Knowledge Guided Two-player Reinforcement Learning for Cyber Attacks and Defenses

Cyber defense exercises are an important avenue to understand the technical capacity of organizations when faced with cyber-threats. Information derived from these exercises often leads to finding unseen methods to exploit vulnerabilities in an organization. These often lead to better defense mechanisms that can counter previously unknown exploits. With recent developments in cyber battle simulation platforms, we can generate a defense exercise environment and train reinforcement learning (RL) based autonomous agents to attack the system described by the simulated environment. In this paper, we describe a two-player game-based RL environment that simultaneously improves the performance of both the attacker and defender agents. We further accelerate the convergence of the RL agents by guiding them with expert knowledge from Cybersecurity Knowledge Graphs on attack and mitigation steps. We have implemented and integrated our proposed approaches into the CyberBattleSim system.

Automated summary

Cyber defense exercises are crucial for understanding the technical capacity of organizations in facing cyber-threats and discovering unknown vulnerabilities for better defense mechanisms. This paper introduces a two-player game-based reinforcement learning environment that improves the performance of both attacker and defender agents. The convergence of the agents is accelerated through expert knowledge from Cybersecurity Knowledge Graphs.