LLM-Powered Moving Target Defense for Real-Time Cyber Threat Response
A self-adaptive agentic architecture leveraging Large Language Models to orchestrate Moving Target Defense actions in real-time, achieving automated incident response from detection to mitigation in under 2 minutes.
Gallery
Analsyis of the novel system's effect on response time.
Problem & Solution
The Problem
Traditional intrusion prevention systems rely on static rulesets and manual response workflows, creating response delays of 1-24 hours. In 2024, 19% of data exfiltration attacks occurred within one hour of compromise. Static defenses are predictable—attackers can probe and map attack surfaces over time. Moving Target Defense (MTD) promises to shift attack surfaces dynamically, but conventional rule-based controllers lack the real-time adaptability and context-aware decision-making that MTD demands.
The Solution
This thesis presents the first LLM-powered MTD architecture using an agentic pipeline that orchestrates threat analysis, action planning, validation, and execution without any model training or fine-tuning. By leveraging Large Language Models' natural language reasoning and prompt engineering techniques (few-shot learning, Chain-of-Thought, schema-based outputs), the system ingests IDS alerts, enriches them with MITRE ATT&CK TTPs and CVE intelligence via RAG, and autonomously generates multi-layered defense plans. The modular agent design achieved 75-87.5% execution success across network shuffling techniques while reducing incident response time to under 2 minutes.