RDP-based Lateral Movement detection using Machine Learning
作者: Tim Bai , Haibo Bian , Mohammad A. Salahuddin , Abbas Abou Daya , Noura Limam
DOI: 10.1016/J.COMCOM.2020.10.013
关键词:
摘要: Abstract Detecting cyber threats has been an on-going research endeavor. In this era, Advanced Persistent Threats (APTs) can incur significant costs for organizations and businesses. The ultimate goal of cybersecurity is to thwart attackers from achieving their malicious intent, whether it credential stealing, infrastructure takeover, or program sabotage. Every attack goes through several stages before its termination. Lateral Movement (LM) one those that particular importance. Remote Desktop Protocol (RDP) a method used in LM successfully authenticate unauthorized host leaves footprints on both network logs. paper, we propose detect evidence using Machine Learning (ML) Windows RDP event We explore different feature sets extracted these logs evaluate various supervised ML techniques classifying sessions with high precision recall. also compare the performance our proposed approach state-of-the-art demonstrate model outperforms addition, show robust against certain types adversarial attacks.
sci-hub.st 参考文章(37)
Hung-Jen Liao, Chun-Hung Richard Lin, Ying-Chih Lin, Kuang-Yuan Tung, Review: Intrusion detection system: A comprehensive review Journal of Network and Computer Applications. ,vol. 36, pp. 16- 24 ,(2013) , 10.1016/J.JNCA.2012.09.004
Daesung Moon, Sung Bum Pan, Ikkyun Kim, Host-based intrusion detection system for secure human-centric computing The Journal of Supercomputing. ,vol. 72, pp. 2520- 2536 ,(2016) , 10.1007/S11227-015-1506-9
Tin Kam Ho, Random decision forests international conference on document analysis and recognition. ,vol. 1, pp. 278- 282 ,(1995) , 10.1109/ICDAR.1995.598994
J.D. Tygar, Adversarial Machine Learning IEEE Internet Computing. ,vol. 15, pp. 4- 6 ,(2011) , 10.1109/MIC.2011.112
BATTISTA BIGGIO, GIORGIO FUMERA, FABIO ROLI, Pattern Recognition Systems under Attack: Design Issues and Research Challenges International Journal of Pattern Recognition and Artificial Intelligence. ,vol. 28, pp. 1460002- ,(2014) , 10.1142/S0218001414600027
Jerome Friedman, Trevor Hastie, Robert Tibshirani, Additive logistic regression: a statistical view of boosting (With discussion and a rejoinder by the authors) Annals of Statistics. ,vol. 28, pp. 337- 407 ,(2000) , 10.1214/AOS/1016218223
Sheharbano Khattak, Naurin Rasheed Ramay, Kamran Riaz Khan, Affan A. Syed, Syed Ali Khayam, A Taxonomy of Botnet Behavior, Detection, and Defense IEEE Communications Surveys and Tutorials. ,vol. 16, pp. 898- 924 ,(2014) , 10.1109/SURV.2013.091213.00134
Gisung Kim, Seungmin Lee, Sehun Kim, A novel hybrid intrusion detection method integrating anomaly detection with misuse detection Expert Systems With Applications. ,vol. 41, pp. 1690- 1700 ,(2014) , 10.1016/J.ESWA.2013.08.066
S. García, M. Grill, J. Stiborek, A. Zunino, An empirical comparison of botnet detection methods Computers & Security. ,vol. 45, pp. 100- 123 ,(2014) , 10.1016/J.COSE.2014.05.011
Elaheh Biglar Beigi, Hossein Hadian Jazi, Natalia Stakhanova, Ali A. Ghorbani, Towards effective feature selection in machine learning-based botnet detection approaches communications and networking symposium. pp. 247- 255 ,(2014) , 10.1109/CNS.2014.6997492