Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms

Insider threats are malicious activities by authorized users, such as theft of intellectual property or security information, fraud, and sabotage. Although the number of insider threats is much lower than external network attacks, insider threats can cause extensive damage. As insiders are very fami...

Full description

Saved in:
Bibliographic Details
Published inApplied sciences Vol. 9; no. 19; p. 4018
Main Authors Kim, Junhong, Park, Minsik, Kim, Haedong, Cho, Suhyoun, Kang, Pilsung
Format Journal Article
LanguageEnglish
Published Basel MDPI AG 01.10.2019
Subjects
Algorithms
anomaly detection
behavioral model
Classification
Datasets
e-mail network
Electronic mail systems
Employees
insider threat detection
Knowledge
latent dirichlet allocation
Machine learning
Subject specialists
Threats
Universal Serial Bus
User behavior
United States > US
Online AccessGet full text
ISSN2076-3417
2076-3417
DOI10.3390/app9194018

Cover

Abstract Insider threats are malicious activities by authorized users, such as theft of intellectual property or security information, fraud, and sabotage. Although the number of insider threats is much lower than external network attacks, insider threats can cause extensive damage. As insiders are very familiar with an organization’s system, it is very difficult to detect their malicious behavior. Traditional insider-threat detection methods focus on rule-based approaches built by domain experts, but they are neither flexible nor robust. In this paper, we propose insider-threat detection methods based on user behavior modeling and anomaly detection algorithms. Based on user log data, we constructed three types of datasets: user’s daily activity summary, e-mail contents topic distribution, and user’s weekly e-mail communication history. Then, we applied four anomaly detection algorithms and their combinations to detect malicious activities. Experimental results indicate that the proposed framework can work well for imbalanced datasets in which there are only a few insider threats and where no domain experts’ knowledge is provided.
AbstractList Insider threats are malicious activities by authorized users, such as theft of intellectual property or security information, fraud, and sabotage. Although the number of insider threats is much lower than external network attacks, insider threats can cause extensive damage. As insiders are very familiar with an organization’s system, it is very difficult to detect their malicious behavior. Traditional insider-threat detection methods focus on rule-based approaches built by domain experts, but they are neither flexible nor robust. In this paper, we propose insider-threat detection methods based on user behavior modeling and anomaly detection algorithms. Based on user log data, we constructed three types of datasets: user’s daily activity summary, e-mail contents topic distribution, and user’s weekly e-mail communication history. Then, we applied four anomaly detection algorithms and their combinations to detect malicious activities. Experimental results indicate that the proposed framework can work well for imbalanced datasets in which there are only a few insider threats and where no domain experts’ knowledge is provided.
Author Kang, Pilsung
Cho, Suhyoun
Kim, Junhong
Park, Minsik
Kim, Haedong
Author_xml – sequence: 1
  givenname: Junhong
  surname: Kim
  fullname: Kim, Junhong
– sequence: 2
  givenname: Minsik
  surname: Park
  fullname: Park, Minsik
– sequence: 3
  givenname: Haedong
  surname: Kim
  fullname: Kim, Haedong
– sequence: 4
  givenname: Suhyoun
  surname: Cho
  fullname: Cho, Suhyoun
– sequence: 5
  givenname: Pilsung
  surname: Kang
  fullname: Kang, Pilsung
BookMark eNptUU1rGzEQFSWBuqkv-QULvRWcSqsPr45O2qSGhF6SQ05iVhrZMuuVKykB__vKcUJD6VzmMfPemxnmEzkZ44iEnDN6wbmm32C300wLyroPZNLSuZpxweYn7_BHMs15Q2toxjtGJ-RxOebgMDX364RQmu9Y0JYQx-YSMrqmgodc25e4hucQU3MXHQ5hXDUwumYxxi0M-3eqxbCKKZT1Nn8mpx6GjNPXfEYern_cX_2c3f66WV4tbmeWK1ZmTjvFESjvNKW9R--lrIgzkBaF6oVgQtC57lTX9t4rlH0NnHPvtXTg-RlZHn1dhI3ZpbCFtDcRgnkpxLQykEqwAxohhe6dtC1wKRiAroMotlxYKrwWtnp9OXrtUvz9hLmYTXxKY13ftJJzpZhSurLokWVTzDmhNzYUOJxfEoTBMGoO_zB__1ElX_-RvC36H_IfW2iMfQ
