University of Illinois Urbana-Champaign

Characterizing university network usage with Active Directory event logs

Mitsdarfer, Alex Joseph

Content Files
MITSDARFER-THESIS-2017.pdf

Permalink

https://hdl.handle.net/2142/99375

Description

Title
Characterizing university network usage with Active Directory event logs
Author(s)
Mitsdarfer, Alex Joseph
Issue Date
2017-12-06
Director of Research (if dissertation) or Advisor (if thesis)
Bailey, Michael
Department of Study
Electrical & Computer Eng
Discipline
Electrical & Computer Engr
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
M.S.
Degree Level
Thesis
Date of Ingest
2018-03-13T15:48:58Z
Keyword(s)
  • Active Directory
  • Network usage
  • Network characterization
  • University network
  • University network usage
  • University network characterization
  • Lateral movement
  • Event logs
  • Active Directory event logs
Abstract
In this thesis, we investigate a university network that uses Active Directory as its authentication system. We get an understanding of the network by analyzing Windows event logs generated at Active Directory domain controllers. We want to see what network activity looks like as a first step in identifying and modeling network lateral movement. We characterize network activity, access behavior, most frequent events encountered, and domain controller usage. We find that the data, covering a week’s time, supports multiple trends. The number of events encountered increases from morning to noon and decreases after mid afternoon. Weekend activity is lower than during weekdays. Over the week of user-generated events, about 85% create 1,000 events or less. Less than 5% of users create more than 10,000 events. The top five events encountered are associated with user sessions (i.e., login, logout, authentication) or Kerberos ticket requests. Most events are generated at the Urbana Domain Controllers. The second largest number of events (although about 15 times smaller) are generated at the DCs that serve only WiFi and VPN.
Graduation Semester
2017-12
Type of Resource
text
Permalink
http://hdl.handle.net/2142/99375
Copyright and License Information
Copyright 2017 Alex Mitsdarfer

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois
Dissertations and Theses - Electrical and Computer Engineering
Dissertations and Theses in Electrical and Computer Engineering