Intrusion Tolerant Systems (ITSs) are a necessary component for cyber-services/infrastructures. Additionally, as cyberattacks follow a multi-domain attack surface, a similar defensive approach should be applied, namely, the use of an evolving multi-disciplinary solution that combines ITS, cybersecurity and Artificial Intelligence (AI). With the increased popularity of AI solutions, due to Big Data use-case scenarios and decision support and automation scenarios, new opportunities to apply Machine Learning (ML) algorithms have emerged, namely ITS empowerment. Using ML algorithms, an ITS can augment its intrusion tolerance capability, by learning from previous attacks and from known vulnerabilities. As such, this work's contribution is twofold: (1) an ITS architecture (Skynet) based on the state-of-the-art and incorporates new components to increase its intrusion tolerance capability and its adaptability to new adversaries; (2) an improved Risk Manager design that leverages AI to improve ITSs by automatically assessing OS risks to intrusions, and advise with safer configurations. One of the reasons that intrusions are successful is due to bad configurations or slow adaptability to new threats. This can be caused by the dependency that systems have for human intervention. One of the characteristics in Skynet and HAL 9000 design is the removal of human intervention. Being fully automatized lowers the chance of successful intrusions caused by human error. Our experiments using Skynet, shows that HAL is able to choose 15% safer configurations than the state-of-the-art risk manager.

翻译：入侵容忍系统（ITS）是网络服务/基础设施的必要组成部分。此外，由于网络攻击遵循多域攻击面，应采取类似的防御方法，即结合入侵容忍系统、网络安全和人工智能（AI）的跨学科解决方案。随着大数据用例场景、决策支持与自动化场景推动AI解决方案日益普及，应用机器学习（ML）算法的新机遇已然涌现，特别是赋能入侵容忍系统方面。通过机器学习算法，入侵容忍系统能够从以往攻击和已知漏洞中学习，从而增强其入侵容忍能力。为此，本文贡献体现在两方面：(1) 提出一种基于最新技术的入侵容忍系统架构——天网（Skynet），该架构融合了新型组件以提升入侵容忍能力及对新对手的适应性；(2) 设计一种改进的风险管理器（HAL 9000），通过利用AI自动评估操作系统对入侵的风险并提供更安全的配置建议，从而增强入侵容忍系统性能。入侵成功的原因之一在于配置不当或对新型威胁的适应缓慢，而这可能源于系统对人类干预的依赖。天网与HAL 9000设计的特征之一便是消除人类干预。完全自动化能够降低因人为错误导致入侵成功的概率。基于天网的实验表明，HAL能够选择比现有最佳风险管理器安全15%的配置方案。