{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,25]],"date-time":"2024-09-25T11:59:20Z","timestamp":1727265560745},"publisher-location":"Cham","reference-count":33,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031565823"},{"type":"electronic","value":"9783031565830"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-56583-0_9","type":"book-chapter","created":{"date-parts":[[2024,4,2]],"date-time":"2024-04-02T05:02:23Z","timestamp":1712034143000},"page":"132-151","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Unraveling Network-Based Pivoting Maneuvers: Empirical Insights and\u00a0Challenges"],"prefix":"10.1007","author":[{"ORCID":"http:\/\/orcid.org\/0000-0001-7249-9881","authenticated-orcid":false,"given":"Martin","family":"Hus\u00e1k","sequence":"first","affiliation":[]},{"ORCID":"http:\/\/orcid.org\/0009-0004-5503-2082","authenticated-orcid":false,"given":"Shanchieh Jay","family":"Yang","sequence":"additional","affiliation":[]},{"ORCID":"http:\/\/orcid.org\/0000-0002-6219-2875","authenticated-orcid":false,"given":"Joseph","family":"Khoury","sequence":"additional","affiliation":[]},{"ORCID":"http:\/\/orcid.org\/0000-0001-5086-6222","authenticated-orcid":false,"given":"\u0110or\u0111e","family":"Klisura","sequence":"additional","affiliation":[]},{"ORCID":"http:\/\/orcid.org\/0000-0001-8040-4635","authenticated-orcid":false,"given":"Elias","family":"Bou-Harb","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,4,3]]},"reference":[{"key":"9_CR1","unstructured":"Agency, C.I.S.: SamSam Ransomware. https:\/\/us-cert.cisa.gov\/ncas\/alerts\/AA18-337A (2018). Accessed 14 Sept 2023"},{"issue":"2","key":"9_CR2","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1109\/TETC.2017.2764885","volume":"8","author":"G Apruzzese","year":"2020","unstructured":"Apruzzese, G., Pierazzi, F., Colajanni, M., Marchetti, M.: Detection and threat prioritization of pivoting attacks in large networks. IEEE Trans. Emerg. Top. Comput. 8(2), 404\u2013415 (2020)","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"9_CR3","doi-asserted-by":"crossref","unstructured":"Ayala, L.: Active medical device cyber-attacks. In: Cybersecurity for Hospitals and Healthcare Facilities: A Guide to Detection and Prevention, pp. 19\u201337. Apress, Berkeley, CA (2016)","DOI":"10.1007\/978-1-4842-2155-6_3"},{"key":"9_CR4","doi-asserted-by":"crossref","unstructured":"Bai, T., Bian, H., Daya, A.A., Salahuddin, M.A., Limam, N., Boutaba, R.: A machine learning approach for RDP-based lateral movement detection. In: 2019 IEEE 44th Conference on Local Computer Networks (LCN), pp. 242\u2013245. IEEE, New York, NY, USA (2019)","DOI":"10.1109\/LCN44214.2019.8990853"},{"key":"9_CR5","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1016\/j.comcom.2020.10.013","volume":"165","author":"T Bai","year":"2021","unstructured":"Bai, T., Bian, H., Salahuddin, M.A., Abou Daya, A., Limam, N., Boutaba, R.: RDP-based lateral movement detection using machine learning. Comput. Commun. 165, 9\u201319 (2021)","journal-title":"Comput. Commun."},{"key":"9_CR6","doi-asserted-by":"publisher","first-page":"674","DOI":"10.1016\/j.future.2019.03.016","volume":"97","author":"V Bartos","year":"2019","unstructured":"Bartos, V., Zadnik, M., Habib, S.M., Vasilomanolakis, E.: Network entity characterization and attack prediction. Futur. Gener. Comput. Syst. 97, 674\u2013686 (2019)","journal-title":"Futur. Gener. Comput. Syst."},{"issue":"1","key":"9_CR7","doi-asserted-by":"publisher","first-page":"1049","DOI":"10.1109\/TNSM.2021.3054356","volume":"18","author":"H Bian","year":"2021","unstructured":"Bian, H., Bai, T., Salahuddin, M.A., Limam, N., Daya, A.A., Boutaba, R.: Uncovering lateral movement using authentication logs. IEEE Trans. Netw. Serv. Manage. 