Skip to main content

SENTIENCE — Simulation-based reinforcement-learning security operations center

Industrial IT systems that support critical societal functions are high-value
targets for advanced cyber adversaries. These systems support vital systems for
energy production, water distribution and more. To prevent data leakage or sabotage, early detection of hacking attempts is important. Due to the size and complexity of the systems in question, an automated approach for intrusion detection is desired.

Reinforcement learning is a field of machine learning focused on creating decision-making models. To efficiently perform reinforcement learning, it is sometimes necessary to construct a simulated environment that the model can learn in.

This project aims to use reinforcement learning to develop an automated and semi-autonomous security operations system. We plan to simulate parts of industrial IT-systems and utilize modern methods of reinforcement learning to automatically find strategies for intrusion detection and security operations.

Publications

J. Nyberg and P. Johnson, "Structural Generalization in Autonomous Cyber Incident Response with Message-Passing Neural Networks and Reinforcement Learning," 2024 IEEE International Conference on Cyber Security and Resilience (CSR), London, United Kingdom, 2024, pp. 282-289, doi: 10.1109/CSR61664.2024.10679456

J. Nyberg and P. Johnson, "Learning Automated Defense Strategies Using Graph-Based Cyber Attack Simulations ," Workshop on Security Operation Center Operations and Construction (WOSOC) 2023, pp. 1-8, doi: 10.14722/wosoc.2023.23006

J. Nyberg, P. Johnson och A. Méhes, "Cyber threat response using reinforcement learning in graph-based attack simulations," NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, 2022, pp. 1-4, doi: 10.1109/NOMS54207.2022.9789835