Ambrose Kam - Applying Deep Reinforcement Learning (DRL) in a Cyber Wargaming Engine
From Katie Gentilello
Cybersecurity is inherently complicated due to the dynamic nature of the threats and ever-expanding attack surfaces. Ironically, this challenge is exacerbated by the rapid advancement of many new technologies like Internet of Things (IoT) devices, 5G infrastructure, cloud-based computing, etc. This is where artificial intelligence (AI) and machine learning (ML) techniques can be called into service, and provide potential solutions in terms of threat detection and mitigation responses in a rapidly changing environment. Contrarily humans are often limited by their innate inability to process information and fail to recognize/respond to attack patterns in the multi-dimensional, multi-faceted world. The recent DARPA AlphaDogFight has proven machines can defeat even the best human pilot in air-to-air combat. This prompted our engineers to develop a minimum viable product (MVP) that demonstrates the value of a deep reinforcement learning (DRL) architecture in a simulated cyber wargaming environment. By using our simulation framework, we essentially “trained” the machine to produce the optimum combination/permutation of cyber attack vectors in a given scenario. This cyber wargaming engine allows our analysts to examine tactics, techniques, and procedures (TTPs) potentially employed by our adversaries.