Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F21%3A00350403" target="_blank" >RIV/68407700:21240/21:00350403 - isvavai.cz</a>
Result on the web
<a href="https://www.scitepress.org/Link.aspx?doi=10.5220/0010202803760383" target="_blank" >https://www.scitepress.org/Link.aspx?doi=10.5220/0010202803760383</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.5220/0010202803760383" target="_blank" >10.5220/0010202803760383</a>
Alternative languages
Result language
angličtina
Original language name
Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques
Original language description
Active Directory is a prevalent technology used for managing identities in modern enterprises. As a variety of attacks exist against Active Directory environment, its security monitoring is crucial. This paper focuses on detection of one particular attack - Kerberoasting. The purpose of this attack is to gain access to service accounts’ credentials without the need for elevated access rights. The attack is nowadays typically detected using traditional ”signature-based” detection approaches. Those, however, often result in a high number of false alerts. In this paper, we adopt machine learning techniques, particularly several anomaly detection al- gorithms, for detection of Kerberoasting. The algorithms are evaluated on data from a real Active Directory environment and compared to the traditional detection approach, with a focus on reducing the number of false alerts.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
<a href="/en/project/EF16_019%2F0000765" target="_blank" >EF16_019/0000765: Research Center for Informatics</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach
Others
Publication year
2021
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
Proceedings of the 7th International Conference on Information Systems Security and Privacy
ISBN
978-989-758-491-6
ISSN
2184-4356
e-ISSN
—
Number of pages
8
Pages from-to
376-383
Publisher name
SciTePress
Place of publication
Madeira
Event location
Vídeň / Virtuální
Event date
Feb 11, 2021
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
000664076200035