On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from sysmon logs
C Smiliotopoulos, G Kambourakis… - International Journal of …, 2023 - Springer
Lateral movement (LM) is a principal, increasingly common, tactic in the arsenal of
advanced persistent threat (APT) groups and other less or more powerful threat actors. It …
advanced persistent threat (APT) groups and other less or more powerful threat actors. It …
Uncovering lateral movement using authentication logs
Network infiltrations due to advanced persistent threats (APTs) have significantly grown in
recent years. Their primary objective is to gain unauthorized access to network assets …
recent years. Their primary objective is to gain unauthorized access to network assets …
A semi-supervised autoencoder with an auxiliary task (SAAT) for power transformer fault diagnosis using dissolved gas analysis
This paper proposes a semi-supervised autoencoder with an auxiliary task (SAAT) to extract
a health feature space for power transformer fault diagnosis using dissolved gas analysis …
a health feature space for power transformer fault diagnosis using dissolved gas analysis …
LaAeb: A comprehensive log-text analysis based approach for insider threat detection
Insider threats have increasingly become a critical issue that modern enterprises and
organizations faced. They are mainly initiated by insider attackers, which may cause …
organizations faced. They are mainly initiated by insider attackers, which may cause …
Detecting lateral movement: A systematic survey
Within both the cyber kill chain and MITRE ATT&CK frameworks, Lateral Movement (LM) is
defined as any activity that allows adversaries to progressively move deeper into a system in …
defined as any activity that allows adversaries to progressively move deeper into a system in …
[HTML][HTML] Role-based lateral movement detection with unsupervised learning
BA Powell - Intelligent Systems with Applications, 2022 - Elsevier
Adversarial lateral movement via compromised accounts remains difficult to discover via
traditional rule-based defenses because it generally lacks explicit indicators of compromise …
traditional rule-based defenses because it generally lacks explicit indicators of compromise …
Assessing the detection of lateral movement through unsupervised learning techniques
Lateral movement (LM) is an umbrella term for techniques through which attackers spread
from an entry point to the rest of the network. Typically, LM involves both pivoting through …
from an entry point to the rest of the network. Typically, LM involves both pivoting through …
Mltracer: Malicious logins detection system via graph neural network
F Liu, Y Wen, Y Wu, S Liang, X Jiang… - 2020 IEEE 19th …, 2020 - ieeexplore.ieee.org
Malicious login, especially lateral movement, has been a primary and costly threat for
enterprises. However, there exist two critical challenges in the existing methods. Specifically …
enterprises. However, there exist two critical challenges in the existing methods. Specifically …
Detecting malicious logins as graph anomalies
BA Powell - Journal of information security and applications, 2020 - Elsevier
Authenticated lateral movement via compromised accounts is a common adversarial
maneuver that is challenging to discover with signature-or rules-based intrusion detection …
maneuver that is challenging to discover with signature-or rules-based intrusion detection …
C-bedim and s-bedim: lateral movement detection in enterprise network through behavior deviation measurement
Lateral movement plays a vital role in a network attack campaign. After breaking into the
intranet, perpetrators penetrate to their final target through this procedure. In order to protect …
intranet, perpetrators penetrate to their final target through this procedure. In order to protect …