Adversarial Reinforcement Learning for Cyber-Attack Prevention, Detection, and Mitigation



This doctoral dissertation proposal addresses the evolving challenges in computer and network security, emphasizing a need for a comprehensive framework that integrates proactive prevention, effective detection, and adaptive mitigation strategies. The landscape of cybersecurity faces persistent threats from Advanced Persistent Threats (APTs), ever-changing attack vectors, and the inevitability of human errors. Current security measures, including user management, firewalls, and Secure Software Development Life Cycle (SSDLC) practices, provide a foundational defense but fall short against sophisticated adversaries.

To bolster cybersecurity defenses, a multi-faceted approach is proposed, focusing on domain-specific prevention, detection, and mitigation of cyber threats.

Prevention of Threats using Moving Target Defense:
Traditional security measures are augmented by a proactive strategy known as Moving Target Defense (MTD). MTD introduces continuous and random alterations to system configurations, making reconnaissance computationally expensive for adversaries or trapping them in exploration loops. Manual deployment of MTD configurations poses challenges, necessitating automated approaches that balance security benefits and system efficiency. The goal is to render cyber-attacks economically and logistically infeasible for adversaries.

Detection of False Data Injection in Transportation Networks:
Strategic False Data Injection (FDI) attacks on navigation applications and transportation networks can lead to severe consequences, such as traffic congestion and disruption of essential services. Detecting such attacks requires automated mechanisms capable of identifying changes in traffic patterns. In the absence of public data, strategic decision-making algorithms are crucial to generating worst-case attack scenarios, informing the development of countermeasures, and enhancing detection mechanisms. The focus is on developing automated systems that can detect deviations in traffic patterns and alert authorities to disarm ongoing threats.

ICS Attack Mitigation Through Resilient Control:
The remote control of Industrial Control Systems (ICS) provides efficiency but also widens the attack surface. Traditional responses involve resetting compromised software components, but this is not always feasible in case of critical infrastructure that needs to be highly available. Time gaps between detection and patching allow adversaries to exploit vulnerabilities, demanding automated mitigation strategies. The research concentrates on FDI attacks, particularly 0-stealthy attacks, where adversaries change sensor and actuator values to destabilize physical processes. The objective is to develop automated attack-resilient control policies that minimize the worst-case impact of such attacks.

Addressing these challenges involves leveraging decision-making and especially Reinforcement Learning (RL) algorithms, specifically tailored to the unique dynamics of each scenario. The adaptability of attackers necessitates defender strategies that can adapt and respond to changing attack tactics. Additionally, information asymmetry calls for diverse RL models to capture both attacker and defender perspectives. The scalability of decision-making problems in large-scale scenarios, such as transportation networks, demands state-of-the-art RL algorithms for efficient solutions.

The finalized doctoral dissertation aims to contribute to the enhancement of cybersecurity by developing a comprehensive framework that addresses the dynamic challenges posed by evolving cyber threats. The proposed strategies encompass prevention, detection, and mitigation, leveraging state-of-the-art RL algorithms to adapt to the complex and ever-changing cybersecurity landscape.