Volume 13 , Issue 2 , PP: 171-181, 2024 | Cite this article as | XML | Html | PDF | Full Length Article
Ruba Altuwaijiri 1 * , Hanan AlShaher 2
Doi: https://doi.org/10.54216/JCIM.130213
With the exponential increase in technology use, insider threats are also growing in scale and importance, becoming one of the biggest challenges for government and corporate information security. Recent research shows that insider threats are more costly than external threats, making it critical for organizations to protect their information security. Effective insider threat detection requires the use of the latest models and technologies. Although a large number of insider threats have been discovered, the field is still limited by many issues, such as data imbalance, false positives, and a lack of accurate data, which require further research. This survey investigates the existing approaches and technologies for insider threat detection. It finds and summarizes relevant studies from different databases, followed by a detailed comparison. It also examines the types of data used and the machine learning models employed to detect these threats. It discusses the challenges researchers face in detecting insider threats and future trends in the field.
User event behavior analytics , machine learning , detect insider threats.
[1] E. E. Schultz, “A framework for understanding and predicting insider attacks,” Comput. Secur., vol. 21, no. 6, pp. 526–531, 2002.
[2] D. L. Costa, M. J. Albrethsen, M. L. Collins, S. J. Perl, G. J. Silowash, and D. L. Spooner, “An insider threat indicator ontology,” SEI Pittsburgh PA USA Rep CMUSEI-007, 2016, Accessed: Aug. 05, 2023. [Online]. Available: https://apps.dtic.mil/sti/citations/tr/AD1044939
[3] Cybersecurity Insiders, “2020 Insider Threat Report,” Technical report, Gurucul. Accessed: Nov. 01, 2023. [Online]. Available: https://www.cybersecurity-insiders.com/wp-content/uploads/2019/11/2020-Insider-Threat-Report-Gurucul.pdf
[4] Cybersecurity and Infrastructure Security Agency (CISA)., “Insider Threat Mitigation Guide,” p. 133, Accessed: Oct. 28, 2023. [Online]. Available: https://www.cisa.gov/sites/default/files/2022-11/Insider%20Threat%20Mitigation%20Guide_Final_508.pdf
[5] P. Institute, “2022 Cost of Insider Threats Global Report”, Accessed: Oct. 28, 2023. [Online]. Available: https://protectera.com.au/wp-content/uploads/2022/03/The-Cost-of-Insider-Threats-2022-Global-Report.pdf
[6] Bitglass, “2020 Insider Threat Report.” Accessed: Oct. 28, 2023. [Online]. Available: https://pages.bitglass.com/rs/418-ZAL-815/images/CDFY20Q3Bitglass2020InsiderThreatReport.pdf
[7] Kaspersky, “Kaspersky 2022 IT Security Economics Survey.” Accessed: Oct. 29, 2023. [Online]. Available: https://go.kaspersky.com/rs/802-IJN-240/images/IT%20Security%20Economics%202022_report.pdf
[8] L. Liu, O. De Vel, Q.-L. Han, J. Zhang, and Y. Xiang, “Detecting and preventing cyber insider threats: A survey,” IEEE Commun. Surv. Tutor., vol. 20, no. 2, pp. 1397–1417, 2018.
[9] M. Omar, “Insider threats: Detecting and controlling malicious insiders,” in New Threats and Countermeasures in Digital Crime and Cyber Terrorism, IGI Global, 2015, pp. 162–172.
[10] P. A. Legg, “Visualizing the insider threat: challenges and tools for identifying malicious user activity,” in 2015 IEEE Symposium on Visualization for Cyber Security (VizSec), IEEE, 2015, pp. 1–7.
[11] S. Babu, “Detecting anomalies in Users-An UEBA approach,” in Proceedings of the International Conference on Industrial Engineering and Operations Management, 2020, pp. 863–876.
[12] N. Khan, J. Abdullah, and A. S. Khan, “Defending malicious script attacks using machine learning classifiers,” Wirel. Commun. Mob. Comput., 2017.
[13] N. A. Khan, M. Y. Alzaharani, and H. A. Kar, “Hybrid feature classification approach for malicious JavaScript attack detection using deep learning,” Int. J. Comput. Sci. Inf. Secur., vol. 18, no. 5, 2020.
[14] A. Alshehri, N. Khan, A. Alowayr, and M. Y. Alghamdi, “Cyberattack Detection Framework Using Machine Learning and User Behavior Analytics.,” Comput. Syst. Sci. Eng., vol. 44, no. 2, 2023.
[15] M. Mehmood, R. Amin, M. M. A. Muslam, J. Xie, and H. Aldabbas, “Privilege Escalation Attack Detection and Mitigation in Cloud using Machine Learning,” IEEE Access, 2023.
[16] R. Han, K. Kim, B. Choi, and Y. Jeong, “A Study on Detection of Malicious Behavior Based on Host Process Data Using Machine Learning,” Appl. Sci., vol. 13, no. 7, p. 4097, 2023.
[17] R. B. Peccatiello, J. J. C. Gondim, and L. P. F. Garcia, “Applying One-Class Algorithms for Data Stream-Based Insider Threat Detection,” IEEE Access, 2023.
[18] I. J. ADUN and F. AMADIN, “A Hybrid Supervised Machine Learning Model for the Prediction of Insider Threats,” J. Sci. Technol. Res., vol. 5, no. 3, 2023.
[19] B. Bin Sarhan and N. Altwaijry, “Insider Threat Detection Using Machine Learning Approach,” Appl. Sci., vol. 13, no. 1, p. 259, 2022.
[20] M. A. Haq, M. A. R. Khan, and M. Alshehri, “Insider threat detection based on NLP word embedding and machine learning,” Intell Autom Soft Comput, vol. 33, pp. 619–635, 2022.
