Publication Details

Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures

HOMOLIAK Ivan, TOFFALINI Flavio, GUARNIZO Juan D., ELOVICI Yuval and OCHOA Martín. Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures. ACM Computing Surveys, vol. 52, no. 2, 2019, pp. 1-40. ISSN 0360-0300. Available from: https://dl.acm.org/citation.cfm?id=3303771
Czech title
Pohled na insidery v IT: Průzkum taxonomií, analýz, protiopatření a modelování hrozeb od insiderů.
Type
journal article
Language
english
Authors
Homoliak Ivan, doc. Ing., Ph.D. (DITS FIT BUT)
Toffalini Flavio (SUTD)
Guarnizo Juan D. (SUTD)
Elovici Yuval (BGU)
Ochoa Martín, Ass.Prof., Ph.D. (SUTD)
URL
Keywords

5W1H questions, insider threat, grounded theory for rigorous literature review, malicious insider threat, masqueraders, traitors, unintentional insider threat

Abstract

Insider threats are one of todays most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. In this work, we propose structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research while using an existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include incidents and datasets, analysis of incidents, simulations, and defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents that is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers efforts in the domain of insider threat because it provides (1) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, (2) an overview on publicly available datasets that can be used to test new detection solutions against other works, (3) references of existing case studies and frameworks modeling insiders behaviors for the purpose of reviewing defense solutions or extending their coverage, and (4) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.

Published
2019
Pages
1-40
Journal
ACM Computing Surveys, vol. 52, no. 2, ISSN 0360-0300
Book
ACM Computing Surveys
Publisher
Association for Computing Machinery
DOI
UT WoS
000473754100008
EID Scopus
BibTeX
@ARTICLE{FITPUB11960,
   author = "Ivan Homoliak and Flavio Toffalini and D. Juan Guarnizo and Yuval Elovici and Mart\'{i}n Ochoa",
   title = "Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures",
   pages = "1--40",
   booktitle = "ACM Computing Surveys",
   journal = "ACM Computing Surveys",
   volume = 52,
   number = 2,
   year = 2019,
   ISSN = "0360-0300",
   doi = "10.1145/3303771",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/11960"
}
Back to top