Informing Autonomous Deception Systems with Cyber Expert Performance   Data

Maxine Major; Brian Souza; Joseph DiVita; Kimberly Ferguson-Walter

arXiv:2109.00066·cs.CR·September 2, 2021·1 cites

Informing Autonomous Deception Systems with Cyber Expert Performance Data

Maxine Major, Brian Souza, Joseph DiVita, Kimberly Ferguson-Walter

PDF

Open Access

TL;DR

This paper explores using Inverse Reinforcement Learning to enhance autonomous cyber defense systems by leveraging real attacker data, aiming to improve realism and decision-making accuracy.

Contribution

It introduces a novel approach to incorporate attacker behavior data into AI models for cyber defense using IRL techniques.

Findings

01

Experimental data from real-world attacker techniques

02

Core data vectors for cyber deception

03

Potential for more realistic autonomous defense

Abstract

The performance of artificial intelligence (AI) algorithms in practice depends on the realism and correctness of the data, models, and feedback (labels or rewards) provided to the algorithm. This paper discusses methods for improving the realism and ecological validity of AI used for autonomous cyber defense by exploring the potential to use Inverse Reinforcement Learning (IRL) to gain insight into attacker actions, utilities of those actions, and ultimately decision points which cyber deception could thwart. The Tularosa study, as one example, provides experimental data of real-world techniques and tools commonly used by attackers, from which core data vectors can be leveraged to inform an autonomous cyber defense system.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsSmart Grid Security and Resilience · Network Security and Intrusion Detection · Information and Cyber Security