Insider Threat Research: A Review of Deep Learning Approach

Abstract

Insider threat refers to those threats which are malicious and perpetrated from within by people and employees of an organization who have direct and legitimate access to its network and computing systems, and are knowledgeable about its security architecture and mode of operation. However, every successful malfeasance or benign behavior and incident often originates from malicious and subtle intents hidden in digital footprints and these can serve as forensics and precursor to every insider attack. Examining extensive datasets can be overwhelming and require significant computational resources for human analysts and conventional machine learning models. Advanced deep learning methods are capable of extracting insights from intricate data. Also, it offers a new paradigm to overcome traditional machine learning limitations such as unlabeled data, sparsity, high-dimensionality, complexity, heterogeneity, and the dynamic nature of typical malicious insiders. This paper presents a review of recent literature on deep learning applications in insider threat research.