{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:22:38Z","timestamp":1742912558606,"version":"3.40.3"},"publisher-location":"Cham","reference-count":53,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031373190"},{"type":"electronic","value":"9783031373206"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-37320-6_6","type":"book-chapter","created":{"date-parts":[[2023,7,6]],"date-time":"2023-07-06T09:02:55Z","timestamp":1688634175000},"page":"111-133","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Disrupting Active Directory Attacks with\u00a0Deep Learning for\u00a0Organic Honeyuser Placement"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7922-8301","authenticated-orcid":false,"given":"Ondrej","family":"Lukas","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6238-9910","authenticated-orcid":false,"given":"Sebastian","family":"Garcia","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,7,7]]},"reference":[{"key":"6_CR1","unstructured":"Amizadeh, S., Matusevych, S., Weimer, M.: Learning to solve circuit-SAT: An unsupervised differentiable approach. In: International Conference on Learning Representations (2019). https:\/\/openreview.net\/forum?id=BJxgz2R9t7"},{"key":"6_CR2","unstructured":"de Barros, A.P.: Res: Protocol anomaly detection ids - honeypots (2003). https:\/\/seclists.org\/focus-ids\/2003\/Feb\/95"},{"key":"6_CR3","unstructured":"Battaglia, P.W., et al.: Relational inductive biases, deep learning, and graph networks (2018)"},{"key":"6_CR4","unstructured":"Berg, L.: BlueHive (2019). https:\/\/github.com\/leeberg\/BlueHive"},{"key":"6_CR5","unstructured":"Bettke, J., Stewart, J.: DCEPT: An Open-Source Honeytoken Tripwire (2016). https:\/\/www.secureworks.com\/blog\/dcept"},{"key":"6_CR6","unstructured":"Case, D.U.: Analysis of the cyber attack on the ukrainian power grid. Electricity Information Sharing and Analysis Center (E-ISAC) p. 388 (2016)"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Cho, K., et al.: Learning phrase representations using rnn encoder-decoder for statistical machine translation (2014)","DOI":"10.3115\/v1\/D14-1179"},{"key":"6_CR8","unstructured":"Cimpanu, C.: Fortune 500 company ntt discloses security breach (2020). https:\/\/www.zdnet.com\/article\/fortune-500-company-ntt-discloses-security-breach"},{"key":"6_CR9","unstructured":"Cimpanu, C.: Hackers breached a1 telekom, austria\u2019s largest isp (2020). https:\/\/www.zdnet.com\/article\/hackers-breached-a1-telekom-austrias-largest-isp"},{"key":"6_CR10","unstructured":"CorbanWorks: Fake name generator (2006). https:\/\/www.fakenamegenerator.com"},{"key":"6_CR11","unstructured":"Crabtree, J.: Active directory attacks hit the mainstream (2020). https:\/\/www.darkreading.com\/endpoint\/authentication\/active-directory-attacks-hit-the-mainstream\/a\/d-id\/1337405"},{"key":"6_CR12","unstructured":"Desmond, B., Richards, J., Allen, R., Lowe-Norris, A.G.: Active Directory: Designing, Deploying, and Running Active Directory. \u201c O\u2019Reilly Media, Inc.\u201d (2008)"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Dowling, S., Schukat, M., Barrett, E.: Using reinforcement learning to conceal honeypot functionality. In: ECML\/PKDD (2018)","DOI":"10.1007\/978-3-030-10997-4_21"},{"key":"6_CR14","unstructured":"Faraglia, D.: Faker (2012). https:\/\/pypi.org\/project\/Faker\/"},{"key":"6_CR15","unstructured":"Glorot, X., Bengio, Y.: Understanding the difficulty of training deep feedforward neural networks. In: Proceedings of the International Conference on Artificial Intelligence and Statistics (AISTATS\u201910). Society for Artificial Intelligence and Statistics (2010)"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Grattarola, D., Alippi, C.: Graph neural networks in tensorflow and keras with spektral (2020)","DOI":"10.1109\/MCI.2020.3039072"},{"key":"6_CR17","unstructured":"Grimes, R.A.: Honeypots for Windows. Apress (2006)"},{"key":"6_CR18","doi-asserted-by":"publisher","unstructured":"Guan, S., Loew, M.: Evaluation of generative adversarial network performance based on direct analysis of generated images. In: 2019 IEEE Applied Imagery Pattern Recognition Workshop (AIPR), pp. 1\u20135 (2019). https:\/\/doi.org\/10.1109\/AIPR47015.2019.9174595","DOI":"10.1109\/AIPR47015.2019.9174595"},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Hagberg, A.A., Schult, D.A., Swart, P.J.: Exploring network