Skip to main content
To KTH's start page

Self-Learning Systems for Cyber Defense

A growing problem in system security stems from the fact that both attack methods and target systems constantly evolve: on the one hand attacks increase in sophistication over time, on the other hand target systems keep changing due to functional upgrades and innovation. As a consequence, a defender mustconstantly adapt and improve the target system in order to remain effective, which imposes an increasing burden on system designers and operators.

The goal of this project is to study, develop, and demonstrate strategies that will automate the defender’s task and keep a system secure in a changing environment. To this end, the project will investigate various approaches for self-learning systems that produce ever better defender strategies. The research adopts an adversarial approach, based on reinforcement learning, genetic algorithms, and game theory, whereby the strategies of simulated attackers and defenders co-evolve without human intervention.

Publications

K. Hammar and R. Stadler, "Learning Near-Optimal Intrusion Responses Against Dynamic Attackers," in IEEE Transactions on Network and Service Management, doi: 10.1109/TNSM.2023.3293413 .

K. Hammar and R. Stadler, "Digital Twins for Security Automation," NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, Miami, FL, USA, 2023, pp. 1-6, doi: 10.1109/NOMS56928.2023.10154288 .

K. Hammar and R. Stadler, "An Online Framework for Adapting Security Policies in Dynamic IT Environments," 2022 18th International Conference on Network and Service Management (CNSM), Thessaloniki, Greece, 2022, pp. 359-363, doi: 10.23919/CNSM55787.2022.9964838 .

K. Hammar and R. Stadler. "Learning Security Strategies through Game Play and Optimal Stopping", ICML Ml4Cyber Workshop 2022: International Conference on Machine Learning, arXiv: 2205.14694 .

K. Hammar and R. Stadler, "A System for Interactive Examination of Learned Security Policies," NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, 2022, pp. 1-3, doi: 10.1109/NOMS54207.2022.9789707

K. Hammar and R. Stadler, "Intrusion Prevention through Optimal Stopping," in IEEE Transactions on Network and Service Management, 10.1109/TNSM.2022.3176781 .

K. Hammar and R. Stadler, "Learning Intrusion Prevention Policies through Optimal Stopping," 2021 17th International Conference on Network and Service Management (CNSM), 2021, pp. 509-517, doi: 10.23919/CNSM52442.2021.9615542 .

K. Hammar and R. Stadler, "Finding Effective Security Strategies through Reinforcement Learning and Self-Play," 2020 16th International Conference on Network and Service Management (CNSM), Izmir, Turkey, 2020, pp. 1-9, doi: 10.23919/CNSM50824.2020.9269092.

Researchers

Kim Hammar
Kim Hammar doctoral student
Rolf Stadler
Rolf Stadler professor
Pontus Johnson
Pontus Johnson professor