A Review of Insider Threat Detection Approaches With IoT Perspective

Security professionals, government agencies, and corporate organizations have found an inherent need to prevent or mitigate attacks from insider threats. Accordingly, active research on insider threat detection has been conducted to prevent and mitigate adverse effects such as leakage of valuable information that may be caused by insiders. Along with the growth of Internet-of-Things (IoT), new security challenges arise in the existing security frameworks. Attack surfaces are significantly enlarged which could cause a severe risk in terms of company insider threat management. In this work, we provide a generalization of aspects of insider threats with IoT and analyze the surveyed literature based on both private and public sources. We then examine data sources considering IoT environments based on the characteristics and the structure of IoT (perceptual, network, and application layers). The result of reviewing the study shows that using the data source of the network and application layer is more suitable than the perceptual layer in the IoT environment. We also categorized each layer’s data sources according to their features, and we investigated research objectives and methods for each category. Finally, the potential for utilization and limitations under the IoT environment are presented at the end of each layer examination.

[1]  Qazi Mamoon Ashraf,et al.  Autonomic schemes for threat mitigation in Internet of Things , 2015, J. Netw. Comput. Appl..

[2]  Oliver Brdiczka,et al.  Multi-Domain Information Fusion for Insider Threat Detection , 2013, 2013 IEEE Security and Privacy Workshops.

[3]  Yuval Elovici,et al.  N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders , 2018, IEEE Pervasive Computing.

[4]  Andrew P. Moore,et al.  Pattern-Based Design of Insider Threat Programs , 2014 .

[5]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[6]  Hung Q. Ngo,et al.  A Data-Centric Approach to Insider Attack Detection in Database Systems , 2010, RAID.

[7]  Chong Kuan Chen,et al.  IoT Security: Ongoing Challenges and Research Opportunities , 2014, 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications.

[8]  Ali E. Abdallah,et al.  Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis , 2016 .

[9]  Dipti Jadhav,et al.  Security threats in the application layer in IOT applications , 2017, 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC).

[10]  Christian W. Probst,et al.  Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[11]  Yacine Challal,et al.  A Systemic Approach for IoT Security , 2013, 2013 IEEE International Conference on Distributed Computing in Sensor Systems.

[12]  Kyungho Lee,et al.  Detecting Potential Insider Threat: Analyzing Insiders' Sentiment Exposed in Social Media , 2018, Secur. Commun. Networks.

[13]  Robert H. Anderson,et al.  Understanding the Insider Threat: Proceedings of a March 2004 Workshop , 2005 .

[14]  Mudita Singhal,et al.  Supervised and Unsupervised methods to detect Insider Threat from Enterprise Social and Online Activity Data , 2015, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[15]  Lauren Reinerman-Jones,et al.  Cognitive and Affective Eye Tracking Metrics for Detecting Insider Threat: A Study of Simulated Espionage , 2018, Proceedings of the Human Factors and Ergonomics Society Annual Meeting.

[16]  Dawn M. Cappelli,et al.  The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes , 2012 .

[17]  Matthew L Collins,et al.  Common Sense Guide to Mitigating Insider Threats, Fifth Edition , 2016 .

[18]  Ramiro Gonçalves,et al.  Flow Monitoring System for IoT Networks , 2019, WorldCIST.

[19]  Klaus Wehrle,et al.  Modeling and Tools for Network Simulation , 2010, Modeling and Tools for Network Simulation.

[20]  Yanbing Liu,et al.  Insider Threat Detection with Deep Neural Network , 2018, ICCS.

[21]  J. Pennebaker,et al.  The Psychological Meaning of Words: LIWC and Computerized Text Analysis Methods , 2010 .

[22]  Harley Kozushko,et al.  Intrusion Detection : Host-Based and Network-Based Intrusion Detection Systems , 2003 .

[23]  Jürgen Schönwälder,et al.  Management of resource constrained devices in the internet of things , 2012, IEEE Communications Magazine.

[24]  Rabia Latif,et al.  Malicious Insider Attack Detection in IoTs Using Data Analytics , 2020, IEEE Access.

[25]  Elisa Bertino,et al.  Detecting anomalous access patterns in relational databases , 2008, The VLDB Journal.

