%0 Conference Proceedings
%T Malicious login detection using long short-term memory with an attention mechanism
%+ Institute of Information Engineering [Beijing] (IIE)
%A Wu, Yanna
%A Liu, Fucheng
%A Wen, Yu
%Z Part 3: Advanced Forensic Techniques
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 17th IFIP International Conference on Digital Forensics (DigitalForensics)
%C Virtual, China
%Y Gilbert Peterson
%Y Sujeet Shenoi
%I Springer International Publishing
%3 Advances in Digital Forensics XVII
%V AICT-612
%P 157-173
%8 2021-02-01
%D 2021
%R 10.1007/978-3-030-88381-2_8
%K Malicious login detection
%K LSTM with attention mechanism
%Z Computer Science [cs]Conference papers
%X Advanced persistent threats routinely leverage lateral movements in networks to cause harm. In fact, lateral movements account for more than 80% of the time involved in attacks. Attackers typically use stolen credentials to make lateral movements. However, current detection methods are too coarse grained to detect lateral movements effectively because they focus on malicious users and hosts instead of abnormal log entries that indicate malicious logins.This chapter proposes a malicious login detection method that focuses on attacks that steal credentials. The fine-grained method employs a temporal neural network embedding to learn host jumping representations. The learned host vectors and initialized attribute vectors in log entries are input to a long short-term memory with an attention mechanism for login feature extraction, which determines if logins are malicious. Experimental results demonstrate that the proposed method outperforms several baseline detection models.
%G English
%L hal-03764375
%U https://inria.hal.science/hal-03764375
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-DF
%~ IFIP-WG11-9
%~ IFIP-AICT-612