10 Short Links on Malicious Lateral Movement Detection

Image from Fig 1 in “Detection and Threat Prioritization of Pivoting Attacks in Large Networks”

In this short blog, I share six papers that focus on detecting malicious lateral movement (a.k.a. pivoting, a.k.a. island hopping).

(Update 2021–06–06: Added 2 more recent lateral movement papers)

(Update 2022–05–15: Added 2 more recent lateral movement papers + 2 datsets)

Papers:

• Latte: Large-Scale Lateral Movement Detection
• Detection and Threat Prioritization of Pivoting Attacks in Large Networks
• A Machine Learning Approach for RDP-based Lateral Movement Detection
• Towards an Efficient Detection of Pivoting Activity
• (NEW 6/2021) Detecting Lateral Movement in Enterprise Computer Networks with Unsupervised Graph AI
• (NEW 6/2021) Hopper: Modeling and Detecting Lateral Movement
• (NEW 5/2022) PIKACHU: Temporal Walk Based Dynamic Graph Embedding for Network Anomaly Detection
• (NEW 5/2022) EULER: Detecting Network Lateral Movement via Scalable Temporal Link Prediction

(NEW 5/2022) If you’re interesting in doing your own lateral movement research, these 2 datasets may be of interest.

• DARPA Operationally Transparent Cyber (OpTC) Data
• LANL: Comprehensive, Multi-Source Cyber-Security Events

Lastly, if you’re interested in discovering more interesting papers like these, use the method I outlined here.

–Jason
@jason_trost

The “short links” format was inspired by O’Reilly’s Four Short Links series.

This was originally posted on my personal blog on 2021–05–30.