Meta-ATMoS+: A Meta-Reinforcement Learning Framework for Threat Mitigation in Software-Defined Networks

—As cyber threats become increasingly common, automated threat mitigation solutions are more necessary than ever. Conventional threat mitigation frameworks are difficult to tune for different network environments, but frameworks utilizing deep reinforcement learning (RL) have been proven to be an effective approach that can adapt to different networks automatically. Existing RL-based frameworks have shown to be generalizable to different network sizes and threats, and robust to false positives. However, training RL agents for these frameworks can be challenging in a production environment as the training process is time-consuming and disruptive to the production network. Hence, a staging environment is required to effectively train them. In this paper, we propose Meta-ATMoS+, a meta-RL framework for threat mitigation in software-defined networks. We leverage Model-Agnostic Meta-Learning (MAML) to find an initialization for the RL agent that generalizes to a variety of different network configurations. We show that the RL agent with MAML-learned initialization can accomplish few-shot learning on a target network with comparable performance to training on a staging environment. Few-shot learning not only allows the model to be trainable directly in the production environment but also enables human-in-the-loop RL for the mitigation of threats that do not have an easily-definable reward function.