[26]  Tarek Menacere,et al.  Detecting insider threats through language change. , 2013, Law and human behavior.

[27]  Lawrence B. Holder,et al.  Insider Threat Detection Using a Graph-Based Approach , 2010 .

[28]  Malek Ben Salem,et al.  Modeling User Search Behavior for Masquerade Detection , 2011, RAID.

[29]  Roy A. Maxion,et al.  Masquerade detection using enriched command lines , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[30]  Jiafu Wan,et al.  Security in the Internet of Things: A Review , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[31]  Khalil El-Khatib,et al.  On the Possibility of Insider Threat Prevention Using Intent-Based Access Control (IBAC) , 2017, IEEE Systems Journal.

[32]  S. Creese,et al.  Caught in the act of an insider attack: detection and assessment of insider threat , 2015, 2015 IEEE International Symposium on Technologies for Homeland Security (HST).

[33]  Kyung Ho Lee,et al.  Advanced insider threat detection model to apply periodic work atmosphere , 2019, KSII Trans. Internet Inf. Syst..

[34]  Munam Ali Shah,et al.  Constraints in the IoT: The World in 2020 and Beyond , 2016 .

[35]  George S. Avrunin,et al.  Insider Threat Identification by Process Analysis , 2014, 2014 IEEE Security and Privacy Workshops.

[36]  Melissa Dark,et al.  Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives , 2010 .

[37]  J Peter Rosenfeld,et al.  A mock terrorism application of the P300-based concealed information test. , 2011, Psychophysiology.

[38]  Robert E. Tarjan,et al.  Fast exact and heuristic methods for role minimization problems , 2008, SACMAT '08.

[39]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[40]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[41]  Dimitris Gritzalis,et al.  An Insider Threat Prediction Model , 2010, TrustBus.

[42]  Dawn M. Cappelli,et al.  Combating the Insider Cyber Threat , 2008, IEEE Security & Privacy.

[43]  S. Rothmann,et al.  THE BIG FIVE PERSONALITY DIMENSIONS AND JOB PERFORMANCE , 2003 .

[44]  Roy A. Maxion,et al.  Masquerade detection augmented with error analysis , 2004, IEEE Transactions on Reliability.

[45]  Malek Ben Salem,et al.  Masquerade Attack Detection Using a Search-Behavior Modeling Approach , 2009 .

[46]  Joshua Glasser,et al.  Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data , 2013, 2013 IEEE Security and Privacy Workshops.

[47]  Brian Hutchinson,et al.  Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams , 2017, AAAI Workshops.

[48]  Alanson P. Sample,et al.  A capacitive touch interface for passive RFID tags , 2009, 2009 IEEE International Conference on RFID.

[49]  Florian Kammüller,et al.  Attack Tree Analysis for Insider Threats on the IoT Using Isabelle , 2016, HCI.

[50]  Bhavani M. Thuraisingham,et al.  Unsupervised incremental sequence learning for insider threat detection , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[51]  Carsten Bormann,et al.  6LoWPAN: The Wireless Embedded Internet , 2009 .

[52]  Matthew Collins,et al.  An Ontology for Insider Threat Indicators: Development and Application , 2014, STIDS.

[53]  Sadie Creese,et al.  Automated Insider Threat Detection System Using User and Role-Based Profile Assessment , 2017, IEEE Systems Journal.

[54]  Lawrence B. Holder,et al.  Graph-Based Data Mining , 2000, IEEE Intell. Syst..

[55]  Lilian Mitrou The impact of communications data retention on fundamental rights and democracy – the case of the EU Data Retention Directive , 2010 .

[56]  Gabriel Ghinita,et al.  The optimization of situational awareness for insider threat detection , 2011, CODASPY '11.

[57]  Roy A. Maxion,et al.  Masquerade detection using truncated command lines , 2002, Proceedings International Conference on Dependable Systems and Networks.

[58]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[59]  Deborah A. Frincke,et al.  Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation , 2010, Insider Threats in Cyber Security.

[60]  Parvez Ahammad,et al.  SoK: Applying Machine Learning in Security - A Survey , 2016, ArXiv.

