Cybersecurity advocates must dynamically adapt their techniques and tactics as technology develops and the level of complexity of a system increases. As research on machine learning (ML) and artificial intelligence (AI) has advanced in the last ten years, so have the use cases of these technologies in various domains related to cybersecurity. Some functionality in most existing security applications is supported by strong machine learning algorithms trained on substantial data sets. One such case is the early 2010s integration of ML algorithms into email security gateways.
When it comes to the real world scenario, creating autonomous cyber system defense strategies and recommendations for action is quite a difficult task. This is because providing decision support for such cyber system defense mechanisms requires both the incorporation of dynamics between attackers and defenders and the dynamic characterization of uncertainty in the state of the system. In addition, cyber defenders often face a variety of resource constraints, including those related to cost, manpower, and time. Even with AI, developing a system capable of proactive defense remains an ideological goal.
In an effort to offer a solution to this problem statement, researchers at the Department of Energy’s Pacific Northwest National Laboratory (PNNL) have created a novel deep reinforcement learning (DRL)-based AI system that is capable of to respond to attackers in a simulated environment. and can stop 95% of cyber attacks before they escalate. The researchers created a custom simulation environment that demonstrated a multi-stage digital conflict between attackers and defenders on a network. They then trained four DRL neural networks using reinforcement learning principles, such as maximizing rewards based on avoiding compromises and reducing network disruption. The team’s work was also presented at the Association for the Advancement of Artificial Intelligence in Washington, DC, where it received much praise.
The team’s philosophy in developing such a system was first to show that it is possible to successfully train such a DRL architecture. Before diving into fancy structures, they wanted to demonstrate useful evaluation metrics. The first thing the researchers did was create an abstract simulation environment using the Open AI Gym toolkit. The next stage was to use this framework to develop attacking entities that displayed levels of skill and persistence based on a subset of 15 approaches and seven tactics from the MITER ATT&CK framework. The goal of the attackers is to go through the seven steps of the attack chain, from the initial access and reconnaissance phase through other attack phases until reaching their final objective, which is the impact and exfiltration phase.
It’s vital to remember that the team had no intention of developing a model to lock down an enemy before they could launch an attack within the environment. Rather, they assume that the system has already been compromised. The researchers then used reinforcement learning to train four neural networks. The researchers stated that it is conceivable to train such a model without using reinforcement learning, but it would take a long time to develop a good mechanism. On the other hand, deep reinforcement learning makes very efficient use of this huge search space by mimicking some aspects of human behavior.
Efforts by researchers to demonstrate that AI systems can be successfully trained in a simulated attack environment have shown that an AI model is capable of defensive reactions to attacks in real time. To rigorously evaluate the performance of four modelless DRL algorithms against real multistage holdup sequences, the researchers conducted several experiments. Their research showed that DRL algorithms can be trained under multi-stage assault profiles with different levels of skill and persistence, producing effective defense results in simulated environments.
review the Paper and Reference article. All credit for this research goes to the researchers of this project. Also, don’t forget to join our 14k+ ML SubReddit, discord channel, and electronic newsletterwhere we share the latest AI research news, exciting AI projects, and more.
Khushboo Gupta is a consulting intern at MarktechPost. He is currently pursuing his B.Tech at the Indian Institute of Technology (IIT), Goa. She is passionate about the fields of machine learning, natural language processing, and web development. She likes to learn more about the technical field by participating in various challenges.
