Lateral Movement Detection Using User Behavioral Analysis
- URL: http://arxiv.org/abs/2208.13524v1
- Date: Mon, 29 Aug 2022 11:57:40 GMT
- Title: Lateral Movement Detection Using User Behavioral Analysis
- Authors: Deepak Kushwaha, Dhruv Nandakumar, Akshay Kakkar, Sanvi Gupta, Kevin
Choi, Christopher Redino, Abdul Rahman, Sabthagiri Saravanan Chandramohan,
Edward Bowen, Matthew Weeks, Aaron Shaha, Joe Nehila
- Abstract summary: Authors propose a novel, lightweight method for Lateral Movement detection using user behavioral analysis and machine learning.
This paper introduces a novel methodology for cyber domain-specific feature engineering that identifies Lateral Movement behavior on a per-user basis.
The underlying goal of the paper is to provide a computationally efficient, domain-specific approach to near real-time Lateral Movement detection.
- Score: 3.3466872673100236
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Lateral Movement refers to methods by which threat actors gain initial access
to a network and then progressively move through said network collecting key
data about assets until they reach the ultimate target of their attack. Lateral
Movement intrusions have become more intricate with the increasing complexity
and interconnected nature of enterprise networks, and require equally
sophisticated detection mechanisms to proactively detect such threats in near
real-time at enterprise scale. In this paper, the authors propose a novel,
lightweight method for Lateral Movement detection using user behavioral
analysis and machine learning. Specifically, this paper introduces a novel
methodology for cyber domain-specific feature engineering that identifies
Lateral Movement behavior on a per-user basis. Furthermore, the engineered
features have also been used to develop two supervised machine learning models
for Lateral Movement identification that have demonstrably outperformed models
previously seen in literature while maintaining robust performance on datasets
with high class imbalance. The models and methodology introduced in this paper
have also been designed in collaboration with security operators to be relevant
and interpretable in order to maximize impact and minimize time to value as a
cyber threat detection toolkit. The underlying goal of the paper is to provide
a computationally efficient, domain-specific approach to near real-time Lateral
Movement detection that is interpretable and robust to enterprise-scale data
volumes and class imbalance.
Related papers
- Time-Aware Face Anti-Spoofing with Rotation Invariant Local Binary Patterns and Deep Learning [50.79277723970418]
imitation attacks can lead to erroneous identification and subsequent authentication of attackers.
Similar to face recognition, imitation attacks can also be detected with Machine Learning.
We propose a novel approach that promises high classification accuracy by combining previously unused features with time-aware deep learning strategies.
arXiv Detail & Related papers (2024-08-27T07:26:10Z) - It Is Time To Steer: A Scalable Framework for Analysis-driven Attack Graph Generation [50.06412862964449]
Attack Graph (AG) represents the best-suited solution to support cyber risk assessment for multi-step attacks on computer networks.
Current solutions propose to address the generation problem from the algorithmic perspective and postulate the analysis only after the generation is complete.
This paper rethinks the classic AG analysis through a novel workflow in which the analyst can query the system anytime.
arXiv Detail & Related papers (2023-12-27T10:44:58Z) - A Target Detection Algorithm in Traffic Scenes Based on Deep
Reinforcement Learning [2.8554857235549753]
This research presents a novel active detection model utilizing deep reinforcement learning to accurately detect traffic objects in real-world scenarios.
The model employs a deep Q-network based on LSTM-CNN that identifies and aligns target zones with specific categories of traffic objects.
Tests conducted demonstrate the model's proficiency, exhibiting exceptional precision and performance in locating traffic signal lights and speed limit signs.
arXiv Detail & Related papers (2023-12-25T04:23:30Z) - Zero Day Threat Detection Using Metric Learning Autoencoders [3.1965908200266173]
The proliferation of zero-day threats (ZDTs) to companies' networks has been immensely costly.
Deep learning methods are an attractive option for their ability to capture highly-nonlinear behavior patterns.
The models presented here are also trained and evaluated with two more datasets, and continue to show promising results even when generalizing to new network topologies.
arXiv Detail & Related papers (2022-11-01T13:12:20Z) - Zero Day Threat Detection Using Graph and Flow Based Security Telemetry [3.3029515721630855]
Zero Day Threats (ZDT) are novel methods used by malicious actors to attack and exploit information technology (IT) networks or infrastructure.
In this paper, we introduce a deep learning based approach to Zero Day Threat detection that can generalize, scale, and effectively identify threats in near real-time.
arXiv Detail & Related papers (2022-05-04T19:30:48Z) - Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks.
We present an adversarial training strategy that mitigates the impact of such simulated attacks.
arXiv Detail & Related papers (2022-03-25T19:57:19Z) - Poisoning Attacks and Defenses on Artificial Intelligence: A Survey [3.706481388415728]
Data poisoning attacks represent a type of attack that consists of tampering the data samples fed to the model during the training phase, leading to a degradation in the models accuracy during the inference phase.
This work compiles the most relevant insights and findings found in the latest existing literatures addressing this type of attacks.
A thorough assessment is performed on the reviewed works, comparing the effects of data poisoning on a wide range of ML models in real-world conditions.
arXiv Detail & Related papers (2022-02-21T14:43:38Z) - Unsupervised Domain Adaption of Object Detectors: A Survey [87.08473838767235]
Recent advances in deep learning have led to the development of accurate and efficient models for various computer vision applications.
Learning highly accurate models relies on the availability of datasets with a large number of annotated images.
Due to this, model performance drops drastically when evaluated on label-scarce datasets having visually distinct images.
arXiv Detail & Related papers (2021-05-27T23:34:06Z) - Explainable Adversarial Attacks in Deep Neural Networks Using Activation
Profiles [69.9674326582747]
This paper presents a visual framework to investigate neural network models subjected to adversarial examples.
We show how observing these elements can quickly pinpoint exploited areas in a model.
arXiv Detail & Related papers (2021-03-18T13:04:21Z) - Adversarial Attacks on Machine Learning Systems for High-Frequency
Trading [55.30403936506338]
We study valuation models for algorithmic trading from the perspective of adversarial machine learning.
We introduce new attacks specific to this domain with size constraints that minimize attack costs.
We discuss how these attacks can be used as an analysis tool to study and evaluate the robustness properties of financial models.
arXiv Detail & Related papers (2020-02-21T22:04:35Z) - An Intelligent and Time-Efficient DDoS Identification Framework for
Real-Time Enterprise Networks SAD-F: Spark Based Anomaly Detection Framework [0.5811502603310248]
We will be exploring security analytic techniques for DDoS anomaly detection using different machine learning techniques.
In this paper, we are proposing a novel approach which deals with real traffic as input to the system.
We study and compare the performance factor of our proposed framework on three different testbeds.
arXiv Detail & Related papers (2020-01-21T06:05:48Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.