{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T06:39:06Z","timestamp":1763102346758,"version":"3.45.0"},"reference-count":80,"publisher":"Tech Science Press","issue":"1","license":[{"start":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T00:00:00Z","timestamp":1743292800000},"content-version":"vor","delay-in-days":88,"URL":"https:\/\/doi.org\/10.32604\/TSP-CROSSMARKPOLICY"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["CMC"],"published-print":{"date-parts":[[2025]]},"DOI":"10.32604\/cmc.2025.059597","type":"journal-article","created":{"date-parts":[[2025,3,4]],"date-time":"2025-03-04T03:43:27Z","timestamp":1741059807000},"page":"281-308","update-policy":"https:\/\/doi.org\/10.32604\/tsp-crossmarkpolicy","source":"Crossref","is-referenced-by-count":0,"title":["Enhanced Detection of APT Vector Lateral Movement in Organizational Networks Using Lightweight Machine Learning"],"prefix":"10.32604","volume":"83","author":[{"given":"Mathew","family":"Nicho","sequence":"first","affiliation":[]},{"given":"Oluwasegun","family":"Adelaiye","sequence":"additional","affiliation":[]},{"given":"Christopher D.","family":"McDermott","sequence":"additional","affiliation":[]},{"given":"Shini","family":"Girija","sequence":"additional","affiliation":[]}],"member":"17807","published-online":{"date-parts":[[2025]]},"reference":[{"key":"ref1","first-page":"2497","article-title":"A cyber kill chain approach for detecting advanced persistent threats","volume":"67","author":"Ahmed","year":"2021","journal-title":"Comput Mater Contin"},{"key":"ref2","doi-asserted-by":"crossref","first-page":"121","DOI":"10.34190\/iccws.17.1.36","article-title":"APT cyber-attack modelling: building a general model","volume":"17","author":"Lehto","year":"2022","journal-title":"17th Int Conf Cyber Warfare Secur"},{"key":"ref3","series-title":"2021 Communication and Information Technologies (KIT)","first-page":"1","article-title":"Cyber security and APT groups","author":"Burita","year":"2021 Oct 13\u201315"},{"key":"ref4","first-page":"3089","article-title":"A novel eccentric intrusion detection model based on recurrent neural networks with leveraging LSTM","volume":"78","author":"Muthunambu","year":"2024","journal-title":"Comput Mater Contin"},{"key":"ref5","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1016\/j.patcog.2018.07.023","article-title":"Wild patterns: ten years after the rise of adversarial machine learning","volume":"84","author":"Biggio","year":"2018","journal-title":"Pattern Recognit"},{"key":"ref6","first-page":"6537","article-title":"Improved PSO for optimizing the performance of intrusion detection systems","volume":"38","author":"Dickson","year":"2020","journal-title":"J Intell Fuzzy Syst"},{"key":"ref7","doi-asserted-by":"crossref","first-page":"100393","DOI":"10.1016\/j.iot.2021.100393","article-title":"CyberLearning: effectiveness analysis of machine learning security modeling to detect cyber-anomalies and multi-attacks","volume":"14","author":"Sarker","year":"2021","journal-title":"Internet Things"},{"key":"ref8","first-page":"2675","article-title":"A comprehensive survey on advanced persistent threat (APT) detection techniques","volume":"80","author":"Krishnapriya","year":"2024","journal-title":"Comput Mater Contin"},{"key":"ref9","doi-asserted-by":"crossref","first-page":"686","DOI":"10.1109\/COMST.2018.2847722","article-title":"A detailed investigation and analysis of using machine learning techniques for intrusion detection","volume":"21","author":"Mishra","year":"2019","journal-title":"IEEE Commun Surv Tutor"},{"key":"ref10","first-page":"29","author":"Kim","year":"2018","journal-title":"Requirements engineering for internet of things"},{"key":"ref11","series-title":"2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)","first-page":"1","article-title":"Dimensions of \u2018socio\u2019 vulnerabilities of advanced persistent threats","author":"Nicho","year":"2019"},{"key":"ref12","first-page":"4496","article-title":"Multi-layer protection approach MLPA for the detection of advanced persistent threat","volume":"6","author":"Mohamed","year":"2022","journal-title":"J Positive School Psychology"},{"key":"ref13","first-page":"71","article-title":"Botching human factors in cybersecurity in business organizations","volume":"9","author":"Nobles","year":"2018","journal-title":"HOLISTICA"},{"key":"ref14","doi-asserted-by":"crossref","first-page":"102202","DOI":"10.1016\/j.cose.2021.102202","article-title":"Feature