{"title":"Evaluating Reinforcement Learning Agents for Autonomous Cyber Defence","authors":"Abby Morris, Rachael Procter, Caroline Wallbank","doi":"10.1002/ail2.125","DOIUrl":null,"url":null,"abstract":"<p>Artificial Intelligence (AI) is set to become an essential tool for defending against machine-speed attacks on increasingly connected cyber networks and systems. It will allow self-defending and self-recovering cyber-defence agents to be developed, which can respond to attacks in a timely manner. But how can these agents be trusted to perform as expected, and how can they be evaluated responsibly and thoroughly? To answer these questions, a Test and Evaluation (T&E) process has been developed to assess cyber-defence agents. The process evaluates the performance, effectiveness, resilience, and generalizability of agents in both low- and high-fidelity cyber environments. This paper demonstrates the low-fidelity part of the process by performing an example evaluation in the Cyber Operations Research Gym (CybORG) environment on Reinforcement Learning (RL) agents trained as part of Cyber Autonomy Gym for Experimentation (CAGE) Challenge 2. The process makes use of novel Measures of Effectiveness (MoE) metrics, which can be used in combination with performance metrics such as the RL reward. MoE are tailored for cyber defence, allowing a greater understanding of agents' defensive abilities within a cyber environment. Agents are evaluated against multiple conditions that perturb the environment to investigate their robustness to scenarios not seen during training. The results from this evaluation process will help inform decisions around the benefits and risks of integrating autonomous agents into existing or future cyber systems.</p>","PeriodicalId":72253,"journal":{"name":"Applied AI letters","volume":"6 3","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2025-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/ail2.125","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied AI letters","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/ail2.125","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Artificial Intelligence (AI) is set to become an essential tool for defending against machine-speed attacks on increasingly connected cyber networks and systems. It will allow self-defending and self-recovering cyber-defence agents to be developed, which can respond to attacks in a timely manner. But how can these agents be trusted to perform as expected, and how can they be evaluated responsibly and thoroughly? To answer these questions, a Test and Evaluation (T&E) process has been developed to assess cyber-defence agents. The process evaluates the performance, effectiveness, resilience, and generalizability of agents in both low- and high-fidelity cyber environments. This paper demonstrates the low-fidelity part of the process by performing an example evaluation in the Cyber Operations Research Gym (CybORG) environment on Reinforcement Learning (RL) agents trained as part of Cyber Autonomy Gym for Experimentation (CAGE) Challenge 2. The process makes use of novel Measures of Effectiveness (MoE) metrics, which can be used in combination with performance metrics such as the RL reward. MoE are tailored for cyber defence, allowing a greater understanding of agents' defensive abilities within a cyber environment. Agents are evaluated against multiple conditions that perturb the environment to investigate their robustness to scenarios not seen during training. The results from this evaluation process will help inform decisions around the benefits and risks of integrating autonomous agents into existing or future cyber systems.