Towards Type Agnostic Cyber Defense Agents
This work addresses the automation of cybersecurity defense for organizations facing labor shortages, but it is incremental as it builds on existing reinforcement learning methods.
The paper tackles the problem of training cyber defense agents against multiple attacker types using reinforcement learning, and finds that certain training strategies yield better empirical performance against diverse attackers.
With computing now ubiquitous across government, industry, and education, cybersecurity has become a critical component for every organization on the planet. Due to this ubiquity of computing, cyber threats have continued to grow year over year, leading to labor shortages and a skills gap in cybersecurity. As a result, many cybersecurity product vendors and security organizations have looked to artificial intelligence to shore up their defenses. This work considers how to characterize attackers and defenders in one approach to the automation of cyber defense -- the application of reinforcement learning. Specifically, we characterize the types of attackers and defenders in the sense of Bayesian games and, using reinforcement learning, derive empirical findings about how to best train agents that defend against multiple types of attackers.