REVIEW OF INSIDER THREAT DETECTION TECHNIQUES BASED ON MULTI-SOURCE DATA

In recent years, insider threat incidents are on the rise, insider network security is facing great challenges, insider threat detection technology begins to be widely concerned and is studied as an effective means. This paper analyzes and summarizes the development of insider threat detection technology from the perspective of data sources, and compares the characteristics of data from different sources, the roles played in the detection and the detection methods for this type of data. On this basis, the paper introduced the widely studied insider threat dataset CERT-IT, and analyzed and compared the insider threat detection methods based on CERT-IT, so as to discuss the challenges faced by the current insider threat detection technology and the future development trend.