Deep Dive into Hunting for LotLs Using Machine Learning and Feature Engineering

Tiberiu Boros, Andrei Cotaie

2023

Abstract

Living off the Land (LotL) is a well-known method in which attackers use pre-existing tools distributed with the operating system to perform their attack/lateral movement. LotL enables them to blend in along side sysadmin operations, thus making it particularly difficult to spot this type of activity. Our work is centered on detecting LotL via Machine Learning and Feature Engineering while keeping the number of False Positives to a minimum. The work described here is implemented in an open-source tool that is provided under the Apache 2.0 License, along side pre-trained models.

Download


Paper Citation


in Harvard Style

Boros T. and Cotaie A. (2023). Deep Dive into Hunting for LotLs Using Machine Learning and Feature Engineering. In Proceedings of the 8th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS, ISBN 978-989-758-643-9, SciTePress, pages 194-199. DOI: 10.5220/0011968700003482


in Bibtex Style

@conference{iotbds23,
author={Tiberiu Boros and Andrei Cotaie},
title={Deep Dive into Hunting for LotLs Using Machine Learning and Feature Engineering},
booktitle={Proceedings of the 8th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,},
year={2023},
pages={194-199},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011968700003482},
isbn={978-989-758-643-9},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,
TI - Deep Dive into Hunting for LotLs Using Machine Learning and Feature Engineering
SN - 978-989-758-643-9
AU - Boros T.
AU - Cotaie A.
PY - 2023
SP - 194
EP - 199
DO - 10.5220/0011968700003482
PB - SciTePress