official Journal of AlNoor University

Evaluating an Availability-Aware Reinforcement Learning–Based Defensive Policy Against Cyber Attacks

Document Type : Original Article

Author

Northern Technical University

10.69513/jncs.v3.i1.a6
Abstract
State-sponsored cyberattacks are carried out to achieve pre-planned objectives, so their impact is significant. Defenders must respond, but the scale of the attack is large and there is a possibility that unknown vulnerabilities may be exploited, making response difficult. Furthermore, excessive response can reduce user availability and disrupt work. Therefore, a response policy that can effectively defend against attacks while ensuring user availability is necessary. This paper proposes a method to address this issue by collecting the number of process hydration sessions of Bob's assets in real time and utilizing this for learning. Using this method, we trained a reinforcement learning-based policy on a cyberattack simulator. As a result, the attack duration for two attacker models was reduced by 279 and 31 time-steps, respectively, based on 100 time-steps. Furthermore, the number of "resource actions" that impede user availability during the defense process was also reduced, resulting in a policy with better overall performance.

Keywords