A systematic literature review on insider threats

TL;DR

This paper provides a comprehensive review and classification of insider threats in cybersecurity, analyzing detection methods, motivations, and real incidents to improve understanding and defense strategies.

Contribution

It introduces a new structural taxonomy and classification framework for insider threats, organizing existing research and proposing a systematic categorization of attack types and detection methods.

Findings

Developed a taxonomy of insider threat types and motivations

Analyzed recent detection techniques including machine learning and behavior analysis

Reviewed actual insider attack incidents for practical insights

Abstract

Insider threats is the most concerned cybersecurity problem which is poorly addressed by widely used security solutions. Despite the fact that there have been several scientific publications in this area, but from our innovative study classification and structural taxonomy proposals, we argue to provide the more information about insider threats and defense measures used to counter them. While adopting the current grounded theory method for a thorough literature evaluation, our categorization's goal is to organize knowledge in insider threat research. Along with an analysis of major recent studies on detecting insider threats, the major goal of the study is to develop a classification of current types of insiders, levels of access, motivations behind it, insider profiling, security properties, and methods they use to attack. This includes use of machine learning algorithm, behavior analysis, methods of detection and evaluation. Moreover, actual incidents related to insider attacks have also been analyzed.