The article focuses on a Stackelberg game between an attacker and a defender in large Active Directory (AD) attack graphs. The defender uses honeypots to prevent the attacker from reaching high-value targets. The study addresses the challenges of the scale of the graphs and the dynamic changes in AD attack graphs. A mixed-integer programming (MIP) formulation is proposed to solve the game. The study also introduces dyMIP(m) algorithms to handle a large number of dynamic graph instances and proves a lower bound on the optimal blocking strategy for dynamic graphs.
Publication date: 29 Dec 2023
Project Page: Not provided
Paper: https://arxiv.org/pdf/2312.16820
