{"id":"https://openalex.org/W3111000109","doi":"https://doi.org/10.1109/smc42975.2020.9282831","title":"Interactive Machine Learning for Data Exfiltration Detection: Active Learning with Human Expertise","display_name":"Interactive Machine Learning for Data Exfiltration Detection: Active Learning with Human Expertise","publication_year":2020,"publication_date":"2020-10-11","ids":{"openalex":"https://openalex.org/W3111000109","doi":"https://doi.org/10.1109/smc42975.2020.9282831","mag":"3111000109"},"language":"en","primary_location":{"id":"doi:10.1109/smc42975.2020.9282831","is_oa":false,"landing_page_url":"https://doi.org/10.1109/smc42975.2020.9282831","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5072249188","display_name":"Mu-Huan Chung","orcid":"https://orcid.org/0000-0002-9826-2142"},"institutions":[{"id":"https://openalex.org/I185261750","display_name":"University of Toronto","ror":"https://ror.org/03dbr7087","country_code":"CA","type":"education","lineage":["https://openalex.org/I185261750"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Mu-Huan Chung","raw_affiliation_strings":["Mechanical and Industrial Engineering, University of Toronto"],"affiliations":[{"raw_affiliation_string":"Mechanical and Industrial Engineering, University of Toronto","institution_ids":["https://openalex.org/I185261750"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039024869","display_name":"Mark Chignell","orcid":"https://orcid.org/0000-0001-8120-6905"},"institutions":[{"id":"https://openalex.org/I185261750","display_name":"University of Toronto","ror":"https://ror.org/03dbr7087","country_code":"CA","type":"education","lineage":["https://openalex.org/I185261750"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mark Chignell","raw_affiliation_strings":["Mechanical and Industrial Engineering, University of Toronto"],"affiliations":[{"raw_affiliation_string":"Mechanical and Industrial Engineering, University of Toronto","institution_ids":["https://openalex.org/I185261750"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100364541","display_name":"Lu Wang","orcid":"https://orcid.org/0000-0003-4016-4096"},"institutions":[{"id":"https://openalex.org/I185261750","display_name":"University of Toronto","ror":"https://ror.org/03dbr7087","country_code":"CA","type":"education","lineage":["https://openalex.org/I185261750"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Lu Wang","raw_affiliation_strings":["Mechanical and Industrial Engineering, University of Toronto"],"affiliations":[{"raw_affiliation_string":"Mechanical and Industrial Engineering, University of Toronto","institution_ids":["https://openalex.org/I185261750"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017882771","display_name":"Alexandra Jovicic","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Alexandra Jovicic","raw_affiliation_strings":["Enterprise Services, Sun Life Financial Inc"],"affiliations":[{"raw_affiliation_string":"Enterprise Services, Sun Life Financial Inc","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077865999","display_name":"Abhay Raman","orcid":"https://orcid.org/0000-0002-4193-1464"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Abhay Raman","raw_affiliation_strings":["Enterprise Services, Sun Life Financial Inc"],"affiliations":[{"raw_affiliation_string":"Enterprise Services, Sun Life Financial Inc","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5072249188"],"corresponding_institution_ids":["https://openalex.org/I185261750"],"apc_list":null,"apc_paid":null,"fwci":1.3256,"has_fulltext":false,"cited_by_count":17,"citation_normalized_percentile":{"value":0.85189503,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"280","last_page":"287"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12761","display_name":"Data Stream Mining Techniques","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8583738803863525},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7078287601470947},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.6801798343658447},{"id":"https://openalex.org/keywords/salient","display_name":"Salient","score":0.6338450908660889},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6094726324081421},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5543135404586792},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4534071981906891},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.41147342324256897},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.33940476179122925}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8583738803863525},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7078287601470947},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6801798343658447},{"id":"https://openalex.org/C2780719617","wikidata":"https://www.wikidata.org/wiki/Q1030752","