English
Related papers

Related papers: Detecting malicious logins as graph anomalies

200 papers

Adversarial lateral movement via compromised accounts remains difficult to discover via traditional rule-based defenses because it generally lacks explicit indicators of compromise. We propose a behavior-based, unsupervised framework…

Cryptography and Security · Computer Science 2021-08-06 Brian A. Powell

Lateral movement is a crucial component of advanced persistent threat (APT) attacks in networks. Attackers exploit security vulnerabilities in internal networks or IoT devices, expanding their control after initial infiltration to steal…

Cryptography and Security · Computer Science 2024-11-18 Jiajun Zhou , Jiacheng Yao , Xuanze Chen , Shanqing Yu , Qi Xuan , Xiaoniu Yang

In successful enterprise attacks, adversaries often need to gain access to additional machines beyond their initial point of compromise, a set of internal movements known as lateral movement. We present Hopper, a system for detecting…

Cryptography and Security · Computer Science 2021-05-31 Grant Ho , Mayank Dhiman , Devdatta Akhawe , Vern Paxson , Stefan Savage , Geoffrey M. Voelker , David Wagner

Given a large enterprise network of devices and their authentication history (e.g., device logons), how can we quantify network vulnerability to lateral attack and identify at-risk devices? We systematically address these problems through…

Social and Information Networks · Computer Science 2020-01-31 Scott Freitas , Andrew Wicker , Duen Horng Chau , Joshua Neil

This work presents a consensus-based Bayesian framework to detect malicious user behavior in enterprise directory access graphs. By modeling directories as topics and users as agents within a multi-level interaction graph, we simulate…

Machine Learning · Computer Science 2026-03-05 Pratyush Uppuluri , Shilpa Noushad , Sajan Kumar

Lateral movement attacks are a serious threat to enterprise security. In these attacks, an attacker compromises a trusted user account to get a foothold into the enterprise network and uses it to attack other trusted users, increasingly…

Cryptography and Security · Computer Science 2019-05-06 Pin-Yu Chen , Sutanay Choudhury , Luke Rodriguez , Alfred Hero , Indrajit Ray

Lateral Movement refers to methods by which threat actors gain initial access to a network and then progressively move through said network collecting key data about assets until they reach the ultimate target of their attack. Lateral…

Cyberthreats are a permanent concern in our modern technological world. In the recent years, sophisticated traffic analysis techniques and anomaly detection (AD) algorithms have been employed to face the more and more subversive adversarial…

Machine Learning · Computer Science 2022-05-17 Paul Irofti , Andrei Pătraşcu , Andrei Iulian Hîji

In order to detect unknown intrusions and runtime errors of computer programs, the cyber-security community has developed various detection techniques. Anomaly detection is an approach that is designed to profile the normal runtime behavior…

Cryptography and Security · Computer Science 2021-06-03 Byunggu Yu , Junwhan Kim

While attack graphs are useful for identifying major cybersecurity threats affecting a system, they do not provide operational support for determining the likelihood of having a known vulnerability exploited, or that critical system nodes…

Cryptography and Security · Computer Science 2026-04-21 Francesco Vitale , Simone Guarino , Stefano Perone , Massimiliano Rak , Nicola Mazzocca

Until two decades ago, industrial networks were deemed secure due to physical separation from public networks. An abundance of successful attacks proved that assumption wrong. Intrusion detection solutions for industrial application need to…

Cryptography and Security · Computer Science 2019-07-10 Simon D. Duque Anton , Daniel Fraunholz , Hans Dieter Schotten

Representing networks as a graph and training a link prediction model using benign connections is an effective method of anomaly-based intrusion detection. Existing works using this technique have shown great success using temporal graph…

Cryptography and Security · Computer Science 2026-01-12 Isaiah J. King , Bernardo Trindade , Benjamin Bowman , H. Howie Huang

While most security projects have focused on fending off attacks coming from outside the organizational boundaries, a real threat has arisen from the people who are inside those perimeter protections. Insider threats have shown their power…

Cryptography and Security · Computer Science 2018-09-05 Anagi Gamachchi , Li Sun , Serdar Boztas

Anomaly detection in event logs is a promising approach for intrusion detection in enterprise networks. By building a statistical model of usual activity, it aims to detect multiple kinds of malicious behavior, including stealthy tactics,…

Cryptography and Security · Computer Science 2022-06-29 Corentin Larroche , Johan Mazel , Stephan Clémençon

Advanced Persistent Threats (APTs) are a main impendence in cyber security of computer networks. In 2015, a successful breach remains undetected 146 days on average, reported by [Fi16].With our work we demonstrate a feasible and fast way to…

Databases · Computer Science 2018-02-02 Timo Schindler

This paper investigates how to effectively stop an attacker from using compromised user credentials to gain authorized entry to systems that they are otherwise not authorised to access. The proposed solution extends previous work to move…

Cryptography and Security · Computer Science 2018-01-09 Roy Henha Eyono

Log analysis is one of the main techniques engineers use to troubleshoot faults of large-scale software systems. During the past decades, many log analysis approaches have been proposed to detect system anomalies reflected by logs. They…

Software Engineering · Computer Science 2022-09-19 Yongzheng Xie , Hongyu Zhang , Muhammad Ali Babar

This paper proposes a generic classification system designed to detect security threats based on the behavior of malware samples. The system relies on statistical features computed from proxy log fields to train detectors using a database…

Machine Learning · Statistics 2017-02-09 Lukas Machlica , Karel Bartos , Michal Sofka

Detecting anomalies is important for identifying inefficiencies, errors, or fraud in business processes. Traditional process mining approaches focus on analyzing 'flattened', sequential, event logs based on a single case notion. However,…

Statistical Finance · Quantitative Finance 2024-03-05 Alessandro Niro , Michael Werner

Anomaly-based cyber threat detection using deep learning is on a constant growth in popularity for novel cyber-attack detection and forensics. A robust, efficient, and real-time threat detector in a large-scale operational enterprise…

Cryptography and Security · Computer Science 2024-10-30 Krishna Chandra Roy , Qian Chen
‹ Prev 1 2 3 10 Next ›