Active cyber defense using intelligent agents in cloud-edge based applications
No Thumbnail Available
Authors
Meeting name
Sponsors
Date
Journal Title
Format
Thesis
Subject
Abstract
[EMBARGOED UNTIL 08/01/2026] The need for active cyber defense advances is becoming increasingly apparent, given the sophisticated nature of modern cyber threats. Especially, cloud-edge systems in critical infrastructure domains, such as e.g., healthcare, finance, and smart grids, need to be designed with an adversarial mindset as part of active cyber defense, where knowledge of potential attacks is applied to outsmart the adversaries. While passive cyber defense measures are important, new paradigms for active cyber defense are emerging. This dissertation investigates advanced active cyber defense strategies for cloud-edge infrastructures essential to these domains, addressing the complex and evolving nature of cyber threats targeting these critical domains. The thesis develops proactive and reactive defense methods, exploring three foundational thrusts: (1) game-theoretic deception techniques to mislead and delay adversaries, (2) blockchain-based security mechanisms augmented with formal methods for integrity and auditability, and (3) AI-driven knowledge systems that enable real-time threat detection and mitigation through structured reasoning. First, we develop multistage game-theoretic deception strategies that guide optimal placement of honeypots, honeyfiles, and honeytokens along stages of the ransomware kill chain. Using Subgame-Perfect Nash Equilibrium, the approach optimizes defender actions under adversarial uncertainty. Second, we introduce blockchain infrastructures that ensure tamper-resistance and transparency, incorporate formal verification techniques using Linear Temporal Logic and model checking to validate critical operations, and use ML models for proactive detection of infrastructure- and application-level anomalies. Third, we present knowledge-driven threat modeling, analysis, and mitigation using integrated knowledge graphs (KGs), large language models (LLMs,) and Software Defined Networking (SDN) to enable adaptive threat detection and response mechanisms. These core defense strategies are instantiated and validated in three application domain testbeds. In healthcare, our multistage ransomware defense framework demonstrates the effectiveness of deception-based defense across various attack stages. In the financial sector, we implement ClaimChain, a permissioned consortium blockchain platform that supports secure claims processing through formally verified smart contracts that integrate infrastructure-level attack modeling with applicationlevel fraud detection. In the smart grid domain, we develop (1) CIBR-Fort, a comprehensive cyber defense framework that integrates KG-LLM pipelines for link prediction and reasoning, enabling real-time threat mitigation in smart grid environments, and (2) SGChain, a permissioned blockchain to address availability attacks by securing metering data coupled with a distributed SDN control for network-level attack mitigation.
Table of Contents
PubMed ID
Degree
Ph. D