Deep generative models to extend active directory graphs with honeypot users

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F21%3A00351092" target="_blank" >RIV/68407700:21230/21:00351092 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.scitepress.org/Link.aspx?doi=10.5220/0010556601400147" target="_blank" >https://www.scitepress.org/Link.aspx?doi=10.5220/0010556601400147</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.5220/0010556601400147" target="_blank" >10.5220/0010556601400147</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Deep generative models to extend active directory graphs with honeypot users

Popis výsledku v původním jazyce

Active Directory (AD) is a crucial element of large organizations, given its central role in managing access to resources. Since AD is used by all users in the organization, it is hard to detect attackers. We propose to generate and place fake users (honeyusers) in AD structures to help detect attacks. However, not any honeyuser will attract attackers. Our method generates honeyusers with a Variational Autoencoder that enriches the AD structure with well-positioned honeyusers. It first learns the embeddings of the original nodes and edges in the AD, then it uses a modified Bidirectional DAG-RNN to encode the parameters of the probability distribution of the latent space of node representations. Finally, it samples nodes from this distribution and uses an MLP to decide where the nodes are connected. The model was evaluated by the similarity of the generated AD with the original, by the positions of the new nodes, by the similarity with GraphRNN and finally by making real intruders attack the generated AD structure to see if they select the honeyusers. Results show that our machine learning model is good enough to generate well-placed honeyusers for existing AD structures so that intruders are lured into them.

Název v anglickém jazyce

Deep generative models to extend active directory graphs with honeypot users

Popis výsledku anglicky

Active Directory (AD) is a crucial element of large organizations, given its central role in managing access to resources. Since AD is used by all users in the organization, it is hard to detect attackers. We propose to generate and place fake users (honeyusers) in AD structures to help detect attacks. However, not any honeyuser will attract attackers. Our method generates honeyusers with a Variational Autoencoder that enriches the AD structure with well-positioned honeyusers. It first learns the embeddings of the original nodes and edges in the AD, then it uses a modified Bidirectional DAG-RNN to encode the parameters of the probability distribution of the latent space of node representations. Finally, it samples nodes from this distribution and uses an MLP to decide where the nodes are connected. The model was evaluated by the similarity of the generated AD with the original, by the positions of the new nodes, by the similarity with GraphRNN and finally by making real intruders attack the generated AD structure to see if they select the honeyusers. Results show that our machine learning model is good enough to generate well-placed honeyusers for existing AD structures so that intruders are lured into them.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 2nd International Conference on Deep Learning Theory and Applications - DeLTA

ISBN

978-989-758-526-5

ISSN

2184-9277

e-ISSN

—

Počet stran výsledku

8

Strana od-do

140-147

Název nakladatele

SciTePress - Science and Technology Publications

Místo vydání

Porto

Místo konání akce

Online streaming

Datum konání akce

7. 7. 2021

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—