Ing. Ondřej Lukáš

Všechny publikace

Autoři: Arti Bandhana, Ing. Ondřej Lukáš, Ing. Sebastián García, Ph.D., doc. Ing. Tomáš Kroupa, Ph.D.,
Publikace: Proceedings of the 15th International Conference on Agents and Artificial Intelligence - Volume 3. Lisboa: SCITEPRESS – Science and Technology Publications, Lda, 2023. p. 442-449. ISSN 2184-433X. ISBN 978-989-758-623-1.
Rok: 2023

DOI: 10.5220/0011684500003393
Odkaz: https://doi.org/10.5220/0011684500003393
Pracoviště: Katedra počítačů, Centrum umělé inteligence
Anotace:
The ongoing rise in cyberattacks and the lack of skilled professionals in the cybersecurity domain to combat these attacks show the need for automated tools capable of detecting an attack with good performance. Attackers disguise their actions and launch attacks that consist of multiple actions, which are difficult to detect. Therefore, improving defensive tools requires their calibration against a well-trained attacker. In this work, we propose a model of an attacking agent and environment and evaluate its performance using basic Q-Learning, Naive Q-learning, and DoubleQ-Learning, all of which are variants of Q-Learning. The attacking agent is trained with the goal of exfiltrating data whereby all the hosts in the network have a non-zero detection probability. Results show that the DoubleQ-Learning agent has the best overall performance rate by successfully achieving the goal in 70% of the interactions.

Autoři: Ing. Ondřej Lukáš, Ing. Sebastián García, Ph.D.,
Publikace: Proceedings of the 2nd International Conference on Deep Learning Theory and Applications - DeLTA. Porto: SciTePress - Science and Technology Publications, 2021. p. 140-147. vol. 1. ISSN 2184-9277. ISBN 978-989-758-526-5.
Rok: 2021

DOI: 10.5220/0010556601400147
Odkaz: https://doi.org/10.5220/0010556601400147
Pracoviště: Katedra počítačů, Centrum umělé inteligence
Anotace:
Active Directory (AD) is a crucial element of large organizations, given its central role in managing access to resources. Since AD is used by all users in the organization, it is hard to detect attackers. We propose to generate and place fake users (honeyusers) in AD structures to help detect attacks. However, not any honeyuser will attract attackers. Our method generates honeyusers with a Variational Autoencoder that enriches the AD structure with well-positioned honeyusers. It first learns the embeddings of the original nodes and edges in the AD, then it uses a modified Bidirectional DAG-RNN to encode the parameters of the probability distribution of the latent space of node representations. Finally, it samples nodes from this distribution and uses an MLP to decide where the nodes are connected. The model was evaluated by the similarity of the generated AD with the original, by the positions of the new nodes, by the similarity with GraphRNN and finally by making real intruders attack the generated AD structure to see if they select the honeyusers. Results show that our machine learning model is good enough to generate well-placed honeyusers for existing AD structures so that intruders are lured into them.