Reinforcement learning (RL) has shown significant potential in enhancing cyber security by enabling autonomous agents to mitigate network attacks. However, attackers exhibit varying behaviours and knowledge levels, leading to diverse types of attacks. This paper investigates the effectiveness of specific and generic RL policies in mitigating different attacks. Our results demonstrate that while specific RL policies outperform generic ones, their effectiveness depends on correctly identifying the attack type to deploy the appropriate policy. We propose an approach, named Attack Identification for Reinforcement Learning (RLAI) to identify attacks in a network consisting of multiple attacks and normal users, ensuring suitable policy deployment for attack mitigation. Our results demonstrate that the Long Short-Term Memory (LSTM) model effectively identifies attacks while minimally affecting the policy’s rewards. Overall, RLAI improves mean rewards by 20.13%, showing the effectiveness of deploying specific RL policies by identifying attacks using an LSTM model.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Automated Cyber Defence with Reinforcement Learning in Multi-attack Environments

  • Joshua Sylvester,
  • Rogério de Lemos

摘要

Reinforcement learning (RL) has shown significant potential in enhancing cyber security by enabling autonomous agents to mitigate network attacks. However, attackers exhibit varying behaviours and knowledge levels, leading to diverse types of attacks. This paper investigates the effectiveness of specific and generic RL policies in mitigating different attacks. Our results demonstrate that while specific RL policies outperform generic ones, their effectiveness depends on correctly identifying the attack type to deploy the appropriate policy. We propose an approach, named Attack Identification for Reinforcement Learning (RLAI) to identify attacks in a network consisting of multiple attacks and normal users, ensuring suitable policy deployment for attack mitigation. Our results demonstrate that the Long Short-Term Memory (LSTM) model effectively identifies attacks while minimally affecting the policy’s rewards. Overall, RLAI improves mean rewards by 20.13%, showing the effectiveness of deploying specific RL policies by identifying attacks using an LSTM model.