General Autonomous Cybersecurity Defense: Learning Robust Policies for Dynamic Topologies and Diverse Attackers

TL;DR

This paper proposes methods for autonomous cybersecurity defense systems to learn robust, generalizable policies capable of adapting to dynamic network topologies and diverse attack strategies, addressing limitations of existing static models.

Contribution

It introduces a novel approach for training ACD agents that can adapt to changing network environments and attack types, improving real-world robustness.

Findings

Enhanced policy generalization across network topologies

Improved detection and response to diverse cyber threats

Demonstrated robustness in dynamic simulation environments

Abstract

In the face of evolving cyber threats such as malware, ransomware and phishing, autonomous cybersecurity defense (ACD) systems have become essential for real-time threat detection and response with optional human intervention. However, existing ACD systems rely on limiting assumptions, particularly the stationarity of the underlying network dynamics. In real-world scenarios, network topologies can change due to actions taken by attackers or defenders, system failures, or time evolution of networks, leading to failures in the adaptive capabilities of current defense agents. Moreover, many agents are trained on static environments, resulting in overfitting to specific topologies, which hampers their ability to generalize to out-of-distribution network topologies. This work addresses these challenges by exploring methods for developing agents to learn generalizable policies across dynamic network environments -- general ACD (GACD).