Review of insider and insider threat detection in the organizations

  • Arshiya Subhani
  • Iftikhar Alam Khan
  • Anmol Zubair
DOI: https://doi.org/10.26500/jarssh.v6i4.174
Keywords: Analyzed behavior of insiders, insider threats, insider threat detection techniques, types of insiders, metric evaluation

Abstract

Aim: The insider threat is a severe issue in cyber security. Insider threats are largely overlooked by most companies. Workers, system administrators, and outside contractors all have access to confidential company data. It is critical for the organization’s finances and reputation that such sensitive information is kept secret. If sensitive information were to escape the hands of even a tiny percentage of the authorized workforce, it could cause catastrophic financial losses. Protecting a company from the potentially disastrous actions of its own employees presents a formidable challenge, and identifying and eliminating the insider threat is a crucial part of that. This study aims to determine the types of insider threats that can exist within an organization and the best methods for countering them.
Methodology: Research on the topic of insider danger is summarized in this paper. Insiders (representing types of insiders, motivation, insider access, methods used by insiders, insider profiling, and levels of insiders); Threat Detection Methods (describing methodology, techniques, datasets used to implement various insider threat detection techniques, and different analyzed user behavior); and Insider Threat Analysis (describing the various analyzed behavior of the user) are the three categories into which the research has been sorted.
Findings: Within today’s increasingly digitalized businesses, dishonest employees pose a significant risk. Since the global changes in the business environment, insider threats have become a problem for most companies. There has been an increase in the insider threat since 2019, and one primary reason is the widespread adoption of cloud computing and bring-your-own-device policies for remote work.
Implications/Novel Contribution: Future studies are encouraged to improve threat detection methods, evaluate the efficacy of existing methods using a real-world dataset, and adopt a hybrid approach to developing effective models for detecting insider threats.

References

Al-Mhiqani, M. N., Ahmad, R., Yassin, W., Hassan, A., Abidin, Z. Z., Ali, N. S., & Abdulkareem, K. H. (2018).

Cyber-security incidents: A review cases in cyber-physical systems. International Journal of Advanced Computer Science and Applications, 9(1), 499-508.

Ambre, A., & Shekokar, N. (2015). Insider threat detection using log analysis and event correlation. Procedia Computer Science, 45, 436-445. doi:https://doi.org/10.1016/j.procs.2015.03.175

BaMaung, D., McIlhatton, D., MacDonald, M., & Beattie, R. (2018). The enemy within? The connection between insider threat and terrorism. Studies in Conflict & Terrorism, 41(2), 133-150. doi:https://doi.org/10.1080/1057610X.2016.1249776

Böse, B., Avasarala, B., Tirthapura, S., Chung, Y.-Y., & Steiner, D. (2017). Detecting insider threats using radish: A system for real-time anomaly detection in heterogeneous data streams. IEEE Systems Journal, 11(2), 471-482. doi:https://doi.org/10.1109/JSYST.2016.2558507

Cappelli, D. M., Moore, A. P., & Trzeciak, R. F. (2012). The CERT guide to insider threats: How to prevent, detect, and respond to information technology crimes (theft, sabotage, fraud). Boston, MA: Addison-Wesley.

Chan, M. Y. (2019). A study on the establishing alternative security system in transition order. International Journal of Technology and Engineering Studies, 5(5), 157–162. doi:https://dx.doi.org/10.20469/ijtes.5.10003-5

Chen, X.-J., Shi, J.-Q., Xu, R., Yiu, S., Fang, B.-X., & Xu, F. (2014). PAITS: Detecting masquerader via short-lived interventional mouse dynamics. In International Conference on Applications and Techniques in Information Security, Berlin, Heidelberg. doi:https://doi.org/10.1007/978-3-662-45670-5_22

Christoph, G. G., Jackson, K. A., Neuman, M. C., Siciliano, C. L., Simmonds, D. D., Stallings, C. A., & Thompson, J. L. (1995). UNICORN: Misuse detection for unicosTM. In Supercomputing’95: Proceedings of the 1995 ACM/IEEE Conference on Supercomputing, San Diego, CA. doi:https://doi.org/10.1109/
SUPERC.1995.241777

Cole, E., & Ring, S. (2005). Insider threat: Protecting the enterprise from sabotage, spying, and theft. Amsterdam, Netherlands: Elsevier.

