kth.sePublications
System disruptions
We are currently experiencing disruptions on the search portals due to high traffic. We are working to resolve the issue, you may temporarily encounter an error message.
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Cyber threat response using reinforcement learning in graph-based attack simulations
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0003-2663-0708
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0002-3293-1681
Ericsson, Stockholm, Sweden..
2022 (English)In: Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022: Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022 / [ed] Varga, P Granville, LZ Galis, A Godor, I Limam, N Chemouil, P Francois, J Pahl, M, IEEE, 2022Conference paper, Published paper (Refereed)
Abstract [en]

In this ongoing project we employ reinforcement learning in a simulation environment to learn policies for cyber defense. The environment is based on attack graphs produced using the Meta Attack Language, a modeling language used to assess the security of systems. Two RL algorithms are utilized to prevent a simulated attacker agent to reach a series of targets within attack graphs. The defensive agent has to make decisions based on the value of keeping assets enabled, or suffering the consequence of the attacker reaching its goal. The initial results are promising, and show that both algorithms are able to find distinct strategies for defense. However, further analysis is needed to evaluate policy quality, including the implementation of sensible baseline policies for comparison.
Place, publisher, year, edition, pages
IEEE, 2022.
Series
IEEE IFIP Network Operations and Management Symposium, ISSN 1542-1201
Keywords [en]
cyber-security, reinforcement learning, threat modeling, attack graph
National Category
Information Systems
Identifiers
URN: urn:nbn:se:kth:diva-319058DOI: 10.1109/NOMS54207.2022.9789835ISI: 000851572700090Scopus ID: 2-s2.0-85133206723OAI: oai:DiVA.org:kth-319058DiVA, id: diva2:1699005
Conference
IEEE/IFIP Network Operations and Management Symposium, NOMS 2022, Budapest, 25 April 2022, through 29 April 2022
Note

Part of proceedings: ISBN 978-1-6654-0601-7

QC 20220926

Available from: 2022-09-26 Created: 2022-09-26 Last updated: 2023-01-16Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Nyberg, JakobJohnson, Pontus

Search in DiVA

By author/editor
Nyberg, JakobJohnson, Pontus
By organisation
Network and Systems Engineering
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 275 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.45.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub