Replication: Network-based Lateral Movement Detection Methods Using Machine Learning

Bouček,  Vladimír; Husák,  Martin

Replication: Network-based Lateral Movement Detection Methods Using Machine Learning

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Informatics. Official publication website can be found on muni.cz.

Authors	BOUČEK Vladimír HUSÁK Martin
Year of publication	2025
Type	Article in Proceedings
Conference	21st International Conference on Network and Service Management
MU Faculty or unit	Faculty of Informatics
Citation
web	https://opendl.ifip-tc6.org/db/conf/cnsm/cnsm2025/1571196179.pdf
Keywords	lateral movement; pivoting; link prediction
Attached files	2025-CNSM-Pivoting_detection-paper.pdf 2025-CNSM-Pivoting_detection-slides.pdf
Description	Pivoting is a technique commonly employed by advanced adversaries to perform lateral movement within a network. In this process, an attacker leverages an intermediary host to relay commands to otherwise inaccessible systems. In this work, we survey the current state-of-the-art lateral movement detection techniques and identify approaches best suited for detecting pivoting behavior. Specifically, we focus on methods analyzing network traffic, not system logs, since we are looking for network-wide solution. We present the results of a replicability study, in which we find that only a few proposed approaches also publish a usable implementation, but their results are promising.