Abstract
Active Directory is widely used in organizations to administer windows user accounts and related IT resources. It acts as centralized management to control windows based network. Attackers are focusing on compromising Active Directory Domain Services in order to take over the whole domain network. In this paper, we have studied about the detection of known attacks targeting on domain services from attacker end using SIEM and hence suggested prevention methods. SIEM’s are widely used in many organizations by security analysts to monitor their network using event logs. The detection rules were designed and implemented in Splunk. The evaluations of rules and attacks are performed in a virtual environment. The proposed preventive measures will be able to resist against known attacks on active directory.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kotlaba, L.: Detection of Active Directory attacks. Bachelor’s thesis. Czech Technical University in Prague, Faculty of Information Technology (2019)
Siva Niranjan Raja, M., Vasudevan, A.R.: Rule generation for TCP SYN flood attack in SIEM environment. In: 2017 Procedia Computer Science, vol. 115, pp. 580–587, ISSN: 1877-0509
Sekharan, S.S., Kandasamy, K.: Profiling SIEM tools and correlation engines for security analytics. In: 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, 2017, pp. 717–721
Fujimoto, M., Matsuda, W., Mitsunaga, T.: Detecting abuse of domain administrator privilege using windows event log. In: 2018 IEEE Conference on Application, Information and Network Security (AINS), Langkawi, Malaysia, 2018, pp. 15–20
Nair, H., Sridaran, R.: An innovative model (HS) to enhance the security in windows operating system—a case study. In: 2019 6th International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India, 2019, pp. 1207–1211
Active Directory Security: How Attackers Dump Active Directory Database Credentials https://adsecurity.org/?p=2398
Techniques: Brute Force. https://attack.mitre.org/techniques/T1110/
Active Directory Security: Finding Passwords in SYSVOL & Exploiting Group Policy Preferences. https://adsecurity.org/?p=2288
Techniques: Kerberoasting. https://attack.mitre.org/techniques/T1208/
Matsuda, W., Fujimoto, M., Mitsunaga, T.: Detecting APT attacks against active directory using machine leaning. In: 2018 IEEE Conference on Application, Information and Network Security (AINS), Langkawi, Malaysia, 2018, pp. 60–65
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Muthuraj, S., Sethumadhavan, M., Amritha, P.P., Santhya, R. (2021). Detection and Prevention of Attacks on Active Directory Using SIEM. In: Senjyu, T., Mahalle, P.N., Perumal, T., Joshi, A. (eds) Information and Communication Technology for Intelligent Systems. ICTIS 2020. Smart Innovation, Systems and Technologies, vol 196. Springer, Singapore. https://doi.org/10.1007/978-981-15-7062-9_53
Download citation
DOI: https://doi.org/10.1007/978-981-15-7062-9_53
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-7061-2
Online ISBN: 978-981-15-7062-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)