Exposing Surveillance Detection Routes via Reinforcement Learning, Attack Graphs, and Cyber Terrain
This work addresses network security for enterprises by incrementally improving path analysis methods to enhance surveillance detection.
The paper tackles the problem of identifying surveillance detection routes in enterprise networks by using reinforcement learning on attack graphs with a novel warm-up phase, resulting in routes that explore network services while evading risk.
Reinforcement learning (RL) operating on attack graphs leveraging cyber terrain principles are used to develop reward and state associated with determination of surveillance detection routes (SDR). This work extends previous efforts on developing RL methods for path analysis within enterprise networks. This work focuses on building SDR where the routes focus on exploring the network services while trying to evade risk. RL is utilized to support the development of these routes by building a reward mechanism that would help in realization of these paths. The RL algorithm is modified to have a novel warm-up phase which decides in the initial exploration which areas of the network are safe to explore based on the rewards and penalty scale factor.