Insider Threat Detection: Exploring User Event Behavior Analytics and Machine Learning in Security Reviews

Ruba Altuwaijiri¹, Hanan AlShaher ²
Department of Computer Sciences, College of Computer and Information Sciences, Majmaah University, Majmaah, 11952, Saudi Arabia
Emails: 441204474@s.mu.edu.sa; h.alshaher@mu.edu.sa

Correspomf Author: Ruba Altuwaijir , 441204474@s.mu.edu.sa

Abstract

With the exponential increase in technology use, insider threats are also growing in scale and importance, becoming one of the biggest challenges for government and corporate information security. Recent research shows that insider threats are more costly than external threats, making it critical for organizations to protect their information security. Effective insider threat detection requires the use of the latest models and technologies. Although a large number of insider threats have been discovered, the field is still limited by many issues, such as data imbalance, false positives, and a lack of accurate data, which require further research. This survey investigates the existing approaches and technologies for insider threat detection. It finds and summarizes relevant studies from different databases, followed by a detailed comparison. It also examines the types of data used and the machine learning models employed to detect these threats. It discusses the challenges researchers face in detecting insider threats and future trends in the field.

Keywords: User event behavior analytics; machine learning; detect insider threats.