Optimizing Cyber Response Time on Temporal Active Directory Networks Using Decoys

arXiv:2403.18162v1 Announce Type: new
Abstract: Microsoft Active Directory (AD) is the default security management system for Window domain network. We study the problem of placing decoys in AD network to detect potential attacks. We model the problem as a Stackelberg game between an attacker and a defender on AD attack graphs where the defender employs a set of decoys to detect the attacker on their way to Domain Admin (DA). Contrary to previous works, we consider time-varying (temporal) attack graphs. …

active directory ad network arxiv attacker attacks cs.cr cs.gt cs.ne cyber cyber response decoys default defender detect directory domain game management management system microsoft network networks problem response response time security study system temporal window