{"id":"https://openalex.org/W2885724973","doi":"https://doi.org/10.1109/spw.2018.00037","title":"Detection of Masqueraders Based on Graph Partitioning of File System Access Events","display_name":"Detection of Masqueraders Based on Graph Partitioning of File System Access Events","publication_year":2018,"publication_date":"2018-05-01","ids":{"openalex":"https://openalex.org/W2885724973","doi":"https://doi.org/10.1109/spw.2018.00037","mag":"2885724973"},"language":"en","primary_location":{"id":"doi:10.1109/spw.2018.00037","is_oa":true,"landing_page_url":"https://doi.org/10.1109/spw.2018.00037","pdf_url":"https://ieeexplore.ieee.org/ielx7/8420091/8424589/08424653.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Security and Privacy Workshops (SPW)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/8420091/8424589/08424653.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5029770311","display_name":"Flavio Toffalini","orcid":"https://orcid.org/0000-0002-7114-5640"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Flavio Toffalini","raw_affiliation_strings":["ST Electronics-SUTD Cyber Security Laboratory Singapore, University of Technology and Design"],"affiliations":[{"raw_affiliation_string":"ST Electronics-SUTD Cyber Security Laboratory Singapore, University of Technology and Design","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037488079","display_name":"Ivan Homoliak","orcid":"https://orcid.org/0000-0002-0790-0875"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Ivan Homoliak","raw_affiliation_strings":["Singapore University of Technology and Design, Singapore, SG"],"affiliations":[{"raw_affiliation_string":"Singapore University of Technology and Design, Singapore, SG","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045088381","display_name":"Athul Harilal","orcid":null},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Athul Harilal","raw_affiliation_strings":["ST Electronics-SUTD Cyber Security Laboratory Singapore, University of Technology and Design"],"affiliations":[{"raw_affiliation_string":"ST Electronics-SUTD Cyber Security Laboratory Singapore, University of Technology and Design","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072460783","display_name":"Alexander Binder","orcid":"https://orcid.org/0000-0001-9605-6209"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Alexander Binder","raw_affiliation_strings":["ST Electronics-SUTD Cyber Security Laboratory Singapore, University of Technology and Design"],"affiliations":[{"raw_affiliation_string":"ST Electronics-SUTD Cyber Security Laboratory Singapore, University of Technology and Design","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019979722","display_name":"Mart\u00edn Ochoa","orcid":"https://orcid.org/0000-0002-7816-5775"},"institutions":[{"id":"https://openalex.org/I90803817","display_name":"Universidad del Rosario","ror":"https://ror.org/0108mwc04","country_code":"CO","type":"education","lineage":["https://openalex.org/I90803817"]}],"countries":["CO"],"is_corresponding":false,"raw_author_name":"Martin Ochoa","raw_affiliation_strings":["Department of Applied Mathematics and Computer Science, Universidad del Rosario, Bogota, Colombia"],"affiliations":[{"raw_affiliation_string":"Department of Applied Mathematics and Computer Science, Universidad del Rosario, Bogota, Colombia","institution_ids":["https://openalex.org/I90803817"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5029770311"],"corresponding_institution_ids":["https://openalex.org/I152815399"],"apc_list":null,"apc_paid":null,"fwci":2.3394,"has_fulltext":false,"cited_by_count":16,"citation_normalized_percentile":{"value":0.89634011,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"13","issue":null,"first_page":"217","last_page":"227"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8557839393615723},{"id":"https://openalex.org/keywords/call-graph","display_name":"Call graph","score":0.5201678276062012},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.5012059211730957},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.47634127736091614},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.47194284200668335},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.4320130944252014},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.42752110958099365},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.42242297530174255},{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.4200468063354492},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.25428125262260437},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.15531566739082336}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8557839393615723},{"id":"https://openalex.org/C102379954","wikidata":"https://www.wikidata.org/wiki/Q2589940","display_name":"Call graph","level":2,"score":0.5201678276062012},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.5012059211730957},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.47634127736091614},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.47194284200668335},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.4320130944252014},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.42752110958099365},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.42242297530174255},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.4200468063354492},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.25428125262260437},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.15531566739082336},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/spw.2018.00037","is_oa":true,"landing_page_url":"https://doi.org/10.1109/spw.2018.00037","pdf_url":"https://ieeexplore.ieee.org/ielx7/8420091/8424589/08424653.