Papers
Topics
Authors
Recent
Search
2000 character limit reached

Optimizing Cyber Response Time on Temporal Active Directory Networks Using Decoys

Published 27 Mar 2024 in cs.CR, cs.GT, and cs.NE | (2403.18162v2)

Abstract: Microsoft Active Directory (AD) is the default security management system for Window domain network. We study the problem of placing decoys in AD network to detect potential attacks. We model the problem as a Stackelberg game between an attacker and a defender on AD attack graphs where the defender employs a set of decoys to detect the attacker on their way to Domain Admin (DA). Contrary to previous works, we consider time-varying (temporal) attack graphs. We proposed a novel metric called response time, to measure the effectiveness of our decoy placement in temporal attack graphs. Response time is defined as the duration from the moment attackers trigger the first decoy to when they compromise the DA. Our goal is to maximize the defender's response time to the worst-case attack paths. We establish the NP-hard nature of the defender's optimization problem, leading us to develop Evolutionary Diversity Optimization (EDO) algorithms. EDO algorithms identify diverse sets of high-quality solutions for the optimization problem. Despite the polynomial nature of the fitness function, it proves experimentally slow for larger graphs. To enhance scalability, we proposed an algorithm that exploits the static nature of AD infrastructure in the temporal setting. Then, we introduce tailored repair operations, ensuring the convergence to better results while maintaining scalability for larger graphs.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (23)
  1. A Formal Model for Credential Hopping Attacks. In European Symposium on Research in Computer Security. Springer, 367–386.
  2. Evgeny Bogokovsky and Andrey Karpovsky. 2022. Detecting malicious key extractions by compromised identities for Azure Cosmos DB. https://www.microsoft.com/en-us/security/blog/2022/06/23/detecting-malicious-key-extractions-by-compromised-identities-for-azure-cosmos-db/.
  3. Evolving diverse TSP instances by means of novel and creative mutation operators. In Proceedings of the 15th ACM/SIGEVO conference on foundations of genetic algorithms. 58–71.
  4. Breeding diverse packings for the knapsack problem by means of diversity-tailored evolutionary algorithms. In Proceedings of the Genetic and Evolutionary Computation Conference. 556–564.
  5. Jakob Bossek and Frank Neumann. 2021. Evolutionary diversity optimization and the minimum spanning tree problem. In Proceedings of the Genetic and Evolutionary Computation Conference. 198–206.
  6. Yoav Daniely. 2021. What’s new: Microsoft Sentinel Deception Solution. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-microsoft-sentinel-deception-solution/ba-p/2904945.
  7. Analysis of evolutionary diversity optimization for permutation problems. ACM Transactions on Evolutionary Learning 2, 3 (2022), 1–27.
  8. Heat-ray: combating identity snowball attacks using machinelearning, combinatorial optimization and attack graphs. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles. 305–320.
  9. Evolving Reinforcement Learning Environment to Minimize Learner’s Achievable Reward: An Application on Hardening Active Directory Systems. GECCO ’23: Genetic and Evolutionary Computation Conference, 2023, 2023 (2023).
  10. Defending active directory by combining neural network based dynamic program and evolutionary diversity optimisation. In Proceedings of the Genetic and Evolutionary Computation Conference. 1191–1199.
  11. Practical fixed-parameter algorithms for defending active directory style attack graphs. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 36. 9360–9367.
  12. Limited Query Graph Connectivity Test. Proceedings of the AAAI Conference on Artificial Intelligence (2024).
  13. Scalable edge blocking algorithms for defending active directory style attack graphs. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 37. 5649–5656.
  14. Evald Markinzon. 2023. Ignite News: Augment your EDR with deception tactics to catch adversaries early. https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/ignite-news-augment-your-edr-with-deception-tactics-to-catch/ba-p/3982253.
  15. Microsoft. 2023. Microsoft Digital Defense Report. https://www.microsoft.com/en/security/security-insider/microsoft-digital-defense-report-2023/.
  16. Catch Me if You Can: Effective Honeypot Placement in Dynamic AD Attack Graphs. IEEE International Conference on Computer Communications (IEEE INFOCOM) (2024).
  17. Entropy-based evolutionary diversity optimisation for the traveling salesperson problem. In Proceedings of the Genetic and Evolutionary Computation Conference. 600–608.
  18. Automated design of network security metrics. In Proceedings of the Genetic and Evolutionary Computation Conference Companion. 1680–1687.
  19. Integrating decision space diversity into hypervolume-based multiobjective search. In Proceedings of the 12th annual conference on Genetic and evolutionary computation. 455–462.
  20. Path problems in temporal graphs. Proceedings of the VLDB Endowment 7, 9 (2014), 721–732.
  21. Computing shortest, fastest, and foremost journeys in dynamic networks. International Journal of Foundations of Computer Science 14, 02 (2003), 267–285.
  22. A Scalable Double Oracle Algorithm for Hardening Large Active Directory Systems. The 18th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS) (2023).
  23. The complexity of finding small separators in temporal graphs. J. Comput. System Sci. 107 (2020), 72–92.
Citations (2)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Authors (3)

  1. Huy Q. Ngo 
  2. Mingyu Guo 
  3. Hung Nguyen 

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up for Free