kth.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A System for Interactive Examination of Learned Security Policies
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.ORCID iD: 0000-0003-1773-8354
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.ORCID iD: 0000-0001-6039-8493
2022 (English)In: Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022: Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022 / [ed] Varga, P Granville, LZ Galis, A Godor, I Limam, N Chemouil, P Francois, J Pahl, M, IEEE, 2022Conference paper, Published paper (Refereed)
Abstract [en]

We present a system for interactive examination of learned security policies. It allows a user to traverse episodes of Markov decision processes in a controlled manner and to track the actions triggered by security policies. Similar to a software debugger, a user can continue or or halt an episode at any time step and inspect parameters and probability distributions of interest. The system enables insight into the structure of a given policy and in the behavior of a policy in edge cases. We demonstrate the system with a network intrusion use case. We examine the evolution of an IT infrastructure's state and the actions prescribed by security policies while an attack occurs. The policies for the demonstration have been obtained through a reinforcement learning approach that includes a simulation system where policies are incrementally learned and an emulation system that produces statistics that drive the simulation runs.
Place, publisher, year, edition, pages
IEEE, 2022.
Series
IEEE IFIP Network Operations and Management Symposium, ISSN 1542-1201
Keywords [en]
Network security, automation, reinforcement learning, Markov decision processes, MDP, POMDP
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:kth:diva-319079DOI: 10.1109/NOMS54207.2022.9789707ISI: 000851572700003Scopus ID: 2-s2.0-85133197609OAI: oai:DiVA.org:kth-319079DiVA, id: diva2:1698950
Conference
2022 IEEE/IFIP Network Operations and Management Symposium, NOMS 2022, Budapest,25 April 2022, through 29 April 2022
Note

QC 20220926

Part of proceedings: ISBN 978-1-6654-0601-7

Available from: 2022-09-26 Created: 2022-09-26 Last updated: 2022-11-07Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Hammar, KimStadler, Rolf

Search in DiVA

By author/editor
Hammar, KimStadler, Rolf
By organisation
Network and Systems EngineeringCentre for Cyber Defence and Information Security CDIS
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 69 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.45.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub