This is an early access version, the complete PDF, HTML, and XML versions will be available soon.
Open AccessArticle
Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs
1
Departamento de Automática, Universidad de Alcalá, 33,600, 28805 Madrid, Spain
2
Departamento de Comunicaciones, Universitat Politècnica de València, 46022 Valencia, Spain
*
Author to whom correspondence should be addressed.
Electronics 2024, 13(19), 3944; https://doi.org/10.3390/electronics13193944 (registering DOI)
Submission received: 4 September 2024
/
Revised: 30 September 2024
/
Accepted: 4 October 2024
/
Published: 6 October 2024
Abstract
Cybersecurity threats, particularly those involving lateral movement within networks, pose significant risks to critical infrastructures such as Microsoft Active Directory. This study addresses the need for effective defense mechanisms that minimize network disruption while preventing attackers from reaching key assets. Modeling Active Directory networks as a graph in which the nodes represent the network components and the edges represent the logical interactions between them, we use centrality metrics to derive the impact of hardening nodes in terms of constraining the progression of attacks. We propose using Unsupervised Learning techniques, specifically density-based clustering algorithms, to identify those nodes given the information provided by their metrics. Our approach includes simulating attack paths using a snowball model, enabling us to analytically evaluate the impact of hardening on delaying Domain Administration compromise. We tested our methodology on both real and synthetic Active Directory graphs, demonstrating that it can significantly slow down the propagation of threats from reaching the Domain Administration across the studied scenarios. Additionally, we explore the potential of these techniques to enable flexible selection of the number of nodes to secure. Our findings suggest that the proposed methods significantly enhance the resilience of Active Directory environments against targeted cyber-attacks.
Share and Cite
MDPI and ACS Style
Herranz-Oliveros, D.; Tejedor-Romero, M.; Gimenez-Guzman, J.M.; Cruz-Piris, L.
Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs. Electronics 2024, 13, 3944.
https://doi.org/10.3390/electronics13193944
AMA Style
Herranz-Oliveros D, Tejedor-Romero M, Gimenez-Guzman JM, Cruz-Piris L.
Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs. Electronics. 2024; 13(19):3944.
https://doi.org/10.3390/electronics13193944
Chicago/Turabian Style
Herranz-Oliveros, David, Marino Tejedor-Romero, Jose Manuel Gimenez-Guzman, and Luis Cruz-Piris.
2024. "Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs" Electronics 13, no. 19: 3944.
https://doi.org/10.3390/electronics13193944
Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details
here.
Article Metrics
Article metric data becomes available approximately 24 hours after publication online.