{"id":"https://openalex.org/W2894279555","doi":"https://doi.org/10.1109/tvcg.2018.2865029","title":"Situ: Identifying and Explaining Suspicious Behavior in Networks","display_name":"Situ: Identifying and Explaining Suspicious Behavior in Networks","publication_year":2018,"publication_date":"2018-08-20","ids":{"openalex":"https://openalex.org/W2894279555","doi":"https://doi.org/10.1109/tvcg.2018.2865029","mag":"2894279555","pmid":"https://pubmed.ncbi.nlm.nih.gov/30136975"},"language":"en","primary_location":{"id":"doi:10.1109/tvcg.2018.2865029","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tvcg.2018.2865029","pdf_url":null,"source":{"id":"https://openalex.org/S84775595","display_name":"IEEE Transactions on Visualization and Computer Graphics","issn_l":"1077-2626","issn":["1077-2626","1941-0506","2160-9306"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Visualization and Computer Graphics","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","pubmed"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://www.osti.gov/biblio/1486963","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5003251468","display_name":"John R. Goodall","orcid":"https://orcid.org/0000-0001-6810-4517"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"John R. Goodall","raw_affiliation_strings":["Oak Ridge National Laboratory, Oak Ridge, TN, US"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, Oak Ridge, TN, US","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090930182","display_name":"Eric D. Ragan","orcid":"https://orcid.org/0000-0002-7192-3457"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Eric D. Ragan","raw_affiliation_strings":["University of Florida, Gainesville, FL, US"],"affiliations":[{"raw_affiliation_string":"University of Florida, Gainesville, FL, US","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048471884","display_name":"Chad A. Steed","orcid":"https://orcid.org/0000-0002-3501-909X"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chad A. Steed","raw_affiliation_strings":["Oak Ridge National Laboratory, Oak Ridge, TN, US"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, Oak Ridge, TN, US","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007331165","display_name":"Joel W. Reed","orcid":"https://orcid.org/0000-0002-5558-8425"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Joel W. Reed","raw_affiliation_strings":["Oak Ridge National Laboratory, Oak Ridge, TN, US"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, Oak Ridge, TN, US","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056413615","display_name":"Gregory D. Richardson","orcid":"https://orcid.org/0000-0002-2200-9386"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"G. David Richardson","raw_affiliation_strings":["Oak Ridge National Laboratory, Oak Ridge, TN, US"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, Oak Ridge, TN, US","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034986549","display_name":"Kelly M. T. Huffer","orcid":"https://orcid.org/0000-0002-1785-9108"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kelly M.T. Huffer","raw_affiliation_strings":["Oak Ridge National Laboratory, Oak Ridge, TN, US"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, Oak Ridge, TN, US","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012446017","display_name":"Robert A. Bridges","orcid":"https://orcid.org/0000-0001-7962-6329"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Robert A. Bridges","raw_affiliation_strings":["Oak Ridge National Laboratory, Oak Ridge, TN, US"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, Oak Ridge, TN, US","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5091887368","display_name":"Jason Laska","orcid":"https://orcid.org/0000-0002-6100-5548"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jason A. Laska","raw_affiliation_strings":["Oak Ridge National Laboratory, Oak Ridge, TN, US"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, Oak Ridge, TN, US","institution_ids":["https://openalex.org/I1289243028"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5003251468"],"corresponding_institution_ids":["https://openalex.org/I1289243028"],"apc_list":null,"apc_paid":null,"fwci":5.4617,"has_fulltext":false,"cited_by_count":68,"citation_normalized_percentile":{"value":0.96187752,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"25","issue":"1","first_page":"204","last_page":"214"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8331282138824463},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.7814366817474365},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6477029323577881},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6420902013778687},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.5760238170623779},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5330283641815186},{"id":"https://openalex.org/keywords/visual-analytics","display_name":"Visual analytics","score":0.5032479166984558},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.4799497425556183},{"id":"https://openalex.org/keywords/network-monitoring","display_name":"Network monitoring","score":0.47667622566223145},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.47286319732666016},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.44939687848091125},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3721697926521301},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.2522730529308319}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8331282138824463},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.7814366817474365},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6477029323577881},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6420902013778687},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.5760238170623779},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5330283641815186},{"id":"https://openalex.org/C59732488","wikidata":"https://www.wikidata.org/wiki/Q2528440","display_name":"Visual analytics","level":3,"score":0.5032479166984558},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.4799497425556183},{"id":"https://openalex.org/C81877898","wikidata":"https://www.wikidata.org/wiki/Q1965787","display_name":"Network monitoring","level":2,"score":0.47667622566223145},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.47286319732666016},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.44939687848091125},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3721697926521301},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2522730529308319},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/tvcg.2018.2865029","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tvcg.2018.2865029","pdf_url":null,"source":{"id":"https://openalex.org/S84775595","display_name":"IEEE