In this short blog, I share six papers that focus on detecting malicious lateral movement (a.k.a. pivoting, a.k.a. island hopping).
(Update 2021–06–06: Added 2 more recent lateral movement papers)
(Update 2022–05–15: Added 2 more recent lateral movement papers + 2 datsets)
- Latte: Large-Scale Lateral Movement Detection
- Detection and Threat Prioritization of Pivoting Attacks in Large Networks
- A Machine Learning Approach for RDP-based Lateral Movement Detection
- Towards an Efficient Detection of Pivoting Activity
- (NEW 6/2021) Detecting Lateral Movement in Enterprise Computer Networks with Unsupervised Graph AI
- (NEW 6/2021) Hopper: Modeling and Detecting Lateral Movement
- (NEW 5/2022) PIKACHU: Temporal Walk Based Dynamic Graph Embedding for Network Anomaly Detection
- (NEW 5/2022) EULER: Detecting Network Lateral Movement via Scalable Temporal Link Prediction
(NEW 5/2022) If you’re interesting in doing your own lateral movement research, these 2 datasets may be of interest.
- DARPA Operationally Transparent Cyber (OpTC) Data
- LANL: Comprehensive, Multi-Source Cyber-Security Events
Lastly, if you’re interested in discovering more interesting papers like these, use the method I outlined here.
The “short links” format was inspired by O’Reilly’s Four Short Links series.
This was originally posted on my personal blog on 2021–05–30.