{"id":"https://openalex.org/W4383221437","doi":"https://doi.org/10.1145/3579856.3590343","title":"A Scalable Double Oracle Algorithm for Hardening Large Active Directory Systems","display_name":"A Scalable Double Oracle Algorithm for Hardening Large Active Directory Systems","publication_year":2023,"publication_date":"2023-07-05","ids":{"openalex":"https://openalex.org/W4383221437","doi":"https://doi.org/10.1145/3579856.3590343"},"language":"en","primary_location":{"id":"doi:10.1145/3579856.3590343","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3579856.3590343","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5107247288","display_name":"Yumeng Zhang","orcid":"https://orcid.org/0000-0002-8602-0277"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Yumeng Zhang","raw_affiliation_strings":["The University of Adelaide, Australia"],"raw_orcid":"https://orcid.org/0000-0002-8602-0277","affiliations":[{"raw_affiliation_string":"The University of Adelaide, Australia","institution_ids":["https://openalex.org/I5681781"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014798059","display_name":"Max Ward","orcid":"https://orcid.org/0000-0001-9114-7339"},"institutions":[{"id":"https://openalex.org/I177877127","display_name":"The University of Western Australia","ror":"https://ror.org/047272k79","country_code":"AU","type":"education","lineage":["https://openalex.org/I177877127"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Max Ward","raw_affiliation_strings":["University of Western Australia, Australia"],"raw_orcid":"https://orcid.org/0000-0001-9114-7339","affiliations":[{"raw_affiliation_string":"University of Western Australia, Australia","institution_ids":["https://openalex.org/I177877127"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019911052","display_name":"Mingyu Guo","orcid":"https://orcid.org/0000-0002-3478-9201"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Mingyu Guo","raw_affiliation_strings":["The University of Adelaide, Australia"],"raw_orcid":"https://orcid.org/0000-0002-3478-9201","affiliations":[{"raw_affiliation_string":"The University of Adelaide, Australia","institution_ids":["https://openalex.org/I5681781"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5056718700","display_name":"Hung Nguyen","orcid":"https://orcid.org/0000-0003-1028-920X"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Hung Nguyen","raw_affiliation_strings":["The University of Adelaide, Australia"],"raw_orcid":"https://orcid.org/0000-0003-1028-920X","affiliations":[{"raw_affiliation_string":"The University of Adelaide, Australia","institution_ids":["https://openalex.org/I5681781"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5107247288"],"corresponding_institution_ids":["https://openalex.org/I5681781"],"apc_list":null,"apc_paid":null,"fwci":4.4842,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.9497136,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"993","last_page":"1003"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.995199978351593,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8123300075531006},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.798425555229187},{"id":"https://openalex.org/keywords/oracle","display_name":"Oracle","score":0.707526445388794},{"id":"https://openalex.org/keywords/directory","display_name":"Directory","score":0.6823408007621765},{"id":"https://openalex.org/keywords/router","display_name":"Router","score":0.5793390274047852},{"id":"https://openalex.org/keywords/lightweight-directory-access-protocol","display_name":"Lightweight Directory Access Protocol","score":0.48509299755096436},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.44708967208862305},{"id":"https://openalex.org/keywords/stackelberg-competition","display_name":"Stackelberg competition","score":0.4153149425983429},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.3931279182434082},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.37420138716697693},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.34277820587158203},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.22908928990364075},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.09656667709350586},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.08943149447441101}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8123300075531006},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.798425555229187},{"id":"https://openalex.org/C55166926","wikidata":"https://www.wikidata.org/wiki/Q2892946","display_name":"Oracle","level":2,"score":0.707526445388794},{"id":"https://openalex.org/C2777683733","wikidata":"https://www.wikidata.org/wiki/Q201456","display_name":"Directory","level":2,"score":0.6823408007621765},{"id":"https://openalex.org/C2775896111","wikidata":"https://www.wikidata.org/wiki/Q642560","display_name":"Router","level":2,"score":0.5793390274047852},{"id":"https://openalex.org/C181177684","wikidata":"https://www.wikidata.org/wiki/Q188816","display_name":"Lightweight Directory Access Protocol","level":3,"score":0.48509299755096436},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.44708967208862305},{"id":"https://openalex.org/C199510392","wikidata":"https://www.wikidata.org/wiki/Q1184602","display_name":"Stackelberg