SENTIENCE — Simulation-based reinforcement-learning security operations center

Industrial IT systems that support critical societal functions are high-value
targets for advanced cyber adversaries. These systems support vital systems for
energy production, water distribution and more. To prevent data leakage or sabotage, early detection of hacking attempts is important. Due to the size and complexity of the systems in question, an automated approach for intrusion detection is desired.

Reinforcement learning is a field of machine learning focused on creating decision-making models. To efficiently perform reinforcement learning, it is sometimes necessary to construct a simulated environment that the model can learn in.

This project aims to use reinforcement learning to develop an automated and semi-autonomous security operations system. We plan to simulate parts of industrial IT-systems and utilize modern methods of reinforcement learning to automatically find strategies for intrusion detection and security operations.

Publications

J. Nyberg and P. Johnson, "Learning Automated Defense Strategies Using Graph-Based Cyber Attack Simulations ," Workshop on Security Operation Center Operations and Construction (WOSOC) 2023, pp. 1-8, doi: 10.14722/wosoc.2023.23006

J. Nyberg, P. Johnson och A. Méhes, "Cyber threat response using reinforcement learning in graph-based attack simulations," NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, 2022, pp. 1-4, doi: 10.1109/NOMS54207.2022.9789835

Researchers

Jakob Nyberg doctoral student jaknyb@kth.se Profile

DIVISION OF NETWORK AND SYSTEMS ENGINEERING

Pontus Johnson professor pontusj@kth.se 087906825 Profile

DIVISION OF NETWORK AND SYSTEMS ENGINEERING

Rolf Stadler professor, head of division stadler@kth.se 087904250 Profile

DIVISION OF NETWORK AND SYSTEMS ENGINEERING