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Security and Privacy Workshops (SPW)","raw_type":"proceedings-article"},{"id":"pmh:oai:repository.urosario.edu.co:10336/22859","is_oa":true,"landing_page_url":"https://repository.urosario.edu.co/handle/10336/22859","pdf_url":null,"source":{"id":"https://openalex.org/S4306401708","display_name":"Repositorio Institucional E-DocUR (Universidad Del Rosario)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I90803817","host_organization_name":"Universidad del Rosario","host_organization_lineage":["https://openalex.org/I90803817"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"instname:Universidad del Rosario","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":{"id":"doi:10.1109/spw.2018.00037","is_oa":true,"landing_page_url":"https://doi.org/10.1109/spw.2018.00037","pdf_url":"https://ieeexplore.ieee.org/ielx7/8420091/8424589/08424653.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Security and Privacy Workshops (SPW)","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7200000286102295}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2885724973.pdf","grobid_xml":"https://content.openalex.org/works/W2885724973.grobid-xml"},"referenced_works_count":5,"referenced_works":["https://openalex.org/W1898491644","https://openalex.org/W2121564430","https://openalex.org/W2166017159","https://openalex.org/W2206700814","https://openalex.org/W2395792877"],"related_works":["https://openalex.org/W4296749040","https://openalex.org/W4230197055","https://openalex.org/W621808327","https://openalex.org/W644007644","https://openalex.org/W3012257603","https://openalex.org/W3177475962","https://openalex.org/W1586784764","https://openalex.org/W4292264782","https://openalex.org/W1559289099","https://openalex.org/W2096636234"],"abstract_inverted_index":{"Masqueraders":[0],"are":[1,29,49],"users":[2,263],"who":[3],"take":[4],"control":[5],"of":[6,22,90,99,116,146,177,207,214,230,254,261,276,298],"a":[7,79,88,91,97,117,144,161,166,178,196,278,283,300,305],"machine":[8],"and":[9,44,93,154,238,250,264,282,304],"perform":[10],"malicious":[11],"activities":[12],"such":[13,65,127],"as":[14,66,195],"data":[15],"exfiltration":[16],"or":[17,175],"system":[18,71,222,258],"misuse":[19],"on":[20,121,220],"behalf":[21],"legitimate":[23,37,262],"users.":[24],"In":[25,74],"the":[26,100,114,140,173,215,231,236,239],"literature,":[27],"there":[28],"various":[30,63],"approaches":[31,191],"for":[32,204,267,289],"detecting":[33],"masqueraders":[34],"by":[35,164],"modeling":[36],"users'":[38],"behavior":[39,58],"during":[40],"their":[41],"daily":[42],"tasks":[43],"automatically":[45],"determine":[46],"whether":[47],"they":[48],"doing":[50],"something":[51],"suspicious.":[52],"Usually,":[53],"these":[54],"techniques":[55],"model":[56],"user":[57,92,153],"using":[59,165,244],"features":[60],"extracted":[61],"from":[62,126,187],"sources,":[64],"file":[67,221,257],"system,":[68],"network":[69],"activities,":[70],"calls,":[72],"etc.":[73],"this":[75,156],"work,":[76],"we":[77,270,292],"propose":[78],"one-class":[80],"anomaly":[81],"detection":[82],"approach":[83,184,200,216,232],"that":[84,132,192],"measures":[85],"similarities":[86],"between":[87],"history":[89,145,157],"events":[94,224],"recorded":[95],"in":[96,235],"timewindow":[98],"user's":[101],"session":[102],"which":[103,169],"is":[104,113,149,158],"to":[105,137,160,172],"be":[106,202,218],"classified.":[107],"The":[108,199,226],"idea":[109],"behind":[110],"our":[111,183],"solution":[112],"application":[115,213],"graph":[118],"partitioning":[119],"technique":[120],"weighted":[122],"oriented":[123],"graphs":[124,194],"generated":[125],"event":[128,209],"sequences,":[129,210],"while":[130,288],"considering":[131],"strongly":[133],"connected":[134],"nodes":[135],"have":[136],"belong":[138],"into":[139],"same":[141],"cluster.":[142],"First,":[143],"vertex":[147],"clusters":[148],"build":[150],"per":[151],"each":[152],"then":[155],"compared":[159],"new":[162,179],"input":[163],"similarity":[167],"function,":[168],"leads":[170],"either":[171],"acceptance":[174],"rejection":[176],"input.":[180],"This":[181],"makes":[182],"substantially":[185],"different":[186,205],"existing":[188],"general":[189],"graph-based":[190],"consider":[193],"single":[197],"entity.":[198],"can":[201],"applied":[203],"kinds":[206],"homogeneous":[208],"however":[211],"successful":[212],"will":[217],"demonstrated":[219,234],"access":[223,259],"only.":[225],"linear":[227],"time":[228],"complexity":[229],"was":[233,242],"experiments":[237],"performance":[240],"evaluation":[241],"done":[243],"two":[245],"state-of-the-art":[246],"datasets":[247],"-":[248,252],"WUIL":[249,268],"TWOS":[251,290],"both":[253],"them":[255],"containing":[256],"logs":[260],"masquerade":[265],"attackers;":[266],"dataset":[269,291],"achieved":[271,293],"an":[272,294],"average":[273,295],"per-user":[274,296],"AUC":[275,297],"0.94,":[277],"TPR":[279,301],"over":[280,302],"95%,":[281],"FPR":[284,306],"less":[285],"than":[286],"10%,":[287],"0.851,":[299],"91%":[303],"around":[307],"11%.":[308]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":1}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}