TL;DR
This paper explores the use of reinforcement learning to develop autonomous agents capable of defending networks against persistent, sophisticated cyber attacks in a simulated environment, aiming to improve defensive effectiveness.
Contribution
It introduces a novel reinforcement learning agent design for network defense and demonstrates its effectiveness in a realistic simulation against advanced persistent threats.
Findings
The RL agent reliably defends against continual attacks.
The agent performs well against both known and exploratory attacker models.
Simulation results show improved defense capabilities over baseline methods.
Abstract
In the network security arms race, the defender is significantly disadvantaged as they need to successfully detect and counter every malicious attack. In contrast, the attacker needs to succeed only once. To level the playing field, we investigate the effectiveness of autonomous agents in a realistic network defence scenario. We first outline the problem, provide the background on reinforcement learning and detail our proposed agent design. Using a network environment simulation, with 13 hosts spanning 3 subnets, we train a novel reinforcement learning agent and show that it can reliably defend continual attacks by two advanced persistent threat (APT) red agents: one with complete knowledge of the network layout and another which must discover resources through exploration but is more general.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
