A neural network approach for cyber security course of action selection


  1. Dondo, M.
Corporate Authors
Defence Research and Development Canada, Ottawa Research Centre, Ottawa ON (CAN)
In this work, we present an approach to assist network security operators to consistently select and prioritise actionable courses of action (COAs) given COA type, criticality of affected mission components, and the availability of remedial measures (such as patches and enforcement tools) and resources. The objective of the work is to develop a COA selection approach that could assist operators while minimising the impact of COA implementation on ongoing missions, a capability that is not available in current network security tools. Our machine-learning-based approach adapts recent work on neural preference learning by making multiple comparisons instead of just a pair, to rank a set of COAs for recommendations to operators. We are able to demonstrate our approach by adaptively learning COAs produced by an in-house tool. We compare our ranking results against those produced by another approach, Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) and the results are in line with what we expected, prioritising selections based on the impacts of the actions on mission-critical components. Our results show that it is feasible to assist operators with COA selection in a way that minimises the impact on missions while improving the security of the defended network. A comparison of our approach’s selections and those of surveyed security experts shows that our approach is more consistent and reflective of the security and missions impacts of the defended net

Il y a un résumé en français ici.

course of action selection;decision making;neural networks;machine learning
Report Number
DRDC-RDDC-2016-R269 — Scientific Report
Date of publication
01 Dec 2016
Number of Pages
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: