{"id":"https://openalex.org/W4407466542","doi":"https://doi.org/10.1109/sin63213.2024.10871807","title":"Unsupervised Learning for Insider Threat Prediction: A Behavioral Analysis Approach","display_name":"Unsupervised Learning for Insider Threat Prediction: A Behavioral Analysis Approach","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4407466542","doi":"https://doi.org/10.1109/sin63213.2024.10871807"},"language":"en","primary_location":{"id":"doi:10.1109/sin63213.2024.10871807","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sin63213.2024.10871807","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 17th International Conference on Security of Information and Networks (SIN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5042681178","display_name":"Rashid Mehmood","orcid":"https://orcid.org/0000-0002-3488-9413"},"institutions":[{"id":"https://openalex.org/I141584323","display_name":"University of Hertfordshire","ror":"https://ror.org/0267vjk41","country_code":"GB","type":"education","lineage":["https://openalex.org/I141584323"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Rahat Mehmood","raw_affiliation_strings":["School of Physics, Engineering and Computer Science University of Hertfordshire,Hatfield,United Kingdom"],"affiliations":[{"raw_affiliation_string":"School of Physics, Engineering and Computer Science University of Hertfordshire,Hatfield,United Kingdom","institution_ids":["https://openalex.org/I141584323"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115596178","display_name":"Priyanka Singh","orcid":"https://orcid.org/0009-0003-0730-4357"},"institutions":[{"id":"https://openalex.org/I165143802","display_name":"University of Queensland","ror":"https://ror.org/00rqy9422","country_code":"AU","type":"education","lineage":["https://openalex.org/I165143802"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Priyanka Singh","raw_affiliation_strings":["School of Electrical Engineering and Computer Science, The University of Queensland,Brisbane,Australia"],"affiliations":[{"raw_affiliation_string":"School of Electrical Engineering and Computer Science, The University of Queensland,Brisbane,Australia","institution_ids":["https://openalex.org/I165143802"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5116254195","display_name":"Zoe Jeffery","orcid":null},"institutions":[{"id":"https://openalex.org/I141584323","display_name":"University of Hertfordshire","ror":"https://ror.org/0267vjk41","country_code":"GB","type":"education","lineage":["https://openalex.org/I141584323"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Zoe Jeffery","raw_affiliation_strings":["School of Physics, Engineering and Computer Science University of Hertfordshire,Hatfield,United Kingdom"],"affiliations":[{"raw_affiliation_string":"School of Physics, Engineering and Computer Science University of Hertfordshire,Hatfield,United Kingdom","institution_ids":["https://openalex.org/I141584323"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5042681178"],"corresponding_institution_ids":["https://openalex.org/I141584323"],"apc_list":null,"apc_paid":null,"fwci":0.8142,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.83265878,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9904999732971191,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9904999732971191,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9724000096321106,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9517999887466431,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.8403820991516113},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6829453110694885},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.6116266250610352},{"id":"https://openalex.org/keywords/unsupervised-learning","display_name":"Unsupervised learning","score":0.5388972163200378},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.48127907514572144},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.45750120282173157}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.8403820991516113},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6829453110694885},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.6116266250610352},{"id":"https://openalex.org/C8038995","wikidata":"https://www.wikidata.org/wiki/Q1152135","display_name":"Unsupervised learning","level":2,"score":0.5388972163200378},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.48127907514572144},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.45750120282173157},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sin63213.2024.10871807","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sin63213.2024.10871807","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 17th International Conference on Security of Information and Networks (SIN)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5699999928474426,"id":"https://metadata.un.org/sdg/13","display_name":"Climate action"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W1991210879","https://openalex.org/W2119423198","https://openalex.org/W2411741275","https://openalex.org/W2771022952","https://openalex.org/W2920449071","https://openalex.org/W3121281921","https://openalex.org/W3130498974","https://openalex.org/W3153493802","https://openalex.org/W3197991612","https://openalex.org/W3216671775","https://openalex.org/W4313151162","https://openalex.org/W4323262326","https://openalex.org/W4387194049","https://openalex.org/W4389386867","https://openalex.org/W4392379942","https://openalex.org/W6759005217"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2792608345","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W4387194049","https://openalex.org/W2018332730"],"abstract_inverted_index":{"Most":[0],"of":[1,18,39,184,193],"the":[2,36,40,194,208,214],"devastating":[3],"cyber-attacks":[4],"are":[5,120,134,142],"caused":[6],"by":[7,136,162],"insiders":[8],"with":[9,190],"access":[10],"privileges":[11],"inside":[12],"an":[13,103],"organization.":[14],"The":[15,182,211],"main":[16],"reason":[17],"insider":[19,52,62,110],"attacks":[20,63],"being":[21],"more":[22],"effective":[23,90],"is":[24,64,177,188],"that":[25,108,170],"they":[26,33,81],"don't":[27],"have":[28,46],"many":[29],"security":[30],"barriers":[31],"before":[32],"get":[34],"into":[35],"critical":[37,78],"resources":[38],"system.":[41],"Different":[42],"machine":[43,68,105,146],"learning":[44,69,106,147,163],"techniques":[45],"been":[47],"previously":[48],"utilized":[49,143],"to":[50,125,144,179,206],"identify":[51],"threats":[53],"within":[54],"cy-bersecurity":[55],"domain":[56],"whereas":[57],"research":[58],"done":[59],"in":[60,122,157],"predicting":[61],"not":[65],"significant.":[66],"Moreover,":[67],"models":[70],"used":[71,178],"for":[72,91,115,165],"prediction":[73],"and":[74,130,204,220],"detection":[75],"face":[76],"a":[77],"limitation":[79],"as":[80],"require":[82],"training":[83],"on":[84],"labeled":[85],"datasets,":[86],"rendering":[87],"them":[88],"less":[89],"real-time":[92,116],"data":[93],"streams":[94],"which":[95,149],"lack":[96],"threat":[97,111,117,166],"presence":[98],"indicators.":[99],"This":[100],"work":[101],"presents":[102],"unsupervised":[104],"approach":[107],"predicts":[109],"using":[112,155],"behavior":[113,152],"analysis":[114],"data.":[118],"Patterns":[119],"identified":[121],"user":[123],"behavior,":[124],"make":[126,180],"predictions":[127],"about":[128],"benign":[129],"malicious":[131],"insiders.":[132],"Features":[133],"selected":[135,172],"analyzing":[137],"activities":[138],"performed.":[139],"Selected":[140],"features":[141,173],"feed":[145],"model":[148],"extracts":[150],"anomalous":[151],"among":[153],"users,":[154],"anomalies":[156],"their":[158],"activity":[159],"patterns":[160],"followed":[161],"methods":[164],"detection.":[167],"A":[168],"dataset":[169],"contains":[171],"from":[174],"CERT":[175],"r4.2":[176],"predictions.":[181],"performance":[183,216],"Isolation":[185],"Forest":[186],"(iForest)":[187],"compared":[189],"other":[191],"algorithms":[192],"same":[195],"category":[196],"including":[197],"One-class":[198],"SVM,":[199],"Local":[200],"Outlier":[201],"Factor":[202],"(LOF)":[203],"DBSCAN":[205],"evaluate":[207],"new":[209],"approach.":[210],"iForest":[212],"shows":[213],"best":[215],"accuracy":[217],"80":[218],"percent":[219],"recall":[221],"84.2":[222],"percent.":[223]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2025-12-28T23:10:05.387466","created_date":"2025-10-10T00:00:00"}