18(1), 1049\u20131063 (2021)","journal-title":"IEEE Trans. Netw. Serv. Manage."},{"key":"9_CR8","unstructured":"Binde, B., McRee, R., O\u2019Connor, T.: Assessing outbound traffic to uncover advanced persistent threat (2011). SANS Institute"},{"key":"9_CR9","unstructured":"Bowman, B., Laprade, C., Ji, Y., Huang, H.H.: Detecting lateral movement in enterprise computer networks with unsupervised graph AI. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), pp. 257\u2013268. USENIX Association, San Sebastian (2020)"},{"key":"9_CR10","doi-asserted-by":"crossref","unstructured":"Dong, C., et al.: Bedim: lateral movement detection in enterprise network through behavior deviation measurement. In: 2021 IEEE 23rd International Conference on High Performance Computing & Communications; 7th International Conference on Data Science & Systems; 19th International Conference on Smart City; 7th International Conference on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC\/DSS\/SmartCity\/DependSys), pp. 391\u2013398. IEEE (2021)","DOI":"10.1109\/HPCC-DSS-SmartCity-DependSys53884.2021.00076"},{"key":"9_CR11","doi-asserted-by":"publisher","first-page":"103267","DOI":"10.1016\/j.cose.2023.103267","volume":"130","author":"C Dong","year":"2023","unstructured":"Dong, C., Yang, J., Liu, S., Wang, Z., Liu, Y., Lu, Z.: C-bedim and s-bedim: lateral movement detection in enterprise network through behavior deviation measurement. Comput. Secur. 130, 103267 (2023)","journal-title":"Comput. Secur."},{"key":"9_CR12","unstructured":"E-ISAC: Analysis of the cyber attack on the ukrainian power grid (2016). https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2016\/05\/20081514\/E-ISAC_SANS_Ukraine_DUC_5.pdf"},{"key":"9_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10207-023-00706-x","volume":"22","author":"L Gonz\u00e1lez-Manzano","year":"2023","unstructured":"Gonz\u00e1lez-Manzano, L., de Fuentes, J.M., Lombardi, F., Ramos, C.: A technical characterization of APTs by leveraging public resources. Int. J. Inf. Secur. 22, 1\u201318 (2023)","journal-title":"Int. J. Inf. Secur."},{"issue":"4","key":"9_CR14","doi-asserted-by":"publisher","first-page":"2037","DOI":"10.1109\/COMST.2014.2321898","volume":"16","author":"R Hofstede","year":"2014","unstructured":"Hofstede, R., et al.: Flow monitoring explained: from packet capture to data analysis with NetFlow and IPFIX. Commun. Surv. Tutorials 16(4), 2037\u20132064 (2014)","journal-title":"Commun. Surv. Tutorials"},{"key":"9_CR15","unstructured":"Hus\u00e1k, M., Apruzzese, G., Yang, S.J., Werner, G.: Towards an efficient detection of pivoting activity. In: 2021 IFIP\/IEEE International Symposium on Integrated Network Management (IM), pp. 980\u2013985. IEEE, New York, NY, USA (2021)"},{"key":"9_CR16","doi-asserted-by":"crossref","unstructured":"Liu, Q., et al.: Latte: large-scale lateral movement detection. In: MILCOM 2018\u20132018 IEEE Military Communications Conference (MILCOM). IEEE, New York, NY, USA (2018)","DOI":"10.1109\/MILCOM.2018.8599748"},{"key":"9_CR17","unstructured":"Los Alamos National Laboratory. https:\/\/networkx.org. Accessed 14 Sept 2023"},{"key":"9_CR18","doi-asserted-by":"publisher","first-page":"700","DOI":"10.1109\/TIFS.2022.3146076","volume":"17","author":"RS Marques","year":"2022","unstructured":"Marques, R.S., Al-Khateeb, H., Epiphaniou, G., Maple, C.: Apivads: a novel privacy-preserving pivot attack detection scheme based on statistical pattern recognition. IEEE Trans. Inf. Forensics Secur. 17, 700\u2013715 (2022)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"9_CR19","first-page":"102557","volume":"54","author":"BA Powell","year":"2020","unstructured":"Powell, B.A.: Detecting malicious logins as graph anomalies. J. Inf. Secur. Appl. 54, 102557 (2020)","journal-title":"J. Inf. Secur. Appl."