{"id":"https://openalex.org/W3124203340","doi":"https://doi.org/10.1109/tnsm.2021.3054356","title":"Uncovering Lateral Movement Using Authentication Logs","display_name":"Uncovering Lateral Movement Using Authentication Logs","publication_year":2021,"publication_date":"2021-01-25","ids":{"openalex":"https://openalex.org/W3124203340","doi":"https://doi.org/10.1109/tnsm.2021.3054356","mag":"3124203340"},"language":"en","primary_location":{"id":"doi:10.1109/tnsm.2021.3054356","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnsm.2021.3054356","pdf_url":null,"source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5085391652","display_name":"Haibo Bian","orcid":null},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Haibo Bian","raw_affiliation_strings":["University of Waterloo, Waterloo, Canada"],"affiliations":[{"raw_affiliation_string":"University of Waterloo, Waterloo, Canada","institution_ids":["https://openalex.org/I151746483"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033007169","display_name":"Tim Bai","orcid":null},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Tim Bai","raw_affiliation_strings":["University of Waterloo, Waterloo, Canada"],"affiliations":[{"raw_affiliation_string":"University of Waterloo, Waterloo, Canada","institution_ids":["https://openalex.org/I151746483"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039801401","display_name":"Mohammad A. Salahuddin","orcid":"https://orcid.org/0000-0002-5431-3278"},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad A. Salahuddin","raw_affiliation_strings":["David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, Canada"],"affiliations":[{"raw_affiliation_string":"David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, Canada","institution_ids":["https://openalex.org/I151746483"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062253146","display_name":"Noura Limam","orcid":"https://orcid.org/0000-0002-7759-3751"},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Noura Limam","raw_affiliation_strings":["D.C. School of Computer Science, University of Waterloo, Waterloo, Canada"],"affiliations":[{"raw_affiliation_string":"D.C. School of Computer Science, University of Waterloo, Waterloo, Canada","institution_ids":["https://openalex.org/I151746483"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054077020","display_name":"Abbas Abou Daya","orcid":"https://orcid.org/0000-0003-4994-8559"},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Abbas Abou Daya","raw_affiliation_strings":["D.C. School of Computer Science, University of Waterloo, Waterloo, Canada"],"affiliations":[{"raw_affiliation_string":"D.C. School of Computer Science, University of Waterloo, Waterloo, Canada","institution_ids":["https://openalex.org/I151746483"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5038723583","display_name":"Raouf Boutaba","orcid":"https://orcid.org/0000-0001-7936-6862"},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Raouf Boutaba","raw_affiliation_strings":["University of Waterloo, Waterloo, Canada"],"affiliations":[{"raw_affiliation_string":"University of Waterloo, Waterloo, Canada","institution_ids":["https://openalex.org/I151746483"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5085391652"],"corresponding_institution_ids":["https://openalex.org/I151746483"],"apc_list":null,"apc_paid":null,"fwci":4.4318,"has_fulltext":false,"cited_by_count":36,"citation_normalized_percentile":{"value":0.94478956,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"18","issue":"1","first_page":"1049","last_page":"1063"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8780927062034607},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.6702179908752441},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5405493974685669},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5182297229766846},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.4449726641178131},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.43244418501853943},{"id":"https://openalex.org/keywords/feature-extraction","display_name":"Feature extraction","score":0.4275836944580078},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.36378946900367737},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.23223957419395447}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8780927062034607},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.6702179908752441},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5405493974685669},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5182297229766846},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.4449726641178131},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.43244418501853943},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.4275836944580078},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.36378946900367737},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.23223957419395447},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tnsm.2021.3054356","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnsm.2021.3054356","pdf_url":null,"source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7200000286102295,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G3134926896","display_name":null,"funder_award_id":"530335","funder_id":"https://openalex.org/F4320321487","funder_display_name":"Canadian