CyGIL: A Cyber Gym for Training Autonomous Agents over Emulated Network Systems
This provides a domain-specific tool for researchers and practitioners in cybersecurity to train autonomous agents, but it is incremental as it adapts existing RL methods to a new application area.
The authors tackled the lack of a representative training environment for reinforcement learning (RL) in cyber operations by developing CyGIL, an emulated testbed that balances fidelity and simplicity, enabling RL agents to train on specific advanced persistent threat profiles.
Given the success of reinforcement learning (RL) in various domains, it is promising to explore the application of its methods to the development of intelligent and autonomous cyber agents. Enabling this development requires a representative RL training environment. To that end, this work presents CyGIL: an experimental testbed of an emulated RL training environment for network cyber operations. CyGIL uses a stateless environment architecture and incorporates the MITRE ATT&CK framework to establish a high fidelity training environment, while presenting a sufficiently abstracted interface to enable RL training. Its comprehensive action space and flexible game design allow the agent training to focus on particular advanced persistent threat (APT) profiles, and to incorporate a broad range of potential threats and vulnerabilities. By striking a balance between fidelity and simplicity, it aims to leverage state of the art RL algorithms for application to real-world cyber defence.