Modern enterprise systems face dynamic, distributed, and multi-stage cyberattacks, rendering traditional intrusion response mechanisms—relying on static rules and manual procedures—inadequate for real-time operation and policy compliance. To address this, we propose an agent-driven autonomous intrusion response framework that innovatively integrates adaptive autonomic computing with a knowledge-guided MAPE-K (Monitor-Analyze-Plan-Execute-Knowledge) closed-loop control model, enabling context-aware, explainable, and partitioned decision-making. The framework adopts a knowledge-driven architecture, incorporating AI-based reasoning, semantic retrieval, and structured knowledge representation to automate the end-to-end response pipeline: monitoring, analysis, planning, and execution. Evaluated in a realistic microservices environment, the framework demonstrates effective automated threat containment, policy-compliant response actions, and fully traceable, auditable response workflows—significantly improving response timeliness and system controllability.

Modern enterprise systems face escalating cyber threats that are increasingly dynamic, distributed, and multi-stage in nature. Traditional intrusion detection and response systems often rely on static rules and manual workflows, which limit their ability to respond with the speed and precision required in high-stakes environments. To address these challenges, we present the Intrusion Response System Digital Assistant (IRSDA), an agent-based framework designed to deliver autonomous and policy-compliant cyber defense. IRSDA combines Self-Adaptive Autonomic Computing Systems (SA-ACS) with the Knowledge guided Monitor, Analyze, Plan, and Execute (MAPE-K) loop to support real-time, partition-aware decision-making across enterprise infrastructure. IRSDA incorporates a knowledge-driven architecture that integrates contextual information with AI-based reasoning to support system-guided intrusion response. The framework leverages retrieval mechanisms and structured representations to inform decision-making while maintaining alignment with operational policies. We assess the system using a representative real-world microservices application, demonstrating its ability to automate containment, enforce compliance, and provide traceable outputs for security analyst interpretation. This work outlines a modular and agent-driven approach to cyber defense that emphasizes explainability, system-state awareness, and operational control in intrusion response.