The exponential rise in internet usage has precipitated a corresponding surge in cyber threats, underscoring the urgent need for advanced cybersecurity solutions. While traditional intrusion detection systems (IDS) can identify these threats, their inability to self-recover leaves systems vulnerable. Intrusion response systems (IRS) have been developed to address this, aiming to automatically restore systems to their desired state post-security breach. However, current IRSs often necessitate manual intervention and may not be su!ciently robust against sophisticated threats. To overcome these limitations, we propose an AI-powered Autonomic, Safe, and Interactive Intrusion Response System called ‘Intrusion Response System Digital Assistant (IRSDA)’.

IRSDA is based on autonomous computing systems (ACS) and leverages Self-Adaptive ACS (SAACS) to adjust its behavior in response to the environment. The system extends an SAACS implementation called Autonomous Intelligent Cyber defense Agents (AICA). IRSDA incorporates machine learning techniques, such as Large Language Models (LLMs), Reinforcement Learning (RL), and Graph Neural Networks (GNN), to enable automated decision-making and threat analysis. Additionally, the system employs transfer learning to bootstrap models in a production environment and accelerate response time. Finally, IRSDA to follows an n-tier architecture based on a client-server and multi-agent system model.

To enhance the system’s robustness, we propose using enterprise system partitions, rules of engagement, and knowledge graphs. Enterprise systems consist of partitions, each of which is a discrete section that operates independently. IRSDA agents function in a partition-focus scope with a local optimization objective while collectively working towards the global optimization goal of securing enterprise systems. IRSDA agents can compute a wide range of potential responses to meet its security goals and objectives. To restrict its activities and minimize collateral damage, the system must have set Rules of Engagement (RoE). Finally, IRSDA leverages AI technologies and allows Enterprise Security personnel to interact with it using natural language queries.