Insight into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures
作者: Ivan Homoliak , Flavio Toffalini , Juan Guarnizo , Yuval Elovici , Martín Ochoa
DOI: 10.1145/3303771
关键词:
摘要: Insider threats are one of today's most challenging cybersecurity issues that not well addressed by commonly employed security solutions. Despite several scientific works published in this domain, we argue the field can benefit from proposed structural taxonomy and novel categorization research contribute to organization disambiguation insider threat incidents defense solutions used against them. The objective our is systematize knowledge research, while leveraging existing grounded theory method for rigorous literature review. depicts workflow among particular categories include: 1) Incidents datasets, 2) Analysis attackers, 3) Simulations, 4) Defense Special attention paid definitions taxonomies threat; present a incidents, which based on 5W1H questions information gathering problem. Our survey will enhance researchers' efforts domain threat, because it provides: a) contributes orthogonal classification defining scope them, b) an updated overview publicly available datasets be test new detection other works, c) references case studies frameworks modeling insiders' behaviors purpose reviewing or extending their coverage, d) discussion trends further directions reasoning domain.
arxiv.org
sci-hub.se 参考文章(93)
Joon S. Park, Shuyuan Mary Ho, Composite Role-Based Monitoring (CRBM) for Countering Insider Threats intelligence and security informatics. pp. 201- 213 ,(2004) , 10.1007/978-3-540-25952-7_15
Benito Camiña, Raúl Monroy, Luis A. Trejo, Erika Sánchez, Towards building a masquerade detection method based on user file system navigation mexican international conference on artificial intelligence. pp. 174- 186 ,(2011) , 10.1007/978-3-642-25324-9_15
Eric D. Shaw, Lynn F. Fischer, Ten Tales of Betrayal: The Threat to Corporate Infrastructure by Information Technology Insiders Analysis and Observations Defense Technical Information Center. ,(2005) , 10.21236/ADA441293
Philip A. Legg, Oliver Buckley, Michael Goldsmith, Sadie Creese, Automated Insider Threat Detection System Using User and Role-Based Profile Assessment IEEE Systems Journal. ,vol. 11, pp. 503- 512 ,(2017) , 10.1109/JSYST.2015.2438442
Indrajit Ray, Nayot Poolsapassit, Using Attack Trees to Identify Malicious Attacks from Authorized Insiders Computer Security – ESORICS 2005. pp. 231- 246 ,(2005) , 10.1007/11555827_14
Debin Liu, XiaoFeng Wang, L. Jean Camp, Mitigating Inadvertent Insider Threats with Incentives Financial Cryptography and Data Security. ,vol. 5628, pp. 1- 16 ,(2009) , 10.1007/978-3-642-03549-4_1
Michele Maasberg, John Warren, Nicole L. Beebe, The Dark Side of the Insider: Detecting the Insider Threat through Examination of Dark Triad Personality Traits hawaii international conference on system sciences. pp. 3518- 3526 ,(2015) , 10.1109/HICSS.2015.423
Ramkumar Chinchani, Duc Ha, Anusha Iyer, Hung Q. Ngo, Shambhu Upadhyaya, Insider Threat Assessment: Model, Analysis and Tool nese. pp. 143- 174 ,(2010) , 10.1007/978-0-387-73821-5_7
S. Pramanik, V. Sankaranarayanan, S. Upadhyaya, Security policies to mitigate insider threat in the document control domain annual computer security applications conference. pp. 304- 313 ,(2004) , 10.1109/CSAC.2004.35
Karen D. Loch, Houston H. Carr, Merrill E. Warkentin, Threats to Information Systems: Today's Reality, Yesterday's Understanding Management Information Systems Quarterly. ,vol. 16, pp. 173- 186 ,(1992) , 10.2307/249574