Unraveling Network-Based Pivoting Maneuvers: Empirical Insights and Challenges
- Martin Husákc, d(Author),
- ,
- Joseph Khouryb, c(Author),
- Đorđe Klisurab, c(Author),
- Elias Bou-Harbb, c(Author)
- aRochester Institute of Technology,
- bLouisiana State University,
- cThe University of Texas at San Antonio,
- dMasaryk University
Abstract
Pivoting days in a campus network. Through NetFlow monitoring, we initially identified potential pivoting candidates, which are traces in the network traffic that match known patterns. Subsequently, we conducted an in-depth analysis of these candidates and uncovered a significant number of false positives and benign pivoting-like patterns. To enhance investigation and understanding, we introduced a novel graph representation called a pivoting graph, which provides comprehensive visualization capabilities. Unfortunately, investigating pivoting candidates is highly dependent on the specific context and necessitates a strong understanding of the local environment. To address this challenge, we applied principal component analysis and clustering techniques to a diverse range of features. This allowed us to identify the most meaningful features for automated pivoting detection, eliminating the need for prior knowledge of the local environment.