A Model-Free Approach to Intrusion Response Systems. (May 2022)
- Record Type:
- Journal Article
- Title:
- A Model-Free Approach to Intrusion Response Systems. (May 2022)
- Main Title:
- A Model-Free Approach to Intrusion Response Systems
- Authors:
- Hughes, Kieran
McLaughlin, Kieran
Sezer, Sakir - Abstract:
- Abstract: With the rising number of data breaches, denial of service attacks and general malicious activity facing modern computer networks, there is an increasing need to quickly and effectively respond to attacks. Intrusion Detection Systems provide an automated method of identifying malicious activity within a network however the development of an Intrusion Response System which can automatically respond to these alerts is non-trivial. Current research in IRS proposes model-based methods for identifying possible routes a malicious actor may take when attacking a network and use subjective performance values for the cost and benefit of a response, both of which can be invalidated by the increasingly dynamic nature of network topologies and system configurations. The IRS proposed in this work utilises a Model-free Reinforcement Learning approach and evaluates the Reinforcement Learning agent's performance in stopping two distinct multi-stage attack scenarios on a virtualised testbed. Experimentation demonstrates that the agent can successfully halt both attack scenarios and find responses which have minimal impact on normal network operation based on experience gained through training. A further contribution is the novel use of a virtualised environment that demonstrates Intrusion Response Reinforcement Learning performance in a more realistic environment than simulated tasks common to previous literature.
- Is Part Of:
- Journal of information security and applications. Volume 66(2022)
- Journal:
- Journal of information security and applications
- Issue:
- Volume 66(2022)
- Issue Display:
- Volume 66, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 66
- Issue:
- 2022
- Issue Sort Value:
- 2022-0066-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-05
- Subjects:
- Intrusion -- Response -- Systems -- Reinforcement -- Learning -- Network -- Security
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.jisa.2022.103150 ↗
- Languages:
- English
- ISSNs:
- 2214-2126
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 26870.xml