{"id":"https://openalex.org/W4387415009","doi":"https://doi.org/10.1109/jiot.2023.3322412","title":"A Comprehensive Detection Method for the Lateral Movement Stage of APT Attacks","display_name":"A Comprehensive Detection Method for the Lateral Movement Stage of APT Attacks","publication_year":2023,"publication_date":"2023-10-06","ids":{"openalex":"https://openalex.org/W4387415009","doi":"https://doi.org/10.1109/jiot.2023.3322412"},"language":"en","primary_location":{"id":"doi:10.1109/jiot.2023.3322412","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2023.3322412","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082144617","display_name":"Daojing He","orcid":"https://orcid.org/0000-0002-3820-8128"},"institutions":[{"id":"https://openalex.org/I178232147","display_name":"Guizhou University","ror":"https://ror.org/02wmsc916","country_code":"CN","type":"education","lineage":["https://openalex.org/I178232147"]},{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Daojing He","raw_affiliation_strings":["State Key Laboratory of Public Big Data, Guizhou University, Guizhou, China","School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Public Big Data, Guizhou University, Guizhou, China","institution_ids":["https://openalex.org/I178232147"]},{"raw_affiliation_string":"School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109589989","display_name":"Hongjie Gu","orcid":null},"institutions":[{"id":"https://openalex.org/I66867065","display_name":"East China Normal University","ror":"https://ror.org/02n96ep67","country_code":"CN","type":"education","lineage":["https://openalex.org/I66867065"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hongjie Gu","raw_affiliation_strings":["School of Software Engineering, East China Normal University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"School of Software Engineering, East China Normal University, Shanghai, China","institution_ids":["https://openalex.org/I66867065"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100540458","display_name":"Shanshan Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I178232147","display_name":"Guizhou University","ror":"https://ror.org/02wmsc916","country_code":"CN","type":"education","lineage":["https://openalex.org/I178232147"]},{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shanshan Zhu","raw_affiliation_strings":["State Key Laboratory of Public Big Data, Guizhou University, Guizhou, China","School of Economics and Management, Harbin Institute of Technology, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Public Big Data, Guizhou University, Guizhou, China","institution_ids":["https://openalex.org/I178232147"]},{"raw_affiliation_string":"School of Economics and Management, Harbin Institute of Technology, Shenzhen, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091879207","display_name":"Sammy Chan","orcid":"https://orcid.org/0000-0002-8524-229X"},"institutions":[{"id":"https://openalex.org/I168719708","display_name":"City University of Hong Kong","ror":"https://ror.org/03q8dnn23","country_code":"HK","type":"education","lineage":["https://openalex.org/I168719708"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Sammy Chan","raw_affiliation_strings":["Department of Electrical Engineering, City University of Hong Kong, Hong Kong, China"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, City University of Hong Kong, Hong Kong, China","institution_ids":["https://openalex.org/I168719708"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5057916222","display_name":"Mohsen Guizani","orcid":"https://orcid.org/0000-0002-8972-8094"},"institutions":[{"id":"https://openalex.org/I4210113480","display_name":"Mohamed bin Zayed University of Artificial Intelligence","ror":"https://ror.org/0258gkt32","country_code":"AE","type":"education","lineage":["https://openalex.org/I4210113480"]}],"countries":["AE"],"is_corresponding":false,"raw_author_name":"Mohsen Guizani","raw_affiliation_strings":["Machine Learning Department, Mohamed Bin Zayed University of Artificial Intelligence, Abu Dhabi, UAE"],"affiliations":[{"raw_affiliation_string":"Machine Learning Department, Mohamed Bin Zayed University of Artificial Intelligence, Abu Dhabi, UAE","institution_ids":["https://openalex.org/I4210113480"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5082144617"],"corresponding_institution_ids":["https://openalex.org/I178232147","https://openalex.org/I204983213"],"apc_list":null,"apc_paid":null,"fwci":5.8807,"has_fulltext":false,"cited_by_count":30,"citation_normalized_percentile":{"value":0.97260867,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"11","issue":"5","first_page":"8440","last_page":"8447"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7627179622650146},{"id":"https://openalex.org/keywords/movement","display_name":"Movement (music)","score":0.44221749901771545},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3848751187324524},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.34638431668281555},{"id":"https://openalex.org/keywords/computer-vision","display_name":"Computer vision","score":0.3359258770942688},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3282400369644165}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7627179622650146},{"id":"https://openalex.org/C2780226923","wikidata":"https://www.wikidata.org/wiki/Q929848","display_name":"Movement (music)","level":2,"score":0.44221749901771545},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3848751187324524},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.34638431668281555},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.3359258770942688},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3282400369644165},{"id":"https://openalex.org/C107038049","wikidata":"https://www.wikidata.org/wiki/Q35986","display_name":"Aesthetics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jiot.2023.3322412","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2023.3322412","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Good