Date of Award

2-1-2025

Publication Type

Thesis

Degree Name

M.Sc.

Department

Computer Science

Keywords

Advanced Persistent Threats; Cybersecutiy benchmarks; Lateral Movement

Supervisor

Sherif Saad

Supervisor

Mohammad Mamun

Rights

info:eu-repo/semantics/openAccess

Abstract

Advanced Persistent Threats (APTs) pose a significant cybersecurity risk by lever- aging sophisticated techniques, with lateral movement (LM) playing a central role in these attacks. Lateral movement allows adversaries to navigate through compro- mised networks, escalating privileges, and gaining access to critical resources over extended periods. However, the detection of lateral movement has been hindered by a lack of comprehensive, high-quality datasets that accurately reflect the diverse and evolving tactics used in such attacks. Existing datasets suffer from several limita- tions, including a scarcity of lateral movement instances, outdated attack patterns, and insufficient diversity in techniques and attack paths, especially in cloud-based environments. Moreover, automatic labeling methods for dataset creation are often imprecise, complicating the training of effective detection models. This work addresses these challenges by proposing a new benchmark dataset specifically tailored for lateral movement attacks. We conduct a comprehensive anal- ysis of existing lateral movement attack datasets, highlighting gaps and providing insights into the strengths and weaknesses of current approaches. In response, we in- troduce the Lateral Movement Dataset Generator (LMDG), a framework designed to generate high-quality datasets for lateral movement and APT detection. The LMDG framework automates the generation of benign network traffic, simulates realistic at- tack scenarios, and incorporates an innovative labeling technique called process tree labeling, which improves the accuracy of automatic labeling compared to existing methods. Our contributions offer significant advancements in the development of lateral movement detection systems. The new dataset provides a valuable resource for train- ing and evaluating machine learning models, while the LMDG framework offers a reproducible toolset for generating datasets that accurately represent real-world at- tack behaviors. This work lays the foundation for future research into multi-stage APT detection, enabling the development of holistic systems that can better defend against the evolving landscape of sophisticated cyber threats.

Download

Share

COinS