structure, dynamics, and function using. In: Varoquaux, G., Vaught, T., Millman, J. (eds.) Proceedings of the 7th Python in Science Conference, pp. 11\u201315. Pasadena, CA USA (2008)","DOI":"10.25080\/TCWV9851"},{"key":"6_CR20","doi-asserted-by":"publisher","unstructured":"Han, X., Kheir, N., Balzarotti, D.: Deception techniques in computer security: A research perspective. ACM Comput. Surv. 51(4) (Jul 2018). https:\/\/doi.org\/10.1145\/3214305","DOI":"10.1145\/3214305"},{"key":"6_CR21","unstructured":"Higgins, I., et al.: beta-vae: Learning basic visual concepts with a constrained variational framework. In: ICLR (2017)"},{"key":"6_CR22","doi-asserted-by":"crossref","unstructured":"Horn, R.A.: The hadamard product. In: Proc. Symp. Appl. Math. vol. 40, pp. 87\u2013169 (1990)","DOI":"10.1090\/psapm\/040\/1059485"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Hossain, T., List, J.A.: The behavioralist visits the factory: Increasing productivity using simple framing manipulations. Manage. Sci. 58(12), 2151\u20132167 (2012). http:\/\/www.jstor.org\/stable\/23359584","DOI":"10.1287\/mnsc.1120.1544"},{"key":"6_CR24","doi-asserted-by":"publisher","unstructured":"Joyce, J.M.: Kullback-Leibler Divergence, pp. 720\u2013722. Springer, Berlin Heidelberg, Berlin, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-04898-2_327","DOI":"10.1007\/978-3-642-04898-2_327"},{"key":"6_CR25","unstructured":"Kaluza, M., De Paolis, C., Amizadeh, S., Yu, R.: A neural framework for learning dag to dag translation. In: NeurIPS\u20192018 Workshop (2018)"},{"key":"6_CR26","unstructured":"Karlin, A.R., Bradley, M., Baldwin, M., Sagir, S.: What threats does ata look for? (2018). https:\/\/docs.microsoft.com\/en-us\/advanced-threat-analytics\/ata-threats"},{"key":"6_CR27","unstructured":"Kingma, D.P., Ba, J.: Adam: A method for stochastic optimization (2014)"},{"key":"6_CR28","unstructured":"Kingma, D.P., Welling, M.: Auto-encoding variational bayes (2014)"},{"key":"6_CR29","unstructured":"Koch, R.: What is considered personal data under the EU GDPR? (2020). https:\/\/gdpr.eu\/eu-gdpr-personal-data\/"},{"key":"6_CR30","unstructured":"Leita, C., Mermoud, K., Dacier, M.: Scriptgen: an automated script generation tool for honeyd. In: 21st Annual Computer Security Applications Conference (ACSAC\u201905), pp. 12 pp.-214 (2005)"},{"key":"6_CR31","unstructured":"Liao, R., et al.: Efficient graph generation with graph recurrent attention networks. In: NeurIPS (2019)"},{"key":"6_CR32","doi-asserted-by":"crossref","unstructured":"Lin, T.Y., Goyal, P., Girshick, R., He, K., Doll\u00e1r, P.: Focal loss for dense object detection (2017)","DOI":"10.1109\/ICCV.2017.324"},{"key":"6_CR33","doi-asserted-by":"crossref","unstructured":"Lukas, O., Garcia, S.: Deep generative models to extend active directory graphs with honeypot users. In: Proceedings of the 2nd International Conference on Deep Learning Theory and Applications, DeLTA 2021, pp. 140\u2013147 (2021)","DOI":"10.5220\/0010556600002996"},{"key":"6_CR34","volume-title":"Introduction to Algorithms: A Creative Approach","author":"U Manber","year":"1989","unstructured":"Manber, U.: Introduction to Algorithms: A Creative Approach. Addison-Wesley Longman Publishing Co., Inc, USA (1989)"},{"key":"6_CR35","doi-asserted-by":"crossref","unstructured":"Matsuda, W., Fujimoto, M., Mitsunaga, T.: Detecting apt attacks against active directory using machine leaning. In: 2018 IEEE Conference on Application, Information and Network Security (AINS), pp. 60\u201365. IEEE (2018)","DOI":"10.1109\/AINS.2018.8631486"},{"key":"6_CR36","doi-asserted-by":"publisher","unstructured":"McInnes, L., Healy, J., Melville, J.: Umap: Uniform manifold approximation and projection for dimension reduction (2018). https:\/\/doi.org\/10.48550\/ARXIV.1802.03426, https:\/\/arxiv.org\/abs\/1802.03426","DOI":"10.48550\/ARXIV.1802.03426"},{"key":"6_CR37","unstructured":"Metcalf, S.: Red vs. blue: Modern active directory attacks, detection & protection (2015). https:\/\/www.blackhat.com\/docs\/us-15\/materials\/us-15-Metcalf-Red-Vs-Blue-Modern-Active-Directory-Attacks-Detection-And-Protection-wp.pdf"},{"key":"6_CR38","unstructured":"Microsoft: Advanced Threat Analytics documentation (2015). https:\/\/docs.microsoft.com\/en-us\/advanced-threat-analytics\/"},{"key":"6_CR39","unstructured":"Nurfauzi, R.: Active directory kill chain attack & defense (2020). https:\/\/github.com\/infosecn1nja\/AD-Attack-Defense"},{"key":"6_CR40","unstructured":"Provos, N.: Honeyd-a virtual honeypot daemon (2003). http:\/\/www.honeyd.org\/"},{"key":"6_CR41","unstructured":"Provos, N., et al.: A virtual honeypot framework. In: USENIX Security Symposium. vol. 173, pp. 1\u201314 (2004)"},{"key":"6_CR42","doi-asserted-by":"crossref","unstructured":"Simonovsky, M., Komodakis, N.: Graphvae: Towards generation of small graphs using variational autoencoders (2018)","DOI":"10.1007\/978-3-030-01418-6_41"},{"key":"6_CR43","doi-asserted-by":"crossref","unstructured":"Siniosoglou, I., et al.: Neuralpot: an industrial honeypot implementation based on convolutional neural networks (4 2020). http:\/\/gala.gre.ac.uk\/id\/eprint\/27976\/","DOI":"10.1109\/ISCC50000.2020.9219712"},{"key":"6_CR44","doi-asserted-by":"publisher","unstructured":"Thomas, C., Balakrishnan, N.: Improvement in minority attack detection with skewness in network traffic. In: Tolone, W.J., Ribarsky, W. (eds.) Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008. vol. 6973, pp. 226\u2013237. International Society for Optics and Photonics, SPIE (2008). https:\/\/doi.org\/10.1117\/12.785623","DOI":"10.1117\/12.785623"},{"issue":"5","key":"6_CR45","doi-asserted-by":"publisher","first-page":"585","DOI":"10.4218\/etrij.2019-0152","volume":"41","author":"W Tian","year":"2019","unstructured":"Tian, W., et al.: Honeypot game-theoretical model for defending against apt attacks with limited resources in cyber-physical systems. ETRI J. 41(5), 585\u2013598 (2019)","journal-title":"ETRI J."},{"key":"6_CR46","doi-asserted-by":"publisher","unstructured":"Tonin, M., Vlassopoulos, M.: Corporate philanthropy and productivity: Evidence from an online real effort experiment. Manage. Sci. 61(8), 1795\u20131811 (2015). https:\/\/doi.org\/10.1287\/mnsc.2014.1985","DOI":"10.1287\/mnsc.2014.1985"},{"key":"6_CR47","doi-asserted-by":"crossref","unstructured":"Valicek, M., Schramm, G., Pirker, M., Schrittwieser, S.: Creation and integration of remote high interaction honeypots. In: 2017 International Conference on Software Security and Assurance (ICSSA), pp. 50\u201355. IEEE (2017)","DOI":"10.1109\/ICSSA.2017.21"},{"key":"6_CR48","unstructured":"Vazarkar, R.: Sharphound (2016). https:\/\/github.com\/BloodHoundAD\/SharpHound3"},{"key":"6_CR49","unstructured":"Wang, M., et al.: Deep graph library: Towards efficient and scalable deep learning on graphs (2019)"},{"key":"6_CR50","unstructured":"Whittacker, Z.: Hackers went undetected in citrix\u2019s internal network for six months (2019). https:\/\/techcrunch.com\/2019\/04\/30\/citrix-internal-network-breach"},{"key":"6_CR51","doi-asserted-by":"publisher","unstructured":"Wu, Z., Pan, S., Chen, F., Long, G., Zhang, C., Yu, P.S.: A comprehensive survey on graph neural networks. IEEE Transactions on Neural Networks and Learning Systems p. 1\u201321 (2020). https:\/\/doi.org\/10.1109\/TNNLS.2020.2978386","DOI":"10.1109\/TNNLS.2020.2978386"},{"key":"6_CR52","unstructured":"You, J., Ying, R., Ren, X., Hamilton, W.L., Leskovec, J.: Graphrnn: Generating realistic graphs with deep auto-regressive models (2018)"},{"key":"6_CR53","unstructured":"Zetter, K.: Sony got hacked hard: What we know and don\u2019t know so far (2014). https:\/\/www.wired.com\/2014\/12\/sony-hack-what-we-know"}],"container-title":["Communications in Computer and Information Science","Deep Learning Theory and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-37320-6_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,23]],"date-time":"2024-10-23T19:02:57Z","timestamp":1729710177000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-37320-6_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031373190","9783031373206"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-37320-6_6","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"7 July 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DeLTA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Deep Learning Theory and Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 July 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"delta2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/delta.scitevents.org\/?y=2021","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"PRIMORIS","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"30","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}