Theses and Dissertations

ORCID

https://orcid.org/0000-0002-1092-7710

Advisor

Mittal,Sudip

Committee Member

Rahimi, Shahram

Committee Member

Blakely, Benjamin

Committee Member

Trawick, George

Date of Degree

5-16-2025

Original embargo terms

Embargo 6 months

Document Type

Dissertation - Open Access

Major

Computer Science

Degree Name

Doctor of Philosophy (Ph.D.)

College

James Worth Bagley College of Engineering

Department

Department of Computer Science and Engineering

Abstract

The exponential rise in internet usage has precipitated a corresponding surge in cyber threats, underscoring the urgent need for advanced cybersecurity solutions. While traditional intrusion detection systems (IDS) can identify these threats, their inability to self-recover leaves systems vulnerable. Intrusion response systems (IRS) have been developed to address this, aiming to auto- matically restore systems to their desired state post-security breach. However, current IRSs often necessitate manual intervention and may not be su!ciently robust against sophisticated threats. To overcome these limitations, we propose an AI-powered Autonomic, Safe, and Interactive Intrusion Response System called ‘Intrusion Response System Digital Assistant (IRSDA)’. IRSDA is based on autonomous computing systems (ACS) and leverages Self-Adaptive ACS (SAACS) to adjust its behavior in response to the environment. The system extends an SAACS im- plementation called Autonomous Intelligent Cyber defense Agents (AICA). IRSDA incorporates machine learning techniques, such as Large Language Models (LLMs), Reinforcement Learn- ing (RL), and Graph Neural Networks (GNN), to enable automated decision-making and threat analysis. Additionally, the system employs transfer learning to bootstrap models in a production environment and accelerate response time. Finally, IRSDA to follows an n-tier architecture based on a client-server and multi-agent system model. To enhance the system’s robustness, we propose using enterprise system partitions, rules of engagement, and knowledge graphs. Enterprise systems consist of partitions, each of which is a discrete section that operates independently. IRSDA agents function in a partition-focus scope with a local optimization objective while collectively working towards the global optimization goal of securing enterprise systems. IRSDA agents can compute a wide range of potential responses to meet its security goals and objectives. To restrict its activities and minimize collateral damage, the system must have set Rules of Engagement (RoE). Finally, IRSDA leverages AI technologies and allows Enterprise Security personnel to interact with it using natural language queries.

Download

Available for download on Thursday, December 11, 2025

Share

COinS