{"id":"https://openalex.org/W4285612255","doi":"https://doi.org/10.1109/tifs.2022.3191493","title":"Wrongdoing Monitor: A Graph-Based Behavioral Anomaly Detection in Cyber Security","display_name":"Wrongdoing Monitor: A Graph-Based Behavioral Anomaly Detection in Cyber Security","publication_year":2022,"publication_date":"2022-01-01","ids":{"openalex":"https://openalex.org/W4285612255","doi":"https://doi.org/10.1109/tifs.2022.3191493"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2022.3191493","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2022.3191493","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100417007","display_name":"Cheng Wang","orcid":"https://orcid.org/0000-0002-4752-0316"},"institutions":[{"id":"https://openalex.org/I116953780","display_name":"Tongji University","ror":"https://ror.org/03rc6as71","country_code":"CN","type":"education","lineage":["https://openalex.org/I116953780"]},{"id":"https://openalex.org/I1327237609","display_name":"Ministry of Education of the People's Republic of China","ror":"https://ror.org/01mv9t934","country_code":"CN","type":"government","lineage":["https://openalex.org/I1327237609","https://openalex.org/I4210127390"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Cheng Wang","raw_affiliation_strings":["Department of Computer Science and Engineering, Tongji University, Shanghai, China","Key Laboratory of Embedded System and Service Computing, Ministry of Education, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Tongji University, Shanghai, China","institution_ids":["https://openalex.org/I116953780"]},{"raw_affiliation_string":"Key Laboratory of Embedded System and Service Computing, Ministry of Education, China","institution_ids":["https://openalex.org/I1327237609"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054508795","display_name":"Hangyu Zhu","orcid":"https://orcid.org/0000-0001-7221-9130"},"institutions":[{"id":"https://openalex.org/I116953780","display_name":"Tongji University","ror":"https://ror.org/03rc6as71","country_code":"CN","type":"education","lineage":["https://openalex.org/I116953780"]},{"id":"https://openalex.org/I1327237609","display_name":"Ministry of Education of the People's Republic of China","ror":"https://ror.org/01mv9t934","country_code":"CN","type":"government","lineage":["https://openalex.org/I1327237609","https://openalex.org/I4210127390"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hangyu Zhu","raw_affiliation_strings":["Department of Computer Science and Engineering, Tongji University, Shanghai, China","Key Laboratory of Embedded System and Service Computing, Ministry of Education, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Tongji University, Shanghai, China","institution_ids":["https://openalex.org/I116953780"]},{"raw_affiliation_string":"Key Laboratory of Embedded System and Service Computing, Ministry of Education, China","institution_ids":["https://openalex.org/I1327237609"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5100417007"],"corresponding_institution_ids":["https://openalex.org/I116953780","https://openalex.org/I1327237609"],"apc_list":null,"apc_paid":null,"fwci":8.4194,"has_fulltext":false,"cited_by_count":62,"citation_normalized_percentile":{"value":0.98122174,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":"17","issue":null,"first_page":"2703","last_page":"2718"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/behavioral-modeling","display_name":"Behavioral modeling","score":0.7451735138893127},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7210921049118042},{"id":"https://openalex.org/keywords/behavioral-pattern","display_name":"Behavioral pattern","score":0.6708511114120483},{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.646904706954956},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6339001655578613},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.48966506123542786},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4679977297782898},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.4430193305015564},{"id":"https://openalex.org/keywords/property","display_name":"Property (philosophy)","score":0.4101719856262207},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.40317025780677795},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3512982726097107},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.35039621591567993},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3408064842224121},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.27955684065818787}],"concepts":[{"id":"https://openalex.org/C78639753","wikidata":"https://www.wikidata.org/wiki/Q3318160","display_name":"Behavioral modeling","level":2,"score":0.7451735138893127},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7210921049118042},{"id":"https://openalex.org/C83804111","wikidata":"https://www.wikidata.org/wiki/Q1063558","display_name":"Behavioral pattern","level":2,"score":0.6708511114120483},{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.646904706954956},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6339001655578613},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.48966506123542786},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4679977297782898},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.4430193305015564},{"id":"https://openalex.org/C189950617","wikidata":"https://www.wikidata.org/wiki/Q937228","display_name":"Property (philosophy)","level":2,"score":0.4101719856262207},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.40317025780677795},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3512982726097107},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35039621591567993},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3408064842224121},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.27955684065818787},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2022.3191493","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2022.3191493","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7799999713897705}],"awards":[{"id":"https://openalex.org/G1754873590","display_name":null,"funder_award_id":"61972287","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2290276069","display_name":null,"funder_award_id":"22120210524","funder_id":"https://openalex.org/F4320335787","funder_display_name":"Fundamental