Abstract
Attacks on computer networks are increasingly common, often leading to severe economical and reputational damage to organisations. Subsequently, Intrusion Response Systems are recently an active area of research which seek to automatically respond to alerts generated by Intrusion Detection Systems. Current Intrusion Response Systems often seek to find optimal responses based on a general and balanced policy such as the cost and benefit to the network overall. However, organisations are encouraged to prepare Incident Response Policies, which outline prioritisations and performance measures for their response. These policies are highly individualised to the organisation, often influenced by the type of data present within the network. Building on this it is possible for several subsections of a network to have differing Incident Response Policies, for example in a CyberPhysical network, a Control Area Network may have a much stricter policy in order to preserve a physical process. In this work we utilise a Deep Reinforcement Learning approach to allow the customisation of Reward Functions which in turn facilitates the creation of Response Profiles to align with differing Incident Response Policies. Evaluation of the Profiles is performed in a Cyber-Physical System testbed consisting of Web and Business local area networks configured using Mininet and integrated with a Tennessee Eastman Process plant running in Matlab. Experimentation demonstrates the ability of a Reinforcement Learning Agent to converge on near-optimal response to multi-stage attack scenarios in accordance with their Response Profile.
Original language | English |
---|---|
Title of host publication | Proceedings of the IEEE International Conference on Cyber Security and Resilience, IEEE CSR 2022 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Number of pages | 8 |
ISBN (Electronic) | 9781665499521 |
ISBN (Print) | 9781665499538 |
DOIs | |
Publication status | Published - 16 Aug 2022 |
Event | 2022 IEEE International Conference on Cyber Security and Resilience - Rhodes, Greece Duration: 27 Jul 2022 → 29 Jul 2022 |
Conference
Conference | 2022 IEEE International Conference on Cyber Security and Resilience |
---|---|
Abbreviated title | IEEE CSR 2022 |
Country/Territory | Greece |
City | Rhodes |
Period | 27/07/2022 → 29/07/2022 |
Fingerprint
Dive into the research topics of 'Policy-based profiles for network intrusion response systems'. Together they form a unique fingerprint.Student theses
-
Automated intrusion response systems
Hughes, K. (Author), McLaughlin, K. (Supervisor) & Sezer, S. (Supervisor), Jul 2024Student thesis: Doctoral Thesis › Doctor of Philosophy
File