Research

Bibliografia

6 min. czytania

Bibliografia

Pełna lista referencji projektu. Publikacje z [PDF] mają pełne podsumowanie w bazie.

A. UEBA / Insider Threat / Behavioral Analytics

  1. Fei K. et al. (2024). LaAeb: A Comprehensive Log-Text Analysis Based Approach for Insider Threat Detection. Computers & Security (Elsevier). DOI: 10.1016/j.cose.2024.104126 — Log-text analysis dla insider threat detection; najbardziej aktualny tier-2 paper na tym temacie.

  2. Alzaabi F., Mehmood A. (2024). A Review of Recent Advances, Challenges, and Opportunities in Malicious Insider Threat Detection Using Machine Learning. IEEE Access. DOI: 10.1109/access.2024.3369906 — Aktualny review (2024) ML dla insider threat; dobry przegląd state-of-the-art dla related work.

  3. Jordan A., Chen Y. (2025). User and Entity Behavior Analytics (UEBA) Enhanced Security Anomaly Detection in Enterprise DevSecOps Platforms. IEEE SecDev 2025. DOI: 10.1109/secdev66745.2025.00021 — UEBA w środowisku DevSecOps; aktualny (2025); kontekst wdrożeniowy.

  4. Khan A., Khan M., Arshad M. (2022). Anomaly Detection and Enterprise Security using UEBA. IEEE ICONICS 2022. DOI: 10.1109/iconics56716.2022.10100596 — Przegląd UEBA dla enterprise security; background i definicje.

  5. Shashanka M., Shen M., Wang J. (2016). User and Entity Behavior Analytics for Enterprise Security. IEEE BigData 2016. DOI: 10.1109/bigdata.2016.7840805 — Foundational paper definiujący UEBA jako pole; standardowy punkt odniesienia.

  6. Turcotte M., Moore J. (2017). User Behavior Analytics. LANL Technical Report. DOI: 10.2172/1345176 — Raport LANL o User Behavior Analytics; pochodzi z tego samego źródła co dataset LANL — kluczowe powiązanie.

  7. Sun L. et al. (2016). Detecting Anomalous User Behavior Using an Extended Isolation Forest Algorithm: An Enterprise Case Study. arXiv. https://arxiv.org/abs/1609.06676 — Extended Isolation Forest dla user behavior anomaly detection; baseline comparable.

  8. Saxena N., Hayes E., Bertino E. et al. (2020). Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses. Electronics (MDPI). DOI: 10.3390/electronics9091460 — Przegląd impaktu insider threats; threat model background.

  9. Fuentes J., Ortega-Fernandez I., Villanueva N.M., Sestelo M. (2025). Cybersecurity Threat Detection Based on a UEBA Framework Using Deep Autoencoders. AIMS Mathematics. DOI: 10.3934/math.20251043. https://arxiv.org/abs/2505.11542 — Deep Autoencoder + Doc2Vec dla UEBA; porównywalny framework do BPP.

  10. Elbasheer M., Akinfaderin A. (2025). User-Based Sequential Modeling with Transformer Encoders for Insider Threat Detection. arXiv. https://arxiv.org/abs/2506.23446 — Sequential Transformer modeling dla insider threat; bezpośrednio stosowalne do temporalnych sekwencji workplace.

  11. Yuan S., Wu X. (2020). Deep Learning for Insider Threat Detection: Review, Challenges and Opportunities. arXiv. https://arxiv.org/abs/2005.12433 — Comprehensive survey deep learning dla insider threat; wyzwania (brak etykiet, adaptive attacks).

  12. Childress J., Min M. (2026). A Review of User Account Anomaly Detection and Insider Threat Detection Techniques. IEEE ICAIC 2026. DOI: 10.1109/icaic67076.2026.11395680 — Najnowszy (2026) review detekcji anomalii kont użytkowników.

B. Account Takeover / Post-Compromise Detection

  1. Shah S., Shah B., Amin A. et al. (2019). Compromised User Credentials Detection in a Digital Enterprise Using Behavioral Analytics. Future Generation Computer Systems (Elsevier). DOI: 10.1016/j.future.2018.09.064 — Detekcja ATO przez behavioral analytics w enterprise. Closest existing work do głównego celu projektu.

  2. Kunling H., Fenghua L., Wang J.H., Zhang H., Zhao Y. (2024). AB-TCAD: An Access Behavior-Based Two-Stage Compromised Account Detection Framework. IFIP Networking 2024. DOI: 10.23919/ifipnetworking62109.2024.10619828 — Dwustopniowy framework ATO detection z wzorców dostępu.

  3. Freeman D.M., Jain S., Duermuth M., Biggio B., Giacinto G. (2016). Who Are You? A Statistical Approach to Measuring User Authenticity. NDSS 2016. DOI: 10.14722/ndss.2016.23240 — Foundational: klasyfikacja logowań jako normal vs. suspicious (IP, geo, browser, czas). NDSS tier-1.

  4. Nayebi Kerdabadi M. et al. (2025). ATLAS: Spatio-Temporal Directed Graph Learning for Account Takeover Fraud Detection. arXiv. https://arxiv.org/abs/2509.20339 — Spatio-temporal graph learning dla ATO fraud detection; nowoczesne podejście.

