Predicting Adversary Lateral Movement Patterns with Deep Learning
This addresses cybersecurity monitoring for enterprise networks, but is incremental as it applies deep learning to a known problem with simulated data.
This paper tackles the problem of predicting which host an adversary will compromise next in an enterprise network, achieving predictive accuracy validated on simulated and live network data.
This paper develops a predictive model for which host, in an enterprise network, an adversary is likely to compromise next in the course of a campaign. Such a model might support dynamic monitoring or defenses. We generate data for this model using simulated networks, with hosts, users, and adversaries as first-class entities. We demonstrate the predictive accuracy of the model on out-of-sample simulated data, and validate the findings against data captured from a Red Team event on a live enterprise network