2021
DOI: 10.1109/tnsm.2021.3054356
|View full text |Cite
|
Sign up to set email alerts
|

Uncovering Lateral Movement Using Authentication Logs

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
12
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
4
4
1
1

Relationship

0
10

Authors

Journals

citations
Cited by 24 publications
(12 citation statements)
references
References 27 publications
0
12
0
Order By: Relevance
“…Keeping the same principles as in [7], the authors leveraged Windows hostbased RDP event logs (as evidences) through the combination of two publicly available Windows event-logs subsets of the LANL dataset, namely, comprehensive and unified, respectively. The subject of LM detection via authentication logs was re-addressed in [9] by the same authors, although extended in the examination of the effects on classification efficiency due to perturbations of LM techniques patterns.…”
Section: Supervised Learning Based Schemesmentioning
confidence: 99%
“…Keeping the same principles as in [7], the authors leveraged Windows hostbased RDP event logs (as evidences) through the combination of two publicly available Windows event-logs subsets of the LANL dataset, namely, comprehensive and unified, respectively. The subject of LM detection via authentication logs was re-addressed in [9] by the same authors, although extended in the examination of the effects on classification efficiency due to perturbations of LM techniques patterns.…”
Section: Supervised Learning Based Schemesmentioning
confidence: 99%
“…The life cycle of APT can be divided into the following stages: reconnaissance, delivery, initial intrusion, command and control (C&C), lateral movement, data exfiltration. 19 In the reconnaissance and delivery stage, attackers mainly collect information about the target, such as exploits, personnel information and host information. Then attackers use collected information to attack the target in the initial intrusion stage.…”
Section: Related Workmentioning
confidence: 99%
“…To capture relations between network entities, researchers construct authentication graphs, where nodes represent users or devices and edges represent authentication events. At first, some researchers [29]- [31] characterize graph topology with features like in/out degree, in/out weight, centrality, eccentricity, etc., and spot anomalies with traditional ML methods. With the development of graph learning methods, GLGV [7] utilizes DeepWalk [32] to generate node embeddings, presents links as their Hadamard products, and trains a logistic regression classifier to predict lateral movement.…”
Section: A Lateral Movement Detectionmentioning
confidence: 99%