Autonomous Network Defence using Reinforcement Learning

Autonomous Network Defence using Reinforcement Learning

ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security In the network security arms race, the defender is significantly disadvantaged as they need to successfully detect and counter every malicious attack. In contrast, the attacker needs to succeed...

Full description

Saved in:
Bibliographic Details
Main Authors: Foley, Myles, Hicks, Chris, Highnam, Kate, Mavroudis, Vasilios
Format: Journal Article
Language:English
Published: 26-09-2024
Subjects:
Computer Science - Artificial Intelligence
Computer Science - Cryptography and Security
Computer Science - Learning
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security In the network security arms race, the defender is significantly disadvantaged as they need to successfully detect and counter every malicious attack. In contrast, the attacker needs to succeed only once. To level the playing field, we investigate the effectiveness of autonomous agents in a realistic network defence scenario. We first outline the problem, provide the background on reinforcement learning and detail our proposed agent design. Using a network environment simulation, with 13 hosts spanning 3 subnets, we train a novel reinforcement learning agent and show that it can reliably defend continual attacks by two advanced persistent threat (APT) red agents: one with complete knowledge of the network layout and another which must discover resources through exploration but is more general.
DOI:10.48550/arxiv.2409.18197