{"id":"https://openalex.org/W1971600778","doi":"https://doi.org/10.4018/jbdcn.2006070103","title":"Determining the Minimum Sample Size of Audit Data Required to Profile User Behavior and Detect Anomaly Intrusion","display_name":"Determining the Minimum Sample Size of Audit Data Required to Profile User Behavior and Detect Anomaly Intrusion","publication_year":2006,"publication_date":"2006-07-01","ids":{"openalex":"https://openalex.org/W1971600778","doi":"https://doi.org/10.4018/jbdcn.2006070103","mag":"1971600778"},"language":"en","primary_location":{"id":"doi:10.4018/jbdcn.2006070103","is_oa":false,"landing_page_url":"https://doi.org/10.4018/jbdcn.2006070103","pdf_url":null,"source":{"id":"https://openalex.org/S108454011","display_name":"International Journal of Business Data Communications and Networking","issn_l":"1548-0631","issn":["1548-0631","1548-064X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Business Data Communications and Networking","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5104728939","display_name":"Yun Wang","orcid":"https://orcid.org/0000-0002-8220-9726"},"institutions":[{"id":"https://openalex.org/I4210117499","display_name":"Yale New Haven Health System","ror":"https://ror.org/01s1hsq14","country_code":"US","type":"healthcare","lineage":["https://openalex.org/I4210117499"]},{"id":"https://openalex.org/I4210106917","display_name":"Qualidigm (United States)","ror":"https://ror.org/01n5pkr65","country_code":"US","type":"company","lineage":["https://openalex.org/I4210106917"]},{"id":"https://openalex.org/I32971472","display_name":"Yale University","ror":"https://ror.org/03v76x132","country_code":"US","type":"education","lineage":["https://openalex.org/I32971472"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yun Wang","raw_affiliation_strings":["Center for Outcomes Research and Evaluation, Yale University and Yale New Haven Health, and Qualidigm, USA"],"affiliations":[{"raw_affiliation_string":"Center for Outcomes Research and Evaluation, Yale University and Yale New Haven Health, and Qualidigm, USA","institution_ids":["https://openalex.org/I4210117499","https://openalex.org/I4210106917","https://openalex.org/I32971472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072881675","display_name":"Sharon\u2010Lise T. Normand","orcid":"https://orcid.org/0000-0001-7027-4769"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sharon-Lise T. Normand","raw_affiliation_strings":["Department of Biostatistics, Harvard School of Public Health, and Department of Health Care, USA"],"affiliations":[{"raw_affiliation_string":"Department of Biostatistics, Harvard School of Public Health, and Department of Health Care, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5104728939"],"corresponding_institution_ids":["https://openalex.org/I32971472","https://openalex.org/I4210106917","https://openalex.org/I4210117499"],"apc_list":null,"apc_paid":null,"fwci":0.3018,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.60906357,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2","issue":"3","first_page":"31","last_page":"45"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9617999792098999,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.9581999778747559,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5979511737823486},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5934005975723267},{"id":"https://openalex.org/keywords/sample-size-determination","display_name":"Sample size determination","score":0.5912920832633972},{"id":"https://openalex.org/keywords/statistics","display_name":"Statistics","score":0.5738190412521362},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.560965359210968},{"id":"https://openalex.org/keywords/sample","display_name":"Sample (material)","score":0.551569938659668},{"id":"https://openalex.org/keywords/bivariate-analysis","display_name":"Bivariate analysis","score":0.5422514081001282},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4965363144874573},{"id":"https://openalex.org/keywords/statistic","display_name":"Statistic","score":0.45972248911857605},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.21369636058807373}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5979511737823486},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5934005975723267},{"id":"https://openalex.org/C129848803","wikidata":"https://www.wikidata.org/wiki/Q2564360","display_name":"Sample size determination","level":2,"score":0.5912920832633972},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.5738190412521362},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.560965359210968},{"id":"https://openalex.org/C198531522","wikidata":"https://www.wikidata.org/wiki/Q485146","display_name":"Sample (material)","level":2,"score":0.551569938659668},{"id":"https://openalex.org/C64341305","wikidata":"https://www.wikidata.org/wiki/Q4919225","display_name":"Bivariate analysis","level":2,"score":0.5422514081001282},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4965363144874573},{"id":"https://openalex.org/C89128539","wikidata":"https://www.wikidata.org/wiki/Q1949963","display_name":"Statistic","level":2,"score":0.45972248911857605},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.21369636058807373},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C43617362","wikidata":"https://www.wikidata.org/wiki/Q170050","display_name":"Chromatography","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.4018/jbdcn.2006070103","is_oa":false,"landing_page_url":"https://doi.org/10.4018/jbdcn.2006070103","pdf_url":null,"source":{"id":"https://openalex.org/S108454011","display_name":"International Journal of Business Data Communications and Networking","issn_l":"1548-0631","issn":["1548-0631","1548-064X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Business Data Communications and Networking","raw_type":"journal-article"},{"id":"pmh:oai:RePEc:igg:jbdcn0:v:2:y:2006:i:3:p:31-45","is_oa":false,"landing_page_url":"http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/jbdcn.2006070103","pdf_url":null,"source":{"id":"https://openalex.org/S4306401271","display_name":"RePEc: Research Papers in Economics","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I77793887","host_organization_name":"Federal Reserve Bank of St. Louis","host_organization_lineage":["https://openalex.org/I77793887"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W1721599012","https://openalex.org/W2901858382","https://openalex.org/W4384273653","https://openalex.org/W4372063917","https://openalex.org/W2177739813","https://openalex.org/W2952760262","https://openalex.org/W2761997784","https://openalex.org/W2034996109","https://openalex.org/W1985633071","https://openalex.org/W2513577153"],"abstract_inverted_index":{"Although":[0],"statistical":[1,91],"modeling":[2],"techniques":[3],"have":[4],"been":[5],"employed":[6,75],"to":[7,64,76,81,95,126],"detect":[8],"anomaly":[9],"intrusion":[10],"and":[11,90,109,134,159,184],"profile":[12],"user":[13,107],"behavior":[14,108],"with":[15,165],"network":[16],"traffic":[17],"data":[18,30,43],"collected":[19],"from":[20],"multi-sites":[21],"(IP":[22],"addresses),":[23],"the":[24,38,46,55,66,97,101,128,131,166,170],"minimum":[25,142,171],"sample":[26,70,111,143],"size":[27,144],"of":[28,52,68,86,106,117,130,145,153,157,162],"audit":[29],"required":[31],"for":[32],"each":[33,83],"site":[34,148],"is":[35],"unclear.":[36],"Using":[37],"Intrusion":[39],"Detection":[40],"Evaluation":[41],"off-line":[42],"developed":[44],"by":[45],"Lincoln":[47],"Laboratory":[48],"at":[49],"Massachusetts":[50],"Institute":[51],"Technology":[53],"under":[54],"Defense":[56],"Advanced":[57],"Research":[58],"Projects":[59],"Agency,":[60],"this":[61],"study":[62],"aimed":[63],"address":[65],"challenge":[67],"determining":[69],"size.":[71],"Bivariate":[72],"analysis":[73],"was":[74,124],"construct":[77],"a":[78,141,150,175,185],"composite":[79],"score":[80],"rank":[82],"site\u2019s":[84],"probability":[85],"being":[87],"an":[88],"anomaly,":[89],"simulations":[92],"were":[93],"conducted":[94],"evaluate":[96],"ranking":[98],"variation":[99],"between":[100],"population":[102],"based":[103,112],"\u201ctrue\u201d":[104],"pattern":[105],"different":[110],"\u201cobserved\u201d":[113],"patterns.":[114,196],"A":[115],"sequence":[116],"hierarchical":[118],"random":[119],"effects":[120],"logistic":[121],"regression":[122],"models":[123],"fitted":[125],"compare":[127],"performance":[129],"full":[132,167],"dataset-based":[133,168],"sample-based":[135,172],"classifications.":[136],"The":[137],"results":[138],"show":[139],"that":[140],"500":[146],"per":[147],"provides":[149],"sensitivity":[151],"value":[152,156],"0.85,":[154],"specificity":[155],"0.92":[158],"kappa":[160],"statistic":[161],"0.77.":[163],"Compared":[164],"model,":[169],"model":[173],"had":[174],"similar":[176],"Receiver":[177],"Operating":[178],"Characteristic":[179],"area":[180],"(0.983":[181],"vs.":[182,191],"0.997)":[183],"slightly":[186],"higher":[187],"misclassification":[188],"rate":[189],"(3.16%":[190],"1.71%)":[192],"in":[193],"detecting":[194],"abnormal":[195]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}