A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf
.
Detecting Structurally Anomalous Logins Within Enterprise Networks
2017
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17
Many network intrusion detection systems use byte sequences to detect lateral movements that exploit remote vulnerabilities. Attackers bypass such detection by stealing valid credentials and using them to transmit from one computer to another without creating abnormal network traffic. We call this method Credential-based Lateral Movement. To detect this type of lateral movement, we develop the concept of a Network Login Structure that specifies normal logins within a given network. Our method
doi:10.1145/3133956.3134003
dblp:conf/ccs/SiadatiM17
fatcat:qe53ush76zhvbjxipsazwmvabm