Publication Details

Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures

HOMOLIAK, I.; TOFFALINI, F.; GUARNIZO, J.; ELOVICI, Y.; OCHOA, M. Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures. ACM COMPUTING SURVEYS, 2019, vol. 52, no. 2, p. 1-40. ISSN: 0360-0300.
Czech title
Pohled na insidery v IT: Průzkum taxonomií, analýz, protiopatření a modelování hrozeb od insiderů.
Type
journal article
Language
English
Authors
Homoliak Ivan, doc. Ing., Ph.D. (DITS)
TOFFALINI, F.
GUARNIZO, J.
ELOVICI, Y.
OCHOA, M.
URL
Keywords

5W1H questions, insider threat, grounded theory for rigorous literature review, malicious insider threat, masqueraders, traitors, unintentional insider threat

Abstract

Insider threats are one of todays most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. In this work, we propose structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research while using an existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include incidents and datasets, analysis of incidents, simulations, and defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents that is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers efforts in the domain of insider threat because it provides (1) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, (2) an overview on publicly available datasets that can be used to test new detection solutions against other works, (3) references of existing case studies and frameworks modeling insiders behaviors for the purpose of reviewing defense solutions or extending their coverage, and (4) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.

Published
2019
Pages
1–40
Journal
ACM COMPUTING SURVEYS, vol. 52, no. 2, ISSN 0360-0300
Book
ACM Computing Surveys
DOI
UT WoS
000473754100008
EID Scopus
BibTeX
@article{BUT156851,
  author="HOMOLIAK, I. and TOFFALINI, F. and GUARNIZO, J. and ELOVICI, Y. and OCHOA, M.",
  title="Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures",
  journal="ACM COMPUTING SURVEYS",
  year="2019",
  volume="52",
  number="2",
  pages="1--40",
  doi="10.1145/3303771",
  issn="0360-0300",
  url="https://dl.acm.org/citation.cfm?id=3303771"
}
Files
Back to top