Biblio

We present an online framework for learning and updating security policies in dynamic IT environments. It includes three components: a digital twin of the target system, which continuously collects data and evaluates learned policies; a system identification process, which periodically estimates system models based on the collected data; and a policy learning process that is based on reinforcement learning. To evaluate our framework, we apply it to an intrusion prevention use case that involves a dynamic IT infrastructure. Our results demonstrate that the framework automatically adapts security policies to changes in the IT infrastructure and that it outperforms a state-of-the-art method.

We present a system for interactive examination of learned security policies. It allows a user to traverse episodes of Markov decision processes in a controlled manner and to track the actions triggered by security policies. Similar to a software debugger, a user can continue or or halt an episode at any time step and inspect parameters and probability distributions of interest. The system enables insight into the structure of a given policy and in the behavior of a policy in edge cases. We demonstrate the system with a network intrusion use case. We examine the evolution of an IT infrastructure’s state and the actions prescribed by security policies while an attack occurs. The policies for the demonstration have been obtained through a reinforcement learning approach that includes a simulation system where policies are incrementally learned and an emulation system that produces statistics that drive the simulation runs.

Automatic optimal response systems are essential for preserving power system resilience and ensuring faster recovery from emergency under cyber compromise. Numerous research works have developed such response engine for cyber and physical system recovery separately. In this paper, we propose a novel cyber-physical decision support system, SCORE, that computes optimal actions considering pure and hybrid cyber-physical states, using Markov Decision Process (MDP). Such an automatic decision making engine can assist power system operators and network administrators to make a faster response to prevent cascading failures and attack escalation respectively. The hybrid nature of the engine makes the reward and state transition model of the MDP unique. Value iteration and policy iteration techniques are used to compute the optimal actions. Tests are performed on three and five substation power systems to recover from attacks that compromise relays to cause transmission line overflow. The paper also analyses the impact of reward and state transition model on computation. Corresponding results verify the efficacy of the proposed engine.

Trust management is a promising alternative solution to different complex security algorithms for Underwater Wireless Sensor Networks (UWSN) applications due to its several resource constraint behaviour. In this work, we have proposed a trust management model to improve location privacy of the UWSN. Adaptive Neuro Fuzzy Inference System (ANFIS) has been exploited to evaluate trustworthiness of a sensor node. Also Markov Decision Process (MDP) has been considered. At each state of the MDP, a sensor node evaluates trust behaviour of forwarding node utilizing the FIS learning rules and selects a trusted node. Simulation has been conducted in MATLAB and simulation results show that the detection accuracy of trustworthiness is 91.2% which is greater than Knowledge Discovery and Data Mining (KDD) 99 intrusion detection based dataset. So, in our model 91.2% trustworthiness is necessary to be a trusted node otherwise it will be treated as a malicious or compromised node. Our proposed model can successfully eliminate the possibility of occurring any compromised or malicious node in the network.