Researchers at GW have developed a novel solution that can detect lateral movement in enterprise level computer networks. The novel solution can be fully unsupervised, does not require any labeled training data, thus making it highly generalizable to different environments. This solution is particularly useful in detecting advanced adversaries, also known in the art as Advanced Persistent Threats (APT), that utilize zero-day exploits, novel malware, and other stealthy procedures. Furthermore, this solution utilizes information derived from industry standard logging practices, rendering it immediately deployable to real-world enterprise networks. Also, the disclosed solution is fully unsupervised, and does not require any labeled training data, making
it highly generalizable to different environments.
The disclosed invention can be implemented as either an apparatus, a device, a system, or a method as can be appreciated. The disclosed invention can include various aspects as follows: (i) a learning module configured to learn latent representations of the authenticating entities; (ii) a detection module configured to detect anomalies by identifying low-probability authentication events via a learned logistic regression link predictor. In an embodiment, the learning module can be unsupervised. Experiments have been conducted and the disclosed invention has been found to achieve substantially higher accurate results as against extant solutions.
Fig. 1 – One example of an aspect of the disclosed invention
Applications:
Advantages: