Predicting Adversary Lateral Movement Patterns with Deep Learning

04/23/2021
by   Nathan Danneman, et al.
0

This paper develops a predictive model for which host, in an enterprise network, an adversary is likely to compromise next in the course of a campaign. Such a model might support dynamic monitoring or defenses. We generate data for this model using simulated networks, with hosts, users, and adversaries as first-class entities. We demonstrate the predictive accuracy of the model on out-of-sample simulated data, and validate the findings against data captured from a Red Team event on a live enterprise network

READ FULL TEXT

Authors

page 1

page 2

page 3

page 4

08/28/2018

Adversaries monitoring Tor traffic crossing their jurisdictional border and reconstructing Tor circuits

We model and analyze passive adversaries that monitors Tor traffic cross...
04/21/2021

Towards Causal Models for Adversary Distractions

Automated adversary emulation is becoming an indispensable tool of netwo...
12/20/2017

Tracking Cyber Adversaries with Adaptive Indicators of Compromise

A forensics investigation after a breach often uncovers network and host...
04/30/2021

Stealthy Backdoors as Compression Artifacts

In a backdoor attack on a machine learning model, an adversary produces ...
10/19/2020

Adaptive Traffic Fingerprinting: Large-scale Inference under Realistic Assumptions

The widespread adoption of encrypted communications (e.g., the TLS proto...
03/27/2018

Bypassing Feature Squeezing by Increasing Adversary Strength

Feature Squeezing is a recently proposed defense method which reduces th...
02/21/2020

Optimizing Vulnerability-Driven Honey Traffic Using Game Theory

Enterprises are increasingly concerned about adversaries that slowly and...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.