Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis. Issue 1 (December 2016)
- Record Type:
- Journal Article
- Title:
- Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis. Issue 1 (December 2016)
- Main Title:
- Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis
- Authors:
- Gheyas, Iffat
Abdallah, Ali - Abstract:
- Abstract Cyber security is vital to the success of today's digital economy. The major security threats are coming from within, as opposed to outside forces. Insider threat detection and prediction are important mitigation techniques. This study addresses the following research questions: 1) what are the research trends in insider threat detection and prediction nowadays? 2) What are the challenges associated with insider threat detection and prediction? 3) What are the best-to-date insider threat detection and prediction algorithms? We conduct a systematic review of 37 articles published in peer-reviewed journals, conference proceedings and edited books for the period of 1950–2015 to address the first two questions. Our survey suggests that game theoretic approach (GTA) is a popular source of insider threat data; the insiders' online activities are the most widely used features in insider threat detection and prediction; most of the papers use single point estimates of threat likelihood; and graph algorithms are the most widely used tools for detecting and predicting insider threats. The key challenges facing the insider threat detection and prediction system include unbounded patterns, uneven time lags between activities, data nonstationarity, individuality, collusion attacks, high false alarm rates, class imbalance problem, undetected insider attacks, uncertainty, and the large number of free parameters in the model. To identify the best-to-date insider threat detectionAbstract Cyber security is vital to the success of today's digital economy. The major security threats are coming from within, as opposed to outside forces. Insider threat detection and prediction are important mitigation techniques. This study addresses the following research questions: 1) what are the research trends in insider threat detection and prediction nowadays? 2) What are the challenges associated with insider threat detection and prediction? 3) What are the best-to-date insider threat detection and prediction algorithms? We conduct a systematic review of 37 articles published in peer-reviewed journals, conference proceedings and edited books for the period of 1950–2015 to address the first two questions. Our survey suggests that game theoretic approach (GTA) is a popular source of insider threat data; the insiders' online activities are the most widely used features in insider threat detection and prediction; most of the papers use single point estimates of threat likelihood; and graph algorithms are the most widely used tools for detecting and predicting insider threats. The key challenges facing the insider threat detection and prediction system include unbounded patterns, uneven time lags between activities, data nonstationarity, individuality, collusion attacks, high false alarm rates, class imbalance problem, undetected insider attacks, uncertainty, and the large number of free parameters in the model. To identify the best-to-date insider threat detection and prediction algorithms, our meta-analysis study excludes theoretical papers proposing conceptual algorithms from the 37 selected papers resulting in the selection of 13 papers. We rank the insider threat detection and prediction algorithms presented in the 13 selected papers based on the theoretical merits and the transparency of information. To determine the significance of rank sums, we perform "the Friedman two-way analysis of variance by ranks" test and "multiple comparisons between groups or conditions" tests. … (more)
- Is Part Of:
- Big data analytics. Volume 1:Issue 1(2016)
- Journal:
- Big data analytics
- Issue:
- Volume 1:Issue 1(2016)
- Issue Display:
- Volume 1, Issue 1 (2016)
- Year:
- 2016
- Volume:
- 1
- Issue:
- 1
- Issue Sort Value:
- 2016-0001-0001-0000
- Page Start:
- 1
- Page End:
- 29
- Publication Date:
- 2016-12
- Subjects:
- Insider threat prediction -- Anomaly detection -- Machine learning -- Cyber security -- Individual attacks -- Collusion attacks
Big data -- Periodicals
Biology -- Data processing -- Periodicals
570.28557 - Journal URLs:
- https://bdataanalytics.biomedcentral.com/ ↗
http://link.springer.com/ ↗ - DOI:
- 10.1186/s41044-016-0006-0 ↗
- Languages:
- English
- ISSNs:
- 2058-6345
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 9927.xml