Deep Learning for Insider Threat Detection: Review, Challenges and Opportunities

TL;DR

This paper reviews how deep learning techniques are transforming insider threat detection, highlighting recent advances, challenges like data scarcity, and future opportunities to improve cybersecurity defenses.

Contribution

It provides a comprehensive review of deep learning applications in insider threat detection, discusses current challenges, and suggests future research directions.

Findings

Deep learning models outperform traditional methods in detection accuracy.

Challenges include limited labeled data and adaptive attack strategies.

Future research can enhance detection through better data and models.

Abstract

Insider threats, as one type of the most challenging threats in cyberspace, usually cause significant loss to organizations. While the problem of insider threat detection has been studied for a long time in both security and data mining communities, the traditional machine learning based detection approaches, which heavily rely on feature engineering, are hard to accurately capture the behavior difference between insiders and normal users due to various challenges related to the characteristics of underlying data, such as high-dimensionality, complexity, heterogeneity, sparsity, lack of labeled insider threats, and the subtle and adaptive nature of insider threats. Advanced deep learning techniques provide a new paradigm to learn end-to-end models from complex data. In this brief survey, we first introduce one commonly-used dataset for insider threat detection and review the recent literature about deep learning for such research. The existing studies show that compared with traditional machine learning algorithms, deep learning models can improve the performance of insider threat detection. However, applying deep learning to further advance the insider threat detection task still faces several limitations, such as lack of labeled data, adaptive attacks. We then discuss such challenges and suggest future research directions that have the potential to address challenges and further boost the performance of deep learning for insider threat detection.