This thesis presents new research into Automated Intrusion Response Systems. These systems seek to evaluate information available to them at the time of attack detection, and subsequently determine and deploy the optimal response. Previous research proposes systems which are generally too static in both their understanding of a defended network, and in their response capability. This leads to difficulty when handling today’s dynamic networks and the ever-evolving threat landscape. The work in this thesis investigates the application of emerging technologies and proposes new frameworks to develop more dynamic automated Intrusion Response Systems, which are less reliant on pre-defined network security models, can respond to attacker tactics outlined in MITRE’s ATT&CK, and more closely integrate with user-defined security policies. Specifically, the work in this thesis culminates in the proposal of an IRS which leverages Model-Free Deep Reinforcement Learning, a change in direction to model-based methods. Reinforcement Learning in a novel containerised network testbed allows the Intrusion Response System to gain a better understanding of the impact of its actions in terms of stopping an ongoing attack scenario, and also how that action impacts normal network operation through experience. Results demonstrate successful response selection against multi-stage attack scenarios and restoration of compromised cyber-physical system processes.
| Date of Award | Jul 2024 |
|---|
| Original language | English |
|---|
| Awarding Institution | - Queen's University Belfast
|
|---|
| Sponsors | Northern Ireland Department for the Economy |
|---|
| Supervisor | Kieran McLaughlin (Supervisor) & Sakir Sezer (Supervisor) |
|---|
- intrusion
- response
- systems
- IRS
- network
- security
- reinforcement
- learning
- intel
Automated intrusion response systems
Hughes, K. (Author). Jul 2024
Student thesis: Doctoral Thesis › Doctor of Philosophy