Artificial intelligence methods suitable for lateral movement detection

The COVID-19 pandemic forced many companies to send their employees to work from home, which led to a significant increase in cyberattacks over RDP. Remote Desktop Protocol (RDP) is a Microsoft protocol that allows administrators to access desktop computers remotely. As it gives the user full control over the device, it is a valuable entry point for adversaries. Every cyberattack goes through several stages before its termination. Lateral Movement is one of those stages that is of particular importance. This article presents the first step of a project for Designing a remote connection protection system based on artificial intelligence methods. The research reviews the problems in lateral movement detection. A literature review is conducted, outlining techniques for automatic detection of malicious lateral movements. There is a discussion about the possibility of using artificial intelligence methods in lateral movement detection and the choice of an appropriate method.