Insights into user behavioral-based insider threat detection: systematic review

Insights into user behavioral-based insider threat detection: systematic review

연구 분야: Safety

학회: International Journal of Information Security

The increasing complexity of organizational systems creates new opportunities for insider threats to exploit vulnerabilities and cause significant damage. Insider threat detection (ITD) has become a critical first line of defense for organizations to prevent security breaches. Researchers have developed numerous methodologies targeting specific types of network activities, such as file transfers, login attempts, and network traffic patterns to address these threats. User behavioral-based insider threat detection (UBITD) is a critical research and development direction in cybersecurity. Despite the abundance of research on ITD methods, there is a notable scarcity of systematic reviews focusing on the latest advancements and the data used to train them. Although numerous review papers have explored various ITD approaches, most adopt a non-systematic approach, merely comparing existing techniques without providing a comprehensive analytical synthesis of methodologies and performance outcomes. Consequently, these reviews fall short of delivering a holistic understanding of the current ITD landscape, as much of the existing literature emphasizes signature-based ITD with a focus on machine learning and deep learning models, while UBITD remains minimally explored. This paper presents an in-depth analysis of UBITD by systematically reviewing 101 of the most influential research papers published on the topic. Our analysis rigorously examines the technical advancements, data preprocessing techniques, detection approaches, evaluation metrics, researcher collaborations, datasets, and future trends in this field. The findings reveal unsolved research challenges and uncharted research areas within each of these perspectives. By outlining several high-impact future research endeavors, this study aims to strengthen ITD role in cybersecurity, contributing to the development of more robust and proactive defenses against insider threats.