Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques

Lukáš Kotlaba; Simona Buchovecká; Róbert Lórencz

doi:10.5220/0010202803760383

Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques

Lukáš Kotlaba, Simona Buchovecká, Róbert Lórencz

2021

Abstract

Active Directory is a prevalent technology used for managing identities in modern enterprises. As a variety of attacks exist against Active Directory environment, its security monitoring is crucial. This paper focuses on detection of one particular attack - Kerberoasting. The purpose of this attack is to gain access to service accounts’ credentials without the need for elevated access rights. The attack is nowadays typically detected using traditional ”signature-based” detection approaches. Those, however, often result in a high number of false alerts. In this paper, we adopt machine learning techniques, particularly several anomaly detection algorithms, for detection of Kerberoasting. The algorithms are evaluated on data from a real Active Directory environment and compared to the traditional detection approach, with a focus on reducing the number of false alerts.

Download

Paper Citation

in Harvard Style

Kotlaba L., Buchovecká S. and Lórencz R. (2021). Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques.In Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-491-6, pages 376-383. DOI: 10.5220/0010202803760383

in Bibtex Style

@conference{icissp21,
author={Lukáš Kotlaba and Simona Buchovecká and Róbert Lórencz},
title={Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2021},
pages={376-383},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010202803760383},
isbn={978-989-758-491-6},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques
SN - 978-989-758-491-6
AU - Kotlaba L.
AU - Buchovecká S.
AU - Lórencz R.
PY - 2021
SP - 376
EP - 383
DO - 10.5220/0010202803760383