health and well-being","id":"https://metadata.un.org/sdg/3","score":0.8100000023841858}],"awards":[{"id":"https://openalex.org/G2753506966","display_name":null,"funder_award_id":"KCXST20221021111404010","funder_id":"https://openalex.org/F4320336569","funder_display_name":"Shenzhen Science and Technology Innovation Program"},{"id":"https://openalex.org/G3765568099","display_name":null,"funder_award_id":"7020085","funder_id":"https://openalex.org/F4320309893","funder_display_name":"City University of Hong Kong"},{"id":"https://openalex.org/G4388910646","display_name":null,"funder_award_id":"62376074","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4969200369","display_name":null,"funder_award_id":"JSGGKQTD20221101115655027","funder_id":"https://openalex.org/F4320336569","funder_display_name":"Shenzhen Science and Technology Innovation Program"},{"id":"https://openalex.org/G5642743500","display_name":null,"funder_award_id":"JSGG20220831103400002","funder_id":"https://openalex.org/F4320336569","funder_display_name":"Shenzhen Science and Technology Innovation Program"},{"id":"https://openalex.org/G6499369327","display_name":null,"funder_award_id":"171058","funder_id":"https://openalex.org/F4320326297","funder_display_name":"Fok Ying Tung Education Foundation"},{"id":"https://openalex.org/G8298994679","display_name":null,"funder_award_id":"2021YFB2700900","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"}],"funders":[{"id":"https://openalex.org/F4320309893","display_name":"City University of Hong Kong","ror":"https://ror.org/03q8dnn23"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320326297","display_name":"Fok Ying Tung Education Foundation","ror":null},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null},{"id":"https://openalex.org/F4320336569","display_name":"Shenzhen Science and Technology Innovation Program","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W1832693441","https://openalex.org/W1940872118","https://openalex.org/W2563351168","https://openalex.org/W2765085016","https://openalex.org/W2774161712","https://openalex.org/W2784252582","https://openalex.org/W2789792382","https://openalex.org/W2798918712","https://openalex.org/W2799012401","https://openalex.org/W2900616509","https://openalex.org/W2913909795","https://openalex.org/W2914411038","https://openalex.org/W2946419751","https://openalex.org/W2966833372","https://openalex.org/W2973070188","https://openalex.org/W2982441385","https://openalex.org/W3000100729","https://openalex.org/W3003861670","https://openalex.org/W3004179294","https://openalex.org/W3007170941","https://openalex.org/W3014544197","https://openalex.org/W3014887427","https://openalex.org/W3015800066","https://openalex.org/W3034374044","https://openalex.org/W3040320120","https://openalex.org/W3081278938","https://openalex.org/W3093593591","https://openalex.org/W3094559936","https://openalex.org/W3096129012","https://openalex.org/W3107245277","https://openalex.org/W3110991402","https://openalex.org/W3123076006","https://openalex.org/W3130970113","https://openalex.org/W3153029966","https://openalex.org/W3162111110","https://openalex.org/W3176646691","https://openalex.org/W3194074702","https://openalex.org/W3209485964","https://openalex.org/W6640362995","https://openalex.org/W6731031554","https://openalex.org/W6769182993"],"related_works":["https://openalex.org/W2772917594","https://openalex.org/W2036807459","https://openalex.org/W2058170566","https://openalex.org/W2755342338","https://openalex.org/W2166024367","https://openalex.org/W3116076068","https://openalex.org/W2229312674","https://openalex.org/W2951359407","https://openalex.org/W2079911747","https://openalex.org/W1969923398"],"abstract_inverted_index":{"Due":[0],"to":[1,12,30,48,51,67,93],"the":[2,5,31,53,74,78,95,100,107,110,125,145,150,154],"outbreak":[3],"of":[4,55,109,127],"new":[6],"crown":[7],"epidemic,":[8],"more":[9,20],"companies":[10],"prefer":[11],"use":[13,35],"telecommuting":[14],"for":[15,23],"work,":[16,60],"which":[17],"also":[18],"provides":[19],"attack":[21,96],"surfaces":[22],"APT":[24],"attacks.":[25],"After":[26],"initially":[27],"gaining":[28],"access":[29],"intranet,":[32],"attackers":[33],"will":[34],"server":[36],"message":[37],"block":[38],"(SMB),":[39],"RDP,":[40],"and":[41,86,89,118],"other":[42],"remote":[43],"sharing":[44],"or":[45],"connection":[46],"protocols":[47],"move":[49],"horizontally":[50],"achieve":[52],"purpose":[54],"privilege":[56],"escalation.":[57],"In":[58],"this":[59],"we":[61],"design":[62],"a":[63,115],"multidimensional":[64],"detection":[65,130],"framework":[66,82],"detect":[68,144],"lateral":[69,146],"movement":[70,147],"behavior":[71,148],"based":[72],"on":[73],"SMB":[75,151],"protocol":[76,152],"in":[77,114,153],"intranet":[79,155],"environment.":[80,156],"This":[81],"combines":[83],"active":[84,111],"trapping":[85,112],"passive":[87],"scanning,":[88],"uses":[90],"neural":[91,128],"networks":[92],"determine":[94],"samples":[97,123],"used":[98],"by":[99],"adversary":[101],"when":[102],"moving":[103],"laterally.":[104],"We":[105],"test":[106],"effectiveness":[108],"technology":[113],"simulation":[116],"environment,":[117],"verify":[119],"through":[120],"real":[121],"malware":[122],"that":[124,139],"accuracy":[126],"network":[129],"can":[131,142],"reach":[132],"about":[133],"90%.":[134],"The":[135],"experimental":[136],"results":[137],"show":[138],"our":[140],"work":[141],"effectively":[143],"using":[149]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":17},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":3}],"updated_date":"2026-04-11T08:14:18.477133","created_date":"2025-10-10T00:00:00"}