Training Automated Defense Strategies Using Graph-based Cyber Attack Simulations. (arXiv:2304.11084v1 [cs.CR])

We implemented and evaluated an automated cyber defense agent. The agent
takes security alerts as input and uses reinforcement learning to learn a
policy for executing predefined defensive measures. The defender policies were
trained in an environment intended to simulate a cyber attack. In the
simulation, an attacking agent attempts to capture targets in the environment,
while the defender attempts to protect them by enabling defenses. The
environment was modeled using attack graphs based on the Meta Attack Language
language. …

agent alerts attack automated automated defense capture cyber cyber defense defender defense defense strategies defensive downtime environment input language learn meta policies policy protect security security alerts simulation training