IRIS

Intrusion Response is a relatively new field of research. Recent approaches for the creation of Intrusion Response Systems (IRSs) use Reinforcement Learning (RL) as a primary technique for the optimal or near-optimal selection of the proper countermeasure to take in order to stop or mitigate an ongoing attack. However, most of them do not consider the fact that systems can change over time or, in other words, that systems exhibit non-stationary behaviors. Furthermore, stateful approaches, such as those based on RL, suffer from the curse of dimensionality, due to the state space growing exponentially with the size of the protected system. In this paper, we introduce and develop an IRS software prototype, named irs-partition. It leverages the partitioning of the protected system and Deep Q-Networks to address the curse of dimensionality by supporting a multi-agent formulation. Furthermore, it exploits transfer learning to follow the evolution of non-stationary systems.

Cardellini, V., Casalicchio, E., Iannucci, S., Lucantonio, M., Mittal, S., Panigrahi, D., et al. (2022). irs-partition: An Intrusion Response System utilizing Deep Q-Networks and system partitions. SOFTWAREX, 19, 101120 [10.1016/j.softx.2022.101120].

irs-partition: An Intrusion Response System utilizing Deep Q-Networks and system partitions

Cardellini, Valeria;
2022-07-01

Abstract

Intrusion Response is a relatively new field of research. Recent approaches for the creation of Intrusion Response Systems (IRSs) use Reinforcement Learning (RL) as a primary technique for the optimal or near-optimal selection of the proper countermeasure to take in order to stop or mitigate an ongoing attack. However, most of them do not consider the fact that systems can change over time or, in other words, that systems exhibit non-stationary behaviors. Furthermore, stateful approaches, such as those based on RL, suffer from the curse of dimensionality, due to the state space growing exponentially with the size of the protected system. In this paper, we introduce and develop an IRS software prototype, named irs-partition. It leverages the partitioning of the protected system and Deep Q-Networks to address the curse of dimensionality by supporting a multi-agent formulation. Furthermore, it exploits transfer learning to follow the evolution of non-stationary systems.
lug-2022
Pubblicato
Rilevanza internazionale
Articolo
Esperti anonimi
Settore ING-INF/05 - SISTEMI DI ELABORAZIONE DELLE INFORMAZIONI
Settore IINF-05/A - Sistemi di elaborazione delle informazioni
English
Con Impact Factor ISI
https://www.sciencedirect.com/science/article/pii/S2352711022000796
Cardellini, V., Casalicchio, E., Iannucci, S., Lucantonio, M., Mittal, S., Panigrahi, D., et al. (2022). irs-partition: An Intrusion Response System utilizing Deep Q-Networks and system partitions. SOFTWAREX, 19, 101120 [10.1016/j.softx.2022.101120].
Cardellini, V; Casalicchio, E; Iannucci, S; Lucantonio, M; Mittal, S; Panigrahi, D; Silvi, A
Articolo su rivista
01 - Articolo su rivista
File in questo prodotto:
File Dimensione Formato  
1-s2.0-S2352711022000796-main.pdf

accesso aperto

Tipologia: Versione Editoriale (PDF)
Licenza: Creative commons
Dimensione 2.09 MB
Formato Adobe PDF
Visualizza/Apri
2.09 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2108/303033
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? 8
social impact