Predicting Adversary Lateral Movement Patterns with Deep Learning

by   Nathan Danneman, et al.

This paper develops a predictive model for which host, in an enterprise network, an adversary is likely to compromise next in the course of a campaign. Such a model might support dynamic monitoring or defenses. We generate data for this model using simulated networks, with hosts, users, and adversaries as first-class entities. We demonstrate the predictive accuracy of the model on out-of-sample simulated data, and validate the findings against data captured from a Red Team event on a live enterprise network



page 1

page 2

page 3

page 4


Adversaries monitoring Tor traffic crossing their jurisdictional border and reconstructing Tor circuits

We model and analyze passive adversaries that monitors Tor traffic cross...

Towards Causal Models for Adversary Distractions

Automated adversary emulation is becoming an indispensable tool of netwo...

Tracking Cyber Adversaries with Adaptive Indicators of Compromise

A forensics investigation after a breach often uncovers network and host...

Stealthy Backdoors as Compression Artifacts

In a backdoor attack on a machine learning model, an adversary produces ...

Adaptive Traffic Fingerprinting: Large-scale Inference under Realistic Assumptions

The widespread adoption of encrypted communications (e.g., the TLS proto...

Bypassing Feature Squeezing by Increasing Adversary Strength

Feature Squeezing is a recently proposed defense method which reduces th...

Optimizing Vulnerability-Driven Honey Traffic Using Game Theory

Enterprises are increasingly concerned about adversaries that slowly and...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.