CitedBy_id crossref_primary_10_1007_s12243_024_01023_7
crossref_primary_10_1007_s11042_024_19872_8
crossref_primary_10_1109_ACCESS_2023_3293825
crossref_primary_10_3389_fdata_2024_1375818
crossref_primary_10_3390_e23060776
crossref_primary_10_3390_jpm12020190
crossref_primary_10_3390_app10155208
crossref_primary_10_3390_fi15120373
crossref_primary_10_1109_ACCESS_2021_3118297
crossref_primary_10_1109_ACCESS_2023_3273895
crossref_primary_10_3390_app13095709
crossref_primary_10_3390_e23101258
crossref_primary_10_1007_s11276_024_03678_5
crossref_primary_10_3390_app9224943
crossref_primary_10_55648_1998_6920_2022_16_4_80_95
crossref_primary_10_3390_e23121645
crossref_primary_10_1007_s11071_023_08954_1
crossref_primary_10_24017_scence_2025_1_3
crossref_primary_10_1038_s41598_024_84673_w
crossref_primary_10_1080_19393555_2021_1998735
crossref_primary_10_3103_S0278641924700237
crossref_primary_10_3390_fi17020093
crossref_primary_10_1109_ACCESS_2024_3372187
crossref_primary_10_1016_j_cose_2023_103350
crossref_primary_10_1016_j_cose_2024_103779
crossref_primary_10_1007_s11227_023_05049_x
crossref_primary_10_1007_s12103_023_09727_7
crossref_primary_10_3390_app13010259
crossref_primary_10_3390_sym12081255
crossref_primary_10_1016_j_inffus_2023_101804
crossref_primary_10_1007_s11042_024_20273_0
crossref_primary_10_1051_e3sconf_202447104022
crossref_primary_10_1109_ACCESS_2024_3426959
crossref_primary_10_1016_j_neucom_2025_129762
crossref_primary_10_15407_emodel_42_04_071
crossref_primary_10_3390_jcp5010005
Cites_doi 10.1038/234034a0
10.1109/SPW.2013.32
10.1016/j.inffus.2013.04.006
10.1007/s10994-006-9449-2
10.1080/19361610.2011.529413
10.1016/j.patcog.2014.05.003
10.1109/SPW.2013.37
10.1016/0169-7439(87)80084-9
10.1109/ICDM.2008.17
10.1016/j.cose.2005.05.002
10.1016/j.sigpro.2003.07.018
10.1142/S0218001409007326
10.1145/1541880.1541882
10.1016/S0167-4048(02)01009-X
10.1109/72.914517
10.1109/MILCOM.2015.7357562
10.1017/CBO9780511815478
10.1109/VIZSEC.2015.7312772
10.1145/1143844.1143967
10.1007/978-0-387-77322-3_5
10.1109/PASSAT/SocialCom.2011.211
ContentType Journal Article
Copyright 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
Copyright_xml – notice: 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
DBID AAYXX
CITATION
ABUWG
AFKRA
AZQEC
BENPR
CCPQU
DWQXO
PHGZM
PHGZT
PIMPY
PKEHL
PQEST
PQQKQ
PQUKI
PRINS
DOA
DOI 10.3390/app9194018
DatabaseName CrossRef
ProQuest Central (Alumni)
ProQuest Central UK/Ireland
ProQuest Central Essentials
ProQuest Central
ProQuest One
ProQuest Central
ProQuest Central Premium
ProQuest One Academic
Publicly Available Content Database
ProQuest One Academic Middle East (New)
ProQuest One Academic Eastern Edition (DO NOT USE)
ProQuest One Academic
ProQuest One Academic UKI Edition
ProQuest Central China
DOAJ Directory of Open Access Journals
DatabaseTitle CrossRef
Publicly Available Content Database
ProQuest One Academic Middle East (New)
ProQuest Central Essentials
ProQuest One Academic Eastern Edition
ProQuest Central (Alumni Edition)
ProQuest One Community College
ProQuest Central China
ProQuest Central
ProQuest One Academic UKI Edition
ProQuest Central Korea
ProQuest Central (New)
ProQuest One Academic
ProQuest One Academic (New)
DatabaseTitleList Publicly Available Content Database
CrossRef
Database_xml – sequence: 1
  dbid: DOA
  name: DOAJ Directory of Open Access Journals
  url: https://www.doaj.org/
  sourceTypes: Open Website
– sequence: 2
  dbid: BENPR
  name: ProQuest Central
  url: https://www.proquest.com/central
  sourceTypes: Aggregation Database
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
Sciences (General)
EISSN 2076-3417
ExternalDocumentID oai_doaj_org_article_4549bd5c2a3541aa99000e234c04f94c
10_3390_app9194018
GeographicLocations United States--US
GeographicLocations_xml – name: United States--US
GroupedDBID .4S
5VS
7XC
8CJ
8FE
8FG
8FH
AADQD
AAFWJ
AAYXX
ADBBV
ADMLS
AFKRA
AFPKN
AFZYC
ALMA_UNASSIGNED_HOLDINGS
APEBS
ARCSS
BCNDV
BENPR
CCPQU
CITATION
CZ9
D1I
D1J
D1K
GROUPED_DOAJ
IAO
K6-
K6V
KC.
