Towards Type Agnostic Cyber Defense Agents

TL;DR

This paper explores how reinforcement learning can be used to develop cyber defense agents capable of countering various attacker types, addressing the challenges of automation and adaptability in cybersecurity.

Contribution

It introduces a Bayesian game framework to characterize attacker and defender types and empirically investigates training strategies for multi-type attack defense agents using reinforcement learning.

Findings

Reinforcement learning can effectively train defense agents against multiple attacker types.

Bayesian game modeling helps in understanding attacker-defender interactions.

Empirical results suggest specific training approaches improve defense robustness.

Abstract

With computing now ubiquitous across government, industry, and education, cybersecurity has become a critical component for every organization on the planet. Due to this ubiquity of computing, cyber threats have continued to grow year over year, leading to labor shortages and a skills gap in cybersecurity. As a result, many cybersecurity product vendors and security organizations have looked to artificial intelligence to shore up their defenses. This work considers how to characterize attackers and defenders in one approach to the automation of cyber defense -- the application of reinforcement learning. Specifically, we characterize the types of attackers and defenders in the sense of Bayesian games and, using reinforcement learning, derive empirical findings about how to best train agents that defend against multiple types of attackers.