{"id":"https://openalex.org/W4392405644","doi":"https://doi.org/10.1109/tifs.2024.3372771","title":"Double-Layer Detection of Internal Threat in Enterprise Systems Based on Deep Learning","display_name":"Double-Layer Detection of Internal Threat in Enterprise Systems Based on Deep Learning","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W4392405644","doi":"https://doi.org/10.1109/tifs.2024.3372771"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2024.3372771","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2024.3372771","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082144617","display_name":"Daojing He","orcid":"https://orcid.org/0000-0002-3820-8128"},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Daojing He","raw_affiliation_strings":["School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, China"],"raw_orcid":"https://orcid.org/0000-0002-3820-8128","affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104139165","display_name":"Xin Lv","orcid":null},"institutions":[{"id":"https://openalex.org/I4510145","display_name":"Jiangxi University of Science and Technology","ror":"https://ror.org/03q0t9252","country_code":"CN","type":"education","lineage":["https://openalex.org/I4510145"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Lv","raw_affiliation_strings":["School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou, China","School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou, P.R. China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou, China","institution_ids":["https://openalex.org/I4510145"]},{"raw_affiliation_string":"School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou, P.R. China","institution_ids":["https://openalex.org/I4510145"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017931313","display_name":"Xueqian Xu","orcid":"https://orcid.org/0000-0001-8292-3586"},"institutions":[{"id":"https://openalex.org/I66867065","display_name":"East China Normal University","ror":"https://ror.org/02n96ep67","country_code":"CN","type":"education","lineage":["https://openalex.org/I66867065"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xueqian Xu","raw_affiliation_strings":["School of Software Engineering, East China Normal University, Shanghai, China","School of Software Engineering, East China Normal University, Shanghai, P.R. China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Software Engineering, East China Normal University, Shanghai, China","institution_ids":["https://openalex.org/I66867065"]},{"raw_affiliation_string":"School of Software Engineering, East China Normal University, Shanghai, P.R. China","institution_ids":["https://openalex.org/I66867065"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091879207","display_name":"Sammy Chan","orcid":"https://orcid.org/0000-0002-8524-229X"},"institutions":[{"id":"https://openalex.org/I168719708","display_name":"City University of Hong Kong","ror":"https://ror.org/03q8dnn23","country_code":"HK","type":"education","lineage":["https://openalex.org/I168719708"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Sammy Chan","raw_affiliation_strings":["Department of Electrical Engineering, City University of Hong Kong, Kowloon Tong, Hong Kong","Department of Electrical Engineering, City University of Hong Kong, Kowloon, Hong Kong, China"],"raw_orcid":"https://orcid.org/0000-0002-8524-229X","affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, City University of Hong Kong, Kowloon Tong, Hong Kong","institution_ids":["https://openalex.org/I168719708"]},{"raw_affiliation_string":"Department of Electrical Engineering, City University of Hong Kong, Kowloon, Hong Kong, China","institution_ids":["https://openalex.org/I168719708"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001746807","display_name":"Kim\u2010Kwang Raymond Choo","orcid":"https://orcid.org/0000-0001-9208-5336"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kim-Kwang Raymond Choo","raw_affiliation_strings":["Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA"],"raw_orcid":"https://orcid.org/0000-0001-9208-5336","affiliations":[{"raw_affiliation_string":"Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA","institution_ids":["https://openalex.org/I45438204"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5082144617"],"corresponding_institution_ids":["https://openalex.org/I204983213"],"apc_list":null,"apc_paid":null,"fwci":7.607,"has_fulltext":false,"cited_by_count":24,"citation_normalized_percentile":{"value":0.97641191,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"19","issue":null,"first_page":"4741","last_page":"4751"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9940000176429749,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.991100013256073,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.787064254283905},{"id":"https://openalex.org/keywords/layer","display_name":"Layer (electronics)","score":0.5651013851165771},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4386867880821228},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3351542353630066}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.787064254283905},{"id":"https://openalex.org/C2779227376","wikidata":"https://www.wikidata.org/wiki/Q6505497","display_name":"Layer (electronics)","level":2,"score":0.5651013851165771},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4386867880821228},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3351542353630066},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C178790620","wikidata":"https://www.wikidata.org/wiki/Q11351","display_name":"Organic chemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2024.3372771","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2024.3372771","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4388910646","display_name":null,"funder_award_id":"62376074","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7506284920","display_name":null,"funder_award_id":"11201421","funder_id":"https://openalex.org/F4320321592","funder_display_name":"Research Grants Council, University Grants Committee"},{"id":"https://openalex.org/G8098664135","display_name":null,"funder_award_id":"171058","funder_id":"https://openalex.org/F4320334945","funder_display_name":"Fok Ying Tong Education Foundation"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321592","display_name":"Research Grants Council, University Grants Committee","ror":"https://ror.org/00djwmt25"},{"id":"https://openalex.org/F4320334945","display_name":"Fok Ying Tong Education Foundation","ror":"https://ror.org/01mv9t934"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":50,"referenced_works":["https://openalex.org/W39805166","https://openalex.org/W1531869710","https://openalex.org/W1919179112","https://openalex.org/W2064675550","https://openalex.org/W2079735306","https://openalex.org/W2144584907","https://openalex.org/W2293085137","https://openalex.org/W2295598076","https://openalex.org/W2342408547","https://openalex.org/W2533061047","https://openalex.org/W2538737552","https://openalex.org/W2574069427","https://openalex.org/W2783862767","https://openalex.org/W2790664081","https://openalex.org/W2797672282","https://openalex.org/W2805346584","https://openalex.org/W2807476744","https://openalex.org/W2887799638","https://openalex.org/W2891204376","https://openalex.org/W2914620184","https://openalex.org/W2924965088","https://openalex.org/W2938776748","https://openalex.org/W2944103016","https://openalex.org/W2963464069","https://openalex.org/W2985983260","https://openalex.org/W2990737658","https://openalex.org/W2995744236","https://openalex.org/W3006834142","https://openalex.org/W3020736316","https://openalex.org/W3037103249","https://openalex.org/W3044818515","https://openalex.org/W3045880080","https://openalex.org/W3096713468","https://openalex.org/W3118407222","https://openalex.org/W3126895599","https://openalex.org/W3127924007","https://openalex.org/W3159239323","https://openalex.org/W3186161925","https://openalex.org/W3198932021","https://openalex.org/W3206613716","https://openalex.org/W4213379419","https://openalex.org/W4240840618","https://openalex.org/W4285079909","https://openalex.org/W4377235205","https://openalex.org/W4385245566","https://openalex.org/W4385731184","https://openalex.org/W4386066497","https://openalex.org/W4400134761","https://openalex.org/W6739901393","https://openalex.org/W6746340649"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"In":[0],"recent":[1],"years,":[2],"phishing":[3,26,79,156,182],"mail-mediated":[4],"attacks":[5,28,45,183],"are":[6,10,74,90,114],"proliferating.":[7],"When":[8],"victims":[9],"enterprise":[11,17,34,179],"employees,":[12],"internal":[13],"security":[14],"of":[15,61,106,150],"the":[16,24,59,99,104,148,151],"systems":[18,35,180],"will":[19],"also":[20],"be":[21],"threatened.":[22],"Facing":[23],"advanced":[25],"email":[27,80,157],"and":[29,68,87,111,132,140,159,184],"complex":[30],"insider":[31,119,142,160,185],"threat":[32,120,143,161],"attacks,":[33],"equipped":[36],"with":[37],"traditional":[38],"machine":[39],"learning":[40],"models":[41,139],"cannot":[42],"detect":[43],"such":[44],"effectively.":[46],"Therefore,":[47],"we":[48],"propose":[49],"a":[50,78,94],"double-layer":[51],"detection":[52,81,121,134,144],"framework":[53,153,176],"in":[54,98,135],"this":[55],"paper.":[56],"Firstly,":[57],"from":[58,103,181],"perspective":[60,105],"individual":[62],"security,":[63,108],"Long":[64],"Short-Term":[65],"Memory":[66],"(LSTM)":[67],"extreme":[69],"gradient":[70],"boosting":[71],"tree":[72],"(XGBoost)":[73],"used":[75,115],"to":[76,116,137],"build":[77,117],"model.":[82,122],"The":[83,169],"model":[84,124],"generalization":[85],"ability":[86],"precision":[88],"rate":[89],"improved":[91],"by":[92],"adding":[93],"custom":[95],"loss":[96],"function":[97],"training":[100],"process.":[101],"Then,":[102],"group":[107],"Bidirectional":[109],"LSTM":[110],"Attention":[112],"mechanism":[113],"an":[118],"Our":[123],"has":[125],"better":[126],"results":[127,171],"for":[128],"multi-domain":[129],"time":[130],"series":[131],"anomaly":[133],"comparison":[136],"different":[138],"existing":[141],"models.":[145],"We":[146],"test":[147],"effectiveness":[149],"proposed":[152,175],"through":[154],"real":[155],"cases":[158],"attack":[162],"events":[163],"on":[164],"our":[165,174],"simulation":[166],"verification":[167],"platform.":[168],"experimental":[170],"demonstrate":[172],"that":[173],"can":[177],"protect":[178],"threats.":[186]},"counts_by_year":[{"year":2026,"cited_by_count":9},{"year":2025,"cited_by_count":11},{"year":2024,"cited_by_count":4}],"updated_date":"2026-06-02T09:04:35.204637","created_date":"2025-10-10T00:00:00"}