display_name":"Salient","level":2,"score":0.6338450908660889},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6094726324081421},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5543135404586792},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4534071981906891},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.41147342324256897},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.33940476179122925},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/smc42975.2020.9282831","is_oa":false,"landing_page_url":"https://doi.org/10.1109/smc42975.2020.9282831","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W44775132","https://openalex.org/W574004345","https://openalex.org/W1501005121","https://openalex.org/W1977513037","https://openalex.org/W1977591411","https://openalex.org/W1991210879","https://openalex.org/W1995976200","https://openalex.org/W2003238113","https://openalex.org/W2007087405","https://openalex.org/W2030553727","https://openalex.org/W2045649112","https://openalex.org/W2053075547","https://openalex.org/W2063052894","https://openalex.org/W2100053037","https://openalex.org/W2110171129","https://openalex.org/W2127058057","https://openalex.org/W2146388339","https://openalex.org/W2507724564","https://openalex.org/W2614773713","https://openalex.org/W2753415590","https://openalex.org/W2766447205","https://openalex.org/W2768348081","https://openalex.org/W2794079986","https://openalex.org/W2803342829","https://openalex.org/W2891503716","https://openalex.org/W2905034244","https://openalex.org/W2933302606","https://openalex.org/W2934399013","https://openalex.org/W4243342770","https://openalex.org/W4250259632","https://openalex.org/W6601832452","https://openalex.org/W6743846187","https://openalex.org/W6745609711","https://openalex.org/W6761265859"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W4312814274","https://openalex.org/W1590307681","https://openalex.org/W2536018345","https://openalex.org/W4285370786","https://openalex.org/W2296488620","https://openalex.org/W2358353312","https://openalex.org/W2353836703"],"abstract_inverted_index":{"Data":[0],"exfiltration":[1],"is":[2,24],"a":[3,65,146],"serious":[4],"threat":[5],"to":[6,16,44,47,80,126,161],"organizations.":[7],"Such":[8],"exfiltrations":[9],"cause":[10],"breach":[11],"events":[12],"that":[13,186,202],"can":[14,34,55,72,176,208],"lead":[15],"millions":[17],"of":[18,20,67,84],"dollars":[19],"loss.":[21],"Perimeter":[22],"defense":[23],"not":[25],"enough":[26],"by":[27,94,211],"itself":[28],"since":[29],"successful":[30],"exploits":[31],"from":[32,145],"insiders":[33],"also":[35],"be":[36,45,56,127,195,209],"very":[37],"damaging.":[38],"Internal":[39],"network":[40,59],"user":[41],"activities":[42],"need":[43],"monitored":[46],"detect":[48],"malicious":[49,74],"actions.":[50],"Automatic":[51],"machine":[52,87,103,191],"learning":[53,88,104,192],"methods":[54],"applied":[57],"for":[58,121,129],"anomaly":[60,157,166],"detection,":[61],"but":[62,76],"they":[63,77],"create":[64],"lot":[66],"false":[68,150,178],"alarms.":[69],"Domain":[70],"experts":[71,101,205],"identify":[73],"users,":[75],"are":[78],"unable":[79],"process":[81],"large":[82],"volumes":[83],"data.":[85],"Interactive":[86],"(iML)":[89],"deals":[90],"with":[91,115,143],"this":[92,133,174],"tradeoff":[93,185],"creating":[95],"an":[96,137],"efficient":[97],"collaboration":[98,114,164],"between":[99,204],"domain":[100],"and":[102,119,180,206],"algorithms.":[105],"Previous":[106],"research":[107],"in":[108,165,173,189,198],"iML":[109,123,172],"has":[110],"focused":[111],"mainly":[112],"on":[113],"non-experts.":[116],"The":[117,168],"design":[118],"requirements":[120],"expertise-driven":[122],"have":[124],"yet":[125],"delineated":[128],"cybersecurity":[130],"applications.":[131],"In":[132],"research,":[134],"we":[135],"proposed":[136],"Active":[138],"Learning":[139],"(AL)":[140],"model":[141],"trained":[142],"outputs":[144],"liberal":[147],"(outputting":[148],"many":[149],"alarms":[151,179],"as":[152,154],"well":[153],"possible":[155],"hits)":[156],"detection":[158],"(AD)":[159],"criterion":[160],"study":[162],"expert-iML":[163],"detection.":[167],"results":[169],"showed":[170],"that:":[171],"context":[175],"prune":[177],"minimize":[181],"misses;":[182],"the":[183,218],"performance/compatibility":[184],"typically":[187],"occurs":[188],"conventional":[190],"updates":[193],"may":[194],"less":[196],"salient":[197],"iML.":[199],"We":[200],"suggest":[201],"compatibility":[203],"algorithms":[207],"improved":[210],"presenting":[212],"information":[213],"about":[214],"feature":[215],"relevance":[216],"during":[217],"training":[219],"process.":[220]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3}],"updated_date":"2026-02-25T08:12:03.925757","created_date":"2025-10-10T00:00:00"}