Deakin University
Browse

File(s) under permanent embargo

Detecting and preventing cyber insider threats: a survey

Version 2 2024-06-05, 00:38
Version 1 2018-09-06, 12:06
journal contribution
posted on 2024-06-05, 00:38 authored by L Liu, O De Vel, QL Han, Jun ZhangJun Zhang, Y Xiang
Information communications technology systems are facing an increasing number of cyber security threats, the majority of which are originated by insiders. As insiders reside behind the enterprise-level security defence mechanisms and often have privileged access to the network, detecting and preventing insider threats is a complex and challenging problem. In fact, many schemes and systems have been proposed to address insider threats from different perspectives, such as intent, type of threat, or available audit data source. This survey attempts to line up these works together with only three most common types of insider namely traitor, masquerader, and unintentional perpetrator, while reviewing the countermeasures from a data analytics perspective. Uniquely, this survey takes into account the early stage threats which may lead to a malicious insider rising up. When direct and indirect threats are put on the same page, all the relevant works can be categorised as host, network, or contextual data-based according to audit data source and each work is reviewed for its capability against insider threats, how the information is extracted from the engaged data sources, and what the decision-making algorithm is. The works are also compared and contrasted. Finally, some issues are raised based on the observations from the reviewed works and new research gaps and challenges identified.

History

Journal

IEEE communications surveys and tutorials

Volume

20

Pagination

1397-1418

Location

Piscataway, N.J.

eISSN

1553-877X

Language

eng

Publication classification

C Journal article, C1.1 Refereed article in a scholarly journal

Copyright notice

2018, IEEE

Issue

2

Publisher

IEEE