analysis for data-driven APT-related malware discrimination","volume":"104","author":"Mart\u00edn Liras","year":"2021","journal-title":"Comput Secur"},{"key":"ref15","series-title":"Proceedings of the Workshop on Big Data Analytics and Machine Learning for Data Communication Networks","first-page":"1","article-title":"Ensemble-learning approaches for network security and anomaly detection","author":"Vanerio","year":"2017"},{"key":"ref16","doi-asserted-by":"crossref","first-page":"e26317","DOI":"10.1016\/j.heliyon.2024.e26317","article-title":"Detecting lateral movement: a systematic survey","volume":"10","author":"Smiliotopoulos","year":"2024","journal-title":"Heliyon"},{"key":"ref17","unstructured":"Longo MSJ, Vossoughi I, Gomez S, Heineman G, Staheli D. Detecting lateral movement [master\u2019s thesis]. Worcester, MA, USA: Worcester Polytechnic Institute. 2017."},{"key":"ref18","series-title":"2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC)","first-page":"93","article-title":"Ensemble methods for anomaly detection based on system log","author":"Xia","year":"2019"},{"key":"ref19","unstructured":"Kellenberger L, Claudio M. Readiness for tailored attacks and lateral movement detection [Ph.D. dissertation]. Rapperswil, Switzerland: HSR Hochschule f\u00fcr Technik Rapperswil; 2019."},{"key":"ref20","unstructured":"World Economic Forum. The global risks report 2022 [Internet]. 2022 [cited 2024 Nov 27]. Available from: https:\/\/www.wef.ch\/risks22."},{"key":"ref21","doi-asserted-by":"crossref","first-page":"286","DOI":"10.1080\/23742917.2023.2300494","article-title":"Social automation and APT attributions in national cybersecurity","volume":"8","author":"Yadav","year":"2024","journal-title":"J Cyber Secur Technol"},{"key":"ref22","doi-asserted-by":"crossref","first-page":"1893","DOI":"10.1007\/s10207-023-00725-8","article-title":"On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from Sysmon logs","volume":"22","author":"Smiliotopoulos","year":"2023","journal-title":"Int J Inf Secur"},{"key":"ref23","unstructured":"Mandiant. M-Trends 2022: mandiant special report [Internet]. 2022 [cited 2024 Nov 27]. Available from: https:\/\/www.mandiant.com\/m-trends."},{"key":"ref24","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cosrev.2019.01.002","article-title":"A survey on malware analysis and mitigation techniques","volume":"32","author":"Sibi Chakkaravarthy","year":"2019","journal-title":"Comput Sci Rev"},{"key":"ref25","unstructured":"Mitre. Lateral movement [Internet]. 2019 [cited 2024 Nov 27]. Available from: https:\/\/www.attack.mitre.org\/tactics\/TA0008."},{"key":"ref26","doi-asserted-by":"crossref","first-page":"e05969","DOI":"10.1016\/j.heliyon.2021.e05969","article-title":"A review of threat modelling approaches for APT-style attacks","volume":"7","author":"Tatam","year":"2021","journal-title":"Heliyon"},{"key":"ref27","doi-asserted-by":"crossref","unstructured":"Han X, Pasquier T, Bates A, Mickens J, Seltzer M. UNICORN: runtime provenance-based detector for advanced persistent threats. arXiv:2001.01525. 2020.","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref28","series-title":"2024 International Conference on Intelligent Systems for Cybersecurity (ISCS)","first-page":"1","article-title":"SecureSense: AI\/ML based anomaly detection tool","author":"Katurde","year":"2024 May 3\u20134"},{"key":"ref29","doi-asserted-by":"crossref","first-page":"1851","DOI":"10.1109\/COMST.2019.2891891","article-title":"A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities","volume":"21","author":"Alshamrani","year":"2019","journal-title":"IEEE Commun Surv Tutor"},{"key":"ref30","doi-asserted-by":"crossref","first-page":"85094","DOI":"10.1109\/ACCESS.2020.2992807","article-title":"Defining social engineering in cybersecurity","volume":"8","author":"Wang","year":"2020","journal-title":"IEEE Access"},{"key":"ref31","doi-asserted-by":"crossref","first-page":"2935","DOI":"10.1109\/JIOT.2023.3294259","article-title":"A lightweight and efficient IoT intrusion detection method based on feature grouping","volume":"11","author":"He","year":"2024","journal-title":"IEEE Internet Things J"},{"key":"ref32","doi-asserted-by":"crossref","first-page":"1988","DOI":"10.1109\/COMST.2018.2883147","article-title":"Towards the deployment of machine learning solutions in network traffic classification: a systematic