{"id":"https://openalex.org/W2908063670","doi":"https://doi.org/10.1109/milcom.2018.8599748","title":"Latte: Large-Scale Lateral Movement Detection","display_name":"Latte: Large-Scale Lateral Movement Detection","publication_year":2018,"publication_date":"2018-10-01","ids":{"openalex":"https://openalex.org/W2908063670","doi":"https://doi.org/10.1109/milcom.2018.8599748","mag":"2908063670"},"language":"en","primary_location":{"id":"doi:10.1109/milcom.2018.8599748","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom.2018.8599748","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100713362","display_name":"Qingyun Liu","orcid":"https://orcid.org/0000-0003-4815-3463"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Qingyun Liu","raw_affiliation_strings":["University of California at Santa Barbara, Santa Barbara, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California at Santa Barbara, Santa Barbara, CA, USA","institution_ids":["https://openalex.org/I154570441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059859993","display_name":"Jack W. Stokes","orcid":null},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jack W. Stokes","raw_affiliation_strings":["Microsoft Research, One Microsoft Way, Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Research, One Microsoft Way, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112354317","display_name":"R J Mead","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108625","display_name":"Microsoft (United Kingdom)","ror":"https://ror.org/01rw27z95","country_code":"GB","type":"company","lineage":["https://openalex.org/I1290206253","https://openalex.org/I4210108625"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Rob Mead","raw_affiliation_strings":["Microsoft Corporation, Gloucestershire, UK"],"affiliations":[{"raw_affiliation_string":"Microsoft Corporation, Gloucestershire, UK","institution_ids":["https://openalex.org/I4210108625"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054866432","display_name":"Tim Burrell","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108625","display_name":"Microsoft (United Kingdom)","ror":"https://ror.org/01rw27z95","country_code":"GB","type":"company","lineage":["https://openalex.org/I1290206253","https://openalex.org/I4210108625"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Tim Burrell","raw_affiliation_strings":["Microsoft Corporation, Gloucestershire, UK"],"affiliations":[{"raw_affiliation_string":"Microsoft Corporation, Gloucestershire, UK","institution_ids":["https://openalex.org/I4210108625"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006046686","display_name":"Ian Hellen","orcid":null},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ian Hellen","raw_affiliation_strings":["Microsoft Corp., One Microsoft Way, Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Corp., One Microsoft Way, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085811736","display_name":"John Lambert","orcid":null},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"John Lambert","raw_affiliation_strings":["Microsoft Corp., One Microsoft Way, Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Corp., One Microsoft Way, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071685353","display_name":"Andrey Marochko","orcid":null},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Andrey Marochko","raw_affiliation_strings":["Microsoft Research, One Microsoft Way, Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Research, One Microsoft Way, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5112117974","display_name":"Weidong Cui","orcid":"https://orcid.org/0000-0002-2871-9485"},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Weidong Cui","raw_affiliation_strings":["Microsoft Research, One Microsoft Way, Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Research, One Microsoft Way, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5100713362"],"corresponding_institution_ids":["https://openalex.org/I154570441"],"apc_list":null,"apc_paid":null,"fwci":2.2144,"has_fulltext":false,"cited_by_count":38,"citation_normalized_percentile":{"value":0.8935558,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8245902061462402},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5771779417991638},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.470093697309494},{"id":"https://openalex.org/keywords/component","display_name":"Component (thermodynamics)","score":0.46583786606788635},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4318818151950836},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.4303121566772461},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.393293559551239},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3365741968154907},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14335697889328003}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8245902061462402},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5771779417991638},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.470093697309494},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.46583786606788635},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4318818151950836},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.4303121566772461},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.393293559551239},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3365741968154907},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14335697889328003},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C97355855","wikidata":"https://www.wikidata.org/wiki/Q11473","display_name":"Thermodynamics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/milcom.2018.8599748","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom.2018.8599748","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7200000286102295,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W47175211","https://openalex.org/W1485536830","https://openalex.org/W1919179112","https://openalex.org/W1990089904","https://openalex.org/W2014171012","https://openalex.org/W2014483984","https://openalex.org/W2029341294","https://openalex.org/W2032280284","https://openalex.org/W2089554624","https://openalex.org/W2094990982","https://openalex.org/W2117694832","https://openalex.org/W2158934842","https://openalex.org/W2535638258","https://openalex.org/W2561684037","https://openalex.org/W6601859066","https://openalex.org/W6628883518"],"related_works":["https://openalex.org/W2357256365","https://openalex.org/W2348502264","https://openalex.org/W2365486383","https://openalex.org/W2362059367","https://openalex.org/W2901443725","https://openalex.org/W2350084742","https://openalex.org/W2357988862","https://openalex.org/W1855558850","https://openalex.org/W2140798747","https://openalex.org/W2948169060"],"abstract_inverted_index":{"The":[0],"frequency":[1],"of":[2,57,71,164],"recent":[3],"headlines":[4],"indicates":[5],"that":[6],"attacks":[7],"on":[8,184],"governmental":[9],"and":[10,68,91,95,178,182,194],"corporate":[11],"computer":[12,46,117],"networks":[13],"are":[14,23,141],"increasing.":[15],"Once":[16],"they":[17],"infect":[18],"one":[19,45,189,195],"computer,":[20],"the":[21,28,38,48,55,72,106,162,165,169],"attackers":[22,40],"quite":[24],"likely":[25],"to":[26,42,47,81,144],"explore":[27],"network":[29],"by":[30],"accessing":[31],"additional":[32],"computers.":[33,126],"Such":[34],"\u201clateral":[35],"movement\u201d,":[36],"i.e.,":[37],"process":[39],"use":[41],"move":[43],"from":[44,65,196],"next":[49],"in":[50,110,168],"a":[51,77,129,154,191,197],"compromised":[52,125],"network,":[53],"increases":[54],"difficulties":[56],"preventing":[58],"data":[59,67],"exfiltration.":[60],"To":[61,127],"deal":[62],"with":[63,114,190],"challenges":[64],"large-scale":[66,186],"little":[69],"knowledge":[70],"attackers,":[73],"we":[74],"propose":[75],"Latte,":[76],"graph-based":[78],"detection":[79,133,152],"system":[80],"discover":[82,128],"potential":[83],"malicious":[84],"lateral":[85,107,136],"movement":[86,108,137],"paths.":[87],"We":[88,104,171],"model":[89],"computers":[90],"accounts":[92],"as":[93,102],"nodes,":[94],"computer-to-computer":[96],"connections":[97],"or":[98,118],"user":[99],"logon":[100],"events":[101],"edges.":[103],"address":[105],"problem":[109],"two":[111],"ways.":[112],"Starting":[113],"an":[115],"infected":[116],"account,":[119],"forensic":[120],"analysis":[121],"quickly":[122],"identifies":[123,134],"other":[124],"new":[130],"attack,":[131],"general":[132,151],"unknown":[135],"across":[138],"nodes":[139],"which":[140,159],"not":[142],"known":[143],"be":[145],"compromised.":[146],"A":[147],"key":[148],"component":[149],"for":[150,175],"is":[153],"remote":[155],"file":[156],"execution":[157],"detector":[158],"filters":[160],"out":[161],"majority":[163],"rare":[166],"paths":[167],"network.":[170],"provide":[172],"separate":[173],"algorithms":[174],"these":[176],"subproblems":[177],"validate":[179],"their":[180],"effectiveness":[181],"efficiency":[183],"two,":[185],"datasets,":[187],"including":[188],"confirmed":[192],"attack":[193],"penetration":[198],"test.":[199]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":5}],"updated_date":"2026-01-25T23:04:38.658462","created_date":"2025-10-10T00:00:00"}