All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”

Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F21%3A00350403" target="_blank" >RIV/68407700:21240/21:00350403 - isvavai.cz</a>

  • Result on the web

    <a href="https://www.scitepress.org/Link.aspx?doi=10.5220/0010202803760383" target="_blank" >https://www.scitepress.org/Link.aspx?doi=10.5220/0010202803760383</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.5220/0010202803760383" target="_blank" >10.5220/0010202803760383</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques

  • Original language description

    Active Directory is a prevalent technology used for managing identities in modern enterprises. As a variety of attacks exist against Active Directory environment, its security monitoring is crucial. This paper focuses on detection of one particular attack - Kerberoasting. The purpose of this attack is to gain access to service accounts’ credentials without the need for elevated access rights. The attack is nowadays typically detected using traditional ”signature-based” detection approaches. Those, however, often result in a high number of false alerts. In this paper, we adopt machine learning techniques, particularly several anomaly detection al- gorithms, for detection of Kerberoasting. The algorithms are evaluated on data from a real Active Directory environment and compared to the traditional detection approach, with a focus on reducing the number of false alerts.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/EF16_019%2F0000765" target="_blank" >EF16_019/0000765: Research Center for Informatics</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2021

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Proceedings of the 7th International Conference on Information Systems Security and Privacy

  • ISBN

    978-989-758-491-6

  • ISSN

    2184-4356

  • e-ISSN

  • Number of pages

    8

  • Pages from-to

    376-383

  • Publisher name

    SciTePress

  • Place of publication

    Madeira

  • Event location

    Vídeň / Virtuální

  • Event date

    Feb 11, 2021

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000664076200035