[61]  William J. Buchanan,et al.  Distance Measurement Methods for Improved Insider Threat Detection , 2018, Secur. Commun. Networks.

[62]  Luca Podofillini,et al.  Safety and Reliability of Complex Engineered Systems : ESREL 2015 , 2015 .

[63]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[64]  Christoph Schroth,et al.  The Internet of Things in an Enterprise Context , 2009, FIS.

[65]  Daria S. Lavrova,et al.  Applying Correlation and Regression Analysis to Detect Security Incidents in the Internet of Things , 2015 .

[66]  Frederick T. Sheldon,et al.  Anomaly detection in multiple scale for insider threat analysis , 2011, CSIIRW '11.

[67]  Jinho Ryu,et al.  SoK: A Systematic Review of Insider Threat Detection , 2019, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[68]  Bhavani M. Thuraisingham,et al.  Insider Threat Detection Using Stream Mining and Graph Mining , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[69]  Yap-Peng Tan,et al.  Scenario-Based Insider Threat Detection From Cyber Activities , 2018, IEEE Transactions on Computational Social Systems.

[70]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[71]  Deborah A. Frincke,et al.  Social/Ethical Issues in Predictive Insider Threat Monitoring , 2011 .

[72]  A. Karr,et al.  Computer Intrusion: Detecting Masquerades , 2001 .

[73]  Xiaosong Zhang,et al.  An Insider Threat Detection Approach Based on Mouse Dynamics and Deep Learning , 2019, Secur. Commun. Networks.

[74]  Yuval Elovici,et al.  Insight Into Insiders and IT , 2018, ACM Comput. Surv..

[75]  Klaus Wehrle,et al.  Privacy in the Internet of Things: threats and challenges , 2014, Secur. Commun. Networks.

[76]  Thomas G. Dietterich,et al.  Detecting insider threats in a real corporate database of computer usage activity , 2013, KDD.

[77]  Jason R. C. Nurse,et al.  A New Take on Detecting Insider Threats: Exploring the Use of Hidden Markov Models , 2016, MIST@CCS.

[78]  Bhavani M. Thuraisingham,et al.  Unsupervised Ensemble Based Learning for Insider Threat Detection , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[79]  Li Sun,et al.  Graph Based Framework for Malicious Insider Threat Detection , 2018, HICSS.

[80]  Rachel Greenstadt,et al.  The illiterate editor: metadata-driven revert detection in Wikipedia , 2013, OpenSym.

[81]  Suraj Nellikar Insider threat simulation and performance analysis of insider detection algorithms with role based models , 2010 .

[82]  Dawn M. Cappelli,et al.  Common Sense Guide to Mitigating Insider Threats 4th Edition , 2012 .

[83]  Hassan Takabi,et al.  Toward an Insider Threat Detection Framework Using Honey Permissions , 2015, J. Internet Serv. Inf. Secur..

[84]  Dimitris Gritzalis,et al.  Proactive insider threat detection through social media: the YouTube case , 2013, WPES.

[85]  Ram Dantu,et al.  Towards Insider Threat Detection Using Psychophysiological Signals , 2015, MIST@CCS.

[86]  Zhihong Tian,et al.  Deep Learning Based Attribute Classification Insider Threat Detection for Data Security , 2018, 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC).

[87]  Oliver Brdiczka,et al.  Proactive Insider Threat Detection through Graph Learning and Psychological Context , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[88]  Michele Maasberg,et al.  The Dark Side of the Insider: Detecting the Insider Threat through Examination of Dark Triad Personality Traits , 2015, 2015 48th Hawaii International Conference on System Sciences.

[89]  Rachel Greenstadt,et al.  Use of machine learning in big data analytics for insider threat detection , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[90]  Robert H. Anderson,et al.  Understanding the Insider Threat , 2004 .

[91]  Kevin Ashton,et al.  That ‘Internet of Things’ Thing , 1999 .

[92]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[93]  Sadie Creese,et al.  Smart Insiders: Exploring the Threat from Insiders Using the Internet-of-Things , 2015, 2015 International Workshop on Secure Internet of Things (SIoT).

[94]  Bradley Malin,et al.  Detection of anomalous insiders in collaborative environments via relational analysis of access logs , 2011, CODASPY '11.