Adversarial Deep Reinforcement Learning based Adaptive Moving Target Defense

Abstract: Moving target defense (MTD) is a proactive defense approach that aims to thwart attacks by continuously changing the attack surface of a system (e.g., changing host or network configurations), thereby increasing the adversary's uncertainty and attack cost. To maximize the impact of MTD, a defender must strategically choose when and what changes to make, taking into account both the characteristics of its system as well as the adversary's observed activities. Finding an optimal strategy for MTD presents a signi… Show more

“…While game-theoretic formalism has been used to model various cyber-security scenarios [30,31,6], it is impractical to expect security experts to provide the parameters of the game upfront [13,15,16]. In the context of Moving Target Defense (MTD) in particular, determining the impact of various attacks, the asymmetric impacts of a particular defense on performance, and the switching cost of a system are better obtained via interaction with an environment.…”

“…It should be no surprise that defense strategies learned via single-agent RL methods (eg. [13,15,16]) are prone to be exploitable against strategic opponents in cyber-security scenarios. The existence of such a cycle makes the learned policy exploitable, resulting in low rewards consistently.…”

“…Reinforcement Learning in MTDs Works that are precursors to our BSS-Q learning approach are the min-max Q-learning [21] in the context of complete information MGs and the Bayesian Nash Q-learning [14] for dynamic placement of sensors. Recent works that model the multi-agent cyber-scenarios as an MDPs (RL in Flip-it games [15]) or POMDPs (RL for MTDs [16]), as shown above, can generate policies that can be exploited by a strategic adversary.…”

“…While multi-stage game models are ubiquitous in security settings, expecting experts to provide detailed models about rewards and system transitions is considered unrealistic. Thus, researchers have considered techniques in reinforcement learning to learn optimal movement policies over time [13,14,15,16]. Unfortunately, these works ignore (1) the strategic nature and the rational behavior of an adversary and (2) the incomplete knowledge a defender may possess about their opponent.…”

Multi-agent Reinforcement Learning in Bayesian Stackelberg Markov Games for Adaptive Moving Target Defense

“…While game-theoretic formalism has been used to model various cyber-security scenarios [30,31,6], it is impractical to expect security experts to provide the parameters of the game upfront [13,15,16]. In the context of Moving Target Defense (MTD) in particular, determining the impact of various attacks, the asymmetric impacts of a particular defense on performance, and the switching cost of a system are better obtained via interaction with an environment.…”

“…It should be no surprise that defense strategies learned via single-agent RL methods (eg. [13,15,16]) are prone to be exploitable against strategic opponents in cyber-security scenarios. The existence of such a cycle makes the learned policy exploitable, resulting in low rewards consistently.…”

“…Reinforcement Learning in MTDs Works that are precursors to our BSS-Q learning approach are the min-max Q-learning [21] in the context of complete information MGs and the Bayesian Nash Q-learning [14] for dynamic placement of sensors. Recent works that model the multi-agent cyber-scenarios as an MDPs (RL in Flip-it games [15]) or POMDPs (RL for MTDs [16]), as shown above, can generate policies that can be exploited by a strategic adversary.…”

“…While multi-stage game models are ubiquitous in security settings, expecting experts to provide detailed models about rewards and system transitions is considered unrealistic. Thus, researchers have considered techniques in reinforcement learning to learn optimal movement policies over time [13,14,15,16]. Unfortunately, these works ignore (1) the strategic nature and the rational behavior of an adversary and (2) the incomplete knowledge a defender may possess about their opponent.…”

Multi-agent Reinforcement Learning in Bayesian Stackelberg Markov Games for Adaptive Moving Target Defense