{"id":"https://openalex.org/W2556800116","doi":"https://doi.org/10.1109/vizsec.2016.7739582","title":"Detecting malicious logins in enterprise networks using visualization","display_name":"Detecting malicious logins in enterprise networks using visualization","publication_year":2016,"publication_date":"2016-10-01","ids":{"openalex":"https://openalex.org/W2556800116","doi":"https://doi.org/10.1109/vizsec.2016.7739582","mag":"2556800116"},"language":"en","primary_location":{"id":"doi:10.1109/vizsec.2016.7739582","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vizsec.2016.7739582","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037287342","display_name":"Hossein Siadati","orcid":"https://orcid.org/0000-0002-5293-8450"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Hossein Siadati","raw_affiliation_strings":["New York University"],"affiliations":[{"raw_affiliation_string":"New York University","institution_ids":["https://openalex.org/I57206974"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079272514","display_name":"Bahador Saket","orcid":"https://orcid.org/0000-0002-5896-0149"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bahador Saket","raw_affiliation_strings":["Georgia Institute of Technology"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5006172625","display_name":"Nasir Memon","orcid":"https://orcid.org/0000-0002-0103-9762"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nasir Memon","raw_affiliation_strings":["New York University"],"affiliations":[{"raw_affiliation_string":"New York University","institution_ids":["https://openalex.org/I57206974"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5037287342"],"corresponding_institution_ids":["https://openalex.org/I57206974"],"apc_list":null,"apc_paid":null,"fwci":3.764,"has_fulltext":false,"cited_by_count":26,"citation_normalized_percentile":{"value":0.93898255,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/login","display_name":"Login","score":0.8328936696052551},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7930641174316406},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.6940795183181763},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5089964866638184},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.49572575092315674},{"id":"https://openalex.org/keywords/enterprise-private-network","display_name":"Enterprise private network","score":0.43737101554870605},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3734684884548187},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.1934979259967804}],"concepts":[{"id":"https://openalex.org/C113324615","wikidata":"https://www.wikidata.org/wiki/Q472302","display_name":"Login","level":2,"score":0.8328936696052551},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7930641174316406},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.6940795183181763},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5089964866638184},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.49572575092315674},{"id":"https://openalex.org/C149859251","wikidata":"https://www.wikidata.org/wiki/Q483426","display_name":"Enterprise private network","level":2,"score":0.43737101554870605},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3734684884548187},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.1934979259967804}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/vizsec.2016.7739582","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vizsec.2016.7739582","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W141550196","https://openalex.org/W1585665690","https://openalex.org/W1674877186","https://openalex.org/W1724737952","https://openalex.org/W1948270652","https://openalex.org/W1985987493","https://openalex.org/W2005811057","https://openalex.org/W2093931563","https://openalex.org/W2121065592","https://openalex.org/W2132915272","https://openalex.org/W2158263776","https://openalex.org/W2159262688","https://openalex.org/W2396652156","https://openalex.org/W2476891002","https://openalex.org/W6637096788","https://openalex.org/W6637487613","https://openalex.org/W6712382090","https://openalex.org/W6721826398"],"related_works":["https://openalex.org/W2362500257","https://openalex.org/W2360633292","https://openalex.org/W2944763794","https://openalex.org/W2363032787","https://openalex.org/W36040077","https://openalex.org/W2390013638","https://openalex.org/W2349495853","https://openalex.org/W2379463196","https://openalex.org/W2361530254","https://openalex.org/W2349199213"],"abstract_inverted_index":{"Enterprise":[0],"networks":[1],"have":[2],"been":[3],"a":[4,13,19,27,105,128,177,181,192],"frequent":[5],"target":[6,23],"of":[7,69,72,79,137,143,167],"data":[8,115],"breaches":[9],"and":[10,42,87,119,196],"sabotage.":[11],"In":[12,95],"widely":[14],"used":[15,90],"method,":[16],"attackers":[17,52],"establish":[18],"foothold":[20],"in":[21,76,191],"the":[22,47,63,73,77,125,160],"network":[24],"by":[25,148,176],"compromising":[26],"single":[28],"computer":[29],"or":[30],"account.":[31],"They":[32],"then":[33],"move":[34,50],"laterally":[35],"between":[36],"computers":[37],"to":[38,91,112,164,172],"access":[39,70],"valuable":[40],"resources":[41],"information":[43],"located":[44],"deeper":[45],"inside":[46],"network.":[48],"To":[49,123],"laterally,":[51],"often":[53],"steal":[54],"valid":[55],"user":[56],"credentials.":[57],"This":[58],"paper":[59],"is":[60,188],"based":[61],"on":[62],"observation":[64],"that":[65,108],"an":[66,134,144],"attackers'":[67],"pattern":[68],"characteristics":[71],"stolen":[74],"credentials":[75],"form":[78],"<;User,":[80],"Source,":[81],"Destination>":[82],"deviates":[83],"from":[84],"benign":[85],"patterns":[86,118],"can":[88],"be":[89],"detect":[92,165,200],"malicious":[93,121,169],"logins.":[94,122],"this":[96],"paper,":[97],"we":[98],"present":[99],"APT-Hunter":[100,187],"<sup":[101],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[102],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">1</sup>":[103],",":[104],"visualization":[106],"tool":[107],"helps":[109,197],"security":[110,156,198],"analysts":[111,157,199],"explore":[113],"login":[114],"for":[116],"discovering":[117],"detecting":[120],"evaluate":[124],"proposed":[126],"system,":[127],"pilot":[129],"study":[130],"was":[131],"conducted":[132,184],"over":[133],"open":[135],"dataset":[136],"more":[138],"than":[139],"one":[140],"billion":[141],"logins":[142,170],"enterprise":[145],"network,":[146],"provided":[147],"Los":[149],"Alamos":[150],"National":[151],"Lab":[152],"(LANL).":[153],"Using":[154],"APT-Hunter,":[155],"(unfamiliar":[158],"with":[159],"dataset)":[161],"were":[162],"able":[163],"349":[166],"749":[168],"related":[171],"lateral":[173],"movements":[174],"performed":[175],"Red":[178],"Team":[179],"during":[180],"penetration":[182],"test":[183],"at":[185],"LANL.":[186],"currently":[189],"deployed":[190],"global":[193],"financial":[194],"company":[195],"account":[201],"compromises.":[202]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":6}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}