Revisiting the Detection of Lateral Movement through Sysmon

Smiliotopoulos, Christos; Barmpatsalou, Konstantia; Kambourakis, Georgios

doi:10.20944/preprints202207.0176.v1

Cited by 2 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In comparison to the relevant literature, which is rather scarce, the present work offers a solid, as it concerns both theoretical and empirical viewpoint, process for selecting the most appropriate classification features and data preprocessing methods towards the elimination of overfitting and the implementation of accurate and well-generalized ML models. To aid the evaluation of ML models, the LMD-2022 log-based dataset was enhanced into the LMD-2023 [26] version and implemented as element of investigation in the conducted experiments. Moreover, it is demonstrated that datasets created from the extraction of Sysmon logs into the CSV format can be quite effective, even in multiclass classification, if just trained with a bare minimum of high importance features.…”

Section: Discussionmentioning

confidence: 99%

“…The work ended with the presentation and evaluation of the Python_Evtx_Analyzer -(PeX) EDR tool, which incorporated the aforementioned EDR-policy's criteria. The tool manipulates Sysmon files in their raw EVTX form, which are then iterated over the presented EDR policy's features to reveal the existence of potential malicious LM activity (Python_Evtx_Analyzer -(PeX)) tool is publicly available on GitHub [23].…”

Section: Key Observationsmentioning

confidence: 99%

“…The soundness of ETCExp was assessed against a real, contemporary EVTX corpus, namely LM dataset (LMD) [26]. This will serve a dual goal: first, it allows us to verify the appropriateness of the tool for further use by the research community, and second, using the derived dataset, estimate the LM detection capacity of several ML techniques through a well-defined methodology.…”

Section: Proof Of Conceptmentioning

confidence: 99%

“…To the best of our knowledge, the LMD dataset [26] is currently the only benchmark corpus comprising Sysmon logs. The 2022 LMD version (LMD-2022) incorporates normal and malicious traffic logs originated from the execution of nine state-of-the-art LM techniques, including four variants of the so-called Exploitation of Remote Services LM methodology and five equivalents credential exploitation techniques.…”

Section: Proof Of Conceptmentioning

confidence: 99%

See 3 more Smart Citations

On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from Sysmon logs

Smiliotopoulos

Kambourakis

Barmpatsalou

2023

Preprint

Self Cite

View full text Add to dashboard Cite

Lateral movement (LM) is a principal, increasingly common, tactic in the arsenal of advanced persistent threat (APT) groups and other less or more powerful threat actors. It concerns techniques that enable a cyberattacker, after establishing foothold, to maintain ongoing access and penetrate further into a network in quest of prized booty. This is done by moving through the infiltrated network and gaining elevated privileges using an assortment of tools. Concentrating on the MS Windows platform, this work provides the first to our knowledge holistic methodology supported by an abundance of experimental results towards the identification of LM via machine learning (ML) techniques. We not only assess this potential by means of both traditional and deep learning models, but also contribute a publicly available, open-source tool, which can convert Windows system monitor logs to turnkey datasets, ready to be fed into ML models. Vis-`a-vis the relevant literature, and by considering a highly unblalanced dataset and a multiclass classification problem, we report superior scores in terms of the F1 and AUC metrics, 99.41% and 99.84%, respectively.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Key Observationsmentioning

confidence: 99%

Section: Proof Of Conceptmentioning

confidence: 99%

Section: Proof Of Conceptmentioning

confidence: 99%

See 2 more Smart Citations

On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from Sysmon logs

Smiliotopoulos

Kambourakis

Barmpatsalou

2023

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

The Convergence of Artificial Intelligence and Blockchain: The State of Play and the Road Ahead

Bhumichai,

Smiliotopoulos,

Benton

et al. 2024

Information

Self Cite

View full text Add to dashboard Cite

Artificial intelligence (AI) and blockchain technology have emerged as increasingly prevalent and influential elements shaping global trends in Information and Communications Technology (ICT). Namely, the synergistic combination of blockchain and AI introduces beneficial, unique features with the potential to enhance the performance and efficiency of existing ICT systems. However, presently, the confluence of these two disruptive technologies remains in a rather nascent stage, undergoing continuous exploration and study. In this context, the work at hand offers insight regarding the most significant features of the AI and blockchain intersection. Sixteen outstanding, recent articles exploring the combination of AI and blockchain technology have been systematically selected and thoroughly investigated. From them, fourteen key features have been extracted, including data security and privacy, data encryption, data sharing, decentralized intelligent systems, efficiency, automated decision systems, collective decision making, scalability, system security, transparency, sustainability, device cooperation, and mining hardware design. Moreover, drawing upon the related literature stemming from major digital databases, we constructed a timeline of this technological convergence comprising three eras: emerging, convergence, and application. For the convergence era, we categorized the pertinent features into three primary groups: data manipulation, potential applicability to legacy systems, and hardware issues. For the application era, we elaborate on the impact of this technology fusion from the perspective of five distinct focus areas, from Internet of Things applications and cybersecurity, to finance, energy, and smart cities. This multifaceted, but succinct analysis is instrumental in delineating the timeline of AI and blockchain convergence and pinpointing the unique characteristics inherent in their integration. The paper culminates by highlighting the prevailing challenges and unresolved questions in blockchain and AI-based systems, thereby charting potential avenues for future scholarly inquiry.

show abstract

Revisiting the Detection of Lateral Movement through Sysmon

Cited by 2 publications

References 10 publications

On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from Sysmon logs

On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from Sysmon logs

The Convergence of Artificial Intelligence and Blockchain: The State of Play and the Road Ahead

Contact Info

Product

Resources

About