SoK: A systematic review of insider threat detection

Aram Kim, Junhyoung Oh, Jinho Ryu, Jemin Lee, Kookheui Kwon, Kyungho Lee

Research output: Contribution to journalReview articlepeer-review

23 Citations (Scopus)


Due to the subtle nature of the insider threat, government bodies and corporate organizations are forced to face the insider threat that is both malicious and accidental. In this paper, we provide a systematic understanding of the past literature that addresses the issues with insider threat detection. Our review consists of three items. First, we examine the different types of insider threats based on insider characteristics and insider activities. Second, we explore the sensors which make possible detecting insider threats in an automated way, and the public datasets available for research. Finally, the detection approaches used in related studies are examined from the perspective of technology, learning, input category, detection target, and interpretability. In particular, we have covered the state-of-the-art deep learning literature that was not covered in previous surveys.

Original languageEnglish
Pages (from-to)46-67
Number of pages22
JournalJournal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
Issue number4
Publication statusPublished - 2019 Dec


  • Deep learning
  • Insider threat detection
  • Machine learning
  • Survey

ASJC Scopus subject areas

  • Computer Science (miscellaneous)
  • Computer Science Applications
  • Computer Networks and Communications


Dive into the research topics of 'SoK: A systematic review of insider threat detection'. Together they form a unique fingerprint.

Cite this