Detecting lateral movement: A systematic survey

Christos Smiliotopoulos; Georgios Kambourakis; Constantinos Kolias

Heliyon (Feb 2024)

Detecting lateral movement: A systematic survey

Christos Smiliotopoulos,
Georgios Kambourakis,
Constantinos Kolias

Affiliations

Christos Smiliotopoulos: Department of Information and Communication Systems Engineering, University of the Aegean, Karlovasi 83200, Samos, Greece; Corresponding author.
Georgios Kambourakis: Department of Information and Communication Systems Engineering, University of the Aegean, Karlovasi 83200, Samos, Greece
Constantinos Kolias: Department of Computer Science, University of Idaho, Idaho Falls, ID 83402, USA

Journal volume & issue: Vol. 10, no. 4
p. e26317

Abstract

Read online

Within both the cyber kill chain and MITRE ATT&CK frameworks, Lateral Movement (LM) is defined as any activity that allows adversaries to progressively move deeper into a system in seek of high-value assets. Although this timely subject has been studied in the cybersecurity literature to a significant degree, so far, no work provides a comprehensive survey regarding the identification of LM from mainly an Intrusion Detection System (IDS) viewpoint. To cover this noticeable gap, this work provides a systematic, holistic overview of the topic, not neglecting new communication paradigms, such as the Internet of Things (IoT). The survey part, spanning a time window of eight years and 53 articles, is split into three focus areas, namely, Endpoint Detection and Response (EDR) schemes, machine learning oriented solutions, and graph-based strategies. On top of that, we bring to light interrelations, mapping the progress in this field over time, and offer key observations that may propel LM research forward.

Published in Heliyon

ISSN: 2405-8440 (Online)
Publisher: Elsevier
Country of publisher: United Kingdom
LCC subjects: Science: Science (General); Social Sciences: Social sciences (General)
Website: https://www.cell.com/heliyon/home

About the journal

Abstract

Keywords