Using machine learning to guide automated intrusion response
| dc.contributor.advisor | Hutchison, Andrew | |
| dc.contributor.author | Lopes, Andre | |
| dc.date.accessioned | 2020-11-19T11:21:52Z | |
| dc.date.available | 2020-11-19T11:21:52Z | |
| dc.date.issued | 2020 | |
| dc.date.updated | 2020-11-19T08:08:29Z | |
| dc.description.abstract | Traditionally Intrusion Response Systems (IRSs) have had a strong reliance on net-work administrators to perform various responses for a network. Though this is expected, particularly with networks containing sensitive data, it is not completely practical, considering the ever-growing demand for speed, scalability, and automation in computer networks. This work presents a proof of concept automated IRS that provides both for networks containing sensitive data and high-speed networks, by using basic responses for complex attacks, and by using reinforcement learning for direct attacks. Responses for the latter are done by creating a response system that is able to learn from the effectiveness of its own responses. This work is evaluated in its effectiveness against the deactivation issue, which is concerned with the problem of automatically deactivating network responses after they've been activated by an IRS. All tests are conducted using an emulated network, that was de-signed to replicate real network behaviour. Simulated attacks were used to train the IRS. Results of training were evaluated at intervals of 100, 500, 1000 and 2000 at-tacks. The findings of this work indicate that while applying reinforcement learning to IRSs is feasible, adjustments may still be required to improve its performance. | |
| dc.identifier.apacitation | Lopes, A. (2020). <i>Using machine learning to guide automated intrusion response</i>. (). ,Faculty of Science ,Department of Computer Science. Retrieved from http://hdl.handle.net/11427/32403 | en_ZA |
| dc.identifier.chicagocitation | Lopes, Andre. <i>"Using machine learning to guide automated intrusion response."</i> ., ,Faculty of Science ,Department of Computer Science, 2020. http://hdl.handle.net/11427/32403 | en_ZA |
| dc.identifier.citation | Lopes, A. 2020. Using machine learning to guide automated intrusion response. . ,Faculty of Science ,Department of Computer Science. http://hdl.handle.net/11427/32403 | en_ZA |
| dc.identifier.ris | TY - Master Thesis AU - Lopes, Andre AB - Traditionally Intrusion Response Systems (IRSs) have had a strong reliance on net-work administrators to perform various responses for a network. Though this is expected, particularly with networks containing sensitive data, it is not completely practical, considering the ever-growing demand for speed, scalability, and automation in computer networks. This work presents a proof of concept automated IRS that provides both for networks containing sensitive data and high-speed networks, by using basic responses for complex attacks, and by using reinforcement learning for direct attacks. Responses for the latter are done by creating a response system that is able to learn from the effectiveness of its own responses. This work is evaluated in its effectiveness against the deactivation issue, which is concerned with the problem of automatically deactivating network responses after they've been activated by an IRS. All tests are conducted using an emulated network, that was de-signed to replicate real network behaviour. Simulated attacks were used to train the IRS. Results of training were evaluated at intervals of 100, 500, 1000 and 2000 at-tacks. The findings of this work indicate that while applying reinforcement learning to IRSs is feasible, adjustments may still be required to improve its performance. DA - 2020_ DB - OpenUCT DP - University of Cape Town KW - Computer Science LK - https://open.uct.ac.za PY - 2020 T1 - Using machine learning to guide automated intrusion response TI - Using machine learning to guide automated intrusion response UR - http://hdl.handle.net/11427/32403 ER - | en_ZA |
| dc.identifier.uri | http://hdl.handle.net/11427/32403 | |
| dc.identifier.vancouvercitation | Lopes A. Using machine learning to guide automated intrusion response. []. ,Faculty of Science ,Department of Computer Science, 2020 [cited yyyy month dd]. Available from: http://hdl.handle.net/11427/32403 | en_ZA |
| dc.language.rfc3066 | eng | |
| dc.publisher.department | Department of Computer Science | |
| dc.publisher.faculty | Faculty of Science | |
| dc.subject | Computer Science | |
| dc.title | Using machine learning to guide automated intrusion response | |
| dc.type | Master Thesis | |
| dc.type.qualificationlevel | Masters | |
| dc.type.qualificationlevel | MSc |