[21] T. Al-Shehari and R. A. Alsowail, “An insider data leakage detection using one-hot encoding, synthetic minority oversampling and machine learning techniques,” Entropy, vol. 23, no. 10, p. 1258, 2021.
[22] R. Nasir, M. Afzal, R. Latif, and W. Iqbal, “Behavioral based insider threat detection using deep learning,” IEEE Access, vol. 9, pp. 143266–143274, 2021.
[23] C. Zhang, S. Wang, D. Zhan, T. Yu, T. Wang, and M. Yin, “Detecting Insider Threat from Behavioral Logs Based on Ensemble and Self-Supervised Learning,” Secur. Commun. Netw., pp. 1–11, 2021.
[24] R. G. Gayathri, A. Sajjanhar, Y. Xiang, and X. Ma, “Multi-class classification based anomaly detection of insider activities,” arXiv, 2021.
[25] F. Janjua, A. Masood, H. Abbas, and I. Rashid, “Handling insider threat through supervised machine learning techniques,” Procedia Comput. Sci., vol. 177, pp. 64–71, 2020.
[26] S. Zou, H. Sun, G. Xu, and R. Quan, “Ensemble strategy for insider threat detection from user activity logs,” Comput. Mater. Contin., 2020.
[27] T. Tamanna, “Detection of Insider Threats Based on Deep Learning Using LSTM–CNN Model,” PhD Thesis, Dublin, National College of Ireland, 2020.
[28] D. C. Le, N. Zincir-Heywood, and M. I. Heywood, “Analyzing data granularity levels for insider threat detection using machine learning,” IEEE Trans. Netw. Serv. Manag., vol. 17, no. 1, pp. 30–44, 2020.
[29] J. Kim, M. Park, H. Kim, S. Cho, and P. Kang, “Insider threat detection based on user behavior modeling and anomaly detection algorithms,” Appl. Sci., vol. 9, no. 19, p. 4018, 2019.
[30] M. Singh, B. M. Mehtre, and S. Sangeetha, “User behavior profiling using ensemble approach for insider threat detection,” in 2019 IEEE 5th International Conference on Identity, Security, and Behavior Analysis (ISBA), IEEE, 2019, pp. 1–8.
[31] D. C. Le and A. N. Zincir-Heywood, “Machine learning based insider threat modelling and detection,” in 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), IEEE, 2019, pp. 1–6.
[32] W. Jiang, Y. Tian, W. Liu, and W. Liu, “An Insider Threat Detection Method Based on User Behavior Analysis,” in Intelligent Information Processing IX, vol. 538, Z. Shi, E. Mercier-Laurent, and J. Li, Eds., in IFIP Advances in Information and Communication Technology, vol. 538. , Cham: Springer International Publishing, 2018, pp. 421–429.
[33] Centre for the Protection of National Infrastructure (CPNI), “Insider Data Collection Study,” London, UK, 2013. Accessed: Nov. 06, 2023.
[34] S. Yang and Y. Wang, “Insider threat analysis of case based system dynamics,” Adv Comput Int J ACIJ, vol. 2, pp. 1–17, 2011.
[35] IBM, “Cost of a Data Breach Report 2023,” 2023, Accessed: Nov. 17, 2023. [Online]. Available: https://www.ibm.com/downloads/cas/E3G5JMBP
[36] N. Saxena, E. Hayes, E. Bertino, P. Ojo, K.-K. R. Choo, and P. Burnap, “Impact and key challenges of insider threats on organizations and critical businesses,” Electronics, vol. 9, no. 9, p. 1460, 2020.
[37] Ekran System, “What Is an Insider Threat? Definition, Types, and Countermeasures,” Ekran System. Accessed: Nov. 06, 2023. [Online]. Available: https://www.ekransystem.com/en/blog/insider-threat-definition
[38] M. A. Bridgeman, “A Survey of Methods for Detecting Intentional Insider Threats Against Digital Systems,” PhD Thesis, Monterey, CA; Naval Postgraduate School, 2021.
[39] I. A. Gheyas and A. E. Abdallah, “Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis,” Big Data Anal., vol. 1, no. 1, p. 6, Dec. 2016.
[40] D. M. Cappelli, A. P. Moore, and R. F. Trzeciak, The CERT guide to insider threats: how to prevent, detect, and respond to information technology crimes (Theft, Sabotage, Fraud). Addison-Wesley, 2012.
[41] P. Institute, “2013 Cost of Data Breach Study: Global Analysis.” Accessed: Nov. 17, 2023. [Online]. Available: https://www.ponemon.org/local/upload/file/2013%20Report%20GLOBAL%20CODB%20FINAL%205-2.pdf
[42] A. P. Moore, D. M. Cappelli, T. C. Caron, E. D. Shaw, D. Spooner, and R. F. Trzeciak, “A Preliminary Model of Insider Theft of Intellectual Property,” Carnegie Mellon University’s Software Engineering Institute: Pittsburgh, PA, USA, 2011. Accessed: Nov. 06, 2023. [Online]. Available: https://insights.sei.cmu.edu/documents/2213/2011_004_001_15362.pdf
[43] M. N. Al-Mhiqani et al., “A review of insider threat detection: Classification, machine learning techniques, datasets, open challenges, and recommendations,” Appl. Sci., vol. 10, no. 15, p. 5208, 2020, Accessed: Apr. 27, 2024. [Online]. Available: https://www.mdpi.com/2076-3417/10/15/5208
[44] N. Vemuri, N. Thaneeru, and V. M. Tatikonda, “Adaptive generative AI for dynamic cybersecurity threat detection in enterprises,” 2024.
