| DOI | Resolve DOI: https://doi.org/10.1007/978-981-95-4434-9_25 |
|---|
| Author | Search for: Mamun, Mohammad1ORCID identifier: https://orcid.org/0000-0002-4045-8687; Search for: Ahmed, Hadeer2; Search for: Mabrouk, Anas3; Search for: Saad, Sherif3 |
|---|
| Affiliation | - National Research Council Canada. Digital Technologies
- University of Victoria
- University of Windsor
|
|---|
| Format | Text, Article |
|---|
| Conference | CANS 2025, 24th International Conference on Cryptology and Network Security, November 17–20, 2025, Osaka, Japan |
|---|
| Subject | Azure audit logs; cloud security; graph learning; lateral movement detection |
|---|
| Abstract | The rapid evolution of enterprise network architectures from traditional monolithic systems to cloud-native platforms, such as Microsoft Azure, driven by its accessibility and cost-efficiency has introduced significant complexity and expanded the potential attack surface. As the boundaries of network perimeters blur within distributed cloud infrastructures, security solutions like lateral movement (LM) detection face significant challenges in keeping pace with evolving threats. Moreover, the scarcity of attack data hinders the development and testing of effective detection algorithms. To address this gap, we adapted the Hopper attack synthesis framework to model interactions among internal users, applications, and resources within cloud platforms. Our adaptation generates synthetic datasets that simulate various attack scenarios for Azure login data. These synthetic data serve as the foundation for our research, enabling the systematic evaluation of multiple detection approaches without the need for sensitive production data. |
|---|
| Publication date | 2025-11-13 |
|---|
| Publisher | Springer Nature |
|---|
| Place | Singapore |
|---|
| Copyright statement | - © 2026 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
|
|---|
| In | |
|---|
| Series | |
|---|
| Related data | |
|---|
| Language | English |
|---|
| Peer reviewed | Yes |
|---|
| Export citation | Export as RIS |
|---|
| Report a correction | Report a correction (opens in a new tab) |
|---|
| Record identifier | 7a2ce558-caf4-43f1-8fd6-1bb16c86fb40 |
|---|
| Record created | 2026-02-17 |
|---|
| Record modified | 2026-02-17 |
|---|
