{"id":"https://openalex.org/W2611119600","doi":"https://doi.org/10.4018/ijbdcn.2017070107","title":"An Insider Threat Detection Method Based on Business Process Mining","display_name":"An Insider Threat Detection Method Based on Business Process Mining","publication_year":2017,"publication_date":"2017-05-03","ids":{"openalex":"https://openalex.org/W2611119600","doi":"https://doi.org/10.4018/ijbdcn.2017070107","mag":"2611119600"},"language":"en","primary_location":{"id":"doi:10.4018/ijbdcn.2017070107","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijbdcn.2017070107","pdf_url":null,"source":{"id":"https://openalex.org/S108454011","display_name":"International Journal of Business Data Communications and Networking","issn_l":"1548-0631","issn":["1548-0631","1548-064X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Business Data Communications and Networking","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071334656","display_name":"Taiming Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Taiming Zhu","raw_affiliation_strings":["Institute of Cyber Space Security, Information Engineering University, Zhengzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Cyber Space Security, Information Engineering University, Zhengzhou, China","institution_ids":["https://openalex.org/I169689159"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026588697","display_name":"Yuanbo Guo","orcid":"https://orcid.org/0000-0002-9905-9111"},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuanbo Guo","raw_affiliation_strings":["Institute of Cyber Space Security, Information Engineering University, Zhengzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Cyber Space Security, Information Engineering University, Zhengzhou, China","institution_ids":["https://openalex.org/I169689159"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088023952","display_name":"Ankang Ju","orcid":"https://orcid.org/0000-0002-7818-4482"},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ankang Ju","raw_affiliation_strings":["Institute of Cyber Space Security, Information Engineering University, Zhengzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Cyber Space Security, Information Engineering University, Zhengzhou, China","institution_ids":["https://openalex.org/I169689159"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037788039","display_name":"Jun Ma","orcid":"https://orcid.org/0000-0001-6232-1254"},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jun Ma","raw_affiliation_strings":["Institute of Cyber Space Security, Information Engineering University, Zhengzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Cyber Space Security, Information Engineering University, Zhengzhou, China","institution_ids":["https://openalex.org/I169689159"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049151787","display_name":"Xu An Wang","orcid":"https://orcid.org/0000-0003-2070-4913"},"institutions":[{"id":"https://openalex.org/I4210134428","display_name":"Chinese People's Armed Police Force Engineering University","ror":"https://ror.org/031jzbb03","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210134428"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xuan Wang","raw_affiliation_strings":["Department of Electronics Technology, Engineering University of the Armed Police Force, Xi'an, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Electronics Technology, Engineering University of the Armed Police Force, Xi'an, China","institution_ids":["https://openalex.org/I4210134428"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.7801,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.77151432,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"13","issue":"2","first_page":"83","last_page":"98"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10703","display_name":"Business Process Modeling and Analysis","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10703","display_name":"Business Process Modeling and Analysis","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9914000034332275,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9901999831199646,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7461245059967041},{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.7314341068267822},{"id":"https://openalex.org/keywords/business-process","display_name":"Business process","score":0.6194946765899658},{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.617874264717102},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5813249349594116},{"id":"https://openalex.org/keywords/harm","display_name":"Harm","score":0.524678647518158},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.5221779346466064},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5032376646995544},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.4849103093147278},{"id":"https://openalex.org/keywords/business-analysis","display_name":"Business analysis","score":0.4527771770954132},{"id":"https://openalex.org/keywords/business-rule","display_name":"Business rule","score":0.42827683687210083},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.32762229442596436},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.2730099558830261},{"id":"https://openalex.org/keywords/business-model","display_name":"Business model","score":0.15574491024017334},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.14688444137573242},{"id":"https://openalex.org/keywords/work-in-process","display_name":"Work in