Current Detection Methods for Insider Threats and Social Engineering Attacks: Enhancements and Analysis Using Deep Learning

Despite advancements in technology, insider threats and social engineering attacks continue to pose significant challenges. Current threat detection methods often fail to effectively identifies insider threats, leaving organizations vulnerable. This systematic review thoroughly examines and evaluates existing detection methods for insider threats and social engineering attacks, performs comparative gap analyses, assesses detection effectiveness, identifies inherent challenges, and proposes conceptual system architecture. A primary challenge is distinguishing between normal and malicious insider activities, which exceed the capabilities of current network intrusion detection systems. Although machine learning and deep learning-based intrusion detection systems have been developed continuously, issues such as false positive and false negative rates persist due to the human elements involved in insider threats and social engineering attacks. The review focuses on identifying current network and host-based detection methods, analyzing existing gaps, and proposing a detection framework that integrates user behavior analysis with network and host-based detection and deep learning techniques to enhance detection accuracy and cost-effectiveness. Incorporating user cybersecurity behavior into existing intrusion detection systems and making detection unified (comprehensive) will result a high-performance threat detection system specifically for malicious insiders and social engineering attacks.