Next Article in Journal
Temple Recommendation Engine for Route Planning Based on TPS Clustering CNN Method
Previous Article in Journal
KHV: KVM-Based Heterogeneous Virtualization
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 11
Issue 16
10.3390/electronics11162629
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Active Directory Attacks—Steps, Types, and Signatures

Electronics 2022, 11(16), 2629; https://doi.org/10.3390/electronics11162629
by Basem Ibrahim Mokhtar 1, Anca D. Jurcut 2, Mahmoud Said ElSayed 2,* and Marianne A. Azer 1,3
Reviewer 1:
Nahla El Araby
Reviewer 2:
Zlatin Zlatev
Electronics 2022, 11(16), 2629; https://doi.org/10.3390/electronics11162629
Submission received: 15 July 2022 / Revised: 16 August 2022 / Accepted: 17 August 2022 / Published: 22 August 2022
(This article belongs to the Section Computer Science & Engineering)

Round 1

Reviewer 1 Report

The paper is explaining the active directory attacks and is helpful for understanding Active directory adversaries. The topic is interesting and the flow of information is clear. However, it is more like a survey than like a research paper. I don't see novel research or contribution by the presented experiments. I think it can be considered a good survey paper but after adding a defined perspective, enhanced discussion and clear outlook about the listed attacks.

Author Response

Response:

We highly value the suggestions and recommendations given to us. We have considered the reviewer's advice and have accordingly modified the manuscript. We are hoping that the current revised version is fulfilling the reviewer' expectations.

  1. Response to Comments and Suggestions from Reviewer 1

Comments:

Reviewer#1, Concern # 1:

1- The paper is explaining the active directory attacks and is helpful for understanding Active directory adversaries. The topic is interesting and the flow of information is clear. However, it is more like a survey than like a research paper. I don't see novel research or contribution by the presented experiments. I think it can be considered a good survey paper but after adding a defined perspective, enhanced discussion and clear outlook about the listed attacks. 

Author response:  We thank the reviewer for bringing up this point. We agree that further work is needed in order to improve the paper quality and to be clear for the interested reader.

Author action: We have updated the manuscript by adding a new sections to describe the most common AD attacks and to provide with some recommendations. Also, we enhanced the manuscript by creating Table 1 to represent the advanced Persistent AD attacks with their main characterizing attributes and various detection and protection solutions to clarify the problem statement in a clear mind.

Reviewer 2 Report

Authors contributions:

The authors have highlighted the techniques used to elevate privileges in Active Directory environments. They have also list mitigation techniques to detect, minimize and avoid these types of attacks. Furthermore, we conduct experimental work on two Active Directory attacks.

A block diagram of the Kerberos authentication workflow is presented, which is abused in most Active Directory attacks. The most common Active Directory attacks were discussed. Additionally, an overview of the existing detection and mitigation mechanisms was provided.

A comparative analysis of the most common Active Directory attacks are discussed.

For their future work, the authors plan to propose and simulate new detection and mitigation mechanisms for different types of Active Directory attacks.

 

I have some reviewer notes:

Abstract. You have to show what is the accuracy of the proposed methods. Also how the work will be continued.

Extend your “Introduction” part to one page. You have to define the problem in better way.

“Background”. In this part you have to define what problems in this study area are not solved. You have to cite 6-10 papers and to comment what are the problems in these solutions.

Figure 2. You have to describe the presented steps with more details. It is not clear what are the problems in different steps.

Line 114. Active Directory Module. You need to cite literature source.

Figure 6. In the description of the figure, add numbers and describe every step. Also, for Figures 7 and 8.

“5.1.Lab Setup and Methodology.” You have to describe the hardware that you use. Also for both hardware and software tools, you have to show “Model, Manufacturer, City, Country of origin”.

For example: Windows 10 Enterprise, (Microsoft Corp., One Microsoft Way, Redmond, Washington, United States).

Discussion part is missing. You have to compare your results with those from other authors. Minimum three papers must be compared. At the beginning of the discussion part you can make Table, in which you have to summarize your results with minimum three assessment criteria.

Conclusion. You have to show what is the accuracy of the proposed methods. You have to write, how your results improve the known solutions in this study area.

 

I have some suggestions:

Make more comparative analyses with other papers. Describe your results with values, not only with text descriptions. Present the accuracy of your results. Make more detailed descriptions of your figures. These suggestions will improve your contribution.

Author Response

  1. Response to Comments and Suggestions from Reviewer 2

Response:

We highly value the suggestions and recommendations given to us. We have considered the reviewer's advice and have accordingly modified the manuscript. We are hoping that the current revised version is fulfilling the reviewer' expectations.

 

Reviewer#2, Concern # 1:

Abstract. You have to show what is the accuracy of the proposed methods. Also how the work will be continued.

Author response:  We greatly appreciate the reviewer’ recommendation. Indeed, we did further amendments on the abstract section to represent the output of the proposed work.

