentence","level":2,"score":0.3727000057697296},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.36059999465942383},{"id":"https://openalex.org/C177877439","wikidata":"https://www.wikidata.org/wiki/Q7604413","display_name":"Statistical relational learning","level":3,"score":0.34950000047683716},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.34470000863075256},{"id":"https://openalex.org/C35639132","wikidata":"https://www.wikidata.org/wiki/Q7452468","display_name":"Sequence labeling","level":3,"score":0.3319000005722046},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3296999931335449},{"id":"https://openalex.org/C2778112365","wikidata":"https://www.wikidata.org/wiki/Q3511065","display_name":"Sequence (biology)","level":2,"score":0.30660000443458557},{"id":"https://openalex.org/C94124525","wikidata":"https://www.wikidata.org/wiki/Q912550","display_name":"Categorization","level":2,"score":0.298799991607666},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.29330000281333923},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.29109999537467957},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.2903999984264374},{"id":"https://openalex.org/C105002631","wikidata":"https://www.wikidata.org/wiki/Q4833645","display_name":"Subject-matter expert","level":3,"score":0.2897999882698059},{"id":"https://openalex.org/C23224414","wikidata":"https://www.wikidata.org/wiki/Q176769","display_name":"Hidden Markov model","level":2,"score":0.28949999809265137},{"id":"https://openalex.org/C2778827112","wikidata":"https://www.wikidata.org/wiki/Q22245680","display_name":"Feature engineering","level":3,"score":0.2858999967575073},{"id":"https://openalex.org/C83804111","wikidata":"https://www.wikidata.org/wiki/Q1063558","display_name":"Behavioral pattern","level":2,"score":0.25459998846054077}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/pst65910.2025.11268873","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268873","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"},{"id":"pmh:oai:publications.polymtl.ca:70557","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306401013","display_name":"PolyPublie (\u00c9cole Polytechnique de Montr\u00e9al)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I45683168","host_organization_name":"Polytechnique Montr\u00e9al","host_organization_lineage":["https://openalex.org/I45683168"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W1991210879","https://openalex.org/W2025768430","https://openalex.org/W2100495367","https://openalex.org/W2131998781","https://openalex.org/W2580290980","https://openalex.org/W2766640141","https://openalex.org/W2771022952","https://openalex.org/W2959126003","https://openalex.org/W3000429356","https://openalex.org/W3039513780","https://openalex.org/W3045880080","https://openalex.org/W3153493802","https://openalex.org/W4221135157","https://openalex.org/W4388893964","https://openalex.org/W4409156298"],"related_works":[],"abstract_inverted_index":{"Insider":[0,147],"threats,":[1],"where":[2],"legitimate":[3],"users":[4],"misuse":[5],"their":[6,17],"access":[7],"for":[8,139],"malicious":[9],"purposes,":[10],"remain":[11],"challenging":[12],"to":[13,16,106,129,176],"detect":[14],"due":[15],"contextual":[18],"and":[19,65,96,111,161],"behavioral":[20,59],"subtleties.":[21],"This":[22],"paper":[23],"presents":[24],"a":[25,36,58,83,88],"novel":[26],"machine":[27],"learning":[28,138],"framework":[29,165],"that":[30,49,86,152],"captures":[31],"user":[32,89,109],"activity":[33],"sequences":[34],"through":[35],"user-centric":[37],"representation":[38,77],"named":[39],"the":[40,119,126,145],"User":[41],"Daily":[42],"Activity":[43],"Sentence":[44],"(UDAS).":[45],"Unlike":[46],"prior":[47,156],"work":[48,128],"informally":[50],"uses":[51],"daily":[52],"sequences,":[53],"we":[54,81],"formalize":[55],"UDAS":[56],"as":[57],"encoding":[60],"technique":[61],"using":[62,116],"Word2Vec":[63],"embeddings":[64,134],"extensively":[66],"evaluate":[67],"it":[68,174],"across":[69],"multiple":[70],"unsupervised":[71,157],"anomaly":[72,112],"detection":[73,113],"methods.To":[74],"enrich":[75],"this":[76,124],"with":[78,135],"relational":[79,137],"context,":[80],"propose":[82],"graph-based":[84,136],"extension":[85],"constructs":[87],"interaction":[90],"graph":[91],"based":[92],"on":[93,144],"co-device":[94],"usage":[95],"domain":[97],"access.":[98],"A":[99],"Graph":[100],"Convolutional":[101],"Network":[102],"(GCN)":[103],"is":[104,114,125],"applied":[105],"enhance":[107],"semantic":[108,132],"embeddings,":[110],"performed":[115],"Kmeans":[117],"clustering.To":[118],"best":[120],"of":[121],"our":[122,153],"knowledge,":[123],"first":[127],"systematically":[130],"combine":[131],"sequence":[133],"insider":[140],"threat":[141],"detection.":[142],"Experiments":[143],"CERT":[146],"Threat":[148],"v4.2":[149],"dataset":[150],"show":[151],"method":[154],"outperforms":[155],"models":[158],"in":[159],"accuracy":[160],"robustness.":[162],"The":[163],"proposed":[164],"requires":[166],"no":[167],"feature":[168],"engineering":[169],"or":[170],"labeled":[171],"data,":[172],"making":[173],"applicable":[175],"real-world":[177],"monitoring":[178],"environments.":[179]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-12-03T00:00:00"}