notesum.ai

Published at November 15

Lateral Movement Detection via Time-aware Subgraph Classification on Authentication Logs

cs.CR

cs.AI

Released Date: November 15, 2024

Authors: Jiajun Zhou¹, Jiacheng Yao¹, Xuanze Chen¹, Shanqing Yu¹, Qi Xuan¹, Xiaoniu Yang²

Aff.: ¹Institute of Cyberspace Security, Zhejiang University of Technology, Hangzhou 310023, China; ²Science and Technology on Communication Information Security Control Laboratory, Jiaxing 314033, China

Arxiv: http://arxiv.org/abs/2411.10279v1

Method	LANL					CERT
Method	Precision	Recall	F1	Accuracy	AUC	Precision	Recall	F1	Accuracy	AUC
GCN	57.42 $\pm$ 0.774	63.73 $\pm$ 2.076	59.24 $\pm$ 0.458	94.56 $\pm$ 0.959	76.33 $\pm$ 0.736	50.70 $\pm$ 0.270	70.49 $\pm$ 2.342	46.03 $\pm$ 4.028	80.89 $\pm$ 11.17	81.53 $\pm$ 3.339
GAT	64.22 $\pm$ 6.511	79.58 $\pm$ 7.098	67.50 $\pm$ 6.778	94.31 $\pm$ 3.240	89.69 $\pm$ 3.656	50.90 $\pm$ 0.368	79.83 $\pm$ 6.519	46.81 $\pm$ 2.272	81.86 $\pm$ 5.421	87.35 $\pm$ 3.301
GraphSAGE	96.18 $\pm$ 1.170	96.53 $\pm$ 0.876	96.34 $\pm$ 0.547	99.66 $\pm$ 0.052	99.77 $\pm$ 0.111	53.66 $\pm$ 4.420	76.22 $\pm$ 13.96	52.24 $\pm$ 3.378	92.30 $\pm$ 5.397	90.47 $\pm$ 4.891
GCN-ts	57.54 $\pm$ 2.501	70.64 $\pm$ 5.120	60.17 $\pm$ 3.502	92.81 $\pm$ 1.751	87.94 $\pm$ 2.951	77.36 $\pm$ 2.866	88.91 $\pm$ 2.005	81.86 $\pm$ 1.906	97.94 $\pm$ 0.435	97.08 $\pm$ 0.195
GAT-ts	87.34 $\pm$ 16.42	92.09 $\pm$ 11.27	86.15 $\pm$ 21.60	92.66 $\pm$ 19.50	97.83 $\pm$ 2.878	75.90 $\pm$ 8.216	83.30 $\pm$ 5.774	77.98 $\pm$ 5.691	97.41 $\pm$ 1.258	96.09 $\pm$ 1.467
GraphSAGE-ts	95.26 $\pm$ 1.434	96.51 $\pm$ 1.347	95.84 $\pm$ 0.660	99.61 $\pm$ 0.063	99.83 $\pm$ 0.090	95.69 $\pm$ 1.674	99.04 $\pm$ 0.951	97.27 $\pm$ 0.716	99.74 $\pm$ 0.075	99.94 $\pm$ 0.012
LMTracker	65.88 $\pm$ 1.829	93.88 $\pm$ 0.955	72.08 $\pm$ 2.373	93.51 $\pm$ 1.085	95.67 $\pm$ 0.639	63.25 $\pm$ 1.999	80.88 $\pm$ 2.980	63.06 $\pm$ 3.893	74.35 $\pm$ 4.595	79.82 $\pm$ 3.856
Euler GCN-GRU	50.26 $\pm$ 0.013	94.82 $\pm$ 0.520	50.37 $\pm$ 0.033	99.39 $\pm$ 0.035	99.04 $\pm$ 0.187	-	-	-	-	-
Euler GCN-LSTM	50.28 $\pm$ 0.012	94.33 $\pm$ 0.278	50.41 $\pm$ 0.027	99.42 $\pm$ 0.023	98.60 $\pm$ 0.263	-	-	-	-	-
LMDetect(ours)	98.20 $\pm$ 0.819	99.89 $\pm$ 0.194	99.03 $\pm$ 0.467	99.91 $\pm$ 0.044	99.99 $\pm$ 0.004	97.46 $\pm$ 0.506	99.46 $\pm$ 0.468	98.43 $\pm$ 0.324	99.87 $\pm$ 0.026	99.99 $\pm$ 0.004