Abstract
Vital organizations have faced increasing challenges of how to defend against insider threats that may cause a severe damage to their assets. The nature of insider threats is more challenging than external threats, as insiders have a privileged access to sensitive assets of an organization. In fact, there are several studies that reviewed the insider threat detection approaches from taxonomical and theoretical perspectives. However, the protection against insider threat incidents requires empirical defense solutions. Hence, our study uniquely focuses on empirical detection approaches that are validated with empirical results. We propose a 10-question model that highlights different prospective of empirical detection approaches. Significant factors are also proposed to reveal the extent to which the detection approaches are effective against insider threat incidents (e.g., feature domains, protection coverage, classification techniques, simulated scenarios, performance and accuracy metrics, etc.). The objective of this paper is to enhance researchers’ efforts in the domain of insider attack by systemizing the detection techniques in comparable manner. It also highlights the challenges and gaps for further research to institute more effective solutions that can predict, detect, and prevent emerging attack incidents. Some recommendations for future research directions are also presented.
Highlights
Insider threats become a major concern for many organizations around the world
The field of insider threat is quite broad, so the scope of our research topic is specified as ‘‘insider threat detection techniques that are validated with empirical results’’
Appropriate search terms are specified with various forms (e.g., ‘‘insider threat detection’’, ‘‘insider attack detection’’, ‘‘detecting insider attack’’ and ‘‘detecting insider threat’’) in order to reflect the entire scope of our selected topic
Summary
Insider threats become a major concern for many organizations around the world. It presents the trends and consequences of real insider attacks that resulted in severe financial and reputational losses for various organizations It demonstrates the major necessity for effective and robust solutions to predict, detect and prevent insider threat incidents. It proposes a unified model compound of 10 research questions that highlight significant factors of detection systems (e.g., types of addressed attacks, the range of violating security goals confidentiality/integrity or availability, detection mechanisms, datasets, feature domains, classification algorithms, implemented scenarios, limitations, OS platforms and tools, accuracy and performance metrics) These factors are extended to more fine-grained elements (e.g., malicious insiders, masqueraders, anomaly-based, signature-based, etc.).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
