Deep Reinforcement Learning for Cybersecurity Threat Detection and Protection: A Review

TL;DR

This paper reviews the emerging use of deep reinforcement learning in cybersecurity, highlighting its potential to enhance threat detection and protection with innovative AI-driven solutions.

Contribution

It provides the first comprehensive review of deep reinforcement learning applications specifically in cybersecurity threat detection and defense.

Findings

Deep reinforcement learning shows state-of-the-art results in threat detection.

It enables innovative, AI-based cybersecurity solutions.

Applications span from endpoint protection to network defense.

Abstract

The cybersecurity threat landscape has lately become overly complex. Threat actors leverage weaknesses in the network and endpoint security in a very coordinated manner to perpetuate sophisticated attacks that could bring down the entire network and many critical hosts in the network. Increasingly advanced deep and machine learning-based solutions have been used in threat detection and protection. The application of these techniques has been reviewed well in the scientific literature. Deep Reinforcement Learning has shown great promise in developing AI-based solutions for areas that had earlier required advanced human cognizance. Different techniques and algorithms under deep reinforcement learning have shown great promise in applications ranging from games to industrial processes, where it is claimed to augment systems with general AI capabilities. These algorithms have recently also been used in cybersecurity, especially in threat detection and endpoint protection, where these are showing state-of-the-art results. Unlike supervised machines and deep learning, deep reinforcement learning is used in more diverse ways and is empowering many innovative applications in the threat defense landscape. However, there does not exist any comprehensive review of these unique applications and accomplishments. Therefore, in this paper, we intend to fill this gap and provide a comprehensive review of the different applications of deep reinforcement learning in cybersecurity threat detection and protection.