survey","volume":"21","author":"Pacheco","year":"2019","journal-title":"IEEE Commun Surv Tutor"},{"key":"ref33","doi-asserted-by":"crossref","first-page":"102627","DOI":"10.1016\/j.cose.2022.102627","article-title":"Orchestration of APT malware evasive manoeuvers employed for eluding anti-virus and sandbox defense","volume":"115","author":"Sharma","year":"2022","journal-title":"Comput Secur"},{"key":"ref34","doi-asserted-by":"crossref","first-page":"101734","DOI":"10.1016\/j.cose.2020.101734","article-title":"APT datasets and attack modeling for automated detection methods: a review","volume":"92","author":"Stojanovi\u0107","year":"2020","journal-title":"Comput Secur"},{"key":"ref35","doi-asserted-by":"crossref","first-page":"501","DOI":"10.1016\/j.future.2020.01.032","article-title":"Modeling and detection of the multi-stages of Advanced Persistent Threats attacks based on semi-supervised learning and complex networks characteristics","volume":"106","author":"Zimba","year":"2020","journal-title":"Future Gener Comput Syst"},{"key":"ref36","first-page":"71","author":"Pin-Yu","year":"2019","journal-title":"Industrial control systems security and resiliency"},{"key":"ref37","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1016\/j.ress.2018.11.022","article-title":"Quantitative security analysis of a dynamic network system under lateral movement-based attacks","volume":"183","author":"Shi","year":"2019","journal-title":"Reliab Eng Syst Saf"},{"key":"ref38","series-title":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","first-page":"45","article-title":"A graph-based impact metric for mitigating lateral movement cyber attacks","author":"Purvine","year":"2016"},{"key":"ref39","first-page":"64","article-title":"Review of current machine learning approaches for anomaly detection in network traffic","volume":"8","author":"Ali","year":"2020","journal-title":"J Telecommun Digit Econ"},{"key":"ref40","first-page":"18","article-title":"A taxonomy of machine learning techniques","volume":"8","author":"Shyam","year":"2021","journal-title":"J Adv Robot"},{"key":"ref41","first-page":"1","author":"Lanvin","year":"2022","journal-title":"RESSI 2022-Rendez-Vous de la Recherche et de l\u2019Enseignement de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information"},{"key":"ref42","doi-asserted-by":"crossref","first-page":"3874","DOI":"10.3390\/app10113874","article-title":"A new proposal on the advanced persistent threat: a survey","volume":"10","author":"Quintero-Bonilla","year":"2020","journal-title":"Appl Sci"},{"key":"ref43","doi-asserted-by":"crossref","first-page":"105151","DOI":"10.1016\/j.engappai.2022.105151","article-title":"Ensemble deep learning: a review","volume":"115","author":"Ganaie","year":"2022","journal-title":"Eng Appl Artif Intell"},{"key":"ref44","doi-asserted-by":"crossref","first-page":"295","DOI":"10.25046\/aj060234","article-title":"Improved detection of advanced persistent threats using an anomaly detection ensemble approach","volume":"6","author":"Ishaya","year":"2021","journal-title":"Adv Sci Technol Eng Syst J"},{"key":"ref45","doi-asserted-by":"crossref","first-page":"e4150","DOI":"10.1002\/ett.4150","article-title":"Network intrusion detection system: a systematic study of machine learning and deep learning approaches","volume":"32","author":"Ahmad","year":"2021","journal-title":"Trans Emerging Tel Tech"},{"key":"ref46","series-title":"2019 IEEE 44th Conference on Local Computer Networks (LCN)","first-page":"242","article-title":"A machine learning approach for RDP-based lateral movement detection","author":"Bai","year":"2019 Oct 14\u201317"},{"key":"ref47","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1016\/j.eij.2022.06.005","article-title":"A novel approach for detecting advanced persistent threats","volume":"23","author":"Al-Saraireh","year":"2022","journal-title":"Egypt Inform J"},{"key":"ref48","series-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020)","first-page":"257","article-title":"Detecting lateral movement in enterprise computer networks with unsupervised graph AI","author":"Bowman","year":"2020"},{"key":"ref49","doi-asserted-by":"crossref","first-page":"405","DOI":"10.1007\/s42979-022-01288-6","article-title":"Real-time heuristic-based detection of attacks performed on a linux machine using osquery","volume":"3","author":"Ahamed","year":"2022","journal-title":"SN Comput Sci"},{"key":"ref50","series-title":"12th