Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs
RiuNet: Repositorio Institucional de la Universidad Politécnica de Valencia
JavaScript is disabled for your browser. Some features of this site may not work without it.
Buscar en RiuNet
Listar
Mi cuenta
Estadísticas
Ayuda RiuNet
Admin. UPV
Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs
Mostrar el registro sencillo del ítem
Ficheros en el ítem
| dc.contributor.author | Herranz-Oliveros, David
|
es_ES |
| dc.contributor.author | Tejedor-Romero, Marino
|
es_ES |
| dc.contributor.author | Gimenez-Guzman, Jose Manuel
|
es_ES |
| dc.contributor.author | de la Cruz-Piris, Luis
|
es_ES |
| dc.date.accessioned | 2024-11-04T19:04:39Z | |
| dc.date.available | 2024-11-04T19:04:39Z | |
| dc.date.issued | 2024-10 | es_ES |
| dc.identifier.uri | http://hdl.handle.net/10251/211254 | |
| dc.description.abstract | [EN] Cybersecurity threats, particularly those involving lateral movement within networks, pose significant risks to critical infrastructures such as Microsoft Active Directory. This study addresses the need for effective defense mechanisms that minimize network disruption while preventing attackers from reaching key assets. Modeling Active Directory networks as a graph in which the nodes represent the network components and the edges represent the logical interactions between them, we use centrality metrics to derive the impact of hardening nodes in terms of constraining the progression of attacks. We propose using Unsupervised Learning techniques, specifically density-based clustering algorithms, to identify those nodes given the information provided by their metrics. Our approach includes simulating attack paths using a snowball model, enabling us to analytically evaluate the impact of hardening on delaying Domain Administration compromise. We tested our methodology on both real and synthetic Active Directory graphs, demonstrating that it can significantly slow down the propagation of threats from reaching the Domain Administration across the studied scenarios. Additionally, we explore the potential of these techniques to enable flexible selection of the number of nodes to secure. Our findings suggest that the proposed methods significantly enhance the resilience of Active Directory environments against targeted cyber-attacks. | es_ES |
| dc.description.sponsorship | This publication is part of project TED2021-131387B-I00 funded by MCIN/AEI/10.13039/501100011033 and by the European Union "NextGenerationEU"/PRTR and of project PID2021-123168NB-I00 funded by MCIN/AEI/10.13039/501100011033/FEDER, UE. Finally, this work is a part of the research project SBPLY/23/180225/000160, which is funded by the EU through FEDER, Spain, and by the JCCM through INNOCAM. David Herranz is also funded by both an FPU grant and a Mobility Grant for Research Staff in Training from the University of Alcala. | es_ES |
| dc.language | Inglés | es_ES |
| dc.publisher | MDPI AG | es_ES |
| dc.relation.ispartof | Electronics | es_ES |
| dc.rights | Reconocimiento (by) | es_ES |
| dc.subject | Cybersecurity | es_ES |
| dc.subject | Lateral movement | es_ES |
| dc.subject | Threat mitigation | es_ES |
| dc.subject | Unsupervised learning | es_ES |
| dc.subject | Attack graphs | es_ES |
| dc.subject | Active directory | es_ES |
| dc.subject | Hardening placement | es_ES |
| dc.subject.classification | INGENIERÍA TELEMÁTICA | es_ES |
| dc.title | Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs | es_ES |
| dc.type | Artículo | es_ES |
| dc.identifier.doi | 10.3390/electronics13193944 | es_ES |
| dc.relation.projectID | info:eu-repo/grantAgreement/AEI//PID2021-123168NB-I00//EVOLUCIÓN DE LA RED DE ACCESO RADIO HACIA 6G PARA SERVICIOS MASIVOS Y DE BAJA LATENCIA/ | es_ES |
| dc.relation.projectID | info:eu-repo/grantAgreement/JCCM//SBPLY%2F23%2F180225%2F000160/ | es_ES |
| dc.relation.projectID | info:eu-repo/grantAgreement/AEI//TED2021-131387B-I00/ | es_ES |
| dc.rights.accessRights | Abierto | es_ES |
| dc.contributor.affiliation | Universitat Politècnica de València. Escuela Técnica Superior de Ingenieros de Telecomunicación - Escola Tècnica Superior d'Enginyers de Telecomunicació | es_ES |
| dc.description.bibliographicCitation | Herranz-Oliveros, D.; Tejedor-Romero, M.; Gimenez-Guzman, JM.; De La Cruz-Piris, L. (2024). Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs. Electronics. 13(19). https://doi.org/10.3390/electronics13193944 | es_ES |
| dc.description.accrualMethod | S | es_ES |
| dc.relation.publisherversion | https://doi.org/10.3390/electronics13193944 | es_ES |
| dc.type.version | info:eu-repo/semantics/publishedVersion | es_ES |
| dc.description.volume | 13 | es_ES |
| dc.description.issue | 19 | es_ES |
| dc.identifier.eissn | 2079-9292 | es_ES |
| dc.relation.pasarela | S\530934 | es_ES |
| dc.contributor.funder | Universidad de Alcalá | es_ES |
| dc.contributor.funder | AGENCIA ESTATAL DE INVESTIGACION | es_ES |
| dc.contributor.funder | Agencia Estatal de Investigación | es_ES |
| dc.contributor.funder | European Molecular Biology Organization | es_ES |
| dc.contributor.funder | Junta de Comunidades de Castilla-La Mancha | es_ES |
Este ítem aparece en la(s) siguiente(s) colección(ones)
Universitat Politècnica de València. Unidad de Documentación Científica de la Biblioteca (+34) 96 387 70 85 · RiuNet@bib.upv.es
El contenido de este sitio está bajo una licencia Creative Commons Reconocimiento – No Comercial – Sin Obra Derivada (by-nc-nd), salvo que se indique lo contrario.
Los metadatos de este sitio están bajo una licencia Dominio Público.
