面向现实的自主网络防御部署：系统回顾

IF 23.8 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

ACM Computing Surveys Pub Date : 2025-05-24 DOI:10.1145/3729213

Sanyam Vyas, Vasilios Mavroudis, Pete Burnap

{"title":"面向现实的自主网络防御部署：系统回顾","authors":"Sanyam Vyas, Vasilios Mavroudis, Pete Burnap","doi":"10.1145/3729213","DOIUrl":null,"url":null,"abstract":"In the ongoing network cybersecurity arms race, the defenders face a significant disadvantage as they must detect and counteract every attack. Conversely, the attacker only needs to succeed once to achieve their goal. To balance the odds, Autonomous Cyber Network Defence (ACND) employs autonomous agents for proactive and intelligent cyber-attack response. This article surveys the state of the art of Autonomous Blue and Red Teaming agents, as well as cyber operations environments. We begin by presenting a detailed set of criteria for ACND algorithms and systems that evaluate the preparedness of integrating autonomous agents into real-world networked environments. Our analysis identifies critical research gaps and challenges within the ACND landscape, including issues of autonomous agent explainability, continuous learning capability under evolving threats, and the development of realistic agent training environments. Based on these insights, we discuss promising research directions and open challenges that need to be addressed for the deployment of ACND agents in real-world networks.","PeriodicalId":50926,"journal":{"name":"ACM Computing Surveys","volume":"3 1","pages":""},"PeriodicalIF":23.8000,"publicationDate":"2025-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Towards the Deployment of Realistic Autonomous Cyber Network Defence: A Systematic Review\",\"authors\":\"Sanyam Vyas, Vasilios Mavroudis, Pete Burnap\",\"doi\":\"10.