{"id":"https://openalex.org/W3126822660","doi":"https://doi.org/10.1109/snams52053.2020.9336573","title":"Towards Process Mining Utilization in Insider Threat Detection from Audit Logs","display_name":"Towards Process Mining Utilization in Insider Threat Detection from Audit Logs","publication_year":2020,"publication_date":"2020-12-14","ids":{"openalex":"https://openalex.org/W3126822660","doi":"https://doi.org/10.1109/snams52053.2020.9336573","mag":"3126822660"},"language":"en","primary_location":{"id":"doi:10.1109/snams52053.2020.9336573","is_oa":false,"landing_page_url":"https://doi.org/10.1109/snams52053.2020.9336573","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5056570124","display_name":"Martin Mac\u00e1k","orcid":"https://orcid.org/0000-0001-9655-9228"},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":true,"raw_author_name":"Martin Macak","raw_affiliation_strings":["Faculty of Informatics, Masaryk University,Brno,Czech Republic","Faculty of Informatics, Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Faculty of Informatics, Masaryk University,Brno,Czech Republic","institution_ids":["https://openalex.org/I21449261"]},{"raw_affiliation_string":"Faculty of Informatics, Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007037390","display_name":"Ivan Vanat","orcid":null},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Ivan Vanat","raw_affiliation_strings":["Faculty of Informatics, Masaryk University,Brno,Czech Republic","Faculty of Informatics, Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Faculty of Informatics, Masaryk University,Brno,Czech Republic","institution_ids":["https://openalex.org/I21449261"]},{"raw_affiliation_string":"Faculty of Informatics, Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028436557","display_name":"Michal Merjavy","orcid":null},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Michal Merjavy","raw_affiliation_strings":["Faculty of Informatics, Masaryk University,Brno,Czech Republic","Faculty of Informatics, Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Faculty of Informatics, Masaryk University,Brno,Czech Republic","institution_ids":["https://openalex.org/I21449261"]},{"raw_affiliation_string":"Faculty of Informatics, Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012761876","display_name":"Tomas Jevocin","orcid":null},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Tomas Jevocin","raw_affiliation_strings":["Faculty of Informatics, Masaryk University,Brno,Czech Republic","Faculty of Informatics, Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Faculty of Informatics, Masaryk University,Brno,Czech Republic","institution_ids":["https://openalex.org/I21449261"]},{"raw_affiliation_string":"Faculty of Informatics, Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5052095892","display_name":"Barbora B\u00fchnov\u00e1","orcid":"https://orcid.org/0000-0003-4205-101X"},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Barbora Buhnova","raw_affiliation_strings":["Faculty of Informatics, Masaryk University,Brno,Czech Republic","Faculty of Informatics, Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Faculty of Informatics, Masaryk University,Brno,Czech Republic","institution_ids":["https://openalex.org/I21449261"]},{"raw_affiliation_string":"Faculty of Informatics, Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5056570124"],"corresponding_institution_ids":["https://openalex.org/I21449261"],"apc_list":null,"apc_paid":null,"fwci":1.7796,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.87347258,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10703","display_name":"Business Process Modeling and Analysis","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10703","display_name":"Business Process Modeling and Analysis","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9882000088691711,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9639999866485596,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.9606788158416748},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.8434076905250549},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.8019585609436035},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7169142961502075},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.6930450201034546},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6434581279754639},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.48095884919166565},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.37356510758399963},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.20877361297607422},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.08204537630081177}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.9606788158416748},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.8434076905250549},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.8019585609436035},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7169142961502075},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.6930450201034546},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6434581279754639},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.48095884919166565},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.37356510758399963},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.20877361297607422},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.08204537630081177},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/snams52053.2020.9336573","is_oa":false,"landing_page_url":"https://doi.org/10.1109/snams52053.2020.9336573","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5799999833106995,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W66923425","https://openalex.org/W1497007062","https://openalex.org/W1565132002","https://openalex.org/W1943545449","https://openalex.org/W2011910480","https://openalex.org/W2012065791","https://openalex.org/W2023808162","https://openalex.org/W2098250644","https://openalex.org/W2113498867","https://openalex.org/W2121717903","https://openalex.org/W2128410654","https://openalex.org/W2404054407","https://openalex.org/W2508244519","https://openalex.org/W2767662337","https://openalex.org/W2885168754","https://openalex.org/W2944362491","https://openalex.org/W2945379307","https://openalex.org/W2974866841","https://openalex.org/W2997180912","https://openalex.org/W3005248910","https://openalex.org/W3014497022","https://openalex.org/W3088160430","https://openalex.org/W3124215730","https://openalex.org/W4238671542","https://openalex.org/W4243932450","https://openalex.org/W4288083473","https://openalex.org/W4288356450","https://openalex.org/W6629677911","https://openalex.org/W6713412375","https://openalex.org/W6753605853","https://openalex.org/W6783956973","https://openalex.org/W7073772456"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W2018332730","https://openalex.org/W4387194049","https://openalex.org/W2075012963"],"abstract_inverted_index":{"Nowadays,":[0],"insider":[1,34,60,81,100],"threats":[2,20,43],"are":[3,12,23],"one":[4],"of":[5,58,95],"the":[6,30,36,85,91],"most":[7],"significant":[8],"cybersecurity":[9],"threats.":[10,70],"They":[11],"much":[13],"more":[14],"difficult":[15],"to":[16,29,48,65,68,76],"detect":[17],"than":[18],"external":[19],"since":[21],"insiders":[22],"authorized":[24],"employees":[25],"with":[26],"legitimate":[27],"access":[28],"organization's":[31,86],"resources.":[32],"Malicious":[33],"knows":[35],"organization":[37],"and":[38,106,115],"can":[39,53],"act":[40],"inconspicuously.":[41],"Furthermore,":[42],"do":[44],"not":[45],"even":[46],"have":[47],"be":[49,54],"intentional.":[50],"Therefore,":[51],"there":[52],"a":[55],"complicated":[56],"background":[57],"malicious":[59],"behavior,":[61],"making":[62],"it":[63],"challenging":[64],"react":[66],"adequately":[67],"these":[69],"In":[71],"this":[72,127],"paper,":[73],"we":[74,120],"propose":[75],"utilize":[77],"process":[78,96],"mining":[79,97],"for":[80,99,123],"threat":[82,101],"detection":[83,102],"using":[84],"audit":[87,104],"logs.":[88],"We":[89],"present":[90],"three":[92],"different":[93],"types":[94],"utilization":[98],"from":[103],"logs":[105],"discuss":[107],"their":[108],"usefulness,":[109],"namely":[110],"visual":[111],"analysis,":[112],"conformance":[113,117],"checking,":[114],"declarative":[116],"checking.":[118],"Lastly,":[119],"give":[121],"recommendations":[122],"future":[124],"work":[125],"in":[126],"area":[128],"based":[129],"on":[130],"our":[131],"experience.":[132]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}