{"id":"https://openalex.org/W4401508381","doi":"https://doi.org/10.1109/infocom52122.2024.10621210","title":"Catch Me if You Can: Effective Honeypot Placement in Dynamic AD Attack Graphs","display_name":"Catch Me if You Can: Effective Honeypot Placement in Dynamic AD Attack Graphs","publication_year":2024,"publication_date":"2024-05-20","ids":{"openalex":"https://openalex.org/W4401508381","doi":"https://doi.org/10.1109/infocom52122.2024.10621210"},"language":"en","primary_location":{"id":"doi:10.1109/infocom52122.2024.10621210","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infocom52122.2024.10621210","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE INFOCOM 2024 - IEEE Conference on Computer Communications","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5041852125","display_name":"Huy Q. Ngo","orcid":"https://orcid.org/0000-0002-3862-3778"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Huy Q. Ngo","raw_affiliation_strings":["University of Adelaide,School of CMS,Adelaide,Australia"],"affiliations":[{"raw_affiliation_string":"University of Adelaide,School of CMS,Adelaide,Australia","institution_ids":["https://openalex.org/I5681781"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019911052","display_name":"Mingyu Guo","orcid":"https://orcid.org/0000-0002-3478-9201"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Mingyu Guo","raw_affiliation_strings":["University of Adelaide,School of CMS,Adelaide,Australia"],"affiliations":[{"raw_affiliation_string":"University of Adelaide,School of CMS,Adelaide,Australia","institution_ids":["https://openalex.org/I5681781"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100716476","display_name":"Hung T. Nguyen","orcid":"https://orcid.org/0000-0003-3373-8178"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Hung Nguyen","raw_affiliation_strings":["University of Adelaide,School of CMS,Adelaide,Australia"],"affiliations":[{"raw_affiliation_string":"University of Adelaide,School of CMS,Adelaide,Australia","institution_ids":["https://openalex.org/I5681781"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5041852125"],"corresponding_institution_ids":["https://openalex.org/I5681781"],"apc_list":null,"apc_paid":null,"fwci":3.0003,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.92172609,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"451","last_page":"460"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9889000058174133,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9889000058174133,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9871000051498413,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9341999888420105,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.9106081128120422},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5893132090568542},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.45406055450439453},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3702760934829712}],"concepts":[{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.9106081128120422},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5893132090568542},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.45406055450439453},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3702760934829712}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/infocom52122.2024.10621210","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infocom52122.2024.10621210","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE INFOCOM 2024 - IEEE Conference on Computer Communications","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W1973965874","https://openalex.org/W2103012681","https://openalex.org/W2158934842","https://openalex.org/W2230402893","https://openalex.org/W2539402368","https://openalex.org/W2965836847","https://openalex.org/W3114867537","https://openalex.org/W4223411023","https://openalex.org/W4225631948","https://openalex.org/W4285080486","https://openalex.org/W4382239480","https://openalex.org/W4383221437","https://openalex.org/W4384024269","https://openalex.org/W6692650605","https://openalex.org/W6797838683"],"related_works":["https://openalex.org/W178168142","https://openalex.org/W4232715385","https://openalex.org/W2254955413","https://openalex.org/W2182300180","https://openalex.org/W4316658914","https://openalex.org/W2956011222","https://openalex.org/W2352475565","https://openalex.org/W2742579858","https://openalex.org/W4313484479","https://openalex.org/W4385187164"],"abstract_inverted_index":{"We":[0,62,93,160],"study":[1],"a":[2,9,22,68,76,88,128,135,144,156,162,185],"Stackelberg":[3],"game":[4],"between":[5],"an":[6],"attacker":[7,29,70,78],"and":[8,42,55,57,75,173],"defender":[10,20],"on":[11,40,165],"large":[12,136],"Active":[13],"Directory":[14],"(AD)":[15],"attack":[16,44],"graphs":[17,47,102,172,189],"where":[18],"the":[19,28,84,96,110,116,150,166],"employs":[21],"set":[23],"of":[24,51,53,66,138,187],"honeypots":[25,74],"to":[26,35,126,133,147,181],"stop":[27],"from":[30],"reaching":[31],"high-value":[32],"targets.":[33],"Contrary":[34],"existing":[36],"works":[37],"that":[38,95,175],"focus":[39],"small":[41],"static":[43,101],"graphs,":[45],"AD":[46,188],"typically":[48],"contain":[49],"hundreds":[50],"thousands":[52],"nodes":[54],"edges":[56],"constantly":[58],"change":[59],"over":[60],"time.":[61],"consider":[63],"two":[64],"types":[65],"attackers:":[67],"simple":[69],"who":[71,79],"cannot":[72],"observe":[73],"competent":[77],"can.":[80],"To":[81,108],"jointly":[82],"solve":[83,109],"game,":[85],"we":[86,114,142],"propose":[87],"mixed-integer":[89,117],"programming":[90,118],"(MIP)":[91],"formulation.":[92],"observed":[94],"optimal":[97,167,182],"blocking":[98,130,168],"plan":[99],"for":[100,155,170,184],"performs":[103],"poorly":[104],"in":[105],"dynamic":[106,111,139,171],"graphs.":[107],"graph":[112,140,153],"problem,":[113],"re-design":[115],"formulation":[119],"by":[120],"combining":[121],"m":[122,158],"MIP":[123],"(dyMIP(m))":[124],"instances":[125,154],"produce":[127,179],"near-optimal":[129],"plan.":[131],"Furthermore,":[132],"handle":[134],"number":[137],"instances,":[141],"use":[143],"clustering":[145],"algorithm":[146],"efficiently":[148],"find":[149],"m-most":[151],"representative":[152],"constant":[157],"(dyMIP(m)).":[159],"prove":[161],"lower":[163],"bound":[164],"strategy":[169],"show":[174],"our":[176],"dyMIP(m)":[177],"algorithms":[178],"close":[180],"results":[183],"range":[186],"under":[190],"realistic":[191],"conditions.":[192]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":2}],"updated_date":"2025-12-26T23:08:49.675405","created_date":"2025-10-10T00:00:00"}