{"id":"https://openalex.org/W2058738459","doi":"https://doi.org/10.1145/1029208.1029231","title":"Statistical profiling and visualization for detection of malicious insider attacks on computer networks","display_name":"Statistical profiling and visualization for detection of malicious insider attacks on computer networks","publication_year":2004,"publication_date":"2004-10-29","ids":{"openalex":"https://openalex.org/W2058738459","doi":"https://doi.org/10.1145/1029208.1029231","mag":"2058738459"},"language":"en","primary_location":{"id":"doi:10.1145/1029208.1029231","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1029208.1029231","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071517349","display_name":"Jeffrey B. Colombe","orcid":null},"institutions":[{"id":"https://openalex.org/I44896327","display_name":"Mitre (United States)","ror":"https://ror.org/03ks2a131","country_code":"US","type":"company","lineage":["https://openalex.org/I44896327"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Jeffrey B. Colombe","raw_affiliation_strings":["The MITRE Corporation"],"affiliations":[{"raw_affiliation_string":"The MITRE Corporation","institution_ids":["https://openalex.org/I44896327"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063300608","display_name":"Gregory Stephens","orcid":null},"institutions":[{"id":"https://openalex.org/I44896327","display_name":"Mitre (United States)","ror":"https://ror.org/03ks2a131","country_code":"US","type":"company","lineage":["https://openalex.org/I44896327"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gregory Stephens","raw_affiliation_strings":["The MITRE Corporation"],"affiliations":[{"raw_affiliation_string":"The MITRE Corporation","institution_ids":["https://openalex.org/I44896327"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5071517349"],"corresponding_institution_ids":["https://openalex.org/I44896327"],"apc_list":null,"apc_paid":null,"fwci":0.6953,"has_fulltext":false,"cited_by_count":36,"citation_normalized_percentile":{"value":0.7613222,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"138","last_page":"142"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.9951000213623047,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9943000078201294,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8450902700424194},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6184953451156616},{"id":"https://openalex.org/keywords/alarm","display_name":"ALARM","score":0.573716402053833},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.5426117181777954},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5243889689445496},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.5068479180335999},{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.4815512001514435},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4723457098007202},{"id":"https://openalex.org/keywords/false-alarm","display_name":"False alarm","score":0.46567365527153015},{"id":"https://openalex.org/keywords/profiling","display_name":"Profiling (computer programming)","score":0.44802603125572205},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.4438294768333435},{"id":"https://openalex.org/keywords/relevance","display_name":"Relevance (law)","score":0.442289263010025},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4392291009426117},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.30934086441993713}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8450902700424194},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6184953451156616},{"id":"https://openalex.org/C2779119184","wikidata":"https://www.wikidata.org/wiki/Q294350","display_name":"ALARM","level":2,"score":0.573716402053833},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.5426117181777954},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5243889689445496},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.5068479180335999},{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.4815512001514435},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4723457098007202},{"id":"https://openalex.org/C2776836416","wikidata":"https://www.wikidata.org/wiki/Q1364844","display_name":"False alarm","level":2,"score":0.46567365527153015},{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.44802603125572205},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.4438294768333435},{"id":"https://openalex.org/C158154518","wikidata":"https://www.wikidata.org/wiki/Q7310970","display_name":"Relevance (law)","level":2,"score":0.442289263010025},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4392291009426117},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.30934086441993713},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C159985019","wikidata":"https://www.wikidata.org/wiki/Q181790","display_name":"Composite material","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1029208.1029231","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1029208.1029231","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/8","score":0.6899999976158142,"display_name":"Decent work and economic growth"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320311089","display_name":"National Security Agency","ror":"https://ror.org/0047bvr32"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W1566480186","https://openalex.org/W1964266912","https://openalex.org/W1999448603","https://openalex.org/W2073165180","https://openalex.org/W2108867737","https://openalex.org/W2131880356","https://openalex.org/W2141200504","https://openalex.org/W2148971934","https://openalex.org/W2155843307","https://openalex.org/W2156026066","https://openalex.org/W2156204309","https://openalex.org/W2161830378","https://openalex.org/W2162761309","https://openalex.org/W2327525319","https://openalex.org/W2484155365","https://openalex.org/W2610685016","https://openalex.org/W4237811398"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W4387194049","https://openalex.org/W2018332730","https://openalex.org/W2286217954"],"abstract_inverted_index":{"The":[0,97,168],"massive":[1],"volume":[2],"of":[3,21,34,51,61,64,99,118,139,158,170,183],"intrusion":[4],"detection":[5],"system":[6,58],"(IDS)":[7],"alarms":[8,54,79,119,185],"generated":[9,83],"on":[10],"large":[11,116],"networks,":[12,48],"and":[13,91,108],"the":[14,22,32,49,52,62,89,121,125,137,145,155,159,164,171,178],"resulting":[15,53],"need":[16],"for":[17,76,163],"labor-intensive":[18],"security":[19,126],"analysis":[20],"text-based":[23],"IDS":[24],"alarm":[25,161],"logs,":[26],"has":[27,105],"recently":[28],"brought":[29],"into":[30],"question":[31],"cost-effectiveness":[33],"IDSs.":[35],"In":[36],"particular,":[37],"when":[38],"host-based":[39],"IDSs":[40],"are":[41,81],"used":[42,106],"to":[43,112,124,143,166,180],"monitor":[44],"an":[45,72,187],"organization's":[46],"internal":[47],"majority":[50,98],"represent":[55],"legitimate,":[56],"automated":[57],"administration.":[59],"Because":[60],"absence":[63],"ground":[65],"truth":[66],"about":[67,154],"known":[68],"attacks,":[69,87],"we":[70,135],"propose":[71],"unsupervised,":[73],"anomaly-based":[74],"method":[75,173],"automatically":[77],"distinguishing":[78],"that":[80],"potentially":[82,131],"by":[84,176],"malicious":[85],"insider":[86],"from":[88,186],"repetitive":[90],"temporally":[92],"structured":[93],"legitimate":[94],"system-administration":[95],"alarms.":[96],"previous":[100],"work":[101],"in":[102,120],"this":[103],"area":[104],"heuristic":[107],"statistical":[109,172],"filtering":[110],"techniques":[111],"discard":[113],"a":[114,130,140,181],"relatively":[115],"proportion":[117],"final":[122],"presentation":[123],"analyst,":[127],"which":[128],"is":[129,174],"dangerous":[132],"practice.":[133],"Instead,":[134],"demonstrate":[136],"use":[138],"typicality":[141],"measure":[142],"visualize":[144],"apparent":[146],"risk":[147],"associated":[148],"with":[149],"alarms,":[150],"while":[151],"retaining":[152],"information":[153],"temporal":[156],"context":[157],"entire":[160],"stream":[162],"analyst":[165],"view.":[167],"relevance":[169],"examined":[175],"comparing":[177],"results":[179],"set":[182],"analyst-curated":[184],"operational":[188],"environment.":[189]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":1},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":2},{"year":2012,"cited_by_count":5}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}