TY - JOUR
T1 - A Review of Insider Threat Detection
T2 - Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations
AU - Al-Mhiqani, Mohammed Nasser
AU - Ahmad, Rabiah
AU - Abidin, Z. Zainal
AU - Yassin, Warusia
AU - Hassan, Aslinda
AU - Abdulkareem, Karrar Hameed
AU - Ali, Nabeel Salih
AU - Yunos, Zahri
N1 - Funding Information:
The authors would like to gratefully acknowledge the funding support provided by Universiti Teknikal Malaysia Melaka (UTeM) and the Ministry of Education Malaysia under the TRGS Program with number TRGS/1/2016/UTEM/01/3 and TRGS Project (TRGS/1/2016/FTMKCACT/01/D00006).
Publisher Copyright:
© 2020 by the authors.
PY - 2020/8/1
Y1 - 2020/8/1
N2 - Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.
AB - Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.
KW - Cybersecurity
KW - Data exfiltration
KW - Insider threat detection
KW - Insider threats
KW - Machine learning
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85088857467&partnerID=8YFLogxK
U2 - 10.3390/app10155208
DO - 10.3390/app10155208
M3 - Review article
AN - SCOPUS:85088857467
VL - 10
JO - Applied Sciences (Switzerland)
JF - Applied Sciences (Switzerland)
SN - 2076-3417
IS - 15
M1 - 5208
ER -