KQ8
L6V
LK5
LK8
M7R
MODMG
M~E
OK1
P62
PHGZM
PHGZT
PIMPY
PROAC
TUS
ABUWG
AZQEC
DWQXO
PKEHL
PQEST
PQQKQ
PQUKI
PRINS
PUEGO
ID FETCH-LOGICAL-c361t-d9d63ea038900bfeff5590031a5ce46b441440798682bff6e5bbbbe73ff95daf3
IEDL.DBID DOA
ISSN 2076-3417
IngestDate Wed Aug 27 01:26:43 EDT 2025
Mon Jun 30 11:11:07 EDT 2025
Tue Jul 01 03:00:57 EDT 2025
Thu Apr 24 23:11:04 EDT 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 19
Language English
License https://creativecommons.org/licenses/by/4.0
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c361t-d9d63ea038900bfeff5590031a5ce46b441440798682bff6e5bbbbe73ff95daf3
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
OpenAccessLink https://doaj.org/article/4549bd5c2a3541aa99000e234c04f94c
PQID 2533661669
PQPubID 2032433
ParticipantIDs doaj_primary_oai_doaj_org_article_4549bd5c2a3541aa99000e234c04f94c
proquest_journals_2533661669
crossref_citationtrail_10_3390_app9194018
crossref_primary_10_3390_app9194018
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 2019-10-01
PublicationDateYYYYMMDD 2019-10-01
PublicationDate_xml – month: 10
  year: 2019
  text: 2019-10-01
  day: 01
PublicationDecade 2010
PublicationPlace Basel
PublicationPlace_xml – name: Basel
PublicationTitle Applied sciences
PublicationYear 2019
Publisher MDPI AG
Publisher_xml – name: MDPI AG
References Tang (ref_39) 2006; 65
ref_14
ref_13
ref_11
Corchado (ref_37) 2014; 16
Eberle (ref_12) 2010; 6
ref_32
ref_31
Guyon (ref_24) 2003; 3
ref_18
ref_17
Ali (ref_29) 2013; 5
Wold (ref_34) 1987; 2
ref_15
Chandola (ref_30) 2009; 41
Markou (ref_35) 2003; 83
Theoharidou (ref_7) 2005; 24
Eldardiry (ref_10) 2014; 5
Schultz (ref_2) 2012; 21
Blei (ref_25) 2003; 3
Gavai (ref_16) 2015; 6
ref_23
ref_22
ref_20
Lindauer (ref_1) 2014; 5
ref_3
Britto (ref_38) 2014; 47
Salem (ref_6) 2008; 39
Sun (ref_19) 2009; 23
ref_28
ref_26
ref_9
McGough (ref_21) 2015; 6
ref_8
Levandowsky (ref_27) 1971; 234
Cernadas (ref_36) 2014; 15
ref_5
Muller (ref_33) 2001; 12
ref_4
References_xml – volume: 6
  start-page: 47
  year: 2015
  ident: ref_16
  article-title: Supervised and Unsupervised methods to detect Insider Threat from Enterprise Social and Online Activity Data
  publication-title: JoWUA
– volume: 234
  start-page: 34
  year: 1971
  ident: ref_27
  article-title: Distance between sets
  publication-title: Nature
  doi: 10.1038/234034a0
– ident: ref_9
– volume: 15
  start-page: 3133
  year: 2014
  ident: ref_36
  article-title: Do we need hundreds of classifiers to solve real world classification problems
  publication-title: J. Mach. Learn. Res.
