Smarter protection against hackers

University of Adelaide researchers are building enhanced defences for the world’s top target for cyber attacks.

Cyberattacks can disrupt the systems we rely on. They can strike governments, hospitals, schools, and essential services––shutting down tax systems, hijacking medical devices, locking student records, crippling power grids, and disrupting water supply. On a personal level, hackers can also access our emails, accounts, and identity. At the centre of this crucial infrastructure is Microsoft’s Active Directory, a cyber security management system powering more than 95% of our worldwide networks. To protect this prime target, University of Adelaide researchers have partnered with the Department of Defence to develop cutting-edge intelligent systems to safeguard our future.

Researchers at the Defence and Security Institute are improving methods for finding and blocking ‘attack pathways’, which are the various ways hackers can infiltrate a computer system. To improve speed, the researchers, led by Professor Hung Nguyen, are replacing current security systems––which are slow, manual, and rule-based. They’re introducing AI and mathematical modelling that fast-track the process of fixing security risks in Active Directory. 

Researcher Nhu Long Nguyen explains that he is creating a realistic model of Active Directory by grouping related users and permissions together to block cyber attacks with dramatic speed—cutting the cyber threat response time ‘from days to minutes’. Specifically, his model––the first in the world to model Active Directory attack graphs based on its actual structure using affinity graphs and alpha metagraphs––betters the removal rate from 710 attack sources in 36 hours to nearly 1,400 attack sources in just 21 minutes. 

University of Adelaide researchers are also making the search for attack paths more realistic by capturing their real-world complexity.

“Current security tools rely on enumerating the shortest attack paths, but this oversimplifies the issue,” says researcher Yumeng Zhang. 

“By compromising just one account with a phishing email, for example, attackers can potentially find paths leading to high value assets or compromise a whole system; our methods are more effective than current technologies because they address more dynamic paths with rigorously modelling.”

Quang Huy Ngo, another University of Adelaide researcher focused on safeguarding Active Directory, takes yet another approach to improving security networks. Ngo is preventing cyber attacks in two major ways: identifying and removing the most dangerous links between accounts to help protect higher risk targets, and installing fake accounts called ‘honeypots’ in strategic locations to tempt and trap the attacker, setting off security alerts before the hackers can reach their goals. Using a mathematical optimisation model, Ngo has developed a graphing program with the ability to adapt to dynamic changes in the network so that it can place honeypots in more effective locations. He’s also designing a tool that’s iterative and intelligent, learning from user feedback and continuously discovering unexpected solutions to help protect our accounts.

What’s next?

In a constantly changing digital landscape, our researchers suggest that increased academia-industry collaboration coupled with demonstrated capability is the key to staying agile. 

"I believe the future of cyber security will involve stronger collaboration between industry professionals and researchers," Ngo says.

"With the increase in AI agents online, identity and account theft is of the most pressing issues in cyber security today," says Professor Hung Nguyen, who is leading the Cyber-AI research group. ‘But after working in this space for over five years, we are in a unique position to address the problem.’

With the University’s latest rapid automated tools in development, our cyber protection will be more responsive than ever to intercept future threats. The team at the Defence and Security Institute will continue expanding AI tools and existing attack graphing systems even further, taking each discovery to new heights.