process","score":0.11702963709831238},{"id":"https://openalex.org/keywords/marketing","display_name":"Marketing","score":0.07990014553070068}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7461245059967041},{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.7314341068267822},{"id":"https://openalex.org/C85345410","wikidata":"https://www.wikidata.org/wiki/Q851587","display_name":"Business process","level":3,"score":0.6194946765899658},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.617874264717102},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5813249349594116},{"id":"https://openalex.org/C2777363581","wikidata":"https://www.wikidata.org/wiki/Q15098235","display_name":"Harm","level":2,"score":0.524678647518158},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.5221779346466064},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5032376646995544},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.4849103093147278},{"id":"https://openalex.org/C189076506","wikidata":"https://www.wikidata.org/wiki/Q1518232","display_name":"Business analysis","level":3,"score":0.4527771770954132},{"id":"https://openalex.org/C11066294","wikidata":"https://www.wikidata.org/wiki/Q1518244","display_name":"Business rule","level":4,"score":0.42827683687210083},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.32762229442596436},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2730099558830261},{"id":"https://openalex.org/C4216890","wikidata":"https://www.wikidata.org/wiki/Q815823","display_name":"Business model","level":2,"score":0.15574491024017334},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.14688444137573242},{"id":"https://openalex.org/C174998907","wikidata":"https://www.wikidata.org/wiki/Q357662","display_name":"Work in process","level":2,"score":0.11702963709831238},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.07990014553070068},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.4018/ijbdcn.2017070107","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijbdcn.2017070107","pdf_url":null,"source":{"id":"https://openalex.org/S108454011","display_name":"International Journal of Business Data Communications and Networking","issn_l":"1548-0631","issn":["1548-0631","1548-064X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Business Data Communications and Networking","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6899999976158142,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W167799892","https://openalex.org/W1522642647","https://openalex.org/W1530724142","https://openalex.org/W1531869710","https://openalex.org/W1555665520","https://openalex.org/W1565132002","https://openalex.org/W1578876701","https://openalex.org/W1598385458","https://openalex.org/W1654306951","https://openalex.org/W1967847731","https://openalex.org/W1983068751","https://openalex.org/W2013422737","https://openalex.org/W2013946142","https://openalex.org/W2014254677","https://openalex.org/W2043871181","https://openalex.org/W2098250644","https://openalex.org/W2100407515","https://openalex.org/W2101173463","https://openalex.org/W2110108192","https://openalex.org/W2121717903","https://openalex.org/W2129597333","https://openalex.org/W2155862563","https://openalex.org/W2542582667","https://openalex.org/W6812742317"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W2018332730","https://openalex.org/W4387194049","https://openalex.org/W2286217954"],"abstract_inverted_index":{"Current":[0],"intrusion":[1],"detection":[2,34,84,142],"systems":[3],"are":[4,137,144],"mostly":[5],"for":[6],"detecting":[7],"external":[8],"attacks,":[9],"but":[10],"the":[11,38,55,73,90,97,101,111,117,126,129,140,152,166],"\u201cPrism":[12],"Door\u201d":[13],"and":[14,44,68,70,96,104,128,139,155,163,175],"other":[15],"similar":[16],"events":[17],"indicate":[18],"that":[19,165,178],"internal":[20],"staff":[21],"may":[22,53,179],"bring":[23],"greater":[24],"harm":[25],"to":[26,46,123],"organizations":[27],"in":[28,121],"information":[29],"security.":[30],"Traditional":[31],"insider":[32,56,82,184],"threat":[33,57,83],"methods":[35],"only":[36],"consider":[37,65],"audit":[39],"records":[40],"of":[41,72,93,113,172,182],"personal":[42],"behavior":[43,67],"failed":[45],"combine":[47],"it":[48],"with":[49,116,158],"business":[50,61,74,78,94,102,161,176],"activities,":[51,75],"which":[52],"miss":[54],"happened":[58],"during":[59],"a":[60,77],"process.":[62],"The":[63,86,134,146],"authors":[64,147],"operators'":[66],"correctness":[69],"performance":[71],"propose":[76],"process":[79],"mining":[80,100],"based":[81],"system.":[85],"system":[87,167],"firstly":[88],"establishes":[89],"normal":[91,119],"profiles":[92],"activities":[95,177],"operators":[98,174],"by":[99,109],"log,":[103],"then":[105],"detects":[106],"specific":[107],"anomalies":[108,136,171],"comparing":[110],"content":[112],"real-time":[114],"log":[115],"corresponding":[118,141],"profile":[120],"order":[122],"find":[124],"out":[125],"insiders":[127],"threats":[130],"they":[131],"have":[132,148],"brought.":[133],"relating":[135],"defined":[138],"algorithms":[143],"presented.":[145],"performed":[149],"experimentation":[150],"using":[151],"ProM":[153],"framework":[154],"Java":[156],"programming,":[157],"five":[159],"synthetic":[160],"cases,":[162],"found":[164],"can":[168],"effectively":[169],"identify":[170],"both":[173],"be":[180],"indicative":[181],"potential":[183],"threat.":[185]},"counts_by_year":[{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":1},{"year":2018,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}