Research Funds for the Central Universities"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335787","display_name":"Fundamental Research Funds for the Central Universities","ror":null},{"id":"https://openalex.org/F4320335796","display_name":"Program of Shanghai Academic Research Leader","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":52,"referenced_works":["https://openalex.org/W1670263352","https://openalex.org/W1991210879","https://openalex.org/W2008224380","https://openalex.org/W2110953678","https://openalex.org/W2154868463","https://openalex.org/W2158698691","https://openalex.org/W2187846933","https://openalex.org/W2267339884","https://openalex.org/W2274083067","https://openalex.org/W2564068158","https://openalex.org/W2614763420","https://openalex.org/W2723293840","https://openalex.org/W2739747431","https://openalex.org/W2767774008","https://openalex.org/W2783272285","https://openalex.org/W2793768763","https://openalex.org/W2799947440","https://openalex.org/W2808771744","https://openalex.org/W2896429681","https://openalex.org/W2907492528","https://openalex.org/W2914998214","https://openalex.org/W2930110112","https://openalex.org/W2945996535","https://openalex.org/W2949848919","https://openalex.org/W2950317798","https://openalex.org/W2954152666","https://openalex.org/W2962975498","https://openalex.org/W2964296635","https://openalex.org/W2966779056","https://openalex.org/W2979743032","https://openalex.org/W2986944522","https://openalex.org/W2997668353","https://openalex.org/W2998895714","https://openalex.org/W3012650537","https://openalex.org/W3023056190","https://openalex.org/W3029610479","https://openalex.org/W3040389479","https://openalex.org/W3080169369","https://openalex.org/W3100821813","https://openalex.org/W3104030692","https://openalex.org/W3119160111","https://openalex.org/W3136205675","https://openalex.org/W3137205257","https://openalex.org/W3153421894","https://openalex.org/W3170720134","https://openalex.org/W3211888892","https://openalex.org/W6745537798","https://openalex.org/W6748102297","https://openalex.org/W6760203611","https://openalex.org/W6767098714","https://openalex.org/W6796927292","https://openalex.org/W6799892437"],"related_works":["https://openalex.org/W3153493802","https://openalex.org/W3039513780","https://openalex.org/W2898158700","https://openalex.org/W2152238375","https://openalex.org/W3088948716","https://openalex.org/W432535052","https://openalex.org/W2488112254","https://openalex.org/W4210491229","https://openalex.org/W4384559558","https://openalex.org/W4285612255"],"abstract_inverted_index":{"The":[0],"so-called":[1],"<i>behavioral":[2,39],"anomaly":[3,127,171],"detection</i>":[4,200,209,219,229],"(BAD)":[5],"is":[6,162,191],"expected":[7],"to":[8,58,166],"solve":[9],"effectively":[10],"a":[11,29,96,111,120,184],"variety":[12],"of":[13,24,84,105,115,124,135,158,181],"security":[14,196],"issues":[15],"by":[16,50,95,173,193],"detecting":[17],"the":[18,53,59,67,80,102,122,132,156,163],"deviances":[19],"from":[20],"normal":[21],"behavioral":[22,32,63,68,75,88,103,116,126,137,147,153,168],"patterns":[23,104],"protected":[25],"agents.":[26],"We":[27],"propose":[28],"new":[30],"graph-based":[31],"modeling":[33,169],"paradigm":[34],"for":[35,119,170],"BAD":[36],"problem,":[37],"named":[38],"identification":[40],"graph</i>":[41],"(BIG),":[42],"which":[43,141],"has":[44],"distinct":[45],"advantages":[46],"over":[47],"existing":[48],"methods":[49],"mining":[51],"deeply":[52],"<i>property-level</i>":[54],"(as":[55],"an":[56],"enhancement":[57],"<i>event-level</i>)":[60],"associations":[61,73,180],"in":[62,74,201,210,220,230],"data.":[64],"Under":[65],"BIG,":[66],"properties":[69,89,140,148],"and":[70,82,90,101,139,149,177,187,227],"their":[71],"co-occurrence":[72],"data":[76],"are":[77,92,107],"modeled":[78],"as":[79,110],"entities":[81],"relationships":[83],"graph,":[85],"respectively;":[86],"furthermore,":[87],"events":[91],"both":[93,143],"vectorized":[94],"devised":[97],"event-property":[98],"composite":[99],"model,":[100],"agents":[106],"finally":[108],"represented":[109],"multidimensional":[112],"spatial":[113,133],"distribution":[114],"properties.":[117],"Consequently,":[118],"behavior,":[121],"intensity":[123],"its":[125,136],"can":[128],"be":[129],"transformed":[130],"into":[131,183],"decentrality":[134],"agent":[138],"contain":[142],"fine-grained":[144],"information":[145,151,222],"between":[146,152],"coarse-grained":[150],"events.":[154],"To":[155],"best":[157],"our":[159],"knowledge,":[160],"this":[161],"first":[164],"work":[165],"improve":[167],"detection":[172],"integrating":[174],"<i>inter</i>":[175],"(event-level)":[176],"<i>intra</i>":[178],"(property-level)":[179],"behaviors":[182],"unified":[185],"graph":[186],"space.":[188],"Our":[189],"method":[190],"validated":[192],"four":[194],"representative":[195],"issues,":[197],"i.e.,":[198],"<i>fraud":[199],"online":[202],"payment":[203],"services":[204,213,233],"(by":[205,214,224,234],"transaction":[206],"behaviors),":[207,216,226],"<i>intrusion":[208],"network":[211],"communication":[212],"traffic":[215],"<i>insider":[217],"threat":[218],"organizational":[221],"systems":[223],"system":[225],"<i>compromise":[228],"social":[231],"networking":[232],"trajectory":[235],"behaviors).":[236]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":25},{"year":2024,"cited_by_count":23},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}