@inproceedings{580ab59b304a43a3b4398ca1855e21f8,
title = "A Scalable Double Oracle Algorithm for Hardening Large Active Directory Systems",
abstract = "Active Directory (AD) is a popular information security management system for Windows domain networks and is an ongoing common target for cyber attacks. Most real-world Active Directory systems consist of millions of entities and links, and there are currently no efficient and effective solutions for hardening Active Directory systems of such scale. In this paper, we propose a novel and scalable double oracle-based algorithm for hardening large AD systems. We formulate the problem as a Stackelberg game between the defender and the attacker on a weighted AD attack graph, where the defender acts as the leader with a budget, and the objective is to find an optimal defender{\textquoteright}s pure strategy. We show that our double oracle-based solution has significantly improved speed and scalability compared with previous solutions for hardening AD systems. Lastly, we compare with GoodHound weakest links and show that our solution provides better recommendations for targeting the elimination of optimal attack paths.",
author = "Yumeng Zhang and Max Ward and Mingyu Guo and Hung Nguyen",
year = "2023",
month = jul,
day = "10",
doi = "10.1145/3579856.3590343",
language = "English",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery (ACM)",
pages = "993--1003",
editor = "Joseph Liu and Yang Xiang and Surya Nepal and Gene Tsudik",
booktitle = "AsiaCCS '23",
address = "United States",
note = "ASIA CCS '23 : ACM ASIA Conference on Computer and Communications Security, ASIA CCS '23 ; Conference date: 10-07-2023 Through 14-07-2023",
}