Detecting Credential Compromise in Enterprise Networks
Mobin Javed
EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2016-216
December 16, 2016
http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016-216.pdf

Secure remote access is integral to the workflow of virtually every enterprise today. It is also an avenue ripe for network infiltration---attackers who can steal network-login credentials can often readily penetrate a site's perimeter security to