{"title":"Multi-Agent Reinforcement Learning for Cybersecurity: Classification and survey","authors":"Salvo Finistrella, Stefano Mariani, Franco Zambonelli","doi":"10.1016/j.iswa.2025.200495","DOIUrl":null,"url":null,"abstract":"<div><div>In the face of a rapidly evolving threat landscape, traditional cybersecurity measures – such as signature-based detection and static rules on firewalls, intrusion detection systems (IDS) and antivirus software – often lag behind sophisticated cyber attacks. Through a review of existing literature, we examine the shortcomings of traditional cybersecurity methods and how these can be surpassed with the application of Reinforcement Learning (RL) based methods. This study classifies RL-based approaches to cybersecurity, aimed at enhancing detection, mitigation and response to cyber attacks, along two orthogonal dimensions: the RL Frameworks used (e.g. single-agent vs. multi-agent) and the network configuration where they are deployed (e.g. host-based, or network-based cybersecurity). The goal is that of aiding researchers and practitioners interested in the field to quickly understand what are the opportunities for RL-based cybersecurity depending on the network environment to be protected and point them to the representative articles in the field. Finally, we emphasize the importance of further research and development to address challenges such as computational complexity, generalization and data quality.</div></div>","PeriodicalId":100684,"journal":{"name":"Intelligent Systems with Applications","volume":"26 ","pages":"Article 200495"},"PeriodicalIF":0.0000,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Intelligent Systems with Applications","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2667305325000213","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
In the face of a rapidly evolving threat landscape, traditional cybersecurity measures – such as signature-based detection and static rules on firewalls, intrusion detection systems (IDS) and antivirus software – often lag behind sophisticated cyber attacks. Through a review of existing literature, we examine the shortcomings of traditional cybersecurity methods and how these can be surpassed with the application of Reinforcement Learning (RL) based methods. This study classifies RL-based approaches to cybersecurity, aimed at enhancing detection, mitigation and response to cyber attacks, along two orthogonal dimensions: the RL Frameworks used (e.g. single-agent vs. multi-agent) and the network configuration where they are deployed (e.g. host-based, or network-based cybersecurity). The goal is that of aiding researchers and practitioners interested in the field to quickly understand what are the opportunities for RL-based cybersecurity depending on the network environment to be protected and point them to the representative articles in the field. Finally, we emphasize the importance of further research and development to address challenges such as computational complexity, generalization and data quality.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
