{"id":"https://openalex.org/W2765664114","doi":"https://doi.org/10.1145/3133956.3134003","title":"Detecting Structurally Anomalous Logins Within Enterprise Networks","display_name":"Detecting Structurally Anomalous Logins Within Enterprise Networks","publication_year":2017,"publication_date":"2017-10-27","ids":{"openalex":"https://openalex.org/W2765664114","doi":"https://doi.org/10.1145/3133956.3134003","mag":"2765664114"},"language":"en","primary_location":{"id":"doi:10.1145/3133956.3134003","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3133956.3134003","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037287342","display_name":"Hossein Siadati","orcid":"https://orcid.org/0000-0002-5293-8450"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hossein Siadati","raw_affiliation_strings":["New York University, Brooklyn, NY, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"New York University, Brooklyn, NY, USA","institution_ids":["https://openalex.org/I57206974"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5006172625","display_name":"Nasir Memon","orcid":"https://orcid.org/0000-0002-0103-9762"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nasir Memon","raw_affiliation_strings":["New York University, Brooklyn, NY, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"New York University, Brooklyn, NY, USA","institution_ids":["https://openalex.org/I57206974"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.5151,"has_fulltext":false,"cited_by_count":45,"citation_normalized_percentile":{"value":0.93723542,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1273","last_page":"1284"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/login","display_name":"Login","score":0.9085251092910767},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8594263195991516},{"id":"https://openalex.org/keywords/credential","display_name":"Credential","score":0.652550220489502},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6492379307746887},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5230882167816162},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.4359709322452545},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.4221409857273102},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.36978501081466675},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3598477840423584}],"concepts":[{"id":"https://openalex.org/C113324615","wikidata":"https://www.wikidata.org/wiki/Q472302","display_name":"Login","level":2,"score":0.9085251092910767},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8594263195991516},{"id":"https://openalex.org/C2777810591","wikidata":"https://www.wikidata.org/wiki/Q16861606","display_name":"Credential","level":2,"score":0.652550220489502},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6492379307746887},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5230882167816162},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.4359709322452545},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.4221409857273102},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36978501081466675},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3598477840423584}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3133956.3134003","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3133956.3134003","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1513001172","https://openalex.org/W1591480890","https://openalex.org/W1744212210","https://openalex.org/W1919179112","https://openalex.org/W1985987493","https://openalex.org/W1990089904","https://openalex.org/W1999427165","https://openalex.org/W2006398000","https://openalex.org/W2007562169","https://openalex.org/W2044285442","https://openalex.org/W2045487373","https://openalex.org/W2053003065","https://openalex.org/W2106525946","https://openalex.org/W2121251946","https://openalex.org/W2141409867","https://openalex.org/W2155915275","https://openalex.org/W2156204309","https://openalex.org/W2157578436","https://openalex.org/W2157949690","https://openalex.org/W2162774438","https://openalex.org/W2182343634","https://openalex.org/W2396652156","https://openalex.org/W2556800116","https://openalex.org/W2561684037"],"related_works":["https://openalex.org/W2061466315","https://openalex.org/W2376886931","https://openalex.org/W1992118813","https://openalex.org/W2010561419","https://openalex.org/W2374845301","https://openalex.org/W2351448539","https://openalex.org/W1977863481","https://openalex.org/W2384741105","https://openalex.org/W1495178644","https://openalex.org/W2185594426"],"abstract_inverted_index":{"Many":[0],"network":[1,37,74],"intrusion":[2],"detection":[3,19,98],"systems":[4],"use":[5],"byte":[6],"sequences":[7],"to":[8,27,32,100,121,137],"detect":[9,47,101,122,138],"lateral":[10,51],"movements":[11],"that":[12,62,104,115],"exploit":[13],"remote":[14],"vulnerabilities.":[15],"Attackers":[16],"bypass":[17],"such":[18],"by":[20,77,85],"stealing":[21],"valid":[22],"credentials":[23],"and":[24],"using":[25,86],"them":[26],"transmit":[28],"from":[29],"one":[30],"computer":[31],"another":[33],"without":[34],"creating":[35],"abnormal":[36],"traffic.":[38],"We":[39,93,149],"call":[40],"this":[41,48,172],"method":[42,71,118],"Credential-based":[43],"Lateral":[44],"Movement.":[45],"To":[46],"type":[49],"of":[50,57,82,89,140,154,156,161,171],"movement,":[52],"we":[53],"develop":[54],"the":[55,90,108,116,159],"concept":[56],"a":[58,67,73,80,87,126,130,144,151,165],"Network":[59],"Login":[60],"Structure":[61],"specifies":[63],"normal":[64],"logins":[65,103,124,157],"within":[66,164],"given":[68],"network.":[69],"Our":[70],"models":[72],"login":[75,83,111],"structure":[76],"automatically":[78],"extracting":[79],"collection":[81],"patterns":[84],"variation":[88],"market-basket":[91],"algorithm.":[92],"then":[94],"employ":[95],"an":[96],"anomaly":[97],"approach":[99],"malicious":[102,123,141],"are":[105],"inconsistent":[106],"with":[107,143],"enterprise":[109],"network's":[110],"structure.":[112],"Evaluations":[113],"show":[114],"proposed":[117],"is":[119],"able":[120,136],"in":[125],"real":[127,152],"setting.":[128],"In":[129],"simulated":[131],"attack,":[132],"our":[133],"system":[134],"was":[135],"82%":[139],"logins,":[142],"0.3%":[145],"false":[146],"positive":[147],"rate.":[148],"used":[150],"dataset":[153],"millions":[155],"over":[158],"course":[160],"five":[162],"months":[163],"global":[166],"financial":[167],"company":[168],"for":[169],"evaluation":[170],"work.":[173]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":6},{"year":2020,"cited_by_count":11},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":4}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}