{"id":"https://openalex.org/W2495841828","doi":"https://doi.org/10.1147/jrd.2016.2568538","title":"Uncovering insider threats from the digital footprints of individuals","display_name":"Uncovering insider threats from the digital footprints of individuals","publication_year":2016,"publication_date":"2016-07-01","ids":{"openalex":"https://openalex.org/W2495841828","doi":"https://doi.org/10.1147/jrd.2016.2568538","mag":"2495841828"},"language":"en","primary_location":{"id":"doi:10.1147/jrd.2016.2568538","is_oa":false,"landing_page_url":"https://doi.org/10.1147/jrd.2016.2568538","pdf_url":null,"source":{"id":"https://openalex.org/S4210219925","display_name":"IBM Journal of Research and Development","issn_l":"0018-8646","issn":["0018-8646","2151-8556"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320652","host_organization_name":"IBM","host_organization_lineage":["https://openalex.org/P4310320652"],"host_organization_lineage_names":["IBM"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IBM Journal of Research and Development","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5044717421","display_name":"Anni Coden","orcid":null},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"A. Coden","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102880251","display_name":"W. Sabrina Lin","orcid":"https://orcid.org/0000-0002-1844-342X"},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"W. S. Lin","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083952651","display_name":"Keith A. Houck","orcid":"https://orcid.org/0000-0002-0055-2249"},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"K. Houck","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028478398","display_name":"Michael Tanenblatt","orcid":null},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"M. Tanenblatt","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003987565","display_name":"Jacqueline Boston","orcid":null},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"J. Boston","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5097438223","display_name":"J. E. MacNaught","orcid":null},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"J. E. MacNaught","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109345970","display_name":"Danny Soroker","orcid":null},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"D. Soroker","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011883289","display_name":"Justin D. Weisz","orcid":"https://orcid.org/0000-0003-2228-2398"},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"J. D. Weisz","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102766557","display_name":"Shu Pan","orcid":"https://orcid.org/0000-0003-4117-4309"},"institutions":[{"id":"https://openalex.org/I126744593","display_name":"University of Maryland, Baltimore","ror":"https://ror.org/04rq5mt64","country_code":"US","type":"education","lineage":["https://openalex.org/I126744593"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"S. Pan","raw_affiliation_strings":["Department of Information Systems, University of Maryland, Baltimore, MD, USA"],"affiliations":[{"raw_affiliation_string":"Department of Information Systems, University of Maryland, Baltimore, MD, USA","institution_ids":["https://openalex.org/I126744593"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034685928","display_name":"Jianhuang Lai","orcid":"https://orcid.org/0000-0003-3883-2024"},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"J.-H. Lai","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100675577","display_name":"Jie L\u00fc","orcid":"https://orcid.org/0000-0003-0690-4732"},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"J. Lu","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057298106","display_name":"Steve Wood","orcid":null},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"S. Wood","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102239949","display_name":"Yuxin Xia","orcid":"https://orcid.org/0000-0001-6133-2146"},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Y. Xia","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5110978175","display_name":"C.-Y. Lin","orcid":null},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"C.-Y. Lin","raw_affiliation_strings":["IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":14,"corresponding_author_ids":["https://openalex.org/A5044717421"],"corresponding_institution_ids":["https://openalex.org/I4210114115"],"apc_list":null,"apc_paid":null,"fwci":1.2854,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.86815694,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"60","issue":"4","first_page":"8:1","last_page":"8:11"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7187536358833313},{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.6197683811187744},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6067653894424438},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5355762243270874},{"id":"https://openalex.org/keywords/backup","display_name":"Backup","score":0.4517558813095093},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.4448626935482025},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4299984574317932},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.42985236644744873},{"id":"https://openalex.org/keywords/node","display_name":"Node (physics)","score":0.4155866205692291},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.41143137216567993},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.3303864002227783},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.2774234712123871},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.13020619750022888}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7187536358833313},{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.6197683811187744},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6067653894424438},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5355762243270874},{"id":"https://openalex.org/C2780945871","wikidata":"https://www.wikidata.org/wiki/Q194274","display_name":"Backup","level":2,"score":0.4517558813095093},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.4448626935482025},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4299984574317932},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.42985236644744873},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.4155866205692291},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.41143137216567993},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.3303864002227783},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.2774234712123871},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.13020619750022888},{"id":"https://openalex.org/C66938386","wikidata":"https://www.wikidata.org/wiki/Q633538","display_name":"Structural engineering","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1147/jrd.2016.2568538","is_oa":false,"landing_page_url":"https://doi.org/10.1147/jrd.2016.2568538","pdf_url":null,"source":{"id":"https://openalex.org/S4210219925","display_name":"IBM Journal of Research and Development","issn_l":"0018-8646","issn":["0018-8646","2151-8556"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320652","host_organization_name":"IBM","host_organization_lineage":["https://openalex.org/P4310320652"],"host_organization_lineage_names":["IBM"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IBM Journal of Research and Development","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.6399999856948853}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1917686192","https://openalex.org/W1984126335","https://openalex.org/W1995976200","https://openalex.org/W2027115557","https://openalex.org/W2075488765","https://openalex.org/W2075949491","https://openalex.org/W2113997717","https://openalex.org/W2132793767","https://openalex.org/W2136922672","https://openalex.org/W2963323280","https://openalex.org/W4254182148","https://openalex.org/W6640338156","https://openalex.org/W6679249279"],"related_works":["https://openalex.org/W4205304595","https://openalex.org/W1499596878","https://openalex.org/W2075012963","https://openalex.org/W2600341711","https://openalex.org/W2984824917","https://openalex.org/W2161754059","https://openalex.org/W1489373009","https://openalex.org/W2001702225","https://openalex.org/W2123120907","https://openalex.org/W2147780605"],"abstract_inverted_index":{"We":[0],"present":[1],"a":[2,39,52,69,77,86,114,132,142,169],"system":[3,67,136,156],"to":[4,102,149],"detect":[5],"anomalous":[6],"and":[7,33,43,82,188],"ultimately":[8],"malevolent":[9],"behavior":[10,79],"of":[11,41,47,76,124,164,185,191],"people":[12,105,140,146],"from":[13,107],"their":[14,108,111],"digital":[15],"footprint":[16],"within":[17,160,175],"an":[18],"institution.":[19],"Tripwire":[20],"approaches":[21],"based":[22,96],"on":[23,97,110],"single":[24],"features":[25],"cannot":[26],"adequately":[27],"distinguish":[28],"between":[29],"normal":[30],"unpredictable":[31],"activities":[32,109],"truly":[34],"counterproductive":[35],"behavior.":[36],"For":[37],"example,":[38],"sequence":[40],"copying":[42],"sending":[44],"small":[45],"amounts":[46],"data":[48,63,98],"can":[49],"easily":[50],"elude":[51],"pure":[53],"single-feature":[54],"tripwire":[55],"approach.":[56],"Here,":[57],"we":[58],"combine":[59],"semantic":[60],"knowledge":[61],"with":[62,122,145],"mining":[64],"methods.":[65],"Our":[66,135,155,179],"uses":[68],"multi-layer":[70],"architecture":[71],"in":[72,131,141],"which":[73],"many":[74],"aspects":[75],"person's":[78],"are":[80,95],"quantified":[81],"then":[83],"fused":[84],"using":[85],"large-scale":[87],"anomaly":[88],"detection":[89],"Markovian":[90],"Bayesian":[91],"network.":[92],"Evaluation":[93],"results":[94],"for":[99,183],"5,500":[100,126,139],"assumed":[101],"be":[103],"non-malicious":[104],"collected":[106],"workstations":[112],"inside":[113],"corporation.":[115],"An":[116],"outside":[117],"team":[118],"augmented":[119],"this":[120],"data,":[121],"some":[123],"the":[125,138,153,158,161,165,176],"individuals":[127],"(the":[128],"perpetrators)":[129],"acting":[130],"malicious":[133],"fashion.":[134],"represents":[137],"ranked":[143,166],"list,":[144,167],"most":[147],"likely":[148],"act":[150],"maliciously":[151],"at":[152],"top.":[154],"identifies":[157],"perpetrators":[159],"top":[162,177],"2%":[163],"while":[168],"purely":[170],"statistical":[171],"method":[172],"ranks":[173],"them":[174],"25%.":[178],"scalable":[180],"infrastructure":[181],"allows":[182],"plug-and-play":[184],"different":[186],"analytics":[187],"maintains":[189],"provenance":[190],"results.":[192]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}