• Journal of Internet Computing and Services
    ISSN 2287 - 1136(Online) / ISSN 1598 - 0170 (Print)
    http://jics.or.kr/

RDP-based Lateral Movement Detection using PageRank and Interpretable System using SHAP


Jiyoung Yun, Dong-Wook Kim, Gun-Yoon Shin, Sang-Soo Kim, Myung-Mook Han, Journal of Internet Computing and Services, Vol. 22, No. 4, pp. 1-11, Aug. 2021
10.7472/jksii.2021.22.4.1, Full Text:
Keywords: Lateral Movement, Pagerank Algorithm, Explainable AI, Remote Desktop Protocol, feature extraction

Abstract

As the Internet developed, various and complex cyber attacks began to emerge. Various detection systems were used outside the network to defend against attacks, but systems and studies to detect attackers inside were remarkably rare, causing great problems because they could not detect attackers inside. To solve this problem, studies on the lateral movement detection system that tracks and detects the attacker's movements have begun to emerge. Especially, the method of using the Remote Desktop Protocol (RDP) is simple but shows very good results. Nevertheless, previous studies did not consider the effects and relationships of each logon host itself, and the features presented also provided very low results in some models. There was also a problem that the model could not explain why it predicts that way, which resulted in reliability and robustness problems of the model. To address this problem, this study proposes an interpretable RDP-based lateral movement detection system using page rank algorithm and SHAP(Shapley Additive Explanations). Using page rank algorithms and various statistical techniques, we create features that can be used in various models and we provide explanations for model prediction using SHAP. In this study, we generated features that show higher performance in most models than previous studies and explained them using SHAP.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Jiyoung Yun, Dong-Wook Kim, Gun-Yoon Shin, Sang-Soo Kim, & Myung-Mook Han (2021). RDP-based Lateral Movement Detection using PageRank and Interpretable System using SHAP. Journal of Internet Computing and Services, 22(4), 1-11. DOI: 10.7472/jksii.2021.22.4.1.

[IEEE Style]
J. Yun, D. Kim, G. Shin, S. Kim and M. Han, "RDP-based Lateral Movement Detection using PageRank and Interpretable System using SHAP," Journal of Internet Computing and Services, vol. 22, no. 4, pp. 1-11, 2021. DOI: 10.7472/jksii.2021.22.4.1.

[ACM Style]
Jiyoung Yun, Dong-Wook Kim, Gun-Yoon Shin, Sang-Soo Kim, and Myung-Mook Han. 2021. RDP-based Lateral Movement Detection using PageRank and Interpretable System using SHAP. Journal of Internet Computing and Services, 22, 4, (2021), 1-11. DOI: 10.7472/jksii.2021.22.4.1.