Abstract
The wild nature of humans has become civilized, and the weapons they use to attack each other are now digitized. Security over the Internet usually takes a defensive shape, aiming to fight against attacks created for malicious reasons. Invaders’ actions over the internet can take patterns by going through specific steps every time they attack. These patterns can be used to predict, mitigate and stop these attacks. This study proposes a method to label datasets related to multi-stage attacks according to attack stages rather than the attack type. These datasets can be used later in machine learning models to build intelligent defensive models. On the other hand, we propose a method to predict and early kill attacks in an active directory environment, such as Kerberoasting attacks. In this study, we have collected the data related to a suggested Kerberoasting attack scenario in pcap files. Every pcap file contains the data related to a particular stage of the attack lifecycle, the extracted information from the pcap files was used to highlight the features and specific activities during every stage. The information was used to draw an efficient defensive plan against the attack. Here we propose a methodology to draw equivalent defensive plans for other similar attacks as the Kerberoasting attack covered in this study.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
