Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques

Lukáš Kotlaba; Simona Buchovecká; Róbert Lórencz

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques

Topics: AI and Machine Learning for Security; Data and Software Security; Intrusion Detection and Response

In Proceedings of the 7th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 376-383, 2021

Authors: Lukáš Kotlaba ; Simona Buchovecká and Róbert Lórencz

Affiliation: Department of Information Security, Faculty of Information Technology, Czech Technical University in Prague, Czech Republic

Keyword(s): MS Active Directory, Machine Learning, Kerberoasting, Attack Detection, Cybersecurity.

Abstract: Active Directory is a prevalent technology used for managing identities in modern enterprises. As a variety of attacks exist against Active Directory environment, its security monitoring is crucial. This paper focuses on detection of one particular attack - Kerberoasting. The purpose of this attack is to gain access to service accounts’ credentials without the need for elevated access rights. The attack is nowadays typically detected using traditional ”signature-based” detection approaches. Those, however, often result in a high number of false alerts. In this paper, we adopt machine learning techniques, particularly several anomaly detection algorithms, for detection of Kerberoasting. The algorithms are evaluated on data from a real Active Directory environment and compared to the traditional detection approach, with a focus on reducing the number of false alerts.

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.222.125.171

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Kotlaba, L.; Buchovecká, S. and Lórencz, R. (2021). Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques. In Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-491-6; ISSN 2184-4356, SciTePress, pages 376-383. DOI: 10.5220/0010202803760383

@conference{icissp21,
author={Lukáš Kotlaba. and Simona Buchovecká. and Róbert Lórencz.},
title={Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP},
year={2021},
pages={376-383},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010202803760383},
isbn={978-989-758-491-6},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP
TI - Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques
SN - 978-989-758-491-6
IS - 2184-4356
AU - Kotlaba, L.
AU - Buchovecká, S.
AU - Lórencz, R.
PY - 2021
SP - 376
EP - 383
DO - 10.5220/0010202803760383
PB - SciTePress