In this paper we present a preliminary design of a biologically inspired, decentralized, agent-based cybersecurity framework. The pipeline employs a network of decentralized and fully autonomous agents which we implement with Deep Q-Networks which learn to detect attacks. We draw on biological mechanisms like immune system adaptation and swarm intelligence so that over time, these agents can learn to distinguish between benign and malicious activity through local interactions and environment-driven rewards, both in the initial pre-deployment training phase (which itself can be divided into rule-based training, as described in this work, and reinforcement training), and active learning during deployment. This preliminary architecture prioritizes speed, decentralization, and resilience, which enables rapid anomaly detection without relying on centralized processing or signature-based approaches. Early simulations demonstrate the model’s ability to detect complex threats when we draw comparisons to a random agent, indicating its potential for scalable real-world applications in cybersecurity. Additionally, discuss the potential issues with this implementation. We also utilise the popular rotating honeypots combined with a reinforcement learning based intrusion detection system to form a honeypot based, reinforcement learning supported pipeline.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Early Threat Engagement via Honeypot-Derived Learning in Cyber Defense Systems

  • Srushti Srikanth,
  • Sri Vidya Manjunath,
  • Avinash Selvam,
  • Shreyas Ravi Krishna Eni,
  • Geetha Dayalan

摘要

In this paper we present a preliminary design of a biologically inspired, decentralized, agent-based cybersecurity framework. The pipeline employs a network of decentralized and fully autonomous agents which we implement with Deep Q-Networks which learn to detect attacks. We draw on biological mechanisms like immune system adaptation and swarm intelligence so that over time, these agents can learn to distinguish between benign and malicious activity through local interactions and environment-driven rewards, both in the initial pre-deployment training phase (which itself can be divided into rule-based training, as described in this work, and reinforcement training), and active learning during deployment. This preliminary architecture prioritizes speed, decentralization, and resilience, which enables rapid anomaly detection without relying on centralized processing or signature-based approaches. Early simulations demonstrate the model’s ability to detect complex threats when we draw comparisons to a random agent, indicating its potential for scalable real-world applications in cybersecurity. Additionally, discuss the potential issues with this implementation. We also utilise the popular rotating honeypots combined with a reinforcement learning based intrusion detection system to form a honeypot based, reinforcement learning supported pipeline.