SoK: A systematic review of insider threat detection

Aram Kim; Junhyoung Oh; Jinho Ryu; Jemin Lee; Kookheui Kwon; Kyungho Lee

doi:10.22667/JOWUA.2019.12.31.046

SoK: A systematic review of insider threat detection

Aram Kim, Junhyoung Oh, Jinho Ryu, Jemin Lee, Kookheui Kwon, Kyungho Lee^*

^*Corresponding author for this work

Research output: Contribution to journal › Review article › peer-review

35 Citations (Scopus)

Abstract

Due to the subtle nature of the insider threat, government bodies and corporate organizations are forced to face the insider threat that is both malicious and accidental. In this paper, we provide a systematic understanding of the past literature that addresses the issues with insider threat detection. Our review consists of three items. First, we examine the different types of insider threats based on insider characteristics and insider activities. Second, we explore the sensors which make possible detecting insider threats in an automated way, and the public datasets available for research. Finally, the detection approaches used in related studies are examined from the perspective of technology, learning, input category, detection target, and interpretability. In particular, we have covered the state-of-the-art deep learning literature that was not covered in previous surveys.

Original language	English
Pages (from-to)	46-67
Number of pages	22
Journal	Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
Volume	10
Issue number	4
DOIs	https://doi.org/10.22667/JOWUA.2019.12.31.046
Publication status	Published - 2019 Dec

Keywords

Deep learning
Insider threat detection
Machine learning
Survey

ASJC Scopus subject areas

Computer Science (miscellaneous)
Computer Science Applications
Computer Networks and Communications

Access to Document

10.22667/JOWUA.2019.12.31.046

Cite this

@article{de15c64c470a4e81aa27d3c971d2dfa1,

title = "SoK: A systematic review of insider threat detection",

abstract = "Due to the subtle nature of the insider threat, government bodies and corporate organizations are forced to face the insider threat that is both malicious and accidental. In this paper, we provide a systematic understanding of the past literature that addresses the issues with insider threat detection. Our review consists of three items. First, we examine the different types of insider threats based on insider characteristics and insider activities. Second, we explore the sensors which make possible detecting insider threats in an automated way, and the public datasets available for research. Finally, the detection approaches used in related studies are examined from the perspective of technology, learning, input category, detection target, and interpretability. In particular, we have covered the state-of-the-art deep learning literature that was not covered in previous surveys.",

keywords = "Deep learning, Insider threat detection, Machine learning, Survey",

author = "Aram Kim and Junhyoung Oh and Jinho Ryu and Jemin Lee and Kookheui Kwon and Kyungho Lee",

year = "2019",

month = dec,

doi = "10.22667/JOWUA.2019.12.31.046",

language = "English",

volume = "10",

pages = "46--67",

journal = "Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications",

issn = "2093-5374",

publisher = "Innovative Information Science and Technology Research Group",

number = "4",

}

TY - JOUR

T1 - SoK

T2 - A systematic review of insider threat detection

AU - Kim, Aram

AU - Oh, Junhyoung

AU - Ryu, Jinho

AU - Lee, Jemin

AU - Kwon, Kookheui

AU - Lee, Kyungho

PY - 2019/12

Y1 - 2019/12

N2 - Due to the subtle nature of the insider threat, government bodies and corporate organizations are forced to face the insider threat that is both malicious and accidental. In this paper, we provide a systematic understanding of the past literature that addresses the issues with insider threat detection. Our review consists of three items. First, we examine the different types of insider threats based on insider characteristics and insider activities. Second, we explore the sensors which make possible detecting insider threats in an automated way, and the public datasets available for research. Finally, the detection approaches used in related studies are examined from the perspective of technology, learning, input category, detection target, and interpretability. In particular, we have covered the state-of-the-art deep learning literature that was not covered in previous surveys.

AB - Due to the subtle nature of the insider threat, government bodies and corporate organizations are forced to face the insider threat that is both malicious and accidental. In this paper, we provide a systematic understanding of the past literature that addresses the issues with insider threat detection. Our review consists of three items. First, we examine the different types of insider threats based on insider characteristics and insider activities. Second, we explore the sensors which make possible detecting insider threats in an automated way, and the public datasets available for research. Finally, the detection approaches used in related studies are examined from the perspective of technology, learning, input category, detection target, and interpretability. In particular, we have covered the state-of-the-art deep learning literature that was not covered in previous surveys.

KW - Deep learning

KW - Insider threat detection

KW - Machine learning

KW - Survey

UR - https://www.scopus.com/pages/publications/85078323476

UR - https://www.scopus.com/inward/citedby.url?scp=85078323476&partnerID=8YFLogxK

U2 - 10.22667/JOWUA.2019.12.31.046

DO - 10.22667/JOWUA.2019.12.31.046

M3 - Review article

AN - SCOPUS:85078323476

SN - 2093-5374

VL - 10

SP - 46

EP - 67

JO - Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

JF - Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

IS - 4

ER -

SoK: A systematic review of insider threat detection

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this