TY - JOUR
T1 - A review of insider threat detection approaches with IoT perspective
AU - Kim, Aram
AU - Oh, Junhyoung
AU - Ryu, Jinho
AU - Lee, Kyungho
N1 - Funding Information:
This work was supported by the Nuclear Safety and Security Commission (id: 10.13039/501100003630).
PY - 2020
Y1 - 2020
N2 - Security professionals, government agencies, and corporate organizations have found an inherent need to prevent or mitigate attacks from insider threats. Accordingly, active research on insider threat detection has been conducted to prevent and mitigate adverse effects such as leakage of valuable information that may be caused by insiders. Along with the growth of Internet-of-Things (IoT), new security challenges arise in the existing security frameworks. Attack surfaces are significantly enlarged which could cause a severe risk in terms of company insider threat management. In this work, we provide a generalization of aspects of insider threats with IoT and analyze the surveyed literature based on both private and public sources. We then examine data sources considering IoT environments based on the characteristics and the structure of IoT (perceptual, network, and application layers). The result of reviewing the study shows that using the data source of the network and application layer is more suitable than the perceptual layer in the IoT environment. We also categorized each layer's data sources according to their features, and we investigated research objectives and methods for each category. Finally, the potential for utilization and limitations under the IoT environment are presented at the end of each layer examination.
AB - Security professionals, government agencies, and corporate organizations have found an inherent need to prevent or mitigate attacks from insider threats. Accordingly, active research on insider threat detection has been conducted to prevent and mitigate adverse effects such as leakage of valuable information that may be caused by insiders. Along with the growth of Internet-of-Things (IoT), new security challenges arise in the existing security frameworks. Attack surfaces are significantly enlarged which could cause a severe risk in terms of company insider threat management. In this work, we provide a generalization of aspects of insider threats with IoT and analyze the surveyed literature based on both private and public sources. We then examine data sources considering IoT environments based on the characteristics and the structure of IoT (perceptual, network, and application layers). The result of reviewing the study shows that using the data source of the network and application layer is more suitable than the perceptual layer in the IoT environment. We also categorized each layer's data sources according to their features, and we investigated research objectives and methods for each category. Finally, the potential for utilization and limitations under the IoT environment are presented at the end of each layer examination.
KW - Insider threat detection
KW - Internet-of-Things
KW - dataset
KW - survey
UR - http://www.scopus.com/inward/record.url?scp=85084802174&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85084802174&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2020.2990195
DO - 10.1109/ACCESS.2020.2990195
M3 - Article
AN - SCOPUS:85084802174
VL - 8
SP - 78847
EP - 78867
JO - IEEE Access
JF - IEEE Access
SN - 2169-3536
M1 - 9078082
ER -