{"id":"https://openalex.org/W4408253824","doi":"https://doi.org/10.1186/s42400-024-00321-w","title":"Insider threat detection for specific threat scenarios","display_name":"Insider threat detection for specific threat scenarios","publication_year":2025,"publication_date":"2025-03-09","ids":{"openalex":"https://openalex.org/W4408253824","doi":"https://doi.org/10.1186/s42400-024-00321-w"},"language":"en","primary_location":{"id":"doi:10.1186/s42400-024-00321-w","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-024-00321-w","pdf_url":"https://cybersecurity.springeropen.com/counter/pdf/10.1186/s42400-024-00321-w","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://cybersecurity.springeropen.com/counter/pdf/10.1186/s42400-024-00321-w","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100419134","display_name":"Tian Tian","orcid":"https://orcid.org/0009-0003-8903-0491"},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Tian Tian","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100374048","display_name":"Chen Zhang","orcid":"https://orcid.org/0000-0001-5605-943X"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chen Zhang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069409781","display_name":"Bo Jiang","orcid":"https://orcid.org/0000-0001-9446-8875"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bo Jiang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109860620","display_name":"Huamin Feng","orcid":null},"institutions":[{"id":"https://openalex.org/I202334528","display_name":"Beijing Electronic Science and Technology Institute","ror":"https://ror.org/01xdzh226","country_code":"CN","type":"education","lineage":["https://openalex.org/I202334528"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Huamin Feng","raw_affiliation_strings":["Beijing Electronic Science and Technology Institute, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing Electronic Science and Technology Institute, Beijing, China","institution_ids":["https://openalex.org/I202334528"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100874767","display_name":"Zhigang L\u00fc","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhigang Lu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100419134"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":15.5743,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.98895919,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"8","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.8723498582839966},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.7270617485046387},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6771738529205322},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4602666199207306},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.406985342502594},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.37837475538253784},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3284732699394226},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.22691258788108826},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.07454246282577515}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.8723498582839966},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.7270617485046387},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6771738529205322},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4602666199207306},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.406985342502594},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.37837475538253784},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3284732699394226},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.22691258788108826},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.07454246282577515}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1186/s42400-024-00321-w","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-024-00321-w","pdf_url":"https://cybersecurity.springeropen.com/counter/pdf/10.1186/s42400-024-00321-w","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:f26d4983dd0748b0a48d1f1ac6cdec01","is_oa":true,"landing_page_url":"https://doaj.org/article/f26d4983dd0748b0a48d1f1ac6cdec01","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Cybersecurity, Vol 8, Iss 1, Pp 1-18 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1186/s42400-024-00321-w","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-024-00321-w","pdf_url":"https://cybersecurity.springeropen.com/counter/pdf/10.1186/s42400-024-00321-w","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4408253824.pdf"},"referenced_works_count":17,"referenced_works":["https://openalex.org/W1981276685","https://openalex.org/W2787099510","https://openalex.org/W2887046693","https://openalex.org/W2896742542","https://openalex.org/W2977264599","https://openalex.org/W3039513780","https://openalex.org/W3130498974","https://openalex.org/W4206342677","https://openalex.org/W4312423399","https://openalex.org/W4320713315","https://openalex.org/W4383103607","https://openalex.org/W4384942369","https://openalex.org/W4385731184","https://openalex.org/W4387194049","https://openalex.org/W4387609283","https://openalex.org/W4389543397","https://openalex.org/W4390871511"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2792608345","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W26305611","https://openalex.org/W4399147188"],"abstract_inverted_index":{"Abstract":[0],"Insider":[1],"threats":[2],"pose":[3],"significant":[4],"challenges":[5],"to":[6,10,54,62,179,192,261],"network":[7],"security":[8],"due":[9],"their":[11],"destructive":[12],"and":[13,96,107,118,130,160,204,214,254,285],"covert":[14],"nature,":[15],"often":[16],"resulting":[17],"in":[18,67,183,195,256,273],"substantial":[19],"losses":[20],"for":[21,36,222,278,282,287],"enterprises.":[22],"Traditional":[23],"methods":[24,42,60],"mainly":[25],"analyze":[26,180,211],"user":[27,100,115,145,205],"behavior":[28,68,101,109,116,136,138,146,154,184,197,206,233],"patterns":[29],"or":[30,49],"convert":[31],"behaviors":[32,203],"into":[33],"time":[34,167],"sequences":[35],"further":[37],"analysis.":[38],"However,":[39],"existing":[40],"detection":[41,84],"primarily":[43],"focus":[44],"on":[45,172,239],"identifying":[46],"abnormal":[47,135,232,258],"users":[48],"behaviors,":[50],"lacking":[51],"the":[52,132,151,158,196,228,240,262,266],"capability":[53],"pinpoint":[55],"specific":[56,90],"threats.":[57],"Additionally,":[58],"these":[59,76],"struggle":[61],"accurately":[63],"identify":[64],"long-distance":[65,181,216],"dependencies":[66,182],"sequences,":[69],"frequently":[70],"increasing":[71],"false":[72],"positives.":[73],"To":[74],"address":[75],"issues,":[77],"we":[78,226],"introduce":[79],"a":[80,141,166,173],"scenario-oriented":[81],"insider":[82],"threat":[83,91],"model.":[85],"This":[86,148,208],"model":[87,170],"targets":[88],"three":[89],"scenarios-privilege":[92],"abuse,":[93,280],"identity":[94,283],"theft,":[95,284],"data":[97,288],"leakage-by":[98],"analyzing":[99],"patterns,":[102],"extracting":[103],"detailed":[104],"behavioral":[105],"characteristics,":[106],"constructing":[108],"sequences.":[110,185,234,259],"Firstly,":[111],"this":[112],"paper":[113],"serializes":[114],"daily":[117],"vectorizes":[119],"it":[120,125,269],"using":[121],"one-hot":[122],"encoding.":[123],"Then,":[124],"introduces":[126],"contextual":[127],"characteristic":[128],"information":[129,213],"reconstructs":[131],"background":[133],"of":[134,144,153,162,230,275],"through":[137],"vectorization,":[139],"providing":[140,218],"comprehensive":[142,237],"description":[143],"characteristics.":[147],"approach":[149],"addresses":[150],"issue":[152],"isolation,":[155],"thereby":[156],"improving":[157],"accuracy":[159,274],"robustness":[161],"anomaly":[163,223],"detection.":[164,224],"Subsequently,":[165],"series":[168],"analysis":[169],"based":[171],"multi-head":[174,187],"attention":[175,188],"mechanism":[176,189,209],"is":[177],"employed":[178],"The":[186],"simultaneously":[190],"attends":[191],"multiple":[193],"positions":[194],"sequence,":[198],"capturing":[199],"potential":[200],"correlations":[201],"between":[202],"patterns.":[207],"can":[210],"local":[212],"obtain":[215],"dependencies,":[217],"depth":[219],"feature":[220],"representation":[221],"Ultimately,":[225],"achieve":[227],"goal":[229],"classifying":[231],"We":[235],"conduct":[236],"tests":[238],"CERT":[241],"dataset,":[242],"demonstrating":[243],"that":[244],"our":[245],"method":[246],"outperforms":[247],"traditional":[248],"deep":[249],"learning":[250],"approaches":[251],"(LSTM,":[252],"GNN,":[253],"GCN)":[255],"detecting":[257],"Compared":[260],"best":[263],"results":[264],"among":[265],"baseline":[267],"methods,":[268],"shows":[270],"an":[271],"improvement":[272],"approximately":[276],"2%":[277,286],"privilege":[279],"5%":[281],"leakage.":[289]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}