On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from Sysmon logs

Smiliotopoulos, Christos; Kambourakis, Georgios; Barmpatsalou, Konstantia

doi:10.1007/s10207-023-00725-8

Cited by 10 publications

(2 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cybersecurity is becoming increasingly critical for various sectors, including government organizations and private enterprises. The rapid escalation of cyberattacks and emerging legislation demand enhanced data-protection measures [138,139]. Blockchain and distributed ledger technology offer novel solutions for safeguarding information in both decentralized and centralized network systems [140].…”

Section: Cybersecuritymentioning

confidence: 99%

The Convergence of Artificial Intelligence and Blockchain: The State of Play and the Road Ahead

Bhumichai,

Smiliotopoulos,

Benton

et al. 2024

Information

Self Cite

View full text Add to dashboard Cite

Artificial intelligence (AI) and blockchain technology have emerged as increasingly prevalent and influential elements shaping global trends in Information and Communications Technology (ICT). Namely, the synergistic combination of blockchain and AI introduces beneficial, unique features with the potential to enhance the performance and efficiency of existing ICT systems. However, presently, the confluence of these two disruptive technologies remains in a rather nascent stage, undergoing continuous exploration and study. In this context, the work at hand offers insight regarding the most significant features of the AI and blockchain intersection. Sixteen outstanding, recent articles exploring the combination of AI and blockchain technology have been systematically selected and thoroughly investigated. From them, fourteen key features have been extracted, including data security and privacy, data encryption, data sharing, decentralized intelligent systems, efficiency, automated decision systems, collective decision making, scalability, system security, transparency, sustainability, device cooperation, and mining hardware design. Moreover, drawing upon the related literature stemming from major digital databases, we constructed a timeline of this technological convergence comprising three eras: emerging, convergence, and application. For the convergence era, we categorized the pertinent features into three primary groups: data manipulation, potential applicability to legacy systems, and hardware issues. For the application era, we elaborate on the impact of this technology fusion from the perspective of five distinct focus areas, from Internet of Things applications and cybersecurity, to finance, energy, and smart cities. This multifaceted, but succinct analysis is instrumental in delineating the timeline of AI and blockchain convergence and pinpointing the unique characteristics inherent in their integration. The paper culminates by highlighting the prevailing challenges and unresolved questions in blockchain and AI-based systems, thereby charting potential avenues for future scholarly inquiry.

show abstract

Section: Cybersecuritymentioning

confidence: 99%

The Convergence of Artificial Intelligence and Blockchain: The State of Play and the Road Ahead

Bhumichai,

Smiliotopoulos,

Benton

et al. 2024

Information

Self Cite

View full text Add to dashboard Cite

show abstract

“…In 150 countries, 300,000 users were targeted, resulting in $8 billion in damages [8]. Attackers steal sensitive data such as classified state secrets and bank accounts [9]. Cybersecurity has, therefore, become a major concern to states, organizations, and individuals [10].…”

Section: Introductionmentioning

confidence: 99%

LoGD-ai: An Efficient Network Intrusion Detection System Using a Soft Voting-Based Ensemble Learner

Agyapong,

Boateng,

Prempeh

et al. 2023

Preprint

View full text Add to dashboard Cite

Network attacks detection is still a difficult task because of the large data volumes needed for training a cutting-edge machine learning algorithms to unearth network invasions. Recently, a number of data mining methods have been put out for network intrusion detection. Meanwhile, each of them encounters certain difficulties resulting from the sophisticated nature of threats the existing models cannot detect. The NSL-KDD dataset containing four different form of attacks was employed in this paper. In this paper, we demonstrate the efficiency of LoGD-ai, a soft voting-based ensemble learner as network intrusion detection system to classify network data to normal and malicious. This soft-voting based ensemble classifier employs logistic regression, gradient boosting and decision tree algorithms for intrusion detection. Finally, the performance of the LoGD-ai classifier is compared to the popular gradient boosting machine (GBM), random forests (RF), and AdaBoost. Scoring 98.05% on accuracy, the LoGD-ai classifier performs better than GBM, RF and AdaBoost classifiers, efficiently detecting and classifying network traffic as normal or malicious. Compared to gradient boosting, our proposed methodology increases accuracy by 0.52%, which is critical for network intrusion detection.

show abstract

Unraveling Network-Based Pivoting Maneuvers: Empirical Insights and Challenges

Husák,

Yang,

Khoury

et al. 2024

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Pivoting is a sophisticated strategy employed by modern malware and Advanced Persistent Threats (APT) to complicate attack tracing and attribution. Detecting pivoting activities is of utmost importance in order to counter these threats effectively. In this study, we examined the detection of pivoting by analyzing network traffic data collected over a period of 10 days in a campus network. Through NetFlow monitoring, we initially identified potential pivoting candidates, which are traces in the network traffic that match known patterns. Subsequently, we conducted an in-depth analysis of these candidates and uncovered a significant number of false positives and benign pivoting-like patterns. To enhance investigation and understanding, we introduced a novel graph representation called a pivoting graph, which provides comprehensive visualization capabilities. Unfortunately, investigating pivoting candidates is highly dependent on the specific context and necessitates a strong understanding of the local environment. To address this challenge, we applied principal component analysis and clustering techniques to a diverse range of features. This allowed us to identify the most meaningful features for automated pivoting detection, eliminating the need for prior knowledge of the local environment.

show abstract

On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from Sysmon logs

Cited by 10 publications

References 24 publications

The Convergence of Artificial Intelligence and Blockchain: The State of Play and the Road Ahead

The Convergence of Artificial Intelligence and Blockchain: The State of Play and the Road Ahead

LoGD-ai: An Efficient Network Intrusion Detection System Using a Soft Voting-Based Ensemble Learner

Unraveling Network-Based Pivoting Maneuvers: Empirical Insights and Challenges

Contact Info

Product

Resources

About