},{"key":"9_CR20","first-page":"200106","volume":"16","author":"BA Powell","year":"2022","unstructured":"Powell, B.A.: Role-based lateral movement detection with unsupervised learning. Intell. Syst. Appl. 16, 200106 (2022)","journal-title":"Intell. Syst. Appl."},{"issue":"3","key":"9_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3184898","volume":"51","author":"AA Ramaki","year":"2018","unstructured":"Ramaki, A.A., Rasoolzadegan, A., Bafghi, A.G.: A systematic mapping study on intrusion alert analysis in intrusion detection systems. ACM Comput. Surv. 51(3), 1\u201341 (2018)","journal-title":"ACM Comput. Surv."},{"issue":"2","key":"9_CR22","doi-asserted-by":"publisher","first-page":"91","DOI":"10.26735\/ZNTL3639","volume":"5","author":"R Salema Marques","year":"2022","unstructured":"Salema Marques, R., Al Khateeb, H., Epiphaniou, G., Maple, C.: Pivot attack classification for cyber threat intelligence. J. Inf. Secur. Cybercrimes Res. 5(2), 91\u2013103 (2022)","journal-title":"J. Inf. Secur. Cybercrimes Res."},{"key":"9_CR23","doi-asserted-by":"crossref","unstructured":"Sarafijanovic-Djukic, N., Pidrkowski, M., Grossglauser, M.: Island hopping: efficient mobility-assisted forwarding in partitioned networks. In: 2006 3rd Annual IEEE Communications Society on Sensor and Ad Hoc Communications and Networks, vol. 1, pp. 226\u2013235. IEEE (2006)","DOI":"10.1109\/SAHCN.2006.288427"},{"key":"9_CR24","doi-asserted-by":"publisher","first-page":"1893","DOI":"10.1007\/s10207-023-00725-8","volume":"22","author":"C Smiliotopoulos","year":"2023","unstructured":"Smiliotopoulos, C., Kambourakis, G., Barbatsalou, K.: On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from sysmon logs. Int. J. Inf. Secur. 22, 1893\u20131919 (2023)","journal-title":"Int. J. Inf. Secur."},{"key":"9_CR25","unstructured":"Staniford-Chen, S., Heberlein, L.: Holding intruders accountable on the internet. In: Proceedings 1995 IEEE Symposium on Security and Privacy, pp. 39\u201349 (1995)"},{"key":"9_CR26","unstructured":"Storm, D.: MEDJACK: hackers hijacking medical devices to create backdoors in hospital networks. https:\/\/www.computerworld.com\/article\/2932371\/medjack-hackers-hijacking-medical-devices-to-create-backdoors-in-hospital-networks.html (2015). Accessed 14 Sept 2023"},{"issue":"8","key":"9_CR27","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/S1353-4858(11)70086-1","volume":"2011","author":"C Tankard","year":"2011","unstructured":"Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16\u201319 (2011)","journal-title":"Netw. Secur."},{"key":"9_CR28","unstructured":"TrapX Labs. https:\/\/securityledger.com\/wp-content\/uploads\/2015\/06\/AOA_MEDJACK_LAYOUT_6-0_6-3-2015-1.pdf (2015). Accessed 14 Sept 2023"},{"issue":"3","key":"9_CR29","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1109\/TDSC.2004.21","volume":"1","author":"F Valeur","year":"2004","unstructured":"Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: Comprehensive approach to intrusion detection alert correlation. IEEE Trans. Dependable Secure Comput. 1(3), 146\u2013169 (2004)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"9_CR30","unstructured":"ViaSat: KA-SAT Network cyber attack overview. https:\/\/news.viasat.com\/blog\/corporate\/ka-sat-network-cyber-attack-overview (2022). Accessed 14 Sept 2023"},{"key":"9_CR31","unstructured":"WikiLeaks: Vault7: Archimedes documentation. https:\/\/wikileaks.org\/vault7\/#Archimedes (2017). Accessed 14 Sept 2023"},{"key":"9_CR32","doi-asserted-by":"crossref","unstructured":"Wilkens, F., Haas, S., Kaaser, D., Kling, P., Fischer, M.: Towards efficient reconstruction of attacker