Deep Dive into Hunting for LotLs Using Machine Learning and Feature Engineering.
2023-04-21IoTBDS 2023Code Available1· sign in to hype
Tiberiu Boros, Andrei Cotaie
Code Available — Be the first to reproduce this paper.
ReproduceCode
- github.com/adobe/liblolnone★ 51
Abstract
Living off the Land (LotL) is a well-known method in which attackers use pre-existing tools distributed with the operating system to perform their attack/lateral movement. LotL enables them to blend in along side sysadmin operations, thus making it particularly difficult to spot this type of activity. Our work is centered on detecting LotL via Machine Learning and Feature Engineering while keeping the number of False Positives to a minimum. The work described here is implemented in an open-source tool that is provided under the Apache 2.0 License, along side pre-trained models.