ARCS: Adaptive Reinforcement Learning Framework for Automated Cybersecurity Incident Response Strategy Optimization

Applied Sciences, Journal Year: 2025, Volume and Issue: 15(2), P. 951 - 951

Published: Jan. 19, 2025

The increasing sophistication and frequency of cyber attacks necessitate automated intelligent response mechanisms that can adapt to evolving threats. This paper presents ARCS (Adaptive Reinforcement learning for Cybersecurity Strategy), a novel framework leverages deep reinforcement optimize incident strategies in cybersecurity systems. Our approach uniquely combines state representation security events with hierarchical decision-making process map attack patterns optimal defense measures. employs custom reward mechanism balances resolution time, system stability, effectiveness. Using comprehensive dataset 20,000 incidents, we demonstrate achieves 27.3% faster times 31.2% higher effectiveness compared traditional rule-based approaches. shows particular strength handling complex, multi-stage attacks, reducing false positive rates by 42.8% while maintaining robust performance. Through extensive experiments, validated our effectively generalize across different types previously unseen threat patterns. results suggest learning-based automation significantly enhance capabilities, particularly environments requiring rapid precise defensive actions.

Language: Английский

EM-AUC: A Novel Algorithm for Evaluating Anomaly Based Network Intrusion Detection Systems

Sensors, Journal Year: 2024, Volume and Issue: 25(1), P. 78 - 78

Published: Dec. 26, 2024

Effective network intrusion detection using anomaly scores from unsupervised machine learning models depends on the performance of models. Although do not require labels during training and testing phases, assessment their metrics evaluation phase still requires comparing against labels. In real-world scenarios, absence in massive datasets makes it infeasible to calculate metrics. Therefore, is valuable develop an algorithm that calculates robust without this paper, we propose a novel algorithm, Expectation Maximization-Area Under Curve (EM-AUC), derive Area ROC (AUC-ROC) Precision-Recall (AUC-PR) by treating unavailable as missing data replacing them through posterior probabilities. This was applied two datasets, yielding results. To best our knowledge, first time AUC-ROC AUC-PR, derived labels, have been used evaluate systems. The EM-AUC enables model training, testing, proceed comprehensive offering cost-effective scalable solution for selecting most effective detection.

Language: Английский

Hybridization of synergistic swarm and differential evolution with graph convolutional network for distributed denial of service detection and mitigation in IoT environment

Scientific Reports, Journal Year: 2024, Volume and Issue: 14(1)

Published: Dec. 28, 2024

Enhanced technologies of the future are gradually improving digital landscape. Internet Things (IoT) technology is an advanced technique that quickly increasing owing to development a network organized online devices. In today's era, IoT considered one most robust technologies. However, attackers can effortlessly hack devices employed generate botnets, and it applied present distributed denial service (DDoS) attacks beside networks. The DDoS attack foremost on system causes complete go down. Thus, average consumers may need help get services they from server. compromised or want be perceived well in system. So, presently, Deep Learning (DL) plays prominent part forecasting end-users' behaviour by extracting features identifying adversary network. This paper proposes Synergistic Swarm Optimization Differential Evolution with Graph Convolutional Network Cyberattack Detection Mitigation (SSODE-GCNDM) environment. main intention SSODE-GCNDM method recognize presence platforms. Primarily, utilizes Z-score normalization scale input data into uniform format. presented approach synergistic swarm optimization differential evolution (SSO-DE) for feature selection. Moreover, graph convolutional (GCN) recognizes mitigates attacks. Finally, implements northern goshawk (NGO) fine-tune hyperparameters involved GCN method. An extensive range experimentation analyses occur, outcomes observed using numerous features. experimental validation portrayed superior accuracy value 99.62% compared existing approaches.

Language: Английский