Abstract
Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.
Highlights
IntroductionAn increase in valuable information, along with enabling technology expansions, have led to increases in threats
Computer networks and telecommunications play a significant role in information exchange.An increase in valuable information, along with enabling technology expansions, have led to increases in threats
Many classification metrics are used to evaluate the insider threat detection systems, and a few are known by multiple names
Summary
An increase in valuable information, along with enabling technology expansions, have led to increases in threats. The sources of these threats are from outside but, from within the organization. Such threats possess a large security risk and are seemingly difficult to detect [1,2,3]. Insider threats can inflict critical damage on the reputation, financial assets, and intellectual property of enterprises. A 2018 report on the insider threat has stated that slightly more than half of threats (53%) in the past 12 months came from inside of organizations.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