International Conference on Information and Communication Systems (ICICS)","first-page":"112","article-title":"SecKG: leveraging attack detection and prediction using knowledge graphs","author":"Kriaa","year":"2021"},{"key":"ref51","series-title":"2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA)","first-page":"301","article-title":"Using bipartite anomaly features for cyber security applications","author":"Goodman","year":"2015"},{"key":"ref52","series-title":"2021 14th International Conference on Security of Information and Networks (SIN)","first-page":"1","article-title":"Automated microsegmentation for lateral movement prevention in industrial Internet of Things (IIoT)","author":"Arifeen","year":"2021"},{"key":"ref53","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3588771","article-title":"Euler: detecting network lateral movement via scalable temporal link prediction","volume":"26","author":"King","year":"2023","journal-title":"ACM Trans Priv Secur"},{"key":"ref54","doi-asserted-by":"crossref","first-page":"100620","DOI":"10.1016\/j.ijcip.2023.100620","article-title":"CAPTAIN: community-based advanced persistent threat analysis in IT networks","volume":"42","author":"Ramaki","year":"2023","journal-title":"Int J Crit Infrastruct Prot"},{"key":"ref55","first-page":"103402","article-title":"A multi-view feature fusion approach for effective malware classification using Deep Learning","volume":"72","author":"Chaganti","year":"2023","journal-title":"J Inf Secur Appl"},{"key":"ref56","doi-asserted-by":"crossref","first-page":"8440","DOI":"10.1109\/JIOT.2023.3322412","article-title":"A comprehensive detection method for the lateral movement stage of APT attacks","volume":"11","author":"He","year":"2024","journal-title":"IEEE Internet Things J"},{"key":"ref57","unstructured":"Binde B, McRee R, O\u2019Connor TJ. Assessing outbound traffic to uncover advanced persistent threat (white paper). SANS Technology Institute; 2011. doi:10.13140\/RG.2.2.16401.07520."},{"key":"ref58","doi-asserted-by":"crossref","first-page":"633","DOI":"10.1016\/j.ins.2020.08.095","article-title":"APTMalInsight: identify and cognize APT malware based on system call information and ontology knowledge framework","volume":"546","author":"Han","year":"2021","journal-title":"Inf Sci"},{"key":"ref59","doi-asserted-by":"crossref","first-page":"997","DOI":"10.3390\/sym6040997","article-title":"MLDS: multi-layer defense system for preventing advanced persistent threats","volume":"6","author":"Moon","year":"2014","journal-title":"Symmetry"},{"key":"ref60","series-title":"Proceedings of the 2015 4th National Conference on Electrical, Electronics and Computer Engineering","first-page":"1047","article-title":"A framework of APT detection based on dynamic analysis","author":"Su","year":"2016"},{"key":"ref61","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1016\/j.comnet.2016.05.018","article-title":"Analysis of high volumes of network traffic for Advanced Persistent Threat detection","volume":"109","author":"Marchetti","year":"2016","journal-title":"Comput Netw"},{"key":"ref62","series-title":"Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics","first-page":"64","article-title":"Detecting advanced persistent threats using fractal dimension based machine learning classification","author":"Siddiqui","year":"2016"},{"key":"ref63","series-title":"2012 1st International Conference on Recent Advances in Information Technology (RAIT)","first-page":"131","article-title":"A hybrid system for reducing the false alarm rate of anomaly intrusion detection system","author":"Om","year":"2012"},{"key":"ref64","series-title":"Proceedings of the Australasian Computer Science Week Multiconference","first-page":"1","article-title":"Improving performance of intrusion detection system using ensemble methods and feature selection","author":"Pham","year":"2018"},{"key":"ref65","series-title":"2017 IEEE International Conference on Big Data (Big Data)","first-page":"2151","article-title":"A filter-based feature selection model for anomaly-based intrusion detection systems","author":"Ullah","year":"2017"},{"key":"ref66","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/j.compeleceng.2013.11.024","article-title":"A survey on feature selection methods","volume":"40","author":"Chandrashekar","year":"2014","journal-title":"Comput Electr Eng"},{"key":"ref67","series-title":"2020 IEEE International