The Current Situation of Insider Threats Detection: An Investigative Review

Information Technology and the Internet are ubiquitous tools for companies. Various companies are increasingly deploying information technologies to increase their process efficiency and to minimize costs. Information technologies have redefined the ways of conducting businesses. These technological revolutions have changed the nature of doing business on a global scale; simultaneously the threats surrounding these technologies are on rise. There have been various cases found in the aspects of information misuse, security attacks etc., which can be put together as cybercrime. There are different security tools like Authentication, Access Control, Anti-Virus, Firewalls, Intrusion Detection Systems and Security Information and Event Management (SIEM) to enable organizations to control and mitigate information misuse and any threat surrounding the systems. However, they are effective in detecting outside threats, and often lack the ability to detect the insider threats (attacks undertaken by employees of the company). Insider threats have become one of the major information security challenges for the organizations. Traditional information security measures are focused on the threats from the outside environment rather than the internal environments. A wide range of research has been undertaken to investigate approaches to detect the insider threats. The study has identified packet based and flow based network analysis as the two popular approaches in detecting internal threats. This paper presents a comprehensive analysis, literature review and limitations on network traffic analysis approaches.