<![CDATA[This study addresses the challenge of detecting network pivoting, a lateral movement technique that is difficult to identify in insider and BYOD environments because malicious transitions can resemble normal internal activity. The objective was to improve detection of both known and unknown pivoting behaviours while supporting practical triage in resource-constrained institutions. A hybrid detection framework was developed that fuses Snort signature alerts with machine learning classification and unsupervised anomaly detection using behavioural features derived from BYOD-like network traffic. The approach was evaluated in a controlled testbed and supported by organisational survey findings on awareness and monitoring practice. Results show the hybrid system achieved 96.2% classification accuracy with a 4.5% false positive rate when distinguishing normal traffic, suspicious activity, and pivoting attacks. Compared with signature-only and machine-learning-only baselines, the hybrid design detected simulated pivoting attempts earlier and more consistently. User acceptance testing also reported strong satisfaction with the integrated dashboard for monitoring, filtering, and reporting. The key contribution is a unified, dashboard-oriented fusion of signature and behavioural evidence that strengthens early lateral movement detection and reduces manual correlation effort.]]>
Copyrights © 2026
