Abstract
This paper presents an intrusion response system created using deep reinforcement learning, trained within an emulation environment. The emulation environment aims to represent a networked IT-OT system found within an aircraft. The goal of this paper’s experimentation is to explore training to defend against an attack chain in a way that more closely resembles a real network than that of current work. This has been achieved through the novel inclusion of open-source intrusion detection systems which feed default alert information to the response system. Experiments demonstrate the ability of the reinforcement learning agent to converge towards an effective response policy for defending the system against a multi-stage attack while minimizing disruption to do so.
Original language | English |
---|---|
Title of host publication | ARES '24: proceedings of the 19th International Conference on Availability, Reliability and Security |
Publisher | Association for Computing Machinery |
Number of pages | 7 |
ISBN (Electronic) | 9798400717185 |
DOIs | |
Publication status | Published - 30 Jul 2024 |
Event | 19th International Conference on Availability, Reliability and Security 2024 - Vienna, Austria Duration: 30 Jul 2024 → 02 Aug 2024 |
Conference
Conference | 19th International Conference on Availability, Reliability and Security 2024 |
---|---|
Abbreviated title | ARES 2024 |
Country/Territory | Austria |
City | Vienna |
Period | 30/07/2024 → 02/08/2024 |
Keywords
- Intrusion
- Response
- Systems
- Reinforcement
- Learning
- Network
- Security
- Cybersecurity
- Cyber
ASJC Scopus subject areas
- Artificial Intelligence
- Computer Networks and Communications