Publications

The following publications are based on CSLE:

Automated Security Response through Online Learning with Adaptive Conjectures

Journal: Under review, IEEE Transactions on Information Forensics and Security. Preprint.

Bibtex:

@misc{kim_tifs_24,
      title={Automated Security Response through Online Learning with Adaptive Conjectures},
      author={Kim Hammar and Tao Li and Rolf Stadler and Quanyan Zhu},
      year={2024},
      eprint={2402.12499},
      archivePrefix={arXiv},
      primaryClass={cs.GT}
}

IT Intrusion Detection Using Statistical Learning and Testbed Measurements

Conference: IEEE/IFIP Network Operations and Management Symposium 2024. Preprint.

Bibtex:

@misc{wang2024intrusion,
      title={IT Intrusion Detection Using Statistical Learning and Testbed Measurements},
      author={Xiaoxuan Wang and Rolf Stadler},
      year={2024},
      eprint={2402.13081},
      archivePrefix={arXiv},
      primaryClass={cs.LG}
}

Scalable Learning of Intrusion Responses through Recursive Decomposition

Conference: International Conference on Decision and Game Theory for Security 2023 (GameSec). Preprint.

Bibtex:

@misc{gamesec23_extended,
      title={Scalable Learning of Intrusion Responses through Recursive Decomposition},
      author={Kim Hammar and Rolf Stadler},
      year={2023},
      eprint={2309.03292},
      archivePrefix={arXiv},
      primaryClass={eess.SY},
      url={https://arxiv.org/abs/2309.03292}
}

Learning Near-Optimal Intrusion Responses Against Dynamic Attackers

Journal: IEEE Transactions on Network and Service Management (IEEE TNSM). Proceedings., Preprint.

Bibtex:

@ARTICLE{10175554,
  author={Hammar, Kim and Stadler, Rolf},
  journal={IEEE Transactions on Network and Service Management}, 
  title={Learning Near-Optimal Intrusion Responses Against Dynamic Attackers}, 
  year={2023},
  volume={},
  number={},
  pages={1-1},
  doi={10.1109/TNSM.2023.3293413}}

Digital Twins for Security Automation

Conference: NOMS 2023 IEEE/IFIP Network Operations and Management Symposium Proceedings.

Bibtex:

@INPROCEEDINGS{hammar_stadle4_noms_23,
  author={Hammar, Kim and Stadler, Rolf},
  booktitle={NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium},
  title={Digital Twins for Security Automation},
  year={2023},
  volume={},
  number={},
  pages={1-6},
  doi={10.1109/NOMS56928.2023.10154288}}

Intrusion Prevention through Optimal Stopping

Journal: IEEE Transactions on Network and Service Management (IEEE TNSM), special issue on recent advances in network security management. Proceedings., Preprint.

Bibtex:

@ARTICLE{9779345,
  author={Hammar, Kim and Stadler, Rolf},
  journal={IEEE Transactions on Network and Service Management},
  title={Intrusion Prevention Through Optimal Stopping},
  year={2022},
  volume={19},
  number={3},
  pages={2333-2348},
  doi={10.1109/TNSM.2022.3176781}}

An Online Framework for Adapting Security Policies in Dynamic IT Environments

Conference: the 18th International Conference on Network and Service Management (CNSM). Proceedings., Preprint.

Bibtex:

@INPROCEEDINGS{hammar_stadler_cnsm_22,
  author={Hammar, Kim and Stadler, Rolf},
  booktitle={2022 18th International Conference on Network and Service Management (CNSM)},
  title={An Online Framework for Adapting Security Policies in Dynamic IT Environments},
  year={2022},
  volume={},
  number={},
  pages={359-363},
  doi={10.23919/CNSM55787.2022.9964838}}

Learning Security Strategies through Game Play and Optimal Stopping

Workshop: International Conference on Machine Learning (ICML) Ml4Cyber Workshop 2022. PDF.

Bibtex:

@inproceedings{hammar_stadler_game_22_preprint,
  author = {Hammar, Kim and Stadler, Rolf},
  title = {Learning Security Strategies through Game Play and Optimal Stopping},
  booktitle = {Proceedings of the ML4Cyber workshop at the
               39th International Conference on Machine Learning,
               {ICML} 2022, Baltimore, USA, July
               17-23, 2022},
  publisher = ,
  year      = {2022}
}

A System for Interactive Examination of Learned Security Policies (Best Demo paper award).

Conference: IEEE/IFIP Network Operations and Management Symposium (NOMS) 2022. Proceedings

Bibtex:

@INPROCEEDINGS{hammar_stadler_noms_22,
  author={Hammar, Kim and Stadler, Rolf},
  booktitle={NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium},
  title={A System for Interactive Examination of Learned Security Policies},
  year={2022},
  volume={},
  number={},
  pages={1-3},
  doi={10.1109/NOMS54207.2022.9789707}}

Learning Intrusion Prevention Policies through Optimal Stopping

Conference: the 17th International Conference on Network and Service Management (CNSM). Proceedings.

Bibtex:

@INPROCEEDINGS{hammar_stadler_cnsm_21,
AUTHOR="Kim Hammar and Rolf Stadler",
TITLE="Learning Intrusion Prevention Policies through Optimal Stopping",
BOOKTITLE="International Conference on Network and Service Management (CNSM 2021)",
ADDRESS="Izmir, Turkey",
DAYS=1,
YEAR=2021,
note={\url{http://dl.ifip.org/db/conf/cnsm/cnsm2021/1570732932.pdf}},
KEYWORDS="Network Security, automation, optimal stopping, reinforcement learning, Markov Decision Processes",
ABSTRACT="We study automated intrusion prevention using reinforcement learning. In a novel approach, we formulate the problem of intrusion prevention as an optimal stopping problem. This formulation allows us insight into the structure of the optimal policies, which turn out to be threshold based. Since the computation of the optimal defender policy using dynamic programming is not feasible for practical cases, we approximate the optimal policy through reinforcement learning in a simulation environment. To define the dynamics of the simulation, we emulate the target infrastructure and collect measurements. Our evaluations show that the learned policies are close to optimal and that they indeed can be expressed using thresholds."
}

Finding Effective Security Strategies through Reinforcement Learning and Self-Play

Conference: the 16th International Conference on Network and Service Management (CNSM). Proceedings.

Bibtex:

@INPROCEEDINGS{Hamm2011:Finding,
AUTHOR="Kim Hammar and Rolf Stadler",
TITLE="Finding Effective Security Strategies through Reinforcement Learning and
{Self-Play}",
BOOKTITLE="International Conference on Network and Service Management (CNSM 2020)
(CNSM 2020)",
ADDRESS="Izmir, Turkey",
DAYS=1,
MONTH=nov,
YEAR=2020,
KEYWORDS="Network Security; Reinforcement Learning; Markov Security Games",
ABSTRACT="We present a method to automatically find security strategies for the use
case of intrusion prevention. Following this method, we model the
interaction between an attacker and a defender as a Markov game and let
attack and defense strategies evolve through reinforcement learning and
self-play without human intervention. Using a simple infrastructure
configuration, we demonstrate that effective security strategies can emerge
from self-play. This shows that self-play, which has been applied in other
domains with great success, can be effective in the context of network
security. Inspection of the converged policies show that the emerged
policies reflect common-sense knowledge and are similar to strategies of
humans. Moreover, we address known challenges of reinforcement learning in
this domain and present an approach that uses function approximation, an
opponent pool, and an autoregressive policy representation. Through
evaluations we show that our method is superior to two baseline methods but
that policy convergence in self-play remains a challenge."
}