Conference on Intelligence and Security Informatics (ISI)","first-page":"1","article-title":"A comparative study on contemporary intrusion detection datasets for machine learning research","author":"Dwibedi","year":"2020"},{"key":"ref68","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3442181","article-title":"Machine learning for detecting data exfiltration","volume":"54","author":"Sabir","year":"2022","journal-title":"ACM Comput Surv"},{"key":"ref69","series-title":"Proceedings of the 16th European Conference on Cyber Warfare and Security (ECCWS 2017)","article-title":"Flow-based benchmark data sets for intrusion detection","author":"Ring","year":"2017"},{"key":"ref70","unstructured":"Umer MF. dataset_minimal (Dataset) [Internet]. 2018 [cited 2024 Nov 27]. Available from: https:\/\/figshare.com\/articles\/dataset\/dataset_minimal_zip\/5756520\/1."},{"key":"ref71","doi-asserted-by":"crossref","first-page":"162","DOI":"10.1109\/LNET.2022.3185553","article-title":"A new realistic benchmark for advanced persistent threats in network traffic","volume":"4","author":"Liu","year":"2022","journal-title":"IEEE Netw Lett"},{"key":"ref72","unstructured":"Wang A. Splitting data into the train\/validation\/test dataset. [cited 2024 Nov 27]. Available from: https:\/\/github.com\/anthony-wang\/BestPractices\/blob\/master\/notebooks\/2-data_splitting.ipynb."},{"key":"ref73","unstructured":"Hrishipoola. KNN, decision tree, SVM, and logistic regression classifiers to predict loan status. [cited 2024 Nov 27]. Available from: https:\/\/gist.github.com\/hrishipoola\/323d0459d9faeb466496d4e5ffbfb516."},{"key":"ref74","series-title":"2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI)","first-page":"2001","article-title":"An efficient classification model for detecting advanced persistent threat","author":"Chandran","year":"2015"},{"key":"ref75","unstructured":"Schindler T. Anomaly detection in log data using graph databases and machine learning to defend advanced persistent threats. arXiv:1802.00259. 2018."},{"key":"ref76","unstructured":"Uppstr\u00f6mer V, R\u00e5berg H. Detecting lateral movement in microsoft active directory log files: a supervised machine learning approach [master\u2019s thesis]. Karlskrona, Sweden: Faculty of Computing, Blekinge Institute of Technology; 2019."},{"key":"ref77","doi-asserted-by":"crossref","first-page":"493","DOI":"10.1007\/s12083-017-0630-0","article-title":"Survey on SDN based network intrusion detection system using machine learning approaches","volume":"12","author":"Sultana","year":"2019","journal-title":"Peer Peer Netw Appl"},{"key":"ref78","doi-asserted-by":"crossref","first-page":"112963","DOI":"10.1016\/j.eswa.2019.112963","article-title":"Application of deep reinforcement learning to intrusion detection for supervised problems","volume":"141","author":"Lopez-Martin","year":"2020","journal-title":"Expert Syst Appl"},{"key":"ref79","doi-asserted-by":"crossref","first-page":"4730","DOI":"10.3390\/s22134730","article-title":"Machine learning for wireless sensor networks security: an overview of challenges and issues","volume":"22","author":"Ahmad","year":"2022","journal-title":"Sensors"},{"key":"ref80","doi-asserted-by":"crossref","first-page":"4396","DOI":"10.3390\/app9204396","article-title":"Machine learning and deep learning methods for intrusion detection systems: a survey","volume":"9","author":"Liu","year":"2019","journal-title":"Appl Sci"}],"container-title":["Computers, Materials &amp; Continua"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/cdn.techscience.cn\/files\/cmc\/2025\/TSP_CMC-83-1\/TSP_CMC_59597\/TSP_CMC_59597.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T06:34:29Z","timestamp":1763102069000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.techscience.com\/cmc\/v83n1\/60072"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":80,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025]]},"published-print":{"date-parts":[[2025]]}},"URL":"https:\/\/doi.org\/10.32604\/cmc.2025.059597","relation":{},"ISSN":["1546-2226"],"issn-type":[{"type":"electronic","value":"1546-2226"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"2024-10-12","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-11-28","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-03-26","order":2,"name":"published","label":"Published Online","group":{"name":"publication_history","label":"Publication History"}}]}}