Speaker
Description
Port scanning remains a widely used reconnaissance method by attackers seeking to identify accessible network services and potential vulnerabilities. This study introduces a cybersecurity framework based on reinforcement learning for the dynamic mitigation of port scan activity using a tiered response strategy. Network behavior is interpreted through defined scanning states, allowing the system to apply Q-learning in selecting mitigation actions such as logging, rate-limiting, or temporary access blocks. Over time, the system adapts its responses according to observed traffic patterns, enabling it to distinguish between legitimate usage and malicious probing. The framework aims to minimize false positives while ensuring an appropriate level of defense against escalating threats. Experimental results indicate that the learning agent effectively escalates its response to aggressive scanning activity, while maintaining a low-impact posture toward normal traffic. These findings suggest that reinforcement learning offers a practical and adaptive approach to enhancing real-time network security.
