Deterring Adversarial Learning in Penetration Testing by Exploiting Domain Adaptation Theory

Artificial intelligence (AI) and machine learning (ML) are increasingly being used in cyber operations. Because of techniques like adversarial learning, the performance of network defenses can degrade quickly. Thus, there is an increasing need for adaptable, dynamic network defenses. Correspondingly, there has been a rise in the use of reconfiguration schemes like moving target defense in software-defined networks. However, moving target defense methods target individual adversaries and rely on an in-depth understanding of an adversary’s utility function. In contrast, domain adaptation theory suggests that learning agents are sensitive to distributional changes in their inputs, regardless of their utilities. In this paper, we identify several kinds of network changes that deter adversaries by exploiting vulnerabilities in their learned assumptions. We use an open source network attack simulator, NASim, to conduct experiments on reinforcement learning (RL)based penetration testers. We measure the time-to-relearn in order to compare the efficacy of different network changes at deterring adversaries. We find that by focusing on shifting the learning domain as a defensive strategy, we are able to degrade the performance of multiple adversaries simultaneously. With our methodology, cyber defenders have tools that allow them to raise the sophistication and cost needed by adversaries to remain a threat to network operations over time.