萨拉·法默_用于自主弹性网络防御的强化学习_WP.pdf

1、 1 Abstract Future cyber threats will include high volumes of sophisticated machine speed cyber-attacks that are able to evade and overwhelm traditional cyber defenders.In support of social good and global security we take the exceptional approach of summarising a large body of Defence research appl

2、ying Reinforcement Learning(RL)to automated cyber defence decision making i.e.,what action(s)do we take when a cyber-attack is detected?Promising concepts include two contrasting Multi Agent RL(MARL)approaches,deep RL combined with heterogenous Graph Neural Networks(GNNs),and a Cyber First Aid demon

3、strator.To achieve this we have matured simulators and tools including development of advanced adversaries to improve defender robustness.We have demonstrated that autonomous cyber defence is feasible on real representative networks and plan to quadruple the number of high fidelity projects in the n

4、ext year.1.Introduction Cyber-attackers are increasingly using Machine Learning(ML)approaches to launch high volumes of sophisticated machine speed cyber-attacks that can evade and overwhelm traditional cyber defenders(Kaloudi et al.,2020),(Guembe,et al.,2022).Furthermore,human cyber defenders are i

5、n high demand and cannot be located with all cyber systems.ML is a mature technology for anomaly detection,and commercial Security Orchestration and Automated Response(SOAR)platforms have begun implementing ML driven cyber defence decision making capability(i.e.,what action do we take when an attack

6、 is detected).However,they are not mission or context aware,which is of particular concern in a Defence application,where it is often impractical to deploy large numbers of skilled cyber defenders to the front line.1 Presented at Black Hat USA,August 2024 2 Frazer-Nash Consultancy,Leatherhead,UK 3 D