– ident: ref_5
– ident: ref_32
– ident: ref_22
  doi: 10.1109/SPW.2013.32
– volume: 3
  start-page: 993
  year: 2003
  ident: ref_25
  article-title: Latent dirichlet allocation
  publication-title: J. Mach. Learn. Res.
– volume: 16
  start-page: 3
  year: 2014
  ident: ref_37
  article-title: A survey of multiple classifier systems as hybrid systems
  publication-title: Inf. Fusion
  doi: 10.1016/j.inffus.2013.04.006
– volume: 65
  start-page: 247
  year: 2006
  ident: ref_39
  article-title: An analysis of diversity measures
  publication-title: Mach. Learn.
  doi: 10.1007/s10994-006-9449-2
– ident: ref_11
– volume: 6
  start-page: 32
  year: 2010
  ident: ref_12
  article-title: Insider threat detection using a graph-based approach
  publication-title: J. Appl. Secur. Res.
  doi: 10.1080/19361610.2011.529413
– volume: 47
  start-page: 3665
  year: 2014
  ident: ref_38
  article-title: Dynamic selection of classifiers—A comprehensive review
  publication-title: Pattern Recognit.
  doi: 10.1016/j.patcog.2014.05.003
– ident: ref_20
  doi: 10.1109/SPW.2013.37
– volume: 2
  start-page: 37
  year: 1987
  ident: ref_34
  article-title: Principal component analysis
  publication-title: Chemom. Intell. Lab. Syst.
  doi: 10.1016/0169-7439(87)80084-9
– ident: ref_18
  doi: 10.1109/ICDM.2008.17
– volume: 24
  start-page: 472
  year: 2005
  ident: ref_7
  article-title: The insider threat to information systems and the effectiveness of ISO17799
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2005.05.002
– volume: 83
  start-page: 2481
  year: 2003
  ident: ref_35
  article-title: Novelty detection: A review—Part 1: Statistical approaches
  publication-title: Signal Process.
  doi: 10.1016/j.sigpro.2003.07.018
– ident: ref_23
– volume: 23
  start-page: 687
  year: 2009
  ident: ref_19
  article-title: Classification of imbalanced data: A review
  publication-title: Int. J. Pattern Recognit. Artif. Intell.
  doi: 10.1142/S0218001409007326
– volume: 41
  start-page: 1
  year: 2009
  ident: ref_30
  article-title: Anomaly detection: A survey
  publication-title: ACM Comput. Surv.
  doi: 10.1145/1541880.1541882
– volume: 5
  start-page: 39
  year: 2014
  ident: ref_10
  article-title: Multi-source fusion for anomaly detection: Using across-domain and across-time peer-group consistency checks
  publication-title: JoWUA
– volume: 21
  start-page: 526
  year: 2012
  ident: ref_2
  article-title: A framework for understanding and predicting insider attacks
  publication-title: Comput. Secur.
  doi: 10.1016/S0167-4048(02)01009-X
– volume: 5
  start-page: 80
  year: 2014
  ident: ref_1
  article-title: Generating Test Data for Insider Threat Detectors
  publication-title: JoWUA
– volume: 12
  start-page: 181
  year: 2001
  ident: ref_33
  article-title: An introduction to kernel-based learning algorithms
  publication-title: IEEE Trans. Neural Netw.
  doi: 10.1109/72.914517
– ident: ref_8
– ident: ref_14
  doi: 10.1109/MILCOM.2015.7357562
– ident: ref_4
– ident: ref_31
– volume: 5
  start-page: 1
  year: 2013
  ident: ref_29
  article-title: Classification with class imbalance problem
  publication-title: Int. J. Adv. Soft Comput. Appl.
– volume: 3
  start-page: 1157
  year: 2003
  ident: ref_24
  article-title: An introduction to variable and feature selection
  publication-title: J. Mach. Learn. Res.
– ident: ref_28
  doi: 10.1017/CBO9780511815478
– ident: ref_15
– ident: ref_3
  doi: 10.1109/VIZSEC.2015.7312772
– volume: 6
  start-page: 1
  year: 2015
  ident: ref_21
  article-title: Detecting insider threats using Ben-ware: Beneficial intelligent software for identifying anomalous human behavior
  publication-title: J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl.
– ident: ref_26
  doi: 10.1145/1143844.1143967
– ident: ref_17
– volume: 39
  start-page: 69
  year: 2008
  ident: ref_6
  article-title: A survey of insider attack detection research
  publication-title: Insid. Attack Cyber Secur.
  doi: 10.1007/978-0-387-77322-3_5
– ident: ref_13
  doi: 10.1109/PASSAT/SocialCom.2011.211
SSID ssj0000913810
Score 2.4118788
Snippet Insider threats are malicious activities by authorized users, such as theft of intellectual property or security information, fraud, and sabotage. Although the...
SourceID doaj
proquest
crossref
SourceType Open Website
Aggregation Database
Enrichment Source
Index Database
StartPage 4018
SubjectTerms Algorithms
anomaly detection
behavioral model
Classification
Datasets
e-mail network
Electronic mail systems
Employees
insider threat detection
Knowledge
latent dirichlet allocation
Machine learning
Subject specialists
Threats
Universal Serial Bus
User behavior
SummonAdditionalLinks – databaseName: ProQuest Technology Collection
  dbid: 8FG
  link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1LT-MwELZ4XJYD4rGrLRRkiT0sh4g4dkx8Qi1QHtLuiUpwivykh5JCGw78e2YSt1QCkVOUOId4ZjzfTJzvI-SPQWU0J20STCETkWuZqEIICHeIchdEkBZbA__-y-uhuL3P72PDbRa3Vc7XxGahdhOLPfKTDHAJ5BIp1dnzS4KqUfh1NUporJJ1BpkGPbwYXC16LMh5WbC0ZSXlUN3jV2EFZXuKGh9Leaih6_-0GjcpZrBFNiM2pL3WmNtkxVc7ZGOJMXCHbMdYnNG_kTD6eJc83LSim_RuhBCQXvi62WBV0T7kKEfhZAieRiMX4pSiABr-hk515Wivmjzp8dvSU73xI7x5PXqa_STDweXd-XUSJRMSyyWrE6ec5F4ja16amuBDyFEWlDOdWy-kAfAjoIRThSwyE4L0uYHDn_IQVO504L_IWjWp_G9COWeOZQ7gjkgF88GwU4hWsKNnHkCL65Dj-QSWNvKJo6zFuIS6Aie7_JjsDjlajH1uWTS-HNVHOyxGIPN1c2EyfSxjIJUCClrjcptpngumtULVU59xYVMRlLAd0p1bsYzhOCs_nGfv-9v75AcgItXu1uuStXr66g8AddTmsHGtdwaN1ns
  priority: 102
  providerName: ProQuest
Title Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms
URI https://www.proquest.com/docview/2533661669
https://doaj.org/article/4549bd5c2a3541aa99000e234c04f94c
Volume 9