CPNI. (2013). Insider data collection study (Tech. Rep.). London, UK: CPNI.

Cybersecurity. (2021). Insider thereat report. Retrieved from https://bit.ly/3uVoHSE

Dawson, M. (2015). New threats and countermeasures in digital crime and cyber terrorism. Hershey, PA: IGI Global.

Farahmand, F., & Spafford, E. H. (2013). Understanding insiders: An analysis of risk-taking behavior. Information Systems Frontiers, 15(1), 5-15. doi:https://doi.org/10.1007/s10796-010-9265-x

Garfinkel, S. L., Beebe, N., Liu, L., & Maasberg, M. (2013). Detecting threatening insiders with lightweight media forensics. In International Conference on Technologies for Homeland Security (HST), Waltham, MA. doi:https://doi.org/10.1109/THS.2013.6698981

Gelles, M. G. (2016). Insider threat: Prevention, detection, mitigation, and deterrence. Oxford, UK: ButterworthHeinemann.

Gunasekhar, T., Rao, K. T., & Basu, M. T. (2015). Understanding insider attack problem and scope in cloud. In International Conference on Circuits, Power and Computing Technologies, Nagercoil, India. doi:https://doi.org/10.1109/ICCPCT.2015.7159380

Harilal, A., Toffalini, F., Castellanos, J., Guarnizo, J., Homoliak, I., & Ochoa, M. (2017). Twos: A dataset of malicious insider threat behavior based on a gamified competition. In Proceedings of the 2017 International

Workshop on Managing Insider Security Threats, Dallas, TX. doi:https://doi.org/10.1145/3139923.3139929

Hsieh, C.-H., Lai, C.-M., Mao, C.-H., Kao, T.-C., & Lee, K.-C. (2015). AD2: Anomaly detection on active directory log data for insider threat monitoring. In International Carnahan Conference on Security Technology (ICCST), Taipei, Taiwan. doi:https://doi.org/10.1109/CCST.2015.7389698

Kaggle. (2022). CERT insider threat. Retrieved from https://bit.ly/3J5lc18

Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., & Gritzalis, D. (2010). An insider threat prediction model. In International Conference on Trust, Privacy and Security in Digital Business, Berlin, Heidelberg.

Lee, H.-J., Park, M.-W., Eom, J.-H., & Chung, T.-M. (2015). New approach for detecting leakage of internal information; using emotional recognition technology. KSII Transactions on Internet and Information Systems (TIIS), 9(11), 4662-4679. doi:https://doi.org/10.3837/tiis.2015.11.023

Liewtrakul, P., & Kaewbanjong, K. (2017). A semantic web service retrieval approach that combines semantic matching with quality of service matching. Journal of ICT, Design, Engineering and Technological Science, 1(2), 42–47. doi:https://doi.org/10.33150/jitdets-1.2.3

Liu, L., De Vel, O., Han, Q.-L., Zhang, J., & Xiang, Y. (2018). Detecting and preventing cyber insider threats: A survey. IEEE Communications Surveys & Tutorials, 20(2), 1397-1417. doi:https://doi.org/10.1109/COMST.2018.2800740

Lo, O., Buchanan, W. J., Griffiths, P., & Macfarlane, R. (2018). Distance measurement methods for improved insider threat detection. Security and Communication Networks, 2018, 1-8.

Long, J., Wiles, J., Rogers, R., Drake, P., Green, R. J., Kipper, G., . . . Schroader, A. (2011). Techno security’s guide to managing risks for it managers, auditors, and investigators. Amsterdam, Netherlands: Elsevier.

