Optimal Defender Strategies for CAGE-2 using Causal Modeling and Tree Search

TL;DR

This paper introduces C-POMCP, a causal modeling and tree search method that computes provably optimal defender strategies for the CAGE-2 cyber defense benchmark, outperforming existing approaches in effectiveness and efficiency.

Contribution

It presents a formal causal model of CAGE-2 and a novel online planning algorithm that guarantees optimal defense strategies using causal structure and tree search.

Findings

C-POMCP achieves state-of-the-art effectiveness on CAGE-2.

It is two orders of magnitude faster than previous methods.

The causal model reduces the search space significantly.

Abstract

The CAGE-2 challenge is considered a standard benchmark to compare methods for autonomous cyber defense. Current state-of-the-art methods evaluated against this benchmark are based on model-free (offline) reinforcement learning, which does not provide provably optimal defender strategies. We address this limitation and present a formal (causal) model of CAGE-2 together with a method that produces a provably optimal defender strategy, which we call Causal Partially Observable Monte-Carlo Planning (C-POMCP). It has two key properties. First, it incorporates the causal structure of the target system, i.e., the causal relationships among the system variables. This structure allows for a significant reduction of the search space of defender strategies. Second, it is an online method that updates the defender strategy at each time step via tree search. Evaluations against the CAGE-2 benchmark show that C-POMCP achieves state-of-the-art performance with respect to effectiveness and is two orders of magnitude more efficient in computing time than the closest competitor method.