IRSDA: An Agent-Orchestrated Framework for Enterprise Intrusion Response

TL;DR

IRSDA is an agent-based framework that autonomously detects and responds to cyber intrusions in enterprise systems by integrating AI reasoning, policy compliance, and real-time decision-making for improved security and traceability.

Contribution

The paper introduces IRSDA, a novel agent-oriented, knowledge-driven framework combining autonomic computing and AI reasoning for real-time, policy-compliant intrusion response in enterprise environments.

Findings

Demonstrated effective automation of intrusion containment.

Ensured compliance with security policies during response.

Provided traceable outputs for security analysts.

Abstract

Modern enterprise systems face escalating cyber threats that are increasingly dynamic, distributed, and multi-stage in nature. Traditional intrusion detection and response systems often rely on static rules and manual workflows, which limit their ability to respond with the speed and precision required in high-stakes environments. To address these challenges, we present the Intrusion Response System Digital Assistant (IRSDA), an agent-based framework designed to deliver autonomous and policy-compliant cyber defense. IRSDA combines Self-Adaptive Autonomic Computing Systems (SA-ACS) with the Knowledge guided Monitor, Analyze, Plan, and Execute (MAPE-K) loop to support real-time, partition-aware decision-making across enterprise infrastructure. IRSDA incorporates a knowledge-driven architecture that integrates contextual information with AI-based reasoning to support system-guided intrusion response. The framework leverages retrieval mechanisms and structured representations to inform decision-making while maintaining alignment with operational policies. We assess the system using a representative real-world microservices application, demonstrating its ability to automate containment, enforce compliance, and provide traceable outputs for security analyst interpretation. This work outlines a modular and agent-driven approach to cyber defense that emphasizes explainability, system-state awareness, and operational control in intrusion response.