{"id":"https://openalex.org/W4409014337","doi":"https://doi.org/10.1109/access.2025.3556184","title":"Threat Hunting the Shadows: Detecting Adversary Lateral Movement With Elasticsearch","display_name":"Threat Hunting the Shadows: Detecting Adversary Lateral Movement With Elasticsearch","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4409014337","doi":"https://doi.org/10.1109/access.2025.3556184"},"language":"en","primary_location":{"id":"doi:10.1109/access.2025.3556184","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3556184","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3556184","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5085408617","display_name":"Naif Alsharabi","orcid":"https://orcid.org/0000-0002-0906-3513"},"institutions":[{"id":"https://openalex.org/I4210088963","display_name":"University of Ha'il","ror":"https://ror.org/013w98a82","country_code":"SA","type":"education","lineage":["https://openalex.org/I4210088963"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Naif Alsharabi","raw_affiliation_strings":["College of Computer Science and Engineering, University of Ha&#x2019;il, Hail, Saudi Arabia","College of Computer Science and Engineering, University of Hail, Hail, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0002-0906-3513","affiliations":[{"raw_affiliation_string":"College of Computer Science and Engineering, University of Ha&#x2019;il, Hail, Saudi Arabia","institution_ids":["https://openalex.org/I4210088963"]},{"raw_affiliation_string":"College of Computer Science and Engineering, University of Hail, Hail, Saudi Arabia","institution_ids":["https://openalex.org/I4210088963"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090659568","display_name":"Akashdeep Bhardwaj","orcid":"https://orcid.org/0000-0001-7361-0465"},"institutions":[{"id":"https://openalex.org/I5847235","display_name":"University of Petroleum and Energy Studies","ror":"https://ror.org/04q2jes40","country_code":"IN","type":"education","lineage":["https://openalex.org/I5847235"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Akashdeep Bhardwaj","raw_affiliation_strings":["Centre for Cybersecurity, School of Computer Science, UPES, Dehradun, India","School of Computer Science, University of Petroleum and Energy Studies, Dehradun, India"],"raw_orcid":"https://orcid.org/0000-0001-7361-0465","affiliations":[{"raw_affiliation_string":"Centre for Cybersecurity, School of Computer Science, UPES, Dehradun, India","institution_ids":["https://openalex.org/I5847235"]},{"raw_affiliation_string":"School of Computer Science, University of Petroleum and Energy Studies, Dehradun, India","institution_ids":["https://openalex.org/I5847235"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081129383","display_name":"Talal Alshammari","orcid":"https://orcid.org/0000-0002-4472-1841"},"institutions":[{"id":"https://openalex.org/I4210088963","display_name":"University of Ha'il","ror":"https://ror.org/013w98a82","country_code":"SA","type":"education","lineage":["https://openalex.org/I4210088963"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Talal Sarheed Alshammari","raw_affiliation_strings":["College of Computer Science and Engineering, University of Ha&#x2019;il, Hail, Saudi Arabia","College of Computer Science and Engineering, University of Hail, Hail, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0002-4472-1841","affiliations":[{"raw_affiliation_string":"College of Computer Science and Engineering, University of Ha&#x2019;il, Hail, Saudi Arabia","institution_ids":["https://openalex.org/I4210088963"]},{"raw_affiliation_string":"College of Computer Science and Engineering, University of Hail, Hail, Saudi Arabia","institution_ids":["https://openalex.org/I4210088963"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023982113","display_name":"Shoayee Dlaim Alotaibi","orcid":"https://orcid.org/0000-0002-8891-6421"},"institutions":[{"id":"https://openalex.org/I4210088963","display_name":"University of Ha'il","ror":"https://ror.org/013w98a82","country_code":"SA","type":"education","lineage":["https://openalex.org/I4210088963"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Shoayee Alotaibi","raw_affiliation_strings":["College of Computer Science and Engineering, University of Ha&#x2019;il, Hail, Saudi Arabia","College of Computer Science and Engineering, University of Hail, Hail, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0002-8891-6421","affiliations":[{"raw_affiliation_string":"College of Computer Science and Engineering, University of Ha&#x2019;il, Hail, Saudi Arabia","institution_ids":["https://openalex.org/I4210088963"]},{"raw_affiliation_string":"College of Computer Science and Engineering, University of Hail, Hail, Saudi Arabia","institution_ids":["https://openalex.org/I4210088963"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5116807265","display_name":"Dhahi Alshammari","orcid":null},"institutions":[{"id":"https://openalex.org/I4210088963","display_name":"University of Ha'il","ror":"https://ror.org/013w98a82","country_code":"SA","type":"education","lineage":["https://openalex.org/I4210088963"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Dhahi Alshammari","raw_affiliation_strings":["College of Computer Science and Engineering, University of Ha&#x2019;il, Hail, Saudi Arabia","College of Computer Science and Engineering, University of Hail, Hail, Saudi Arabia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Engineering, University of Ha&#x2019;il, Hail, Saudi Arabia","institution_ids":["https://openalex.org/I4210088963"]},{"raw_affiliation_string":"College of Computer Science and Engineering, University of Hail, Hail, Saudi Arabia","institution_ids":["https://openalex.org/I4210088963"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5023718724","display_name":"Amr