lateral movement. In: Proceedings of the 14th International Conference on Availability, Reliability and Security. ARES 2019, ACM, New York, NY, USA (2019)","DOI":"10.1145\/3339252.3339254"},{"key":"9_CR33","unstructured":"Zhang, Y., Paxson, V.: Detecting stepping stones. In: Proceedings of the 9th Conference on USENIX Security Symposium, Vol. 9. p. 13. SSYM 2000, USENIX Association, USA (2000)"}],"updated-by":[{"updated":{"date-parts":[[2024,4,3]],"date-time":"2024-04-03T00:00:00Z","timestamp":1712102400000},"DOI":"10.1007\/978-3-031-56583-0_23","type":"correction","label":"Correction"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Digital Forensics and Cyber Crime"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-56583-0_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,29]],"date-time":"2024-08-29T10:04:15Z","timestamp":1724925855000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-56583-0_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031565823","9783031565830"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-56583-0_9","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"3 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"3 April 2024","order":2,"name":"change_date","label":"Change Date","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Correction","order":3,"name":"change_type","label":"Change Type","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"A correction has been published.","order":4,"name":"change_details","label":"Change Details","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICDF2C","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Digital Forensics and Cyber Crime","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New York, NY","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 November 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 November 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icdf2c2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Confy +","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"105","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"41","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}  <script>parent.window.postMessage('ixistenz.url:https://api.crossref.org/works/10.1007%2F978-3-031-56583-0_9', '*'); </script> <div id='browserdiffcontainer' style='position: fixed; right: 10px; top: 10vh; min-width: 60px;  border: 1px solid white; background: rgb(251, 189, 0);; opacity: 0.9; font-family: helvetica, arial, sans serif;  font-size: 12px; z-index: 20001; padding-bottom: 20px;'><div onclick="toggle('browserdiffcontainerlist'); return false;" style='background: rgb(151, 89, 0);; color: white; '><strong>&nbsp; <span class='glyphicon glyphicon-minus'></span> NODES</strong></div><div id='browserdiffcontainerlist' style='padding-left: 10px; padding-right: 5px; max-height: 50vh; overflow: auto; '><div><a href='#diffid883' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:883', '*');; return false;" style='text-decoration: none; '>Association </a> <a style='color: white;' href='#diffid883'><sup>2</sup></a></div><div><a href='#diffid123' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:123', '*');; return false;" style='text-decoration: none; '>INTERN </a> <a style='color: white;' href='#diffid123'><sup>9</sup></a></div><div><a href='#diffid878' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:878', '*');; return false;" style='text-decoration: none; '>Note </a> <a style='color: white;' href='#diffid878'><sup>1</sup></a></div></div></div>
<script>
function toggle( divname ) {
  var x = document.getElementById( divname );
  if (x.style.display === 'none') {
    x.style.display = 'block';
  } else {
    x.style.display = 'none';
  }
} </script>