Using machine learning to guide automated intrusion response

Master Thesis

2020

Permanent link to this Item
Authors
Journal Title
Link to Journal
Journal ISSN
Volume Title
Publisher
Publisher
License
Series
Abstract
Traditionally Intrusion Response Systems (IRSs) have had a strong reliance on net-work administrators to perform various responses for a network. Though this is expected, particularly with networks containing sensitive data, it is not completely practical, considering the ever-growing demand for speed, scalability, and automation in computer networks. This work presents a proof of concept automated IRS that provides both for networks containing sensitive data and high-speed networks, by using basic responses for complex attacks, and by using reinforcement learning for direct attacks. Responses for the latter are done by creating a response system that is able to learn from the effectiveness of its own responses. This work is evaluated in its effectiveness against the deactivation issue, which is concerned with the problem of automatically deactivating network responses after they've been activated by an IRS. All tests are conducted using an emulated network, that was de-signed to replicate real network behaviour. Simulated attacks were used to train the IRS. Results of training were evaluated at intervals of 100, 500, 1000 and 2000 at-tacks. The findings of this work indicate that while applying reinforcement learning to IRSs is feasible, adjustments may still be required to improve its performance.
Description

Reference:

Collections