A review of insider threat detection approaches with IoT perspective

Aram Kim; Junhyoung Oh; Jinho Ryu; Kyungho Lee

doi:10.1109/ACCESS.2020.2990195

A review of insider threat detection approaches with IoT perspective

Aram Kim, Junhyoung Oh, Jinho Ryu, Kyungho Lee

Graduate School of Information Study

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

Abstract

Security professionals, government agencies, and corporate organizations have found an inherent need to prevent or mitigate attacks from insider threats. Accordingly, active research on insider threat detection has been conducted to prevent and mitigate adverse effects such as leakage of valuable information that may be caused by insiders. Along with the growth of Internet-of-Things (IoT), new security challenges arise in the existing security frameworks. Attack surfaces are significantly enlarged which could cause a severe risk in terms of company insider threat management. In this work, we provide a generalization of aspects of insider threats with IoT and analyze the surveyed literature based on both private and public sources. We then examine data sources considering IoT environments based on the characteristics and the structure of IoT (perceptual, network, and application layers). The result of reviewing the study shows that using the data source of the network and application layer is more suitable than the perceptual layer in the IoT environment. We also categorized each layer's data sources according to their features, and we investigated research objectives and methods for each category. Finally, the potential for utilization and limitations under the IoT environment are presented at the end of each layer examination.

Original language	English
Article number	9078082
Pages (from-to)	78847-78867
Number of pages	21
Journal	IEEE Access
Volume	8
DOIs	https://doi.org/10.1109/ACCESS.2020.2990195
Publication status	Published - 2020

Keywords

Insider threat detection
Internet-of-Things
dataset
survey

ASJC Scopus subject areas

Computer Science(all)
Materials Science(all)
Engineering(all)

Access to Document

10.1109/ACCESS.2020.2990195

Fingerprint Dive into the research topics of 'A review of insider threat detection approaches with IoT perspective'. Together they form a unique fingerprint.

Cite this

@article{c88138d8e7c04836888ec38f46116c8d,

title = "A review of insider threat detection approaches with IoT perspective",

abstract = "Security professionals, government agencies, and corporate organizations have found an inherent need to prevent or mitigate attacks from insider threats. Accordingly, active research on insider threat detection has been conducted to prevent and mitigate adverse effects such as leakage of valuable information that may be caused by insiders. Along with the growth of Internet-of-Things (IoT), new security challenges arise in the existing security frameworks. Attack surfaces are significantly enlarged which could cause a severe risk in terms of company insider threat management. In this work, we provide a generalization of aspects of insider threats with IoT and analyze the surveyed literature based on both private and public sources. We then examine data sources considering IoT environments based on the characteristics and the structure of IoT (perceptual, network, and application layers). The result of reviewing the study shows that using the data source of the network and application layer is more suitable than the perceptual layer in the IoT environment. We also categorized each layer's data sources according to their features, and we investigated research objectives and methods for each category. Finally, the potential for utilization and limitations under the IoT environment are presented at the end of each layer examination.",

keywords = "Insider threat detection, Internet-of-Things, dataset, survey",

author = "Aram Kim and Junhyoung Oh and Jinho Ryu and Kyungho Lee",

note = "Funding Information: This work was supported by the Nuclear Safety and Security Commission (id: 10.13039/501100003630).",

year = "2020",

doi = "10.1109/ACCESS.2020.2990195",

language = "English",

volume = "8",

pages = "78847--78867",

journal = "IEEE Access",

issn = "2169-3536",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - A review of insider threat detection approaches with IoT perspective

AU - Kim, Aram

AU - Oh, Junhyoung

AU - Ryu, Jinho

AU - Lee, Kyungho

N1 - Funding Information: This work was supported by the Nuclear Safety and Security Commission (id: 10.13039/501100003630).

PY - 2020

Y1 - 2020

N2 - Security professionals, government agencies, and corporate organizations have found an inherent need to prevent or mitigate attacks from insider threats. Accordingly, active research on insider threat detection has been conducted to prevent and mitigate adverse effects such as leakage of valuable information that may be caused by insiders. Along with the growth of Internet-of-Things (IoT), new security challenges arise in the existing security frameworks. Attack surfaces are significantly enlarged which could cause a severe risk in terms of company insider threat management. In this work, we provide a generalization of aspects of insider threats with IoT and analyze the surveyed literature based on both private and public sources. We then examine data sources considering IoT environments based on the characteristics and the structure of IoT (perceptual, network, and application layers). The result of reviewing the study shows that using the data source of the network and application layer is more suitable than the perceptual layer in the IoT environment. We also categorized each layer's data sources according to their features, and we investigated research objectives and methods for each category. Finally, the potential for utilization and limitations under the IoT environment are presented at the end of each layer examination.

AB - Security professionals, government agencies, and corporate organizations have found an inherent need to prevent or mitigate attacks from insider threats. Accordingly, active research on insider threat detection has been conducted to prevent and mitigate adverse effects such as leakage of valuable information that may be caused by insiders. Along with the growth of Internet-of-Things (IoT), new security challenges arise in the existing security frameworks. Attack surfaces are significantly enlarged which could cause a severe risk in terms of company insider threat management. In this work, we provide a generalization of aspects of insider threats with IoT and analyze the surveyed literature based on both private and public sources. We then examine data sources considering IoT environments based on the characteristics and the structure of IoT (perceptual, network, and application layers). The result of reviewing the study shows that using the data source of the network and application layer is more suitable than the perceptual layer in the IoT environment. We also categorized each layer's data sources according to their features, and we investigated research objectives and methods for each category. Finally, the potential for utilization and limitations under the IoT environment are presented at the end of each layer examination.

KW - Insider threat detection

KW - Internet-of-Things

KW - dataset

KW - survey

UR - http://www.scopus.com/inward/record.url?scp=85084802174&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85084802174&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2020.2990195

DO - 10.1109/ACCESS.2020.2990195

M3 - Article

AN - SCOPUS:85084802174

VL - 8

SP - 78847

EP - 78867

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

M1 - 9078082

ER -