The wild nature of humans has become civilized, and the weapons they use to attack each other are now
digitized. Security over the Internet usually takes a defensive shape, aiming to fight against attacks created
for malicious reasons. Invaders’ actions over the internet can take patterns by going through specific steps
every time they attack. These patterns can be used to predict, mitigate and stop these attacks. This study
proposes a method to label datasets related to multi-stage attacks according to attack stages rather than
the attack type. These datasets can be used later in machine learning models to build intelligent defensive
models. On the other hand, we propose a method to predict and early kill attacks in an active directory
environment, such as Kerberoasting attacks. In this study, we have collected the data related to a suggested
Kerberoasting attack scenario in pcap files. Every pcap file contains the data related to a particular stage
of the attack lifecycle, the extracted information from the pcap files was used to highlight the features and
specific activities during every stage. The information was used to draw an efficient defensive plan against
the attack. Here we propose a methodology to draw equivalent defensive plans for other similar attacks as
the Kerberoasting attack covered in this study.
Key words: Kerberoasting, Dataset, Early Detection .
|
