Algorithms (Apr 2022)

Research and Challenges of Reinforcement Learning in Cyber Defense Decision-Making for Intranet Security

  • Wenhao Wang,
  • Dingyuanhao Sun,
  • Feng Jiang,
  • Xingguo Chen,
  • Cheng Zhu

DOI
https://doi.org/10.3390/a15040134
Journal volume & issue
Vol. 15, no. 4
p. 134

Abstract

Read online

In recent years, cyber attacks have shown diversified, purposeful, and organized characteristics, which pose significant challenges to cyber defense decision-making on internal networks. Due to the continuous confrontation between attackers and defenders, only using data-based statistical or supervised learning methods cannot cope with increasingly severe security threats. It is urgent to rethink network defense from the perspective of decision-making, and prepare for every possible situation. Reinforcement learning has made great breakthroughs in addressing complicated decision-making problems. We propose a framework that defines four modules based on the life cycle of threats: pentest, design, response, recovery. Our aims are to clarify the problem boundary of network defense decision-making problems, to study the problem characteristics in different contexts, to compare the strengths and weaknesses of existing research, and to identify promising challenges for future work. Our work provides a systematic view for understanding and solving decision-making problems in the application of reinforcement learning to cyber defense.

Keywords