Near Optimal Strategies for Honeypots Placement in Dynamic and Large Active Directory Networks

Date

2023

Authors

Ngo, H.Q.
Guo, M.
Nguyen, H.

Editors

Agmon, N.
An, B.
Ricci, A.
Yeoh, W.

Advisors

Journal Title

Journal ISSN

Volume Title

Type:

Conference paper

Citation

Proceedings of the International Joint Conference on Autonomous Agents and Multiagent Systems, AAMAS, 2023 / Agmon, N., An, B., Ricci, A., Yeoh, W. (ed./s), vol.2023-May, pp.2517-2519

Statement of Responsibility

Huy Q. Ngo, Mingyu Guo, Hung Nguyen

Conference Name

22nd International Conference on Autonomous Agents and Multiagent Systems (AAMAS) (29 May 2023 - 2 Jun 2023 : London, United Kingdom)

DOI

10.5555/3545946.3598987

Abstract

Active Directory (AD) is the default security management system for Windows domain networks and is the target of many recent cyber attacks. We study a Stackelberg game between an attacker and a defender on large Active Directory (AD) attack graphs, where the defender employs a set of honeypots to stop the attacker from reaching high value targets. Contrary to existing works that focus on small and static attack graphs, AD graphs typically contain hundreds of thousands of nodes/edges and constantly change over time. We show that the optimal honeypot placement problem is NP-hard even for static graphs and develop a tree decomposition method to derive an optimal deployment strategy and a mixedinteger programming (MIP) formulation to scale to large graphs.We observed that the optimal blocking plan for static graphs performs poorly for dynamic graphs. To handle dynamic graphs,we re-design the mixed-integer programming formulation by combining m MIP (dyMIP(m)) instances.We prove a performance lower-bound on the optimal blocking strategy for dynamic graphs and show that our dyMIP(m) algorithm produces near optimal results.

School/Discipline

Dissertation Note

Provenance

Description

Poster Session II - Extended Abstract.

Access Status

Rights

© 2023 International Foundation for Autonomous Agents and Multiagent Systems (www.ifaamas.org). All rights reserved.

License

Grant ID

ARC

Published Version

https://dl.acm.org/doi/10.5555/3545946.3598987

Call number

Persistent link to this record

https://hdl.handle.net/2440/148175