Insider Threat Detection using Deep Learning: A Review

Abstract

A plethora of research is available for detecting and mitigating threats that occur across the organization’s boundaries. However, Insider Threat Detection has only recently entered the limelight. It turns out to be a daunting task, given that insiders can evade firewalls, Intrusion Detection Systems, and other security mechanisms aimed at protecting the information infrastructure from outside attacks. In addition to this, some insiders having administrative rights to access privileged information and perform operations on it might turn rogue. Their malicious actions could go undetected as their digital footprint might get buried in massive dumps of log data. This survey aims to provide a comprehensive explanation of the problem statement at hand, Insider Threat Detection using Deep Learning. It has been initiated by introducing Insider Threat Detection and related terminology. Deep Learning has been chosen as the preferred approach for solving this problem statement as it has been proven to be better than the conventional Machine Learning algorithms while dealing with complex data originating from varied sources. Here, Deep Learning and Log based Anomaly Detection have been explained. Some datasets available specifically for the research domain of Insider Threat Detection have been brought under one roof. Then, by having a closer look at the CERT Insider Threat Dataset, a brief comparative analysis of the existing Deep Learning solutions for Insider Threat Detection based on this dataset is provided. Also, this work overviews the challenges faced and how they open doors for further research. In order to cater to the readers looking for an industry-oriented approach, this survey explains how a Deep Learning model can be integrated with the Elasticsearch-Logstash-Kibana (ELK) Stack.