Remah Younisse, Mouhammd Alkasassbeh, Mohammad Almseidin, Hamza Abdi
{"title":"An Early Detection Model for Kerberoasting\nAttacks and Dataset Labeling","authors":"Remah Younisse, Mouhammd Alkasassbeh, Mohammad Almseidin, Hamza Abdi","doi":"10.5455/jjcit.71-1661423262","DOIUrl":null,"url":null,"abstract":"The wild nature of humans has become civilized, and the weapons they use to attack each other are now digitized. Security over the Internet usually takes a defensive shape, aiming to fight against attacks created for malicious reasons. Invaders’ actions over the internet can take patterns by going through specific steps every time they attack. These patterns can be used to predict, mitigate and stop these attacks. This study proposes a method to label datasets related to multi-stage attacks according to attack stages rather than the attack type. These datasets can be used later in machine learning models to build intelligent defensive models. On the other hand, we propose a method to predict and early kill attacks in an active directory environment, such as Kerberoasting attacks. In this study, we have collected the data related to a suggested Kerberoasting attack scenario in pcap files. Every pcap file contains the data related to a particular stage of the attack lifecycle, the extracted information from the pcap files was used to highlight the features and specific activities during every stage. The information was used to draw an efficient defensive plan against the attack. Here we propose a methodology to draw equivalent defensive plans for other similar attacks as the Kerberoasting attack covered in this study.","PeriodicalId":36757,"journal":{"name":"Jordanian Journal of Computers and Information Technology","volume":"1 1","pages":""},"PeriodicalIF":0.9000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Jordanian Journal of Computers and Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5455/jjcit.71-1661423262","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 2
Abstract
The wild nature of humans has become civilized, and the weapons they use to attack each other are now digitized. Security over the Internet usually takes a defensive shape, aiming to fight against attacks created for malicious reasons. Invaders’ actions over the internet can take patterns by going through specific steps every time they attack. These patterns can be used to predict, mitigate and stop these attacks. This study proposes a method to label datasets related to multi-stage attacks according to attack stages rather than the attack type. These datasets can be used later in machine learning models to build intelligent defensive models. On the other hand, we propose a method to predict and early kill attacks in an active directory environment, such as Kerberoasting attacks. In this study, we have collected the data related to a suggested Kerberoasting attack scenario in pcap files. Every pcap file contains the data related to a particular stage of the attack lifecycle, the extracted information from the pcap files was used to highlight the features and specific activities during every stage. The information was used to draw an efficient defensive plan against the attack. Here we propose a methodology to draw equivalent defensive plans for other similar attacks as the Kerberoasting attack covered in this study.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
