{"id":"https://openalex.org/W2005221715","doi":"https://doi.org/10.1145/2808783.2808784","title":"Detecting Insider Threat from Enterprise Social and Online Activity Data","display_name":"Detecting Insider Threat from Enterprise Social and Online Activity Data","publication_year":2015,"publication_date":"2015-10-06","ids":{"openalex":"https://openalex.org/W2005221715","doi":"https://doi.org/10.1145/2808783.2808784","mag":"2005221715"},"language":"en","primary_location":{"id":"doi:10.1145/2808783.2808784","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2808783.2808784","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5055855485","display_name":"Gaurang Gavai","orcid":null},"institutions":[{"id":"https://openalex.org/I173498003","display_name":"Palo Alto Research Center","ror":"https://ror.org/0529fxt39","country_code":"US","type":"facility","lineage":["https://openalex.org/I173498003","https://openalex.org/I4210132870"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Gaurang Gavai","raw_affiliation_strings":["Palo Alto Research Center, Palo Alto, CA, USA"],"affiliations":[{"raw_affiliation_string":"Palo Alto Research Center, Palo Alto, CA, USA","institution_ids":["https://openalex.org/I173498003"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100858154","display_name":"Kumar Sricharan","orcid":null},"institutions":[{"id":"https://openalex.org/I173498003","display_name":"Palo Alto Research Center","ror":"https://ror.org/0529fxt39","country_code":"US","type":"facility","lineage":["https://openalex.org/I173498003","https://openalex.org/I4210132870"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kumar Sricharan","raw_affiliation_strings":["Palo Alto Research Center, palo alto, CA, USA"],"affiliations":[{"raw_affiliation_string":"Palo Alto Research Center, palo alto, CA, USA","institution_ids":["https://openalex.org/I173498003"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110002980","display_name":"Dave Gunning","orcid":null},"institutions":[{"id":"https://openalex.org/I173498003","display_name":"Palo Alto Research Center","ror":"https://ror.org/0529fxt39","country_code":"US","type":"facility","lineage":["https://openalex.org/I173498003","https://openalex.org/I4210132870"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dave Gunning","raw_affiliation_strings":["Palo Alto Research Center, palo alto, CA, USA"],"affiliations":[{"raw_affiliation_string":"Palo Alto Research Center, palo alto, CA, USA","institution_ids":["https://openalex.org/I173498003"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041817298","display_name":"Rob Rolleston","orcid":null},"institutions":[{"id":"https://openalex.org/I173498003","display_name":"Palo Alto Research Center","ror":"https://ror.org/0529fxt39","country_code":"US","type":"facility","lineage":["https://openalex.org/I173498003","https://openalex.org/I4210132870"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rob Rolleston","raw_affiliation_strings":["Palo Alto Research Center, Webster, NY, USA"],"affiliations":[{"raw_affiliation_string":"Palo Alto Research Center, Webster, NY, USA","institution_ids":["https://openalex.org/I173498003"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057758300","display_name":"John Hanley","orcid":"https://orcid.org/0000-0001-6870-9321"},"institutions":[{"id":"https://openalex.org/I173498003","display_name":"Palo Alto Research Center","ror":"https://ror.org/0529fxt39","country_code":"US","type":"facility","lineage":["https://openalex.org/I173498003","https://openalex.org/I4210132870"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"John Hanley","raw_affiliation_strings":["Palo Alto Research Center, palo alto, CA, USA"],"affiliations":[{"raw_affiliation_string":"Palo Alto Research Center, palo alto, CA, USA","institution_ids":["https://openalex.org/I173498003"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103547404","display_name":"Mudita Singhal","orcid":null},"institutions":[{"id":"https://openalex.org/I173498003","display_name":"Palo Alto Research Center","ror":"https://ror.org/0529fxt39","country_code":"US","type":"facility","lineage":["https://openalex.org/I173498003","https://openalex.org/I4210132870"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mudita Singhal","raw_affiliation_strings":["Palo Alto Research Center, palo alto, CA, USA"],"affiliations":[{"raw_affiliation_string":"Palo Alto Research Center, palo alto, CA, USA","institution_ids":["https://openalex.org/I173498003"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5055855485"],"corresponding_institution_ids":["https://openalex.org/I173498003"],"apc_list":null,"apc_paid":null,"fwci":3.661,"has_fulltext":false,"cited_by_count":65,"citation_normalized_percentile":{"value":0.93548555,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"13","last_page":"20"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9933000206947327,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.9568471908569336},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.7642751336097717},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6726263761520386},{"id":"https://openalex.org/keywords/proxy","display_name":"Proxy (statistics)","score":0.6018063426017761},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.5740097761154175},{"id":"https://openalex.org/keywords/dashboard","display_name":"Dashboard","score":0.5311979651451111},{"id":"https://openalex.org/keywords/social-media","display_name":"Social