competition","level":2,"score":0.4153149425983429},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3931279182434082},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37420138716697693},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.34277820587158203},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.22908928990364075},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.09656667709350586},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.08943149447441101},{"id":"https://openalex.org/C144237770","wikidata":"https://www.wikidata.org/wiki/Q747534","display_name":"Mathematical economics","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3579856.3590343","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3579856.3590343","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.atira.dk:publications/580ab59b-304a-43a3-b439-8ca1855e21f8","is_oa":false,"landing_page_url":"https://research-repository.uwa.edu.au/en/publications/580ab59b-304a-43a3-b439-8ca1855e21f8","pdf_url":null,"source":{"id":"https://openalex.org/S4306402523","display_name":"UWA Profiles and Research Repository (University of Western Australia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I177877127","host_organization_name":"The University of Western Australia","host_organization_lineage":["https://openalex.org/I177877127"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Zhang , Y , Ward , M , Guo , M &amp; Nguyen , H 2023 , A Scalable Double Oracle Algorithm for Hardening Large Active Directory Systems . in J Liu , Y Xiang , S Nepal &amp; G Tsudik (eds) , AsiaCCS '23 : Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security . Proceedings of the ACM Conference on Computer and Communications Security , Association for Computing Machinery (ACM) , New York , pp. 993-1003 . https://doi.org/10.1145/3579856.3590343","raw_type":"contributionToPeriodical"},{"id":"pmh:oai:digital.library.adelaide.edu.au:2440/139582","is_oa":false,"landing_page_url":"https://hdl.handle.net/2440/139582","pdf_url":null,"source":{"id":"https://openalex.org/S4306401835","display_name":"Adelaide Research & Scholarship (AR&S) (University of Adelaide)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I5681781","host_organization_name":"The University of Adelaide","host_organization_lineage":["https://openalex.org/I5681781"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://dl.acm.org/doi/proceedings/10.1145/3579856","raw_type":"Conference paper"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2864506714","display_name":null,"funder_award_id":"NI210100139","funder_id":"https://openalex.org/F4320334704","funder_display_name":"Australian Research Council"}],"funders":[{"id":"https://openalex.org/F4320334704","display_name":"Australian Research Council","ror":"https://ror.org/05mmh0f86"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W62682045","https://openalex.org/W2089396968","https://openalex.org/W2091673436","https://openalex.org/W2121805588","https://openalex.org/W2131875370","https://openalex.org/W2158934842","https://openalex.org/W2560674852","https://openalex.org/W2765659133","https://openalex.org/W2950965276","https://openalex.org/W2965836847","https://openalex.org/W2971147422","https://openalex.org/W2997353660","https://openalex.org/W3016437435","https://openalex.org/W4220794850","https://openalex.org/W4223411023","https://openalex.org/W4225631948"],"related_works":["https://openalex.org/W2136877416","https://openalex.org/W73423766","https://openalex.org/W2767128237","https://openalex.org/W2143307242","https://openalex.org/W4230960446","https://openalex.org/W2143295198","https://openalex.org/W561640503","https://openalex.org/W181118223","https://openalex.org/W160824658","https://openalex.org/W2005960013"],"abstract_inverted_index":{"Active":[0,25,46],"Directory":[1,26,47],"(AD)":[2],"is":[3,15,102],"a":[4,57,74,84,97],"popular":[5],"information":[6],"security":[7],"management":[8],"system":[9],"for":[10,20,44,64,127,146],"Windows":[11],"domain":[12],"networks":[13],"and":[14,33,35,41,59,80,99,121,138],"an":[16,105],"ongoing":[17],"common":[18],"target":[19],"cyber":[21],"attacks.":[22],"Most":[23],"real-world":[24],"systems":[27,48],"consist":[28],"of":[29,31,49,150],"millions":[30],"entities":[32],"links,":[34],"there":[36],"are":[37],"currently":[38],"no":[39],"efficient":[40],"effective":[42],"solutions":[43,126],"hardening":[45,65,128],"such":[50],"scale.":[51],"In":[52],"this":[53],"paper,":[54],"we":[55,132],"propose":[56],"novel":[58],"scalable":[60],"double":[61,114],"oracle-based":[62,115],"algorithm":[63],"large":[66],"AD":[67,86,129],"systems.":[68,130],"We":[69,110],"formulate":[70],"the":[71,78,81,90,94,100,148],"problem":[72],"as":[73,93],"Stackelberg":[75],"game":[76],"between":[77],"defender":[79,91],"attacker":[82],"on":[83],"weighted":[85],"attack":[87,152],"graph,":[88],"where":[89],"acts":[92],"leader":[95],"with":[96,124,134],"budget,":[98],"objective":[101],"to":[103],"find":[104],"optimal":[106,151],"defender\u2019s":[107],"pure":[108],"strategy.":[109],"show":[111,139],"that":[112,140],"our":[113,141],"solution":[116,142],"has":[117],"significantly":[118],"improved":[119],"speed":[120],"scalability":[122],"compared":[123],"previous":[125],"Lastly,":[131],"compare":[133],"GoodHound":[135],"weakest":[136],"links":[137],"provides":[143],"better":[144],"recommendations":[145],"targeting":[147],"elimination":[149],"paths.":[153]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}