Autonomous Attack Mitigation for Industrial Control Systems

11/03/2021
by   John Mern, et al.
0

Defending computer networks from cyber attack requires timely responses to alerts and threat intelligence. Decisions about how to respond involve coordinating actions across multiple nodes based on imperfect indicators of compromise while minimizing disruptions to network operations. Currently, playbooks are used to automate portions of a response process, but often leave complex decision-making to a human analyst. In this work, we present a deep reinforcement learning approach to autonomous response and recovery in large industrial control networks. We propose an attention-based neural architecture that is flexible to the size of the network under protection. To train and evaluate the autonomous defender agent, we present an industrial control network simulation environment suitable for reinforcement learning. Experiments show that the learned agent can effectively mitigate advanced attacks that progress with few observable signals over several months before execution. The proposed deep reinforcement learning approach outperforms a fully automated playbook method in simulation, taking less disruptive actions while also defending more nodes on the network. The learned policy is also more robust to changes in attacker behavior than playbook approaches.

READ FULL TEXT
research
06/09/2021

Reinforcement Learning for Industrial Control Network Cyber Security Orchestration

Defending computer networks from cyber attack requires coordinating acti...
research
09/15/2018

Adversarial Reinforcement Learning for Observer Design in Autonomous Systems under Cyber Attacks

Complex autonomous control systems are subjected to sensor failures, cyb...
research
03/18/2020

Generating Socially Acceptable Perturbations for Efficient Evaluation of Autonomous Vehicles

Deep reinforcement learning methods have been widely used in recent year...
research
10/04/2021

Automating Privilege Escalation with Deep Reinforcement Learning

AI-based defensive solutions are necessary to defend networks and inform...
research
09/14/2021

Deep hierarchical reinforcement agents for automated penetration testing

Penetration testing the organised attack of a computer system in order t...
research
07/02/2020

Human-centered collaborative robots with deep reinforcement learning

We present a reinforcement learning based framework for human-centered c...
research
06/12/2020

Deep Reinforcement Learning for Neural Control

We present a novel methodology for control of neural circuits based on d...

Please sign up or login with your details

Forgot password? Click here to reset