SoK: A Systematic Review of Insider
Threat Detection 1Korea
Institute of Nuclear Nonproliferation and Control, Dajeon, South Korea {aramkim,
halloyu, vivacita}@kinac.re.kr 2Korea
University, Seoul, South
Korea {ohjun02, jeminjustinlee, kevinlee}@korea.ac.kr Abstract Due to the subtle nature of the insider threat,
government bodies and corporate organizations are forced to face the insider
threat that is both malicious and accidental. In this paper, we provide a
systematic understanding of the past literature that addresses the issues
with insider threat detection. Our review consists of three items. First, we
examine the different types of insider threats based on insider
characteristics and insider activities. Second, we explore the sensors which
make possible detecting insider threats in an automated way, and the public
datasets available for research. Finally, the detection approaches used in
related studies are examined from the perspective of technology, learning,
input category, detection target, and interpretability. In particular, we
have covered the state-of-the-art deep learning literature that was not
covered in previous surveys. Keywords: insider threat detection, machine
learning, deep learning, survey. +: Corresponding author: Kyungho Lee
|
Journal of Wireless
Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)
Vol.
10, No. 4, pp.46-67, December 2019 [pdf]
Received:
November 1, 2019; Accepted: December 7, 2019; Published: December 31, 2019
DOI: 10.22667/JOWUA.2019.12.31.046