Mayhew, M., Atighetchi, M., Adler, A., & Greenstadt, R. (2015). Use of machine learning in big data analytics for insider threat detection. In Military Communications Conference, Tampa, FL. doi:https://doi.org/10.1109/MILCOM.2015.7357562

Meng, W., Li, W., Wang, Y., & Au, M. H. (2020). Detecting insider attacks in medical cyber–physical networks based on behavioral profiling. Future Generation Computer Systems, 108, 1258-1266. doi:https://doi.org/10.1016/j.future.2018.06.007

Nikolai, J., & Wang, Y. (2016). A system for detecting malicious insider data theft in IaaS cloud environments. In Global Communications Conference (GLOBECOM) Washington, DC. doi:https://doi.org/10.1109/GLOCOM.2016.7841554

Nithiyanandam, C., Tamilselvan, D., Balaji, S., & Sivaguru, V. (2012). Advanced framework of defense system for prevetion of insider’s malicious behaviors. In International Conference on Recent Trends in Information Technology, Chennai, India. doi:https://doi.org/10.1109/ICRTIT.2012.6206788

Oktem, U. G. (2003). Near-miss: A tool for integrated safety, health, environmental and security management (Tech. Rep.). New York, NY: AIChE.

Parveen, P., Mcdaniel, N., Weger, Z., Evans, J., Thuraisingham, B., Hamlen, K., & Khan, L. (2013). Evolving insider threat detection stream mining perspective. International Journal on Artificial Intelligence Tools, 22(5), 1-24.

Proofpoint. (2021). 2020 cost of insider threat global report (Tech. Rep.). Sunnyvale, CA: Proofpoint.

Roberts, S. C., Holodnak, J. T., Nguyen, T., Yuditskaya, S., Milosavljevic, M., & Streilein, W. W. (2016). A model-based approach to predicting the performance of insider threat detection systems. In Security and Privacy Workshops (SPW), San Jose, CA. doi:https://doi.org/10.1109/SPW.2016.14

Santos, E., Nguyen, H., Yu, F., Kim, K. J., Li, D., Wilkinson, J. T., . . . Clark, B. (2011). Intelligence analyses and the insider threat. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, 42(2), 331-347. doi:https://doi.org/10.1109/TSMCA.2011.2162500

Schultz, E. E. (2002). A framework for understanding and predicting insider attacks. Computers & Security, 21(6), 526-531. doi:https://doi.org/10.1016/S0167-4048(02)01009-X

Sfakianakis, A., Douligeris, C., Marinos, L., Lourenço, M., & Raghimi, O. (2019). ENISA threat landscape report 2018.15 top cyberthreats and trends (Tech. Rep.). Athens, Greece: ENISA.

Singleton, C. (2021). X-force threat intelligence index (Tech. Rep.). Armonk, NY: IBM.

Song, Y., Salem, M. B., Hershkop, S., & Stolfo, S. J. (2013). System level user behavior biometrics using fisher features and gaussian mixture models. In Security and Privacy Workshops, San Francisco, CA. doi:https://doi.org/10.1109/SPW.2013.33

Tessian. (2021). The psychology of human error - tessian (Tech. Rep.). Broadgate Circle, UK: Tessian.

Tongkaw, A. (2019). Software defined network, the design, technique, and internet of things defined in campus network. International Journal of Technology and Engineering Studies, 5(3), 80–89. doi:https://dx.doi.org/10.20469/ijtes.5.10002-3

Verizon. (2021). Data breach investigations report. Retrieved from https://bit.ly/3x05txQ

Wang, X., Tan, Q., Shi, J., Su, S., & Wang, M. (2018). Insider threat detection using characterizing user behavior. In In Ieee Third International Conference on Data Science in Cyberspace (DSC), Guangzhou, China. doi:https://doi.org/10.1109/DSC.2018.00077

Yuan, F., Cao, Y., Shang, Y., Liu, Y., Tan, J., & Fang, B. (2018). Insider threat detection with deep neural network. In International Conference on Computational Science, Cham, UK. doi:https://doi.org/10.1007/978-3-319-93698-7_4
Published
2021-12-28
How to Cite
Arshiya Subhani, Iftikhar Alam Khan, & Anmol Zubair. (2021). Review of insider and insider threat detection in the organizations. Journal of Advanced Research in Social Sciences and Humanities, 6(4), 167-174. https://doi.org/10.26500/jarssh.v6i4.174
Issue
Vol. 6 No. 4 (2021): JARSSH
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.