In this paper, we provide a complete framework to operationalize security automation in DevSecOps utilizing Artificial Intelligence (AI) and Machine Learning (ML) with a focus on Reinforcement Learning (RL) approaches. The paper describes the development of a RL framework to enable autonomous and adaptive incident response in a Cloud-native environment. Our RL-based framework utilizes intelligent agents that discover, classify, and mitigate security threats autonomously and learn, improve, and apply their detection and response abilities in the continuous learning process autonomously. Autonomous incident response leads to quicker incident response times and better incident response with minimal human oversight and hand-offs, especially with recent developments in security in terms of new security threats such as zero-day vulnerabilities, and insider threats. Since DevOps continues to evolve and gain prominence as the preferred software development methodology, security is critical, and its integration into DevOps as DevSecOps is necessary. The contributions from the paper are needed within the context of improving security in a DevOps ecosystem as the aim is to embed RL-based decision making across the different stages of DevSecOps to achieve our security goals without sacrificing speed and agility. The framework is validated through experimentation using multiple threats. The discussion addressed relevant practical issues and future work on deploying RL-based security technologies in operational contexts in DevSecOps, which can enable a new way to deliver security that is scalable, intelligent, and continuous.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Reinforcement Learning with AI for Autonomous Incident Response in DevSecOps: Using RL Agents to Detect, Classify, and Mitigate Security Threats in Cloud-Native DevOps Environments

  • Chhaya Gunawat,
  • Jay Sunil Nankani,
  • Rohit Kumar Gupta

摘要

In this paper, we provide a complete framework to operationalize security automation in DevSecOps utilizing Artificial Intelligence (AI) and Machine Learning (ML) with a focus on Reinforcement Learning (RL) approaches. The paper describes the development of a RL framework to enable autonomous and adaptive incident response in a Cloud-native environment. Our RL-based framework utilizes intelligent agents that discover, classify, and mitigate security threats autonomously and learn, improve, and apply their detection and response abilities in the continuous learning process autonomously. Autonomous incident response leads to quicker incident response times and better incident response with minimal human oversight and hand-offs, especially with recent developments in security in terms of new security threats such as zero-day vulnerabilities, and insider threats. Since DevOps continues to evolve and gain prominence as the preferred software development methodology, security is critical, and its integration into DevOps as DevSecOps is necessary. The contributions from the paper are needed within the context of improving security in a DevOps ecosystem as the aim is to embed RL-based decision making across the different stages of DevSecOps to achieve our security goals without sacrificing speed and agility. The framework is validated through experimentation using multiple threats. The discussion addressed relevant practical issues and future work on deploying RL-based security technologies in operational contexts in DevSecOps, which can enable a new way to deliver security that is scalable, intelligent, and continuous.