{"id":"https://openalex.org/W3093545390","doi":"https://doi.org/10.1145/3340531.3412161","title":"Few-shot Insider Threat Detection","display_name":"Few-shot Insider Threat Detection","publication_year":2020,"publication_date":"2020-10-19","ids":{"openalex":"https://openalex.org/W3093545390","doi":"https://doi.org/10.1145/3340531.3412161","mag":"3093545390"},"language":"en","primary_location":{"id":"doi:10.1145/3340531.3412161","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3340531.3412161","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 29th ACM International Conference on Information &amp; Knowledge Management","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080699291","display_name":"Shuhan Yuan","orcid":"https://orcid.org/0000-0001-6816-419X"},"institutions":[{"id":"https://openalex.org/I121980950","display_name":"Utah State University","ror":"https://ror.org/00h6set76","country_code":"US","type":"education","lineage":["https://openalex.org/I121980950"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Shuhan Yuan","raw_affiliation_strings":["Utah State University, Logan, UT, USA"],"affiliations":[{"raw_affiliation_string":"Utah State University, Logan, UT, USA","institution_ids":["https://openalex.org/I121980950"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100643514","display_name":"Panpan Zheng","orcid":"https://orcid.org/0009-0003-2934-6339"},"institutions":[{"id":"https://openalex.org/I78715868","display_name":"University of Arkansas at Fayetteville","ror":"https://ror.org/05jbt9m15","country_code":"US","type":"education","lineage":["https://openalex.org/I78715868"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Panpan Zheng","raw_affiliation_strings":["University of Arkansas, Fayetteville, AR, USA"],"affiliations":[{"raw_affiliation_string":"University of Arkansas, Fayetteville, AR, USA","institution_ids":["https://openalex.org/I78715868"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008463509","display_name":"Xintao Wu","orcid":"https://orcid.org/0000-0002-2823-3063"},"institutions":[{"id":"https://openalex.org/I78715868","display_name":"University of Arkansas at Fayetteville","ror":"https://ror.org/05jbt9m15","country_code":"US","type":"education","lineage":["https://openalex.org/I78715868"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xintao Wu","raw_affiliation_strings":["University of Arkansas, Fayetteville, AR, USA"],"affiliations":[{"raw_affiliation_string":"University of Arkansas, Fayetteville, AR, USA","institution_ids":["https://openalex.org/I78715868"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068043486","display_name":"Hanghang Tong","orcid":"https://orcid.org/0000-0003-4405-3887"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hanghang Tong","raw_affiliation_strings":["University of Illinois at Urbana-Champaign, Urbana, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Urbana-Champaign, Urbana, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5080699291"],"corresponding_institution_ids":["https://openalex.org/I121980950"],"apc_list":null,"apc_paid":null,"fwci":2.2562,"has_fulltext":false,"cited_by_count":34,"citation_normalized_percentile":{"value":0.89002779,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"2289","last_page":"2292"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9861999750137329,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9843000173568726,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.8721718788146973},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.7906885147094727},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7410720586776733},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.6956062316894531},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5640114545822144},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5073668360710144},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5039748549461365},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4908364415168762},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.4904303252696991},{"id":"https://openalex.org/keywords/training-set","display_name":"Training set","score":0.44505277276039124},{"id":"https://openalex.org/keywords/labeled-data","display_name":"Labeled data","score":0.4438348710536957},{"id":"https://openalex.org/keywords/supervised-learning","display_name":"Supervised learning","score":0.41160714626312256},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.35292473435401917},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.34779685735702515},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.1340639889240265},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.10411703586578369}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.8721718788146973},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.7906885147094727},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7410720586776733},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.6956062316894531},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5640114545822144},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5073668360710144},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5039748549461365},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4908364415168762},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.4904303252696991},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.44505277276039124},{"id":"https://openalex.org/C2776145971","wikidata":"https://www.wikidata.org/wiki/Q30673951","display_name":"Labeled data","level":2,"score":0.4438348710536957},{"id":"https://openalex.org/C136389625","wikidata":"https://www.wikidata.org/wiki/Q334384","display_name":"Supervised learning","level":3,"score":0.41160714626312256},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35292473435401917},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.34779685735702515},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.1340639889240265},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.10411703586578369},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3340531.3412161","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3340531.3412161","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 29th ACM International Conference on Information &amp; Knowledge Management","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.75}],"awards":[{"id":"https://openalex.org/G6615690653","display_name":null,"funder_award_id":"DE-OE0000779","funder_id":"https://openalex.org/F4320332276","funder_display_name":"Advanced Research Projects Agency - Energy"}],"funders":[{"id":"https://openalex.org/F4320332276","display_name":"Advanced Research Projects Agency - Energy","ror":"https://ror.org/03q1rgc19"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":7,"referenced_works":["https://openalex.org/W1991210879","https://openalex.org/W2000412498","https://openalex.org/W2601450892","https://openalex.org/W2626778328","https://openalex.org/W2896457183","https://openalex.org/W2964105864","https://openalex.org/W4233210494"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2792608345","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W4387194049","https://openalex.org/W2168489430"],"abstract_inverted_index":{"Insiders":[0],"cause":[1],"significant":[2],"cyber-security":[3],"threats":[4],"to":[5,8,24,50,59,89],"organizations.":[6],"Due":[7],"a":[9,44,61,68,76,111],"very":[10],"limited":[11],"number":[12,46],"of":[13,16,47,54,82],"insiders,":[14],"most":[15],"the":[17,29,80,103],"current":[18],"studies":[19],"adopt":[20],"unsupervised":[21],"learning":[22,88],"approaches":[23,107],"detect":[25,90],"insiders":[26,58],"by":[27,108],"analyzing":[28],"audit":[30],"data":[31],"that":[32,99],"record":[33],"information":[34],"about":[35],"employees'":[36],"activities.":[37],"However,":[38],"in":[39],"practice,":[40],"we":[41,74],"do":[42],"observe":[43],"small":[45],"insiders.":[48,91,113],"How":[49],"make":[51],"full":[52],"use":[53],"these":[55],"few":[56,112],"observed":[57],"improve":[60],"classifier":[62],"for":[63],"insider":[64,95],"threat":[65,96],"detection":[66,106],"is":[67],"key":[69],"challenge.":[70],"In":[71],"this":[72],"work,":[73],"propose":[75],"novel":[77],"framework":[78],"combining":[79],"idea":[81],"self-supervised":[83],"pre-training":[84],"and":[85],"metric-based":[86],"few-shot":[87],"Experimental":[92],"results":[93],"on":[94],"datasets":[97],"demonstrate":[98],"our":[100],"model":[101],"outperforms":[102],"existing":[104],"anomaly":[105],"only":[109],"using":[110]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":3}],"updated_date":"2026-03-12T08:34:05.389933","created_date":"2025-10-10T00:00:00"}