Exposing Surveillance Detection Routes via Reinforcement Learning, Attack Graphs, and Cyber Terrain

TL;DR

This paper presents a reinforcement learning approach to identify surveillance detection routes in enterprise networks by leveraging attack graphs and cyber terrain principles, focusing on safe exploration and evasion of risks.

Contribution

It introduces a novel RL method with a warm-up phase for safe initial exploration of network routes, extending previous attack graph analysis techniques.

Findings

RL effectively identifies surveillance detection routes in complex networks.

The warm-up phase improves initial exploration safety and efficiency.

Results demonstrate enhanced route discovery with risk-aware exploration.

Abstract

Reinforcement learning (RL) operating on attack graphs leveraging cyber terrain principles are used to develop reward and state associated with determination of surveillance detection routes (SDR). This work extends previous efforts on developing RL methods for path analysis within enterprise networks. This work focuses on building SDR where the routes focus on exploring the network services while trying to evade risk. RL is utilized to support the development of these routes by building a reward mechanism that would help in realization of these paths. The RL algorithm is modified to have a novel warm-up phase which decides in the initial exploration which areas of the network are safe to explore based on the rewards and penalty scale factor.