Volume 10 - Issue 4
SoK: A Systematic Review of Insider Threat Detection
- Aram Kim
Korea Institute of Nuclear Nonproliferation and Control, Dajeon, South Korea
aramkim@kinac.re.kr
- Junhyoung Oh
Korea University, Seoul, South Korea
ohjun02@korea.ac.kr
- Jinho Ryu
Korea Institute of Nuclear Nonproliferation and Control, Dajeon, South Korea
halloyu@kinac.re.kr
- Jemin Lee
Korea University, Seoul, South Korea
jeminjustinlee@korea.ac.kr
- Kookheui Kwon
Korea Institute of Nuclear Nonproliferation and Control, Dajeon, South Korea
vivacita@kinac.re.kr
- Kyungho Lee
Korea University, Seoul, South Korea
kevinlee@korea.ac.kr
Keywords: insider threat detection, machine learning, deep learning, survey
Abstract
Due to the subtle nature of the insider threat, government bodies and corporate organizations are
forced to face the insider threat that is both malicious and accidental. In this paper, we provide a
systematic understanding of the past literature that addresses the issues with insider threat detection.
Our review consists of three items. First, we examine the different types of insider threats based on
insider characteristics and insider activities. Second, we explore the sensors which make possible
detecting insider threats in an automated way, and the public datasets available for research. Finally,
the detection approaches used in related studies are examined from the perspective of technology,
learning, input category, detection target, and interpretability. In particular, we have covered the
state-of-the-art deep learning literature that was not covered in previous surveys.