Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis

Gheyas, Iffat and Abdallah, Ali E. (2016) Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis. Big Data Analytics, 1 (6). pp. 1-29. ISSN 2058-6345

[img]
Preview
Text
Detection and prediction of insider threats.pdf - Published Version

Download (2MB)

Abstract

Cyber security is vital to the success of today’s digital economy. The major security threats are coming from within, as opposed to outside forces. Insider threat detection and prediction are important mitigation techniques. This study addresses the following research questions: 1) what are the research trends in insider threat detection and prediction nowadays? 2) What are the challenges associated with insider threat detection and prediction? 3) What are the best-to-date insider threat detection and prediction algorithms? We conduct a systematic review of 37 articles published in peer-reviewed journals, conference proceedings and edited books for the period of 1950–2015 to address the first two questions. Our survey suggests that game theoretic approach (GTA) is a popular source of insider threat data; the insiders’ online activities are the most widely used features in insider threat detection and prediction; most of the papers use single point estimates of threat likelihood; and graph algorithms are the most widely used tools for detecting and predicting insider threats. The key challenges facing the insider threat detection and prediction system include unbounded patterns, uneven time lags between activities, data nonstationarity, individuality, collusion attacks, high false alarm rates, class imbalance problem, undetected insider attacks, uncertainty, and the large number of free parameters in the model. To identify the best-to-date insider threat detection and prediction algorithms, our meta-analysis study excludes theoretical papers proposing conceptual algorithms from the 37 selected papers resulting in the selection of 13 papers. We rank the insider threat detection and prediction algorithms presented in the 13 selected papers based on the theoretical merits and the transparency of information. To determine the significance of rank sums, we perform “the Friedman two-way analysis of variance by ranks” test and “multiple comparisons between groups or conditions” tests.

Item Type: Article
Uncontrolled Keywords: Insider threat prediction; Anomaly detection; Machine learning; Cyber security; Individual attacks; Collusion attacks
Subjects: G400 Computer Science
Divisions: Faculty of Computing, Engineering and the Built Environment
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology > Cyber Security
Faculty of Computing, Engineering and the Built Environment > School of Engineering and the Built Environment
UoA Collections > UoA11: Computer Science and Informatics
Depositing User: $ Ian McDonald
Date Deposited: 08 Feb 2017 15:20
Last Modified: 08 Feb 2017 15:20
URI: http://www.open-access.bcu.ac.uk/id/eprint/3884

Actions (login required)

View Item View Item

Research

In this section...