Database Intrusion Detection Systems (DIDs): Insider Threat Detection via Behaviour-Based Anomaly Detection Systems - A Brief Survey of Concepts and Approaches

Khan, Muhammad Imran; Foley, Simon N.; O’Sullivan, Barry

doi:10.1007/978-3-030-93956-4_11

Cited by 4 publications

(1 citation statement)

References 56 publications

(61 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When a match is identified, the system triggers an alert or takes predefined actions, such as blocking access or notifying security personnel. The authors of [80], [81]. suggests that while signature-based detection is effective in recognizing well-established and documented insider threats, its limitation lies in its inability to identify novel or previously unseen malicious activities, as it heavily relies on historical data and known attack patterns.…”

Section: ) Signature-based Detection Methodsmentioning

confidence: 99%

A Review of Recent Advances, Challenges, and Opportunities in Malicious Insider Threat Detection Using Machine Learning Methods

Alzaabi,

Mehmood

2024

IEEE Access

View full text Add to dashboard Cite

Insider threat detection has become a paramount concern in modern times where organizations strive to safeguard their sensitive information and critical assets from malicious actions by individuals with privileged access. This survey paper provides a comprehensive overview of insider threat detection, highlighting its significance in the current landscape of cybersecurity. The review encompasses a broad spectrum of methodologies and techniques, with a particular focus on classical machine-learning approaches and their limitations in effectively addressing the intricacies of insider threats. Furthermore, the survey explores the utilization of modern deep learning and natural language processing (NLP) based methods as promising alternatives, shedding light on their advantages over traditional methods. This analysis underscores the need for sophisticated solutions that can adapt to evolving threat landscapes and accommodate the intricacies of human behavior. In the conclusion section, the paper offers valuable insights into the future directions of insider threat detection. It advocates for the integration of more sophisticated time-series-based techniques, recognizing the importance of temporal patterns in insider threat behaviors. Additionally, the survey underscores the potential of NLP and large language model-based approaches, which can enhance threat detection by deciphering textual and contextual information. These recommendations reflect the evolving nature of insider threats and emphasize the need for proactive, datadriven strategies to safeguard organizations against internal security breaches. In conclusion, this survey not only underscores the urgency of addressing insider threats but also provides a roadmap for the adoption of advanced methodologies to enhance detection and mitigation capabilities in contemporary cybersecurity paradigms.

show abstract

Section: ) Signature-based Detection Methodsmentioning

confidence: 99%