Autonomous Audit Agents for PCI DSS 5.0: A Reinforcement Learning Approach
DOI:
https://doi.org/10.60087/jklst.v4.n1.014Abstract
Maintaining continuous compliance with the Payment Card Industry Data Security Standard (PCI DSS) 5.0 remains a critical challenge due to evolving threats and system changes that lead to compliance drift between annual audits. This paper introduces autonomous audit agents leveraging reinforcement learning (RL) to address this gap. The proposed agents perform real-time inspection of control telemetry, dynamically map collected evidence to PCI DSS requirements, and autonomously generate remediation pull-requests to rectify deviations. A simulated sandbox environment, replicating multi-stakeholder payment ecosystems (acquirer, processor, and merchant systems), validates the approach, demonstrating a 92% acceleration in detecting compliance deviations and 30% reduction in audit-related costs compared to traditional methods. The results highlight the potential of RL-driven automation to enhance compliance sustainability, reduce manual intervention, and improve operational efficiency in payment card security frameworks.
Downloads
References
. Qualys. (2023). PCI DSS Compliance Manager.
. Kumar, R., et al. (2022). ML-Driven PCI Audit-ing. IEEE Access.
. Nguyen, T., et al. (2021). RL for IoT Anomaly Detection. Computers & Security.
. Lee, J., et al. (2020). Adaptive Firewalls with RL. ACM CCS.
. DeepMind. (2022). AlphaCyber: Autonomous Threat Response. arXiv.
. AWS. (2023). Auto-Remediation Documenta-tion.
. Chen, Y., et al. (2023). Self-Healing Micro-services. IEEE Transactions on Services Computing.
. PCI Security Standards Council. PCI DSS v5.0: Requirements and Testing Procedures. 2023. [Online]. Available: https://www.pcisecuritystandards.org
. A. Paszke et al., “PyTorch: An Imperative Style, High-Performance Deep Learning Library,” Adv. Neural Inf. Process. Syst. (NeurIPS), vol. 32, pp. 8024–8035, 2019.
. G. Brockman et al., “OpenAI Gym,” arXiv:1606.01540, 2016.
. J. Devlin et al., “BERT: Pre-training of Deep Bidirectional Transformers for Language Under-standing,” Proc. NAACL, pp. 4171–4186, 2019.
. IBM Security. Cost of a Data Breach Report 2023. IBM, 2023. [Online]. Available: https://www.ibm.com/security/data-breach
. S. Lundberg and S. Lee, “A Unified Approach to Interpreting Model Predictions,” Proc. NeurIPS, pp. 4765–4774, 2017.
. PCI Security Standards Council. PCI DSS Compliance Penalty Guidelines. 2022. [Online]. Available: https://www.pcisecuritystandards.org/pdfs/pci_dss_compliance_penalties.pdf
. J. Schulman et al., “Proximal Policy Optimiza-tion Algorithms,” arXiv:1707.06347, 2017.
. Netflix Engineering Blog. “Chaos Engineering: Building Confidence in System Resilience.” 2022. [Online]. Available: https://netflixtechblog.com
. Y. Li et al., “Federated Learning: Challenges, Methods, and Future Directions,” IEEE Signal Pro-cess. Mag., vol. 37, no. 3, pp. 50–60, 2020.
. M. Abadi et al., “TensorFlow: Large-Scale Machine Learning on Heterogeneous Systems,” arXiv:1603.04467, 2016.
. R. S. Sutton and A. G. Barto, Reinforcement Learning: An Introduction, 2nd ed. MIT Press, 2018.
. L. Deng et al., “Automated Compliance Checking
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Journal of Knowledge Learning and Science Technology ISSN: 2959-6386 (online)
This work is licensed under a Creative Commons Attribution 4.0 International License.
©2024 All rights reserved by the respective authors and JKLST.
Copyright: © The Author(s), 2024. Published by 