Jadi","orcid":null},"institutions":[{"id":"https://openalex.org/I4210088963","display_name":"University of Ha'il","ror":"https://ror.org/013w98a82","country_code":"SA","type":"education","lineage":["https://openalex.org/I4210088963"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Amr Jadi","raw_affiliation_strings":["College of Computer Science and Engineering, University of Ha&#x2019;il, Hail, Saudi Arabia","College of Computer Science and Engineering, University of Hail, Hail, Saudi Arabia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Engineering, University of Ha&#x2019;il, Hail, Saudi Arabia","institution_ids":["https://openalex.org/I4210088963"]},{"raw_affiliation_string":"College of Computer Science and Engineering, University of Hail, Hail, Saudi Arabia","institution_ids":["https://openalex.org/I4210088963"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.4905,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.60295436,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"13","issue":null,"first_page":"62341","last_page":"62352"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12740","display_name":"Gait Recognition and Analysis","score":0.9907000064849854,"subfield":{"id":"https://openalex.org/subfields/2204","display_name":"Biomedical Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12740","display_name":"Gait Recognition and Analysis","score":0.9907000064849854,"subfield":{"id":"https://openalex.org/subfields/2204","display_name":"Biomedical Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9871000051498413,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10812","display_name":"Human Pose and Action Recognition","score":0.9433000087738037,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6750082969665527},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5330995917320251},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4880305826663971},{"id":"https://openalex.org/keywords/movement","display_name":"Movement (music)","score":0.42306506633758545},{"id":"https://openalex.org/keywords/art","display_name":"Art","score":0.06818550825119019}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6750082969665527},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5330995917320251},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4880305826663971},{"id":"https://openalex.org/C2780226923","wikidata":"https://www.wikidata.org/wiki/Q929848","display_name":"Movement (music)","level":2,"score":0.42306506633758545},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.06818550825119019},{"id":"https://openalex.org/C107038049","wikidata":"https://www.wikidata.org/wiki/Q35986","display_name":"Aesthetics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2025.3556184","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3556184","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:1c5c60cbf3c244d6ae1d635e2f649ae2","is_oa":true,"landing_page_url":"https://doaj.org/article/1c5c60cbf3c244d6ae1d635e2f649ae2","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 62341-62352 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3556184","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3556184","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W3013918003","https://openalex.org/W3149785004","https://openalex.org/W4211052283","https://openalex.org/W4244711452","https://openalex.org/W4285326819","https://openalex.org/W4312892982","https://openalex.org/W4387415286","https://openalex.org/W4387872721","https://openalex.org/W4387969969","https://openalex.org/W4389543365","https://openalex.org/W4389777070","https://openalex.org/W4390401826","https://openalex.org/W4391341446","https://openalex.org/W4391381817","https://openalex.org/W4395027976","https://openalex.org/W4398151371","https://openalex.org/W4399147192"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W4388150944","https://openalex.org/W4242235492","https://openalex.org/W2390279801","https://openalex.org/W4387985143","https://openalex.org/W4362599004","https://openalex.org/W2808242528","https://openalex.org/W1567638270"],"abstract_inverted_index":{"This":[0,86],"research":[1,67],"investigates":[2],"the":[3,21,66,80,91,99,114,127],"elusive":[4],"tactic":[5],"of":[6,83,93,95,101,110,129],"lateral":[7,27,111,142],"movement":[8,112,143],"employed":[9],"by":[10],"adversaries":[11],"within":[12,113],"a":[13,30,39,63],"compromised":[14],"network.":[15],"The":[16,36,117],"focus":[17],"is":[18],"on":[19,33],"identifying":[20],"mechanisms":[22],"and":[23,43,58,74,98,108,125],"techniques":[24],"used":[25],"for":[26,90,139],"movement,":[28],"with":[29,52,135],"particular":[31],"emphasis":[32],"credential":[34,84],"access.":[35,85],"study":[37],"leverages":[38],"custom-designed":[40],"Security":[41],"Information":[42],"Event":[44],"Management":[45],"(SIEM)":[46],"system":[47,132],"built":[48],"upon":[49],"Elasticsearch,":[50],"coupled":[51],"powerful":[53],"KQL":[54],"(Kibana":[55],"Query":[56],"Language)":[57],"Lucene":[59],"search":[60,103,137],"queries.":[61],"Employing":[62],"realistic":[64],"dataset,":[65],"simulates":[68],"an":[69,130],"adversary\u2019s":[70],"TTPs":[71],"(Tactics,":[72],"Techniques,":[73],"Procedures)":[75],"to":[76,105],"dive":[77],"deep":[78],"into":[79,122],"critical":[81],"area":[82],"unique":[87],"approach":[88],"allows":[89],"identification":[92],"indicators":[94],"compromise":[96],"(IoCs)":[97],"construction":[100],"targeted":[102],"queries":[104],"uncover":[106],"signs":[107],"traces":[109],"simulated":[115],"environment.":[116],"findings":[118],"contribute":[119],"valuable":[120],"insights":[121],"detection":[123],"methodologies":[124],"highlight":[126],"effectiveness":[128],"SIEM":[131],"in":[133],"conjunction":[134],"advanced":[136],"functionalities":[138],"proactively":[140],"countering":[141],"attempts.":[144]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}