Crown Jewels Analysis using Reinforcement Learning with Attack Graphs
This addresses cyber security for nations and enterprises by automating penetration testing, though it appears incremental as it builds on existing reinforcement learning approaches for network analysis.
The paper tackles the problem of cyber attacks by introducing CJA-RL, a novel method using reinforcement learning for crown jewel analysis, which identified ideal entry points, choke points, and pivots in a network with multiple crown jewels.
Cyber attacks pose existential threats to nations and enterprises. Current practice favors piece-wise analysis using threat-models in the stead of rigorous cyber terrain analysis and intelligence preparation of the battlefield. Automated penetration testing using reinforcement learning offers a new and promising approach for developing methodologies that are driven by network structure and cyber terrain, that can be later interpreted in terms of threat-models, but that are principally network-driven analyses. This paper presents a novel method for crown jewel analysis termed CJA-RL that uses reinforcement learning to identify key terrain and avenues of approach for exploiting crown jewels. In our experiment, CJA-RL identified ideal entry points, choke points, and pivots for exploiting a network with multiple crown jewels, exemplifying how CJA-RL and reinforcement learning for penetration testing generally can benefit computer network operations workflows.