Transactions on Visualization and Computer Graphics","issn_l":"1077-2626","issn":["1077-2626","1941-0506","2160-9306"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Visualization and Computer Graphics","raw_type":"journal-article"},{"id":"pmid:30136975","is_oa":false,"landing_page_url":"https://pubmed.ncbi.nlm.nih.gov/30136975","pdf_url":null,"source":{"id":"https://openalex.org/S4306525036","display_name":"PubMed","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE transactions on visualization and computer graphics","raw_type":null},{"id":"pmh:oai:osti.gov:1486963","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1486963","pdf_url":null,"source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null}],"best_oa_location":{"id":"pmh:oai:osti.gov:1486963","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1486963","pdf_url":null,"source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6800000071525574}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"},{"id":"https://openalex.org/F4320306110","display_name":"U.S. Department of Homeland Security","ror":"https://ror.org/00jyr0d86"},{"id":"https://openalex.org/F4320306250","display_name":"Battelle","ror":"https://ror.org/01h5tnr73"},{"id":"https://openalex.org/F4320316892","display_name":"UT-Battelle","ror":"https://ror.org/04nza6677"},{"id":"https://openalex.org/F4320333051","display_name":"Intelligence Advanced Research Projects Activity","ror":"https://ror.org/01v3fsc55"},{"id":"https://openalex.org/F4320337547","display_name":"Laboratory Directed Research and Development","ror":"https://ror.org/01e41cf67"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":49,"referenced_works":["https://openalex.org/W40890042","https://openalex.org/W333473489","https://openalex.org/W963723781","https://openalex.org/W1496787004","https://openalex.org/W1554085250","https://openalex.org/W1981620671","https://openalex.org/W1986111422","https://openalex.org/W1988453576","https://openalex.org/W1989359075","https://openalex.org/W1993426957","https://openalex.org/W2005811057","https://openalex.org/W2010326631","https://openalex.org/W2012062717","https://openalex.org/W2040333627","https://openalex.org/W2046608104","https://openalex.org/W2064655388","https://openalex.org/W2077488147","https://openalex.org/W2087449073","https://openalex.org/W2100565272","https://openalex.org/W2101422111","https://openalex.org/W2101911705","https://openalex.org/W2104248525","https://openalex.org/W2105552354","https://openalex.org/W2107358904","https://openalex.org/W2108138195","https://openalex.org/W2117717899","https://openalex.org/W2133800002","https://openalex.org/W2134583708","https://openalex.org/W2144469028","https://openalex.org/W2146688638","https://openalex.org/W2146948159","https://openalex.org/W2153919695","https://openalex.org/W2255206882","https://openalex.org/W2263741877","https://openalex.org/W2342408547","https://openalex.org/W2460037574","https://openalex.org/W2532274934","https://openalex.org/W2553769569","https://openalex.org/W2577895858","https://openalex.org/W2606132858","https://openalex.org/W2621801683","https://openalex.org/W2963478293","https://openalex.org/W3083585350","https://openalex.org/W4214863042","https://openalex.org/W4307674759","https://openalex.org/W4307784537","https://openalex.org/W6611483480","https://openalex.org/W6653611095","https://openalex.org/W6738773173"],"related_works":["https://openalex.org/W2105642232","https://openalex.org/W3207332793","https://openalex.org/W3197833032","https://openalex.org/W2186032312","https://openalex.org/W2391366589","https://openalex.org/W2362801139","https://openalex.org/W2061862347","https://openalex.org/W2358660853","https://openalex.org/W1909231387","https://openalex.org/W2100367193"],"abstract_inverted_index":{"Despite":[0],"the":[1,16,21,151,159,190,208,219],"best":[2],"efforts":[3],"of":[4,18,23,39,104,221],"cyber":[5,58],"security":[6,73,214],"analysts,":[7],"networked":[8],"computing":[9],"assets":[10],"are":[11,33,169,205],"routinely":[12],"compromised,":[13],"resulting":[14],"in":[15,126,196,210],"loss":[17],"intellectual":[19],"property,":[20],"disclosure":[22],"state":[24],"secrets,":[25],"and":[26,41,53,57,62,98,149,155,158,182,193,217],"major":[27],"financial":[28],"damages.":[29],"Anomaly":[30],"detection":[31,138],"methods":[32],"beneficial":[34],"for":[35,122],"detecting":[36],"new":[37],"types":[38],"attacks":[40],"abnormal":[42],"network":[43,128,199],"activity,":[44],"but":[45,75],"such":[46],"algorithms":[47,84],"can":[48,176],"be":[49,177],"difficult":[50],"to":[51,65,92,99,107,147,163],"understand":[52,166],"trust.":[54,88],"Network":[55],"operators":[56,76,146,165,172,204],"analysts":[59],"need":[60,90,173],"fast":[61],"scalable":[63,133],"tools":[64,91,174],"help":[66,108,164],"identify":[67,148],"suspicious":[68,105,124],"behavior":[69,106,125],"that":[70,135,175],"bypasses":[71],"automated":[72,81],"systems,":[74],"do":[77,86],"not":[78,87],"want":[79],"another":[80],"tool":[82,160,209],"with":[83,139,183,224],"they":[85,168],"Experts":[89],"augment":[93],"their":[94,180,184],"own":[95],"domain":[96],"expertise":[97],"provide":[100],"a":[101,118,132,211],"contextual":[102],"understanding":[103],"them":[109],"make":[110],"decisions.":[111],"In":[112],"this":[113],"paper":[114,188],"we":[115],"present":[116,218],"Situ,":[117],"visual":[119],"analytics":[120],"system":[121],"discovering":[123],"streaming":[127],"data.":[129],"Situ":[130,191],"provides":[131,161],"solution":[134],"combines":[136],"anomaly":[137],"information":[140],"visualization.":[141],"The":[142],"system's":[143],"visualizations":[144],"enable":[145],"investigate":[150],"most":[152],"anomalous":[153],"events":[154],"IP":[156],"addresses,":[157],"context":[162],"why":[167],"anomalous.":[170],"Finally,":[171],"integrated":[178],"into":[179],"workflow":[181],"existing":[185],"tools.":[186],"This":[187],"describes":[189],"platform":[192],"its":[194],"deployment":[195],"an":[197],"operational":[198],"setting.":[200],"We":[201],"discuss":[202],"how":[203],"currently":[206],"using":[207],"large":[212],"organization's":[213],"operations":[215],"center":[216],"results":[220],"expert":[222],"reviews":[223],"professionals.":[225]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":11},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":16},{"year":2021,"cited_by_count":12},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":9}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}