{"title":"A Curriculum Framework for Autonomous Network Defense using Multi-agent Reinforcement Learning","authors":"Roberto G. Campbell, M. Eirinaki, Younghee Park","doi":"10.1109/SVCC56964.2023.10165310","DOIUrl":null,"url":null,"abstract":"Early threat detection is an increasing part of the cybersecurity landscape given the growing scale and scope of cyberattacks in the recent years. Increasing exploitation of software vulnerabilities, especially in the manufacturing sector, demonstrates the ongoing need for autonomous network defense. In this work, we model the problem as a zero-sum Markov game between an attacker and defender reinforcement learning agents. Previous methods test their approach on a single topology or limit the agents to a subset of the network. However, real world networks are rarely fixed and often add or remove hosts based on demand, link failures, outages, or other factors. We consider two types of topologies: static topologies that remain fixed throughout training and a dynamic topology curriculum. The proposed robust training curriculum incorporates network topologies to build more general, capable agents. We also use Proximal Policy optimization (PPO) which offers a good balance of computational complexity and convergence speed. We evaluate various threat scenarios in terms of the exploitability and impact and conclude that the curriculum improves the defender’s win rate over training on a static topology by exposing the agent to more challenging environments over time.","PeriodicalId":243155,"journal":{"name":"2023 Silicon Valley Cybersecurity Conference (SVCC)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 Silicon Valley Cybersecurity Conference (SVCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SVCC56964.2023.10165310","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Early threat detection is an increasing part of the cybersecurity landscape given the growing scale and scope of cyberattacks in the recent years. Increasing exploitation of software vulnerabilities, especially in the manufacturing sector, demonstrates the ongoing need for autonomous network defense. In this work, we model the problem as a zero-sum Markov game between an attacker and defender reinforcement learning agents. Previous methods test their approach on a single topology or limit the agents to a subset of the network. However, real world networks are rarely fixed and often add or remove hosts based on demand, link failures, outages, or other factors. We consider two types of topologies: static topologies that remain fixed throughout training and a dynamic topology curriculum. The proposed robust training curriculum incorporates network topologies to build more general, capable agents. We also use Proximal Policy optimization (PPO) which offers a good balance of computational complexity and convergence speed. We evaluate various threat scenarios in terms of the exploitability and impact and conclude that the curriculum improves the defender’s win rate over training on a static topology by exposing the agent to more challenging environments over time.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
