Reinforcement learning for adaptive cyber defense against zero-day attacks

Zhisheng Hu, Ping Chen, Minghui Zhu, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

In this chapter, we leverage reinforcement learning as a unified framework to design effective adaptive cyber defenses against zero-day attacks. Reinforcement learning is an integration of control theory and machine learning. A salient feature of reinforcement learning is that it does not require the defender to know critical information of zero-day attacks (e.g., their attack targets, and the locations of the vulnerabilities). This information is difficult, if not impossible, for the defender to gather in advance. The reinforcement learning based schemes are applied to defeat three classes of attacks: strategic attacks where the interactions between an attacker and a defender are modeled as a non-cooperative game; non-strategic random attacks where the attacker chooses its actions by following a predetermined probability distribution; and attacks depicted by Bayesian attack graphs where the attacker exploits combinations of multiple known or zero-day vulnerabilities to compromise machines in a network.

Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Verlag
Pages54-93
Number of pages40
DOIs
StatePublished - Jan 1 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11830 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Fingerprint

Reinforcement learning
Reinforcement Learning
Attack
Zero
Control theory
Vulnerability
Probability distributions
Learning systems
Non-cooperative Game
Control Theory
Leverage
Machine Learning
Probability Distribution
Choose
Target
Graph in graph theory
Interaction

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Hu, Z., Chen, P., Zhu, M., & Liu, P. (2019). Reinforcement learning for adaptive cyber defense against zero-day attacks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 54-93). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11830 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-30719-6_4
Hu, Zhisheng ; Chen, Ping ; Zhu, Minghui ; Liu, Peng. / Reinforcement learning for adaptive cyber defense against zero-day attacks. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag, 2019. pp. 54-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inbook{57d765176a69448f8620061a08569e39,
title = "Reinforcement learning for adaptive cyber defense against zero-day attacks",
abstract = "In this chapter, we leverage reinforcement learning as a unified framework to design effective adaptive cyber defenses against zero-day attacks. Reinforcement learning is an integration of control theory and machine learning. A salient feature of reinforcement learning is that it does not require the defender to know critical information of zero-day attacks (e.g., their attack targets, and the locations of the vulnerabilities). This information is difficult, if not impossible, for the defender to gather in advance. The reinforcement learning based schemes are applied to defeat three classes of attacks: strategic attacks where the interactions between an attacker and a defender are modeled as a non-cooperative game; non-strategic random attacks where the attacker chooses its actions by following a predetermined probability distribution; and attacks depicted by Bayesian attack graphs where the attacker exploits combinations of multiple known or zero-day vulnerabilities to compromise machines in a network.",
author = "Zhisheng Hu and Ping Chen and Minghui Zhu and Peng Liu",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-030-30719-6_4",
language = "English (US)",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "54--93",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
address = "Germany",

}

Hu, Z, Chen, P, Zhu, M & Liu, P 2019, Reinforcement learning for adaptive cyber defense against zero-day attacks. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11830 LNCS, Springer Verlag, pp. 54-93. https://doi.org/10.1007/978-3-030-30719-6_4

Reinforcement learning for adaptive cyber defense against zero-day attacks. / Hu, Zhisheng; Chen, Ping; Zhu, Minghui; Liu, Peng.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag, 2019. p. 54-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11830 LNCS).

Research output: Chapter in Book/Report/Conference proceedingChapter

TY - CHAP

T1 - Reinforcement learning for adaptive cyber defense against zero-day attacks

AU - Hu, Zhisheng

AU - Chen, Ping

AU - Zhu, Minghui

AU - Liu, Peng

PY - 2019/1/1

Y1 - 2019/1/1

N2 - In this chapter, we leverage reinforcement learning as a unified framework to design effective adaptive cyber defenses against zero-day attacks. Reinforcement learning is an integration of control theory and machine learning. A salient feature of reinforcement learning is that it does not require the defender to know critical information of zero-day attacks (e.g., their attack targets, and the locations of the vulnerabilities). This information is difficult, if not impossible, for the defender to gather in advance. The reinforcement learning based schemes are applied to defeat three classes of attacks: strategic attacks where the interactions between an attacker and a defender are modeled as a non-cooperative game; non-strategic random attacks where the attacker chooses its actions by following a predetermined probability distribution; and attacks depicted by Bayesian attack graphs where the attacker exploits combinations of multiple known or zero-day vulnerabilities to compromise machines in a network.

AB - In this chapter, we leverage reinforcement learning as a unified framework to design effective adaptive cyber defenses against zero-day attacks. Reinforcement learning is an integration of control theory and machine learning. A salient feature of reinforcement learning is that it does not require the defender to know critical information of zero-day attacks (e.g., their attack targets, and the locations of the vulnerabilities). This information is difficult, if not impossible, for the defender to gather in advance. The reinforcement learning based schemes are applied to defeat three classes of attacks: strategic attacks where the interactions between an attacker and a defender are modeled as a non-cooperative game; non-strategic random attacks where the attacker chooses its actions by following a predetermined probability distribution; and attacks depicted by Bayesian attack graphs where the attacker exploits combinations of multiple known or zero-day vulnerabilities to compromise machines in a network.

UR - http://www.scopus.com/inward/record.url?scp=85072066554&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072066554&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-30719-6_4

DO - 10.1007/978-3-030-30719-6_4

M3 - Chapter

AN - SCOPUS:85072066554

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 54

EP - 93

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

PB - Springer Verlag

ER -

Hu Z, Chen P, Zhu M, Liu P. Reinforcement learning for adaptive cyber defense against zero-day attacks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag. 2019. p. 54-93. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-30719-6_4