C. Adversarial Evasion of Anomaly Detection / Mimicry Attacks

  1. Biggio B., Corona I. et al. (2013). Evasion Attacks against Machine Learning at Test Time. ECML/PKDD 2013. DOI: 10.1007/978-3-642-40994-3_25 — Foundational adversarial ML paper; formalna definicja evasion attacks. Zakorzenić MMC w tej literaturze.

  2. Srndic N., Laskov P. (2014). Practical Evasion of a Learning-Based Classifier: A Case Study. IEEE S&P 2014. DOI: 10.1109/sp.2014.20 — Praktyczna evasion klasyfikatora; IEEE S&P tier-1; kluczowe dla adversarial framing.

  3. Ayub M., Johnson W. et al. (2020). Model Evasion Attack on Intrusion Detection Systems using Adversarial Machine Learning. IEEE CISS 2020. DOI: 10.1109/ciss48834.2020.1570617116 — Evasion IDS przez adversarial ML; bezpośrednio stosowalne do BSU-2 (MMC).

  4. Goyal P., Wang X., Bates A. (2024). R-CAID: Embedding Root Cause Analysis within Provenance-based Intrusion Detection. IEEE S&P 2024. DOI: 10.1109/sp54263.2024.00253 — Provenance-based IDS; mimicry attacks jako znany problem; IEEE S&P tier-1.

  5. Han X., Pasquier T., Bates A. et al. (2020). UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats. NDSS 2020. DOI: 10.14722/ndss.2020.24046. [269 cytowań] — Behavioral provenance dla APT detection; adversarial context; NDSS tier-1.

  6. Milajerdi S.M., Eshete B. et al. (2019). POIROT: Correlating Threat Intelligence with Provenance Graphs. ACM CCS 2019. DOI: 10.1145/3319535.3363217. [255 cytowań] — Threat intelligence + behavioral provenance; CCS tier-1; related work dla BPP.

  7. Gardiner J., Nagaraja S. (2016). On the Security of Machine Learning in Malware C&C Detection. ACM CSUR. DOI: 10.1145/3003816 — Survey odporności ML na evasion; stanowi framework dla threat model w BSU-2.

D. Federated Learning + Differential Privacy dla Security

  1. Li B. et al. (2020). DeepFed: Federated Deep Learning for Intrusion Detection in Industrial Cyber-Physical Systems. IEEE TII. DOI: 10.1109/tii.2020.3023430. [560 cytowań] — Federated deep learning dla IDS; najczęściej cytowany FL+IDS paper; anchor reference.

  2. Agrawal S., Sarkar S., Aouedi O. et al. (2022). Federated Learning for Intrusion Detection System: Concepts, Challenges and Future Directions. Computer Communications (Elsevier). DOI: 10.1016/j.comcom.2022.09.012 — Survey FL dla IDS; challenges i future directions; dobry survey anchor.

  3. Mothukuri V., Khare P., Parizi R.M. et al. (2021). Federated-Learning-Based Anomaly Detection for IoT Security Attacks. IEEE IoT Journal. DOI: 10.1109/jiot.2021.3077803. [663 cytowania] — FL anomaly detection dla IoT; najczęściej cytowany w tym obszarze.

  4. Alabdulatif A. (2025). GuardianAI: Privacy-Preserving Federated Anomaly Detection with Differential Privacy. Array (Elsevier). DOI: 10.1016/j.array.2025.100381 — FL + DP dla anomaly detection; opublikowany journal paper covering exact BSU-3 angle.

  5. Demelius L., Kern R., Trugler A. (2025). Recent Advances of Differential Privacy in Centralized Deep Learning: A Systematic Survey. ACM CSUR. DOI: 10.1145/3712000 — Najnowszy (2025) survey DP w deep learning; ACM CSUR jako standard reference.

E. Behavioral Biometrics (powiązane)

  1. Abuhamad M. et al. (2020). Sensor-based Continuous Authentication Using Behavioral Biometrics: A Contemporary Survey. arXiv. https://arxiv.org/abs/2001.08578 — Survey ciągłego uwierzytelniania biometrią behawioralną; kontekst dla BPP.

  2. Li J. et al. (2024). MBBFAuth: Multimodal Behavioral Biometrics Fusion for Continuous Authentication. IEEE TIFS. DOI: 10.1109/TIFS.2024.3480363 — Multimodal fusion biometryki behawioralnej; IEEE TIFS tier-2 security venue.

Do przeczytania (to-read)

  • Dwork C. (2006). Differential Privacy (ICALP) — foundational DP paper
  • McMahan H.B. et al. (2017). Communication-Efficient Learning of Deep Networks from Decentralized Data (AISTATS) — FedAvg
  • Liu F. et al. (2019). Log2vec: A Heterogeneous Graph Embedding Based Approach for Detecting Cyber Threats (CCS 2019)
  • Lindauer B. et al. (2014). Generating Ground Truth for Insider Threat Detection (CSIIRW)

Graf