Yasin Aksüt, An Analysis of Kerberoasting Attack and Detection with Supervised Machine Learning Algorithms

M.S. Candidate: Yasin Aksüt
Program: Cyber Security
Date: 05.09.2024 / 10:00
Place: 
II-06

Abstract: Perimeter security used by hackers is no longer a barrier to accessing networks and accessing critical data.  Most hackers believe that traditional security environment of firewalls and antivirus is useless or outdated. Therefore, it is essential to have a robust security strategy in place to prevent and detect AD (Active Directory) attacks in depth. Detection of AD attacks is difficult because attackers often use techniques that blend in with normal network traffic and activities. Among the AD attacks, kerberoasting attack which leverages inherent weaknesses in the Kerberos authentication protocol used by AD can be most stealthy and may not exhibit obvious signs of compromise. It makes difficult for security teams to detect them using traditional security tools. We are going to try to provide a solution for  detection of Kerberoasting attack by using supervised machine learning algorithms. And also for the sake of protecting the security of sensitive data, there is no publicly available dataset that can be used to measure the efficiency of any machine learning algorithm for Kerberoasting attacks. For this reason, a dataset was created by conducting the thesis study in a virtual environment and security logs shared on Github.