Towards the Deployment of Realistic Autonomous Cyber Network Defence: A Systematic Review

Abstract

In the ongoing network cybersecurity arms race, the defenders face a significant disadvantage as they must detect and counteract every attack. Conversely, the attacker only needs to succeed once to achieve their goal. To balance the odds, Autonomous Cyber Network Defence (ACND) employs autonomous agents for proactive and intelligent cyber-attack response. This article surveys the state of the art of Autonomous Blue and Red Teaming agents, as well as cyber operations environments. We begin by presenting a detailed set of criteria for ACND algorithms and systems that evaluate the preparedness of integrating autonomous agents into real-world networked environments. Our analysis identifies critical research gaps and challenges within the ACND landscape, including issues of autonomous agent explainability, continuous learning capability under evolving threats, and the development of realistic agent training environments. Based on these insights, we discuss promising research directions and open challenges that need to be addressed for the deployment of ACND agents in real-world networks.