A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations
Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies...
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2020-07-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/10/15/5208 |
| _version_ | 1797561058777366528 |
|---|---|
| author | Mohammed Nasser Al-Mhiqani Rabiah Ahmad Z. Zainal Abidin Warusia Yassin Aslinda Hassan Karrar Hameed Abdulkareem Nabeel Salih Ali Zahri Yunos |
| author_facet | Mohammed Nasser Al-Mhiqani Rabiah Ahmad Z. Zainal Abidin Warusia Yassin Aslinda Hassan Karrar Hameed Abdulkareem Nabeel Salih Ali Zahri Yunos |
| author_sort | Mohammed Nasser Al-Mhiqani |
| collection | DOAJ |
| description | Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles. |
| first_indexed | 2024-03-10T18:08:58Z |
| format | Article |
| id | doaj.art-4f9d4ed238404f9789242c7b402c9d8c |
| institution | Directory Open Access Journal |
| issn | 2076-3417 |
| language | English |
| last_indexed | 2024-03-10T18:08:58Z |
| publishDate | 2020-07-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj.art-4f9d4ed238404f9789242c7b402c9d8c2023-11-20T08:16:11ZengMDPI AGApplied Sciences2076-34172020-07-011015520810.3390/app10155208A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and RecommendationsMohammed Nasser Al-Mhiqani0Rabiah Ahmad1Z. Zainal Abidin2Warusia Yassin3Aslinda Hassan4Karrar Hameed Abdulkareem5Nabeel Salih Ali6Zahri Yunos7Information Security and Networking Research Group (InFORSNET), Center for Advanced Computing Technology, Faculty of Information Communication Technology, Universiti Teknikal Malaysia Melaka, Durian Tunggal 76100, MalaysiaInformation Security and Networking Research Group (InFORSNET), Center for Advanced Computing Technology, Faculty of Information Communication Technology, Universiti Teknikal Malaysia Melaka, Durian Tunggal 76100, MalaysiaInformation Security and Networking Research Group (InFORSNET), Center for Advanced Computing Technology, Faculty of Information Communication Technology, Universiti Teknikal Malaysia Melaka, Durian Tunggal 76100, MalaysiaInformation Security and Networking Research Group (InFORSNET), Center for Advanced Computing Technology, Faculty of Information Communication Technology, Universiti Teknikal Malaysia Melaka, Durian Tunggal 76100, MalaysiaInformation Security and Networking Research Group (InFORSNET), Center for Advanced Computing Technology, Faculty of Information Communication Technology, Universiti Teknikal Malaysia Melaka, Durian Tunggal 76100, MalaysiaCollege of Agriculture, Al-Muthanna University, Samawah 66001, IraqInformation Technology Research and Development Centre, University of Kufa, Kufa 54001, Najaf Governorate, IraqCyberSecurity Malaysia, Selangor 63000, MalaysiaInsider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.https://www.mdpi.com/2076-3417/10/15/5208cybersecuritydata exfiltrationinsider threatsinsider threat detectionmachine learningsecurity |
| spellingShingle | Mohammed Nasser Al-Mhiqani Rabiah Ahmad Z. Zainal Abidin Warusia Yassin Aslinda Hassan Karrar Hameed Abdulkareem Nabeel Salih Ali Zahri Yunos A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations Applied Sciences cybersecurity data exfiltration insider threats insider threat detection machine learning security |
| title | A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations |
| title_full | A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations |
| title_fullStr | A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations |
| title_full_unstemmed | A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations |
| title_short | A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations |
| title_sort | review of insider threat detection classification machine learning techniques datasets open challenges and recommendations |
| topic | cybersecurity data exfiltration insider threats insider threat detection machine learning security |
| url | https://www.mdpi.com/2076-3417/10/15/5208 |
| work_keys_str_mv | AT mohammednasseralmhiqani areviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT rabiahahmad areviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT zzainalabidin areviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT warusiayassin areviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT aslindahassan areviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT karrarhameedabdulkareem areviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT nabeelsalihali areviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT zahriyunos areviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT mohammednasseralmhiqani reviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT rabiahahmad reviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT zzainalabidin reviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT warusiayassin reviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT aslindahassan reviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT karrarhameedabdulkareem reviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT nabeelsalihali reviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations AT zahriyunos reviewofinsiderthreatdetectionclassificationmachinelearningtechniquesdatasetsopenchallengesandrecommendations |