media","score":0.5201569199562073},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.4879414737224579},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4573677182197571},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4456709027290344},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4357694983482361},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.40271782875061035},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3160482347011566},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.27805018424987793},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.247866690158844},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.14351150393486023}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.9568471908569336},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.7642751336097717},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6726263761520386},{"id":"https://openalex.org/C2780148112","wikidata":"https://www.wikidata.org/wiki/Q1432581","display_name":"Proxy (statistics)","level":2,"score":0.6018063426017761},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.5740097761154175},{"id":"https://openalex.org/C33499554","wikidata":"https://www.wikidata.org/wiki/Q1417134","display_name":"Dashboard","level":2,"score":0.5311979651451111},{"id":"https://openalex.org/C518677369","wikidata":"https://www.wikidata.org/wiki/Q202833","display_name":"Social media","level":2,"score":0.5201569199562073},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.4879414737224579},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4573677182197571},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4456709027290344},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4357694983482361},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.40271782875061035},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3160482347011566},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.27805018424987793},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.247866690158844},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.14351150393486023},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2808783.2808784","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2808783.2808784","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7400000095367432,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G6856817860","display_name":null,"funder_award_id":"W911NF-11-C- 0216","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W156003609","https://openalex.org/W1481547447","https://openalex.org/W1567808143","https://openalex.org/W1572811218","https://openalex.org/W1964549039","https://openalex.org/W1967847731","https://openalex.org/W1991210879","https://openalex.org/W2051131064","https://openalex.org/W2053003065","https://openalex.org/W2113997717","https://openalex.org/W2159851400","https://openalex.org/W2296719434","https://openalex.org/W6683806324"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W4387194049","https://openalex.org/W2018332730","https://openalex.org/W2063508592"],"abstract_inverted_index":{"Insider":[0],"threat":[1,17,46,104,120,141,161],"is":[2,135],"a":[3,100,111,124,146],"significant":[4],"security":[5,175],"risk":[6,162],"for":[7,102],"organizations.":[8],"In":[9],"this":[10,32,96],"paper,":[11],"we":[12,34,79,144],"attempt":[13],"to":[14,86,155,168],"discover":[15],"insider":[16,45,103,119,140],"by":[18],"identifying":[19,139],"abnormal":[20,82,97],"behavior":[21,83,98],"in":[22,138],"enterprise":[23],"social":[24,53],"and":[25,36,59,61,72,74,94,152,173],"online":[26,62],"activity":[27,63],"data":[28,54,64,114],"of":[29,44,127],"employees.":[30],"To":[31],"end,":[33],"process":[35],"extract":[37],"relevant":[38],"features":[39,50,88],"that":[40,131,149],"are":[41],"possibly":[42],"indicative":[43],"behavior.":[47],"This":[48],"includes":[49],"extracted":[51],"from":[52],"including":[55],"email":[56,70],"communication":[57],"patterns":[58],"content,":[60],"such":[65],"as":[66,99],"web":[67],"browsing":[68],"patterns,":[69],"frequency,":[71],"file":[73],"machine":[75],"access":[76],"patterns.":[77],"Subsequently,":[78],"detect":[80],"statistically":[81],"with":[84,116,159],"respect":[85],"these":[87],"using":[89],"state-of-the-art":[90],"anomaly":[91],"detection":[92],"methods,":[93],"declare":[95],"proxy":[101],"activity.":[105],"We":[106,122],"test":[107],"our":[108,132],"approach":[109,134],"on":[110],"real":[112],"world":[113],"set":[115],"artificially":[117],"injected":[118],"events.":[121,142],"obtain":[123],"ROC":[125],"score":[126],"0.77,":[128],"which":[129,164],"shows":[130],"proposed":[133],"fairly":[136],"successful":[137],"Finally,":[143],"build":[145],"visualization":[147],"dashboard":[148],"enables":[150],"managers":[151],"HR":[153],"personnel":[154],"quickly":[156],"identify":[157],"employees":[158],"high":[160],"scores":[163],"will":[165],"enable":[166],"them":[167],"take":[169],"suitable":[170],"preventive":[171],"measures":[172],"limit":[174],"risk.":[176]},"counts_by_year":[{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":13},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":4},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}