Graph-based detection of lateral movement

Graph-based detection of lateral movement

A lateral movement application identifies lateral movement (LM) candidates that potentially represent a security threat. Security platforms generate event data when performing security-related functions, such as authenticating a user account. The disclosed technology enables greatly increased accura...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Apostolopoulos, Georgios, Miskovic, Stanislav, Joseph Durairaj, Satheesh Kumar
Format: Patent
Sprache:eng
Schlagworte:
ALARM SYSTEMS
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
ORDER TELEGRAPHS
PHYSICS
SIGNALLING
SIGNALLING OR CALLING SYSTEMS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A lateral movement application identifies lateral movement (LM) candidates that potentially represent a security threat. Security platforms generate event data when performing security-related functions, such as authenticating a user account. The disclosed technology enables greatly increased accuracy identification of lateral movement (LM) candidates by, for example, refining a population of LM candidates based on an analysis of a time constrained graph in which nodes represent entities, and edges between nodes represent a time sequence of login or other association activities between the entities. The graph is created based on an analysis of the event data, including time sequences of the event data.