Author action: We have updated the manuscript by modified the Abstract section and added the required amendments.

 

Reviewer#2, Concern # 2:

Extend your “Introduction” part to one page. You have to define the problem in better way.

Author response:  We appreciate the constructive and helpful comments of the reviewer in this regard. We have updated the manuscript and made the further amendments to show the problem statement in an effective way.

Author action: We have updated the manuscript by modified the Introduction section and added the required amendments.

 

Reviewer#2, Concern # 3:

“Background”. In this part you have to define what problems in this study area are not solved. You have to cite 6-10 papers and to comment what are the problems in these solutions.

Author response:  We thank the reviewer for bringing up this point. We agree that further work is needed to represent the estimated problem properly and the limitations in the related work. According to the reviewer suggestion, We have updated the manuscript and made the requirements amendments.

Author action: We updated the manuscript by adding the requirement amendments to clarify the problem efficiently.

 

Reviewer#2, Concern # 3:

Figure 2. You have to describe the presented steps with more details. It is not clear what are the problems in different steps.

Author response:  We agree and thank the reviewer for this comment. We have updated Fig. 2 according to the reviewer’s suggestion.

Author action: We updated the manuscript by modifying Figure 2 under section 3.

 

Reviewer#2, Concern # 4:

Line 114. Active Directory Module. You need to cite literature source

Author response:  We thank the reviewer for this comment. We have added a new citation for the Active directory Module.   

Author action: We updated the manuscript by adding the new citation under Section3- point B as requested by the reviewers.  

 

Reviewer#2, Concern # 5:

Figure 6. In the description of the figure, add numbers and describe every step. Also, for Figures 7 and 8.

Author response:  We agree and thank the reviewer for this comment. We have updated Figures 6, Figures 7 and 8. according to the reviewer’s suggestion.

Author action: We updated the manuscript by modifying Figure 6, 7. We also added Table 1 instead of Fig. 8 for further explanation.

 

Reviewer#2, Concern # 6:

“5.1.Lab Setup and Methodology.” You have to describe the hardware that you use. Also for both hardware and software tools, you have to show “Model, Manufacturer, City, Country of origin”.

Author response:  In the updated manuscript, we described the used tools for both Hardware and Software.

Author action: We updated the manuscript by modifying Section5 and Table 2 with the required amendments to describe the experimental environment in our work.

 

Reviewer#2, Concern # 7:

Discussion part is missing. You have to compare your results with those from other authors. Minimum three papers must be compared. At the beginning of the discussion part you can make Table, in which you have to summarize your results with minimum three assessment criteria.

Author response:  We thank the reviewer for bringing up this point. We agree that further work is needed in order to improve the paper quality and to be clear for the interested reader.

Author action: We have updated the manuscript by extending the problem and adding Table 1 to describe the most common AD attacks and to provide with some recommendations. Also, we enhanced the manuscript by modifying the introduction section to clarify the problem statement in a clear mind.

 

Reviewer#2, Concern # 8:

Conclusion. You have to show what is the accuracy of the proposed methods. You have to write, how your results improve the known solutions in this study area

Author response:  In the updated manuscript, we have modified the manuscript and made the requirement amendments on the Conclusion Section according to the reviewer’s suggestion.

Author action: We updated the manuscript by modifying the Conclusion Section to show the obtained results for the proposed method.

Round 2

Reviewer 1 Report

The added information are useful. However, I still have the following comments:

1- The related work section is not including any comparison to your work, just listing what other have done.

2- The conclusion still needs elaboration, the sentence "The goal of these experiments was to assess and investigate any signatures of these attacks in the windows event logs to assist in fast detection and response in case of any intrusion" should be followed by the assessment results, what is the conclusion from this assessment?

3- Also you need to write some conclusion, what do you conclude from the collected information. The conclusion is just summarizing what was listed in the paper. Some outlook is needed,  what is required in the future? what is missing in present methods? what is expected in the future? 

4- Table 1 and 2 are clipped, please review formatting.

 

Author Response

The authors would like to extend their appreciation to the reviewers for their precious time and invaluable comments. We appreciate the time and effort that you dedicated to providing feedback on our manuscript and we are grateful for the insightful comments that help us to provide valuable improvements to our paper. We have carefully addressed all comments and believe that this version is suitable for publishing in the Electronics Journal, Computer Science & Engineering Journal.

 

Reviewer 2 Report

The paper is corrected according to the reviewer notes.

Author Response

The authors would like to extend their appreciation to the reviewers for their precious time and invaluable comments. We appreciate the time and effort that you dedicated to providing feedback on our manuscript and we are grateful for the insightful comments that help us to provide valuable improvements to our paper. We have carefully addressed all comments and believe that this version is suitable for publishing in the Electronics Journal, Computer Science & Engineering Journal. 

Back to TopTop