Optimizing Cyber Response Time on Temporal Active Directory Networks Using Decoys
Huy Q. Ngo, Mingyu Guo, Hung Nguyen
TL;DR
This paper introduces a novel approach to placing decoys in temporal Active Directory networks to improve attack detection, using game theory and evolutionary algorithms to optimize response time against attackers.
Contribution
It models decoy placement as a Stackelberg game on temporal attack graphs and develops scalable algorithms to maximize detection response time.
Findings
Proposed a new metric called response time for temporal attack graphs.
Developed EDO algorithms for optimal decoy placement.
Enhanced scalability with tailored repair operations.
Abstract
Microsoft Active Directory (AD) is the default security management system for Window domain network. We study the problem of placing decoys in AD network to detect potential attacks. We model the problem as a Stackelberg game between an attacker and a defender on AD attack graphs where the defender employs a set of decoys to detect the attacker on their way to Domain Admin (DA). Contrary to previous works, we consider time-varying (temporal) attack graphs. We proposed a novel metric called response time, to measure the effectiveness of our decoy placement in temporal attack graphs. Response time is defined as the duration from the moment attackers trigger the first decoy to when they compromise the DA. Our goal is to maximize the defender's response time to the worst-case attack paths. We establish the NP-hard nature of the defender's optimization problem, leading us to develop…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsMobile Agent-Based Network Management · Opportunistic and Delay-Tolerant Networks · Cognitive Computing and Networks
MethodsSparse Evolutionary Training