Detection and Prevention of Attacks on Active Directory Using SIEM

Muthuraj, S.; Sethumadhavan, M.; Amritha, P. P.; R, Santhya

doi:10.1007/978-981-15-7062-9_53

Cited by 5 publications

(6 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For example, AI/ML algorithms can recognize unexpected changes in connectivity patterns or user activities, identifying potential threats. In addition, continuous training of ML models can identify patterns that were previously not identified as threatening [44].…”

Section: Active Directory (Ad) -Open Xdrmentioning

confidence: 99%

“…Complexity in extracting actionable information from vast datasets [43], [32], [33], [34], [35], [36], [37], [38], [39], [40], [41], [42] AD and Open XDR Collaboration Combined analysis of AD data and Open XDR for nuanced threat detection Integrated approach to threat detection and response; Increased security N/A [48], [44], [45], [46], [47] Applications and Open XDR AI/ML for log file analysis; Pattern recognition and anomaly detection Accurate identification of risks; Real-time data analysis for rapid response Challenges in processing large volumes of complex data [5], [6], [48], [49], [50], [51], [52], [53], [54], [55], [56], [57] Log Forwarding and Open XDR Centralized log data analysis; Crossreferencing data from different sources Comprehensive view of digital activities; Advanced security analysis Management of extensive log data; Need for advanced analytical technologies [5], [6], [33], [38], [58], [59], [60], [61], [62], [63], [64], [65], …”

Section: Enhanced Detection Of Coordinated Cyber-threats; Realtime Th...mentioning

confidence: 99%

See 1 more Smart Citation

Integrating AI/ML in Cybersecurity: An Analysis of Open XDR Technology and its Application in Intrusion Detection and System Log Management

Pissanidis,

Demertzis

2024

Preprint

View full text Add to dashboard Cite

In today's digital landscape, cybersecurity has become a priority, with attacks becoming increasingly sophisticated. Traditional security approaches are no longer enough, requiring a more dynamic and advanced response. In this context, integrating Artificial Intelligence (AI) and Machine Learning (ML) appears key to addressing this growing threat. However, despite their high effectiveness, there is a developed problem: the integration of various data sources and technologies for comprehensive protection. This article presents an in-depth review of integrating Artificial Intelligence and Machine Learning in cybersecurity, focusing particularly on Open Extended Detection and Response (Open XDR) technology. The literature review in this article was meticulously conducted with specific criteria in mind. It focused on sourcing peer-reviewed journals, authoritative cybersecurity publications, and recent conferences that primarily concentrate on the advancements in AI and ML within the cybersecurity domain, particularly from 2018 to 2023. This timeframe was chosen to ensure the inclusion of the most current and relevant developments in Open XDR technology, Intrusion Detection Systems, Endpoint Detection and Response, and Security Information and Event Management systems. Additionally, the review gave special attention to studies and reports highlighting practical implementations and real-world applications of these technologies, thereby ensuring a comprehensive understanding of their impact and effectiveness in enhancing cybersecurity resilience. The methodology used is a detailed literature review, examining how various cybersecurity components interact and function. These components include Intrusion Detection Systems (IDS), which monitor networks for malicious activities; Endpoint Detection and Response (EDR), which focuses on detecting and investigating security incidents on endpoints; and Security Information and Event Management (SIEM), systems that provide real-time analysis of security alerts. The review also considers the role of Active Directory, a directory service for Windows domain networks, and the process of log forwarding, where log files are transmitted to a central server for analysis, in the context of AI and ML. The paper delves into the development of AI and ML, underscoring their roles in cybersecurity for advanced data processing, pattern recognition, and predicting threats. It explores both supervised (where the model is trained on labeled data) and unsupervised learning (where the model learns from unlabeled data) in ML, and how these techniques bolster cybersecurity measures. The article highlights the significance of Open XDR as a critical innovation that integrates data from multiple sources for comprehensive security analysis. Further, the review discusses how the integration of AI and ML into various cybersecurity tools, such as IDS, EDR, and SIEM, augments capabilities in threat detection and response. It addresses the challenges and opportunities that AI and ML present in the cybersecurity domain, focusing on ethical issues, data privacy concerns, and the necessity for ongoing professional development in this rapidly advancing field. The paper concludes by affirming the effectiveness of merging AI and ML with these cybersecurity tools within the Open XDR framework.

show abstract

Section: Active Directory (Ad) -Open Xdrmentioning

confidence: 99%

Section: Enhanced Detection Of Coordinated Cyber-threats; Realtime Th...mentioning

confidence: 99%

Integrating AI/ML in Cybersecurity: An Analysis of Open XDR Technology and its Application in Intrusion Detection and System Log Management

Pissanidis,

Demertzis

2024

Preprint

View full text Add to dashboard Cite

show abstract

“…AD, as a basic identity management system in many enterprises, provides information about the identity of users, their roles, and permissions. By leveraging data from AD, Open XDR is enhanced with different sources of information, including connectivity logs and user actions [43].…”

Section: Active Directory (Ad) -Open Xdrmentioning

confidence: 99%

“…Therefore, Open XDR, in addition to being a simple detection and response tool, is transformed into an advanced proactive security system that integrates various levels of analysis and information, constituting a broader ecosystem for dealing with cyber threats. The true value of the Open XDR platform is revealed through its multidimensional ability to coordinate and correlate data from a variety of sources, such as Intrusion Detection (IDS), Network Endpoint Incident Response (EDR) and Security Information and Incident Management (SIEM) systems, while considering geographic information and threat intelligence data [18,24,28,43]. This holistic approach not only maximizes the potential for more accurate threat detection but is also a catalyst for improving and personalizing response strategies.…”

