Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
Using machine learning to guide automated intrusion response
Traditionally Intrusion Response Systems (IRSs) have had a strong reliance on net-work administrators to perform various responses for a network. Though this is expected, particularly with networks containing sensitive data, it is not completely practical, considering the ever-growing demand for spe...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | English |
| Published: |
Department of Computer Science
2020
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613229925007360 |
|---|---|
| access_status_str | Open Access |
| author | Lopes, Andre |
| author2 | Hutchison, Andrew |
| author_browse | Hutchison, Andrew Lopes, Andre |
| author_facet | Hutchison, Andrew Lopes, Andre |
| author_sort | Lopes, Andre |
| collection | Thesis |
| description | Traditionally Intrusion Response Systems (IRSs) have had a strong reliance on net-work administrators to perform various responses for a network. Though this is expected, particularly with networks containing sensitive data, it is not completely practical, considering the ever-growing demand for speed, scalability, and automation in computer networks. This work presents a proof of concept automated IRS that provides both for networks containing sensitive data and high-speed networks, by using basic responses for complex attacks, and by using reinforcement learning for direct attacks. Responses for the latter are done by creating a response system that is able to learn from the effectiveness of its own responses. This work is evaluated in its effectiveness against the deactivation issue, which is concerned with the problem of automatically deactivating network responses after they've been activated by an IRS. All tests are conducted using an emulated network, that was de-signed to replicate real network behaviour. Simulated attacks were used to train the IRS. Results of training were evaluated at intervals of 100, 500, 1000 and 2000 at-tacks. The findings of this work indicate that while applying reinforcement learning to IRSs is feasible, adjustments may still be required to improve its performance. |
| format | Thesis |
| id | oai:open.uct.ac.za:11427/32403 |
| institution | University of Cape Town (South Africa) |
| language | eng |
| last_indexed | 2026-06-10T12:32:50.328Z |
| license_str | Not specified — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UCTD — University of Cape Town Open Access Repository |
| publishDate | 2020 |
| publishDateRange | 2020 |
| publishDateSort | 2020 |
| publisher | Department of Computer Science |
| publisherStr | Department of Computer Science |
| record_format | dspace |
| source_str | UCTD — University of Cape Town Open Access Repository |
| spelling | oai:open.uct.ac.za:11427/32403 Using machine learning to guide automated intrusion response Lopes, Andre Hutchison, Andrew Computer Science Traditionally Intrusion Response Systems (IRSs) have had a strong reliance on net-work administrators to perform various responses for a network. Though this is expected, particularly with networks containing sensitive data, it is not completely practical, considering the ever-growing demand for speed, scalability, and automation in computer networks. This work presents a proof of concept automated IRS that provides both for networks containing sensitive data and high-speed networks, by using basic responses for complex attacks, and by using reinforcement learning for direct attacks. Responses for the latter are done by creating a response system that is able to learn from the effectiveness of its own responses. This work is evaluated in its effectiveness against the deactivation issue, which is concerned with the problem of automatically deactivating network responses after they've been activated by an IRS. All tests are conducted using an emulated network, that was de-signed to replicate real network behaviour. Simulated attacks were used to train the IRS. Results of training were evaluated at intervals of 100, 500, 1000 and 2000 at-tacks. The findings of this work indicate that while applying reinforcement learning to IRSs is feasible, adjustments may still be required to improve its performance. 2020-11-19T11:21:52Z 2020-11-19T11:21:52Z 2020 2020-11-19T08:08:29Z Master Thesis Masters MSc http://hdl.handle.net/11427/32403 eng application/pdf Department of Computer Science Faculty of Science |
| spellingShingle | Computer Science Lopes, Andre Using machine learning to guide automated intrusion response |
| thesis_degree_str | Master's |
| title | Using machine learning to guide automated intrusion response |
| title_full | Using machine learning to guide automated intrusion response |
| title_fullStr | Using machine learning to guide automated intrusion response |
| title_full_unstemmed | Using machine learning to guide automated intrusion response |
| title_short | Using machine learning to guide automated intrusion response |
| title_sort | using machine learning to guide automated intrusion response |
| topic | Computer Science |
| url | http://hdl.handle.net/11427/32403 |
| work_keys_str_mv | AT lopesandre usingmachinelearningtoguideautomatedintrusionresponse |