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1Ba9swFH6s2WU9jCbdWLY0CLpDezCzLFmxjkmbLC20jNFAdzKSJbWF1B2Jd9i_73u22xo22GU5mSBj8_Se3vfZ8vcBfLbkjOZUEQWbqUimRkU6kxLLHavcBRlUQY8GLi7VciXPr9PrjtUX7Qlr5IGbwH2RSGCsS4vEiFRyYzS5XPpEyCKWQcuCVl_seR0yVa_BmpN0VaNHKpDX0_tgjYQ9JnePTgeqhfr_WIfr5rLYg7ctKmTT5m768MqXA9jtaAUOoN9W4ZYdtVLRx_vw46yx22RXtwT-2Kmv6q1VJZthd3IMD1aYY6xVQdwwsj6jD9CZKR1D6n9v1r87Z03XNw-bu-r2fvsOVov51ckyas0SokIoXkVOOyW8Ib28OLbBh5CSIajgJi28VBZhj0TypjOVJTYE5VOLPz8RIejUmSDeQ698KP0HYEJwxxOHQEfGkvtg-QTrFGfQc49wxQ3h-CmAedEqiZOhxTpHRkHBzl-CPYTD57E_G_2Mv46a0Tw8jyDN6_oPzIS8zYT8X5kwhNHTLOZtIW7zBOEsQhCl9Mf_cY1P8AYRk252842gV21--QNEJZUdw062-DqG17P55bfv4zodHwE5xOCt
linkProvider Directory of Open Access Journals
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1Lb9QwEB6VcgAOFS0glpZiCZDoISKOHTc-VNW2Zdmlj9OuVE4hfrWHbbbsBqH-KX4jM3lsi0DcmlOUODmM52mPvw_gnSFmNKdsFEymIpkWKtKZlGjuaOUuyKAsLQ2cnqnhRH45T89X4Fd3FobaKjufWDtqN7O0Rv4xwbwEY4lSev_6e0SsUbS72lFoNGpx7G9-Ysm22Bsd4fy-T5LBp_HhMGpZBSIrFK8ip50SviBguTg2wYeQEnOm4EVqvVQG8wOJVY7OVJaYEJRPDV5-V4SgU1cEgf99AA-lEJpaCLPB5-WaDmFsZjxuUFDxfUy70JprrGGyP-JeTQ_wl_evQ9rgKay1uSjrN8qzDiu-3IAndxAKN2C9tf0F-9ACVO88g6-jhuSTjS8p5WRHvqobukp2gDHRMbyZoGazFntxzohwjY69s6J0rF_OrorpzZ2v-tMLlHR1ebV4DpN7EeYLWC1npX8JTAjueOIwvZKx5D4YvoveAfXGc49JkuvBTifA3Lb45USjMc2xjiFh57fC7sHb5djrBrXjn6MOaB6WIwhpu34wm1_kreHmEgto41KbFCKVvCg0saz6REgby6Cl7cFWN4t5a_6L_FZZX_3_9Rt4NByfnuQno7PjTXiM2ZhuOgW3YLWa__CvMeOpzHatZgy-3bde_wbZAhRq
linkToPdf http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1Nb9QwEB2VIiF6QLSA2H6AJUCih6hx7HjjA6q2LEuXQsWhK5VTiGO7PWyz7W4Q6l_j1zGTONsiELfmFCVODuPxzBt_vAfw2pAymlVl5E2mIpkWKtKZlDjccZRbL70qaWrgy7E6nMhPp-npCvzqzsLQtsouJjaB2s5KmiPfSxCXYC5RSu_5sC3i63C0f3kVkYIUrbR2chqtixy5659Yvi3ejYfY12-SZPTh5P1hFBQGolIoXkdWWyVcQSRzcWy88z4lFU3Bi7R0UhnEChIrHp2pLDHeK5cavFxfeK9TW3iB_70H9_sii0k9IRt9XM7vEN9mxuOWEVUIHdOKtOYa65nsjxzYSAX8lQma9DZ6DI8CLmWD1pHWYcVVG7B2i61wA9ZDHFiwt4GsevcJfBu3gp_s5JzgJxu6utncVbEDzI-W4c0EvZwFHsY5I_E1OgLPisqyQTW7KKbXt74aTM_Q0vX5xeIpTO7EmM9gtZpV7jkwIbjliUWoJWPJnTe8j5ECfchxh4DJ9mC3M2BeBi5zktSY5ljTkLHzG2P34NWy7WXL4PHPVgfUD8sWxLrdPJjNz_IwiHOJxbSxaZkUIpW8KDQprrpEyDKWXsuyB9tdL-YhFCzyG8fd_P_rl_AAPTr_PD4-2oKHCMx0u2lwG1br-Q-3g-CnNi8aL2Pw_a7d-jddExiX
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Insider+Threat+Detection+Based+on+User+Behavior+Modeling+and+Anomaly+Detection+Algorithms&rft.jtitle=Applied+sciences&rft.au=Junhong+Kim&rft.au=Minsik+Park&rft.au=Haedong+Kim&rft.au=Suhyoun+Cho&rft.date=2019-10-01&rft.pub=MDPI+AG&rft.eissn=2076-3417&rft.volume=9&rft.issue=19&rft.spage=4018&rft_id=info:doi/10.3390%2Fapp9194018&rft.externalDBID=DOA&rft.externalDocID=oai_doaj_org_article_4549bd5c2a3541aa99000e234c04f94c
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2076-3417&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2076-3417&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2076-3417&client=summon