{"id":"https://openalex.org/W2121096237","doi":"https://doi.org/10.1109/vizsec.2015.7312772","title":"Visualizing the insider threat: challenges and tools for identifying malicious user activity","display_name":"Visualizing the insider threat: challenges and tools for identifying malicious user activity","publication_year":2015,"publication_date":"2015-10-25","ids":{"openalex":"https://openalex.org/W2121096237","doi":"https://doi.org/10.1109/vizsec.2015.7312772","mag":"2121096237"},"language":"en","primary_location":{"id":"doi:10.1109/vizsec.2015.7312772","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vizsec.2015.7312772","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE Symposium on Visualization for Cyber Security (VizSec)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://eprints.uwe.ac.uk/27441/1/2015-VizSec_preprint.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5053235466","display_name":"Phil Legg","orcid":"https://orcid.org/0000-0003-3460-5609"},"institutions":[{"id":"https://openalex.org/I178535277","display_name":"University of the West of England","ror":"https://ror.org/02nwg5t34","country_code":"GB","type":"education","lineage":["https://openalex.org/I178535277"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Philip A. Legg","raw_affiliation_strings":["Department of Computer Science and Creative Technologies, University of the West of England, Bristol, UK","Department of Computer Science and Creative Technologies University of the West of England Bristol, UK"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Creative Technologies, University of the West of England, Bristol, UK","institution_ids":["https://openalex.org/I178535277"]},{"raw_affiliation_string":"Department of Computer Science and Creative Technologies University of the West of England Bristol, UK","institution_ids":["https://openalex.org/I178535277"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5053235466"],"corresponding_institution_ids":["https://openalex.org/I178535277"],"apc_list":null,"apc_paid":null,"fwci":3.1821,"has_fulltext":false,"cited_by_count":48,"citation_normalized_percentile":{"value":0.94614741,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.9947999715805054,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.9387919902801514},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.7414274215698242},{"id":"https://openalex.org/keywords/visual-analytics","display_name":"Visual analytics","score":0.7264143824577332},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.7122783064842224},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7010731101036072},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.6701128482818604},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5311943888664246},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5056366920471191},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.43725553154945374},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.4249933660030365},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.10093200206756592}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.9387919902801514},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.7414274215698242},{"id":"https://openalex.org/C59732488","wikidata":"https://www.wikidata.org/wiki/Q2528440","display_name":"Visual analytics","level":3,"score":0.7264143824577332},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.7122783064842224},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7010731101036072},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.6701128482818604},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5311943888664246},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5056366920471191},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.43725553154945374},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.4249933660030365},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.10093200206756592},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/vizsec.2015.7312772","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vizsec.2015.7312772","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE Symposium on Visualization for Cyber Security (VizSec)","raw_type":"proceedings-article"},{"id":"pmh:oai:eprints.uwe.ac.uk:27441","is_oa":true,"landing_page_url":"http://eprints.uwe.ac.uk/27441/1/2015-VizSec_preprint.pdf","pdf_url":null,"source":{"id":"https://openalex.org/S4306401464","display_name":"UWE Research Repository (UWE Bristol)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I178535277","host_organization_name":"University of the West of England","host_organization_lineage":["https://openalex.org/I178535277"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference or Workshop Item"}],"best_oa_location":{"id":"pmh:oai:eprints.uwe.ac.uk:27441","is_oa":true,"landing_page_url":"http://eprints.uwe.ac.uk/27441/1/2015-VizSec_preprint.pdf","pdf_url":null,"source":{"id":"https://openalex.org/S4306401464","display_name":"UWE Research Repository (UWE Bristol)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I178535277","host_organization_name":"University of the West of England","host_organization_lineage":["https://openalex.org/I178535277"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference or Workshop Item"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6800000071525574,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W1429693239","https://openalex.org/W1458873377","https://openalex.org/W1492667596","https://openalex.org/W1603920809","https://openalex.org/W1859925930","https://openalex.org/W1969795119","https://openalex.org/W1983068751","https://openalex.org/W1991210879","https://openalex.org/W1995976200","https://openalex.org/W2013946142","https://openalex.org/W2025394193","https://openalex.org/W2053003065","https://openalex.org/W2068963126","https://openalex.org/W2072770403","https://openalex.org/W2074017502","https://openalex.org/W2100407515","https://openalex.org/W2112006049","https://openalex.org/W2113997717","https://openalex.org/W2123521920","https://openalex.org/W2129500618","https://openalex.org/W2169820258","https://openalex.org/W2255638286","https://openalex.org/W6628465856","https://openalex.org/W6629711124","https://openalex.org/W6676698816"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W2018332730","https://openalex.org/W4387194049","https://openalex.org/W2286217954"],"abstract_inverted_index":{"One":[0],"of":[1,27,57,79],"the":[2,11,20,36,55,58,84,91,101,138,142,145,166,177,182],"greatest":[3],"challenges":[4,92],"for":[5],"managing":[6],"organisational":[7,28],"cyber":[8],"security":[9],"is":[10],"threat":[12,82,97],"that":[13,66,75,103,116,125,136,153],"comes":[14],"from":[15],"those":[16],"who":[17,31],"operate":[18],"within":[19],"organisation.":[21,59,85],"With":[22],"entitled":[23],"access":[24],"and":[25,48,71,149,156],"knowledge":[26],"processes,":[29],"insiders":[30],"choose":[32],"to":[33,38,69,83,106,140,174],"attack":[34],"have":[35],"potential":[37],"cause":[39],"serious":[40],"impact,":[41],"such":[42],"as":[43],"financial":[44],"loss,":[45],"reputational":[46],"damage,":[47],"in":[49],"severe":[50],"cases,":[51],"could":[52,76],"even":[53],"threaten":[54],"existence":[56],"Security":[60],"analysts":[61],"therefore":[62],"require":[63],"sophisticated":[64],"tools":[65,102],"allow":[67],"them":[68],"explore":[70],"identify":[72],"user":[73,122,155],"activity":[74,151,158],"be":[77],"indicative":[78],"an":[80,129,150],"imminent":[81],"In":[86],"this":[87,108],"work,":[88],"we":[89],"discuss":[90],"associated":[93],"with":[94,100],"identifying":[95],"insider":[96],"activity,":[98],"along":[99],"can":[104],"help":[105],"combat":[107],"problem.":[109],"We":[110,161],"present":[111],"a":[112,121],"visual":[113,178],"analytics":[114,179],"approach":[115,164],"incorporates":[117],"multiple":[118],"views,":[119],"including":[120],"selection":[123],"tool":[124,135],"indicates":[126],"anomalous":[127],"behaviour,":[128],"interactive":[130],"Principal":[131],"Component":[132],"Analysis":[133],"(iPCA)":[134],"aids":[137],"analyst":[139],"assess":[141],"reasoning":[143],"behind":[144],"anomaly":[146],"detection":[147],"results,":[148],"plot":[152],"visualizes":[154],"role":[157],"over":[159],"time.":[160],"demonstrate":[162],"our":[163],"using":[165],"Carnegie":[167],"Mellon":[168],"University":[169],"CERT":[170],"Insider":[171],"Threat":[172],"Dataset":[173],"show":[175],"how":[176],"workflow":[180],"supports":[181],"Information-Seeking":[183],"mantra.":[184]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":8},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":5},{"year":2016,"cited_by_count":6}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}