ABSTRACT
This study is a systematic literature review on anomaly-based intrusion detection methods specially to detect insider attacks. The focus is to enumerate the techniques for modeling host-based and network-based anomaly detection. By leveraging the sequential characteristics of network data, we further discuss the concept of event-based intrusion detection. The research starts with a bibliometric analysis of the broader topic. The PRISMA methodology is implemented to analyze papers selected after the primary search. This study revolves around four research questions formed to serve the purpose defined. The study unveils the opportunity of event-based models in insider intrusion detection and identifies the possibility of a combined model to detect insiders as early as possible. The study recommends incorporating the strengths of anomaly-based, signature-based and knowledge-based models to detect the attacks proactively.
Disclosure statement
No potential conflict of interest was reported by the author(s).