CSLE: A Reinforcement Learning Platform for Autonomous Security Management

TL;DR

CSLE is a reinforcement learning platform that combines emulation and simulation to develop and evaluate autonomous security strategies in realistic networked system environments.

Contribution

It introduces a dual-system platform enabling experimentation and strategy refinement for security management in operational conditions.

Findings

CSLE achieves near-optimal security management in realistic environments.

The platform effectively bridges the gap between simulation and real-world deployment.

Four use cases demonstrate its versatility and effectiveness.

Abstract

Reinforcement learning is a promising approach to autonomous and adaptive security management in networked systems. However, current reinforcement learning solutions for security management are mostly limited to simulation environments and it is unclear how they generalize to operational systems. In this paper, we address this limitation by presenting CSLE: a reinforcement learning platform for autonomous security management that enables experimentation under realistic conditions. Conceptually, CSLE encompasses two systems. First, it includes an emulation system that replicates key components of the target system in a virtualized environment. We use this system to gather measurements and logs, based on which we identify a system model, such as a Markov decision process. Second, it includes a simulation system where security strategies are efficiently learned through simulations of the system model. The learned strategies are then evaluated and refined in the emulation system to close the gap between theoretical and operational performance. We demonstrate CSLE through four use cases: flow control, replication control, segmentation control, and recovery control. Through these use cases, we show that CSLE enables near-optimal security management in an environment that approximates an operational system.