Optimization of mitigation deployment using deep reinforcement learning over an enhanced ATT &CK

IF 3.3 3区 计算机科学 Q2 COMPUTER SCIENCE, THEORY & METHODS
Yingze Liu, Yuanbo Guo, Rajiv Ranjan, Dan Chen
{"title":"Optimization of mitigation deployment using deep reinforcement learning over an enhanced ATT &CK","authors":"Yingze Liu, Yuanbo Guo, Rajiv Ranjan, Dan Chen","doi":"10.1007/s00607-024-01344-4","DOIUrl":null,"url":null,"abstract":"<p>This study introduces a Deep Reinforcement Learning approach (DRL-MD) aimed at optimizing the deployment of mitigations to minimize redundancy while ensuring effective defense against cyberattacks. DRL-MD initially enhances ATT &amp;CK (Adversarial Tactics, Techniques, and Common Knowledge) to underscore the formal relationships between attacks and defenses. Over the enhanced ATT &amp;CK, DRL-MD then operates in two phases: (1) <i>Estimating Node Importance</i>: DRL-MD proposes a model to estimate the importance of deployed nodes in the network, prioritizing mitigation deployment locations for better evaluation of mitigation effectiveness; and (2) <i>Optimizing Mitigation Deployment</i>: A Soft Actor-Critic algorithm finds the optimal mitigation deployment policy through multi-objective optimization of the importance of deployed nodes, the effectiveness of mitigations in preventing cyberattacks, vulnerability repair, and deployment cost. A case study with DRL-MD against the state-of-the-art counterparts has been performed considering the <i>WannaCry</i> threat, and results indicate that: (1) DRL-MD performs the best with 6.4–11% decrease in deployment cost; and (2) DRL-MD can significantly reduce redundancy in mitigation deployments, which partially benefits from the enhanced ATT &amp;CK model. Overall, a comprehensive solution of mitigation deployment has been fostered to significantly lower the redundancy with more effective defenses against cyberattacks sustained.</p>","PeriodicalId":10718,"journal":{"name":"Computing","volume":"437 1","pages":""},"PeriodicalIF":3.3000,"publicationDate":"2024-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s00607-024-01344-4","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0

Abstract

This study introduces a Deep Reinforcement Learning approach (DRL-MD) aimed at optimizing the deployment of mitigations to minimize redundancy while ensuring effective defense against cyberattacks. DRL-MD initially enhances ATT &CK (Adversarial Tactics, Techniques, and Common Knowledge) to underscore the formal relationships between attacks and defenses. Over the enhanced ATT &CK, DRL-MD then operates in two phases: (1) Estimating Node Importance: DRL-MD proposes a model to estimate the importance of deployed nodes in the network, prioritizing mitigation deployment locations for better evaluation of mitigation effectiveness; and (2) Optimizing Mitigation Deployment: A Soft Actor-Critic algorithm finds the optimal mitigation deployment policy through multi-objective optimization of the importance of deployed nodes, the effectiveness of mitigations in preventing cyberattacks, vulnerability repair, and deployment cost. A case study with DRL-MD against the state-of-the-art counterparts has been performed considering the WannaCry threat, and results indicate that: (1) DRL-MD performs the best with 6.4–11% decrease in deployment cost; and (2) DRL-MD can significantly reduce redundancy in mitigation deployments, which partially benefits from the enhanced ATT &CK model. Overall, a comprehensive solution of mitigation deployment has been fostered to significantly lower the redundancy with more effective defenses against cyberattacks sustained.

Abstract Image

在增强型 ATT &CK 上使用深度强化学习优化缓解部署
本研究介绍了一种深度强化学习方法(DRL-MD),旨在优化缓解措施的部署,以尽量减少冗余,同时确保有效防御网络攻击。DRL-MD 最初增强了 ATT &CK (对抗战术、技术和常识),以强调攻击与防御之间的正式关系。在增强 ATT &CK 的基础上,DRL-MD 分两个阶段运行:(1)估计节点重要性:DRL-MD 提出了一个估算网络中部署节点重要性的模型,优先考虑缓解部署位置,以便更好地评估缓解效果;以及 (2) 优化缓解部署:软行为批判算法通过对部署节点的重要性、缓解措施在预防网络攻击方面的有效性、漏洞修复和部署成本进行多目标优化,找到最佳缓解部署策略。考虑到 WannaCry 威胁,利用 DRL-MD 与最先进的同行进行了案例研究,结果表明结果表明:(1) DRL-MD 性能最佳,部署成本降低了 6.4-11%;(2) DRL-MD 可显著减少缓解部署中的冗余,这部分得益于增强型 ATT &CK 模型。总之,一个全面的缓解部署解决方案已经形成,可显著降低冗余,更有效地防御网络攻击。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Computing
Computing 工程技术-计算机:理论方法
CiteScore
8.20
自引率
2.70%
发文量
107
审稿时长
3 months
期刊介绍: Computing publishes original papers, short communications and surveys on all fields of computing. The contributions should be written in English and may be of theoretical or applied nature, the essential criteria are computational relevance and systematic foundation of results.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信