Automated Attack Response Through Reinforcement Learning
thesis
posted on 2024-05-01, 00:00authored byMarco Colombo
In the current digital landscape, the increasing sophistication and frequency of cyberattacks pose
significant challenges. Traditional manual responses, while somewhat effective, are labor-intensive
and prone to human error, leading to increased operational costs and potential vulnerabilities due
to alert fatigue. The global financial implications of these cyberattacks highlight the urgent need
for more efficient, automated solutions in responding to attacks. This work introduces a framework
designed to train and deploy Reinforcement Learning (RL) agents to automate attack response in
the context of a single host machine. We leverage real-world data from controlled cyberattacks to
simulate realistic attack scenarios and train a defender agent using a high-fidelity simulation. We then
deploy the defender agent in real-world settings, effectively countering cyber threats. This approach
offers a promising solution to the challenges of timely and efficient cyber defense, reducing human
intervention and ensuring rapid, accurate responses to emerging threats.