Andrew Wicker scite author profile

Andrew Wicker

4Publications

29Citation Statements Received

108Citation Statements Given

How they've been cited

How they cite others

108

Affiliations

Microsoft (United States), North Carolina State University

Publications

Order By: Most citations

Practical Machine Learning for Cloud Intrusion Detection

Kumar

Wicker

Swann

2017

View full text Add to dashboard Cite

Operationalizing machine learning based security detections is extremely challenging, especially in a continuously evolving cloud environment. Conventional anomaly detection does not produce satisfactory results for analysts that are investigating security incidents in the cloud. Model evaluation alone presents its own set of problems due to a lack of benchmark datasets. When deploying these detections, we must deal with model compliance, localization, and data silo issues, among many others. We pose the problem of "a ack disruption" as a way forward in the security data science space. In this paper, we describe the framework, challenges, and open questions surrounding the successful operationalization of machine learning based security detections in a cloud environment and provide some insights on how we have addressed them.

show abstract

D²M: Dynamic Defense and Modeling of Adversarial Movement in Networks

Freitas¹,

Wicker²,

Chau³

et al. 2020

View full text Add to dashboard Cite

Given a large enterprise network of devices and their authentication history (e.g., device logons), how can we quantify network vulnerability to lateral attack and identify at-risk devices? We systematically address these problems through D 2 M , the first framework that models lateral attacks on enterprise networks using multiple attack strategies developed with researchers, engineers, and threat hunters in the Microsoft Defender Advanced Threat Protection group. These strategies integrate real-world adversarial actions (e.g., privilege escalation) to generate attack paths: a series of compromised machines. Leveraging these attack paths and a novel Monte-Carlo method, we formulate network vulnerability as a probabilistic function of the network topology, distribution of access credentials and initial penetration point. To identify machines at risk to lateral attack, we propose a suite of five fast graph mining techniques, including a novel technique called AnomalyShield inspired by node immunization research. Using three real-world authentication graphs from Microsoft and Los Alamos National Laboratory (up to 223,399 authentications), we report the first experimental results on network vulnerability to lateral attack, demonstrating D 2 M 's unique potential to empower IT admins to develop robust user access credential policies. PenetrateExplore Compromise Analyst Tests Attack Strategy1 1 2 1 2 3 User Admin Domain Controller Build Authentication Graph 3. Vulnerability Analysis Monitored Our ContributionsWe propose D 2 M , the first framework that systematically quantifies network vulnerability to lateral attack and identifies at-risk devices (Fig. 1).Our major contributions include:• Attack Strategies D 2 M enables security researchers to integrate their crucial domain knowledge from studying prior attacks in the form of attack strategies. We developed three attack strategies by actively engaging researchers, engineers and threat

show abstract

Leveraging Multiple Mechanisms for Information Propagation

Wicker

Doyle

2012

View full text Add to dashboard Cite

D2M: Dynamic Defense and Modeling of Adversarial Movement in Networks

Freitas¹,

Wicker²,

Chau³

et al. 2020

Preprint

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Andrew Wicker

Practical Machine Learning for Cloud Intrusion Detection

D²M: Dynamic Defense and Modeling of Adversarial Movement in Networks

Leveraging Multiple Mechanisms for Information Propagation

D2M: Dynamic Defense and Modeling of Adversarial Movement in Networks

Contact Info

Product

Resources

About