A Model-Based, Decision-Theoretic Perspective on Automated Cyber Response

TL;DR

This paper presents a model-based, decision-theoretic approach for autonomous cyber defense using POMDPs, enabling rapid, risk-aware responses to cyber-attacks without human intervention.

Contribution

It introduces a simulation-based framework combined with an online planner to solve cyber defense problems modeled as POMDPs, emphasizing risk-aware decision making.

Findings

Effective in simulated cyber attack scenarios

Enables rapid, autonomous response decisions

Aligns responses with user-defined risk preferences

Abstract

Cyber-attacks can occur at machine speeds that are far too fast for human-in-the-loop (or sometimes on-the-loop) decision making to be a viable option. Although human inputs are still important, a defensive Artificial Intelligence (AI) system must have considerable autonomy in these circumstances. When the AI system is model-based, its behavior responses can be aligned with risk-aware cost/benefit tradeoffs that are defined by user-supplied preferences that capture the key aspects of how human operators understand the system, the adversary and the mission. This paper describes an approach to automated cyber response that is designed along these lines. We combine a simulation of the system to be defended with an anytime online planner to solve cyber defense problems characterized as partially observable Markov decision problems (POMDPs).