Section: The Catalytic Role Of Open Xdrmentioning

confidence: 99%

Integrating AI/ML in Cybersecurity: An Analysis of Open XDR Technology and its Application in Intrusion Detection and System Log Management

Pissanidis,

Demertzis

2023

Preprint

View full text Add to dashboard Cite

In today's digital landscape, cybersecurity has become a priority, with attacks becoming increasingly sophisticated. Traditional security approaches are no longer enough, requiring a more dynamic and advanced response. In this context, integrating Artificial Intelligence (AI) and Machine Learning (ML) appears key to addressing this growing threat. However, despite their high effectiveness, there is a developed problem: the integration of various data sources and technologies for comprehensive protection. This article presents an in-depth review of integrating Artificial Intelligence and Ma-chine Learning in cybersecurity, focusing particularly on Open Extended Detection and Response (Open XDR) technology. The methodology used is a detailed literature review, examining how various cybersecurity components interact and function. These components include Intrusion Detection Systems (IDS), which monitor networks for malicious activities; Endpoint Detection and Response (EDR), which focuses on detecting and investigating security incidents on endpoints; and Security Information and Event Management (SIEM), systems that provide real-time analysis of security alerts. The review also considers the role of Active Directory, a directory service for Windows domain networks, and the process of log forwarding, where log files are transmitted to a central server for analysis, in the context of AI and ML. The paper delves into the development of AI and ML, underscoring their roles in cybersecurity for advanced data processing, pattern recognition, and predicting threats. It explores both supervised (where the model is trained on labeled data) and unsupervised learning (where the model learns from unlabeled data) in ML, and how these techniques bolster cybersecurity measures. The article highlights the significance of Open XDR as a critical innovation that integrates data from multiple sources for comprehensive security analysis. Further, the review discusses how the integration of AI and ML into various cybersecurity tools, such as IDS, EDR, and SIEM, augments capabilities in threat detection and response. It addresses the challenges and opportunities that AI and ML present in the cybersecurity domain, focusing on ethical issues, data privacy concerns, and the necessity for ongoing professional development in this rapidly advancing field. The paper concludes by affirming the effectiveness of merging AI and ML with these cybersecurity tools within the Open XDR framework. This integration significantly enhances threat detection, response efficiency, and overall cybersecurity resilience. The aim is to provide a comprehensive understanding of the current state of cybersecurity technologies, their interaction with AI and ML, and insights into the field's future developments.

show abstract

“…Many of the papers are outdated and cover older attack methods targeting operating systems from that era, while more recent papers discuss newer attack methods and the birth of new authentication protocols that lead to new attack methods. Muthuraj et al [3] discussed the detection and prevention of password authentication attacks on Active Directory using SIEM (security information and event management). Windows operating systems use different authentication mechanisms such as Kerberos, Public Key certificates, Digest, NT LAN Manager (NTLM), and different attack methods such as kerberoasting, brute force, credential dumping, and credential theft can be used to attack the relevant authentication mechanisms.…”

Section: Literature Reviewmentioning

confidence: 99%

Attacking Windows Hello for Business: Is It What We Were Promised?

et al. 2023

View full text Add to dashboard Cite

Traditional password authentication methods have raised many issues in the past, including insecure practices, so it comes as no surprise that the evolution of authentication should arrive in the form of password-less solutions. This research aims to explore the problems that password authentication and password policies present and aims to deploy Windows Hello for Business (WHFB) on-premises. This includes creating three virtual machines (VMs) and evaluating WHFB as a password-less solution and showing how an attacker with privileged access may retrieve the end user’s domain password from the computer’s memory using Mimikatz and describing the possible results. The conducted research tests are in the form of two attack methods. This was feasible by the creation of three VMs operating in the following way. The first VM will act as a domain controller (DC) and certificate authority server (CA server). The second VM will act as an Active Directory Federation Service (ADFS). The third VM will act as the end-user device. The test findings research summarized that password-less authentication is far more secure than the traditional authentication method; this is evidenced throughout the author’s tests. Within the first test, it was possible to retrieve the password from an enrolled device for WHFB while it was still in the second phase of the deployment. The second test was a brute-force attack on the PIN of WHFB; since WHFB has measures to prevent such attacks, the attack was unsuccessful. However, even though the retrieval of the password was successful, there are several obstacles to achieving this outcome. It was concluded that many organizations still use password authentication as their primary authentication method for accessing devices and applications. Larger organizations such as Microsoft and Google support the adoption of password-less authentication for end-users, and the current usage of password-less authentication shared by both organizations is encouraged. This usually leads organizations to adopt this new solution for their IT infrastructure. This is because it has been used and tested by millions of people and has proven to be safe. This supports the findings of increased usage and the need for password-less authentication by today’s users.

show abstract

Detection and Prevention of Attacks on Active Directory Using SIEM

Cited by 5 publications

References 4 publications

Integrating AI/ML in Cybersecurity: An Analysis of Open XDR Technology and its Application in Intrusion Detection and System Log Management

Integrating AI/ML in Cybersecurity: An Analysis of Open XDR Technology and its Application in Intrusion Detection and System Log Management

Integrating AI/ML in Cybersecurity: An Analysis of Open XDR Technology and its Application in Intrusion Detection and System Log Management

Attacking Windows Hello for Business: Is It What We Were Promised?

Contact Info

Product

Resources

About