Network intrusion response using deep reinforcement learning in an aircraft IT-OT scenario

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Downloads (Pure)

Abstract

This paper presents an intrusion response system created using deep reinforcement learning, trained within an emulation environment. The emulation environment aims to represent a networked IT-OT system found within an aircraft. The goal of this paper’s experimentation is to explore training to defend against an attack chain in a way that more closely resembles a real network than that of current work. This has been achieved through the novel inclusion of open-source intrusion detection systems which feed default alert information to the response system. Experiments demonstrate the ability of the reinforcement learning agent to converge towards an effective response policy for defending the system against a multi-stage attack while minimizing disruption to do so.

Original languageEnglish
Title of host publicationARES '24: proceedings of the 19th International Conference on Availability, Reliability and Security
PublisherAssociation for Computing Machinery
Number of pages7
ISBN (Electronic)9798400717185
DOIs
Publication statusPublished - 30 Jul 2024
Event19th International Conference on Availability, Reliability and Security 2024 - Vienna, Austria
Duration: 30 Jul 202402 Aug 2024

Conference

Conference19th International Conference on Availability, Reliability and Security 2024
Abbreviated titleARES 2024
Country/TerritoryAustria
CityVienna
Period30/07/202402/08/2024

Keywords

  • Intrusion
  • Response
  • Systems
  • Reinforcement
  • Learning
  • Network
  • Security
  • Cybersecurity
  • Cyber

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Network intrusion response using deep reinforcement learning in an aircraft IT-OT scenario'. Together they form a unique fingerprint.

Cite this