Understanding insiders in cloud adopted organizations: A survey on taxonomies, incident analysis, defensive solutions, challenges

Abstract

In cybersecurity, one of the most significant challenges is an insider threat, in which existing researchers must provide an extensive solution aiming at an enhanced security network. This study proposes a comprehensive taxonomy as well as a state-of-the-art research categorization according to the contribution of insider threat incidents and the defensive mechanism utilized against such insiders. The major objective of a proposed categorization is to provide structural information in the field of insider threat based on past research theories for analyzing literature review. The proposed categorization is classified into four groups: (i) dataset analysis, (ii) incident analysis, (iii) defensive solution, and (iv) encountered challenges. However, the respective taxonomies and annotations are included for complete insight into insiders. i.e., existing studies on systematic taxonomy based on incidents of insider threats are presented. The major contribution of this study in the area of insider threat is to deliver the following knowledge to upcoming domain specific researchers: (i) taxonomy in an innovative systematic approach concerning the categories of incidents and determine the possible defensive mechanism against insiders. (ii) a study on available benchmark datasets used by existing research for evaluating the defensive mechanisms. (iii) a brief description of past solutions and frameworks to model insider behavior with the aim of studying existing defensive mechanisms, and (iv) a short discussion of challenges encountered by defensive solutions based on existing research in the area of insider threat.