Network for Research and Innovation in Machining Technology, Natural Sciences and Engineering Research Council of Canada"}],"funders":[{"id":"https://openalex.org/F4320313506","display_name":"Royal Bank of Canada","ror":"https://ror.org/03hgnwx26"},{"id":"https://openalex.org/F4320321487","display_name":"Canadian Network for Research and Innovation in Machining Technology, Natural Sciences and Engineering Research Council of Canada","ror":"https://ror.org/01h531d29"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W1109422923","https://openalex.org/W1534477342","https://openalex.org/W1981738628","https://openalex.org/W1994410331","https://openalex.org/W2065076704","https://openalex.org/W2095881341","https://openalex.org/W2101234009","https://openalex.org/W2104933073","https://openalex.org/W2106525946","https://openalex.org/W2107686700","https://openalex.org/W2124868070","https://openalex.org/W2142889610","https://openalex.org/W2148143831","https://openalex.org/W2156332695","https://openalex.org/W2169397725","https://openalex.org/W2180612164","https://openalex.org/W2181347294","https://openalex.org/W2342249984","https://openalex.org/W2487087946","https://openalex.org/W2521200999","https://openalex.org/W2528572867","https://openalex.org/W2531370029","https://openalex.org/W2617585083","https://openalex.org/W2765424254","https://openalex.org/W2766503369","https://openalex.org/W2783034914","https://openalex.org/W2804964061","https://openalex.org/W2809684781","https://openalex.org/W2908063670","https://openalex.org/W2914521857","https://openalex.org/W2925289689","https://openalex.org/W2962590879","https://openalex.org/W2963464069","https://openalex.org/W2964304846","https://openalex.org/W3005347330","https://openalex.org/W3010456454","https://openalex.org/W3103557498","https://openalex.org/W3103836116","https://openalex.org/W3103940881","https://openalex.org/W4293713156","https://openalex.org/W4394644156","https://openalex.org/W6675354045","https://openalex.org/W6675634716","https://openalex.org/W6685777803","https://openalex.org/W6703928569","https://openalex.org/W6746340649"],"related_works":["https://openalex.org/W2787993192","https://openalex.org/W2158269427","https://openalex.org/W4381280689","https://openalex.org/W2847365777","https://openalex.org/W3128025644","https://openalex.org/W2355048207","https://openalex.org/W2952348651","https://openalex.org/W2961085424","https://openalex.org/W2750422482","https://openalex.org/W3125827053"],"abstract_inverted_index":{"Network":[0],"infiltrations":[1],"due":[2],"to":[3,18,22,54,75,100,128,146,157],"advanced":[4],"persistent":[5],"threats":[6],"(APTs)":[7],"have":[8],"significantly":[9],"grown":[10],"in":[11,57,79,163],"recent":[12],"years.":[13],"Their":[14],"primary":[15],"objective":[16],"is":[17],"gain":[19],"unauthorized":[20],"access":[21],"network":[23,59],"assets,":[24],"compromise":[25],"system":[26],"and":[27,32,111,120,137,149,151,166,171],"data.":[28],"APTs":[29],"are":[30,61],"stealthy":[31],"remain":[33],"dormant":[34],"for":[35,175],"an":[36,65],"extended":[37],"period":[38],"of":[39,64,72,161],"time,":[40],"which":[41],"makes":[42],"their":[43,121],"detection":[44],"challenging.":[45],"In":[46],"this":[47],"article,":[48],"we":[49],"leverage":[50,133],"machine":[51],"learning":[52],"(ML)":[53],"detect":[55,76],"hosts":[56,78],"a":[58,62,70,173],"that":[60,132,139],"target":[63],"APT":[66],"attack.":[67],"We":[68,86],"evaluate":[69,115],"number":[71],"ML":[73,118],"classifiers":[74],"susceptible":[77],"the":[80,106,129,134,154,159],"Los":[81],"Alamos":[82],"National":[83],"Lab":[84],"dataset.":[85],"(i)":[87],"scrutinize":[88],"graph-based":[89],"features":[90],"extracted":[91],"from":[92],"host":[93],"authentication":[94],"logs,":[95],"(ii)":[96],"use":[97],"feature":[98],"engineering":[99],"reduce":[101],"dimensionality,":[102],"(iii)":[103],"explore":[104],"balancing":[105],"training":[107],"dataset":[108],"using":[109],"over-":[110],"under-sampling":[112],"techniques,":[113],"(iv)":[114],"numerous":[116],"supervised":[117],"techniques":[119],"ensemble,":[122],"(v)":[123],"compare":[124],"our":[125,140],"classification":[126,169],"model":[127,141],"state-of-the-art":[130],"approaches":[131],"same":[135],"dataset,":[136],"show":[138],"outperforms":[142],"them":[143],"with":[144],"respect":[145],"prediction":[147],"performance":[148],"overhead,":[150],"(vi)":[152],"perturb":[153],"attack":[155,164],"patterns":[156],"study":[158],"influence":[160],"change":[162],"frequency":[165],"scale":[167],"on":[168],"performance,":[170],"propose":[172],"solution":[174],"such":[176],"adversarial":[177],"behavior.":[178]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":11},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}