The Application of Artificial Intelligence in the Detection of Malicious Insider Threats: A Review

Insider threats are a growing threat to organizations' security, resulting in a significant increase in cyberattacks. As organizations continue to rely on digital systems and data, the potential for malicious insider threats has heightened the need for advanced detection methods using Artificial Intelligence (AI) technology. A malicious insider is an individual granted legitimate access to an organization and exploits this privilege for personal or other reasons to compromise information assets' confidentiality, integrity, or availability. A simple review of forty-seven (47) articles identified from various academic databases was conducted. In this review paper, we explore the current state of research on the application of AI techniques for the detection of malicious insider threats in the cybersecurity space by examining the different AI-based approaches and techniques that have been employed for the detection of malicious insider threats, types of data source and how effective the AI models are through the evaluation metrics utilized. The academic literature reveals a wide range of advancements in artificial intelligence related to the detection of insider threats. The Computer Emergency Response Team (CERT) dataset has the highest usage of 68%, while accuracy and precision have the highest usage of 26% and 21%, respectively, in terms of performance metrics, with Machine learning as the most used AI technique compared to others. Additionally, the paper outlines future research directions. It serves as a starting point for young researchers and a yardstick for experienced researchers in proposing new methodologies to enhance the effectiveness of insider threat detection.