A Model-Based, Decision-Theoretic Perspective on Automated Cyber Response
This addresses the need for autonomous AI in cybersecurity to handle fast-paced attacks, though it appears incremental as it builds on existing POMDP methods.
The paper tackles the problem of responding to cyber-attacks at machine speeds by proposing an automated cyber response system that aligns AI behavior with user-defined risk-aware tradeoffs, using a simulation combined with an anytime online planner to solve cyber defense as a POMDP.
Cyber-attacks can occur at machine speeds that are far too fast for human-in-the-loop (or sometimes on-the-loop) decision making to be a viable option. Although human inputs are still important, a defensive Artificial Intelligence (AI) system must have considerable autonomy in these circumstances. When the AI system is model-based, its behavior responses can be aligned with risk-aware cost/benefit tradeoffs that are defined by user-supplied preferences that capture the key aspects of how human operators understand the system, the adversary and the mission. This paper describes an approach to automated cyber response that is designed along these lines. We combine a simulation of the system to be defended with an anytime online planner to solve cyber defense problems characterized as partially observable Markov decision problems (POMDPs).