Exposing targeted attacks by observing privilege interactions between entities