Evolving Bipartite Authentication Graph Partitions
Abstract: As large scale enterprise computer networks become more ubiquitous, finding the appropriate balance between user convenience and user access control is an increasingly challenging proposition. Suboptimal partitioning of users’ access and available services contributes to the vulnerability of enterprise networks. Previous edge-cut partitioning methods unduly restrict users’ access to network resources. This paper introduces a novel method of network partitioning superior to the current state-of-the-art which minimizes user impact by providing alternate avenues for access that reduce vulnerability. Networks are modeled as bipartite authentication access graphs and a multi-objective evolutionary algorithm is used to simultaneously minimize the size of large connected components while minimizing overall restrictions on network users. Results are presented on a real world data set that demonstrate the effectiveness of the introduced method compared to previous naive methods. Existing system: The most notorious example of exploiting stolen credentials, known as pass-thehash, abuses the weakness of unsalted password hashes in older networks using