Detecting lateral movement: A systematic survey.

Autor: Smiliotopoulos C; Department of Information and Communication Systems Engineering, University of the Aegean, Karlovasi 83200, Samos, Greece., Kambourakis G; Department of Information and Communication Systems Engineering, University of the Aegean, Karlovasi 83200, Samos, Greece., Kolias C; Department of Computer Science, University of Idaho, Idaho Falls, ID 83402, USA.
Jazyk: angličtina
Zdroj: Heliyon [Heliyon] 2024 Feb 15; Vol. 10 (4), pp. e26317. Date of Electronic Publication: 2024 Feb 15 (Print Publication: 2024).
DOI: 10.1016/j.heliyon.2024.e26317
Abstrakt: Within both the cyber kill chain and MITRE ATT&CK frameworks, Lateral Movement (LM) is defined as any activity that allows adversaries to progressively move deeper into a system in seek of high-value assets. Although this timely subject has been studied in the cybersecurity literature to a significant degree, so far, no work provides a comprehensive survey regarding the identification of LM from mainly an Intrusion Detection System (IDS) viewpoint. To cover this noticeable gap, this work provides a systematic, holistic overview of the topic, not neglecting new communication paradigms, such as the Internet of Things (IoT). The survey part, spanning a time window of eight years and 53 articles, is split into three focus areas, namely, Endpoint Detection and Response (EDR) schemes, machine learning oriented solutions, and graph-based strategies. On top of that, we bring to light interrelations, mapping the progress in this field over time, and offer key observations that may propel LM research forward.
Competing Interests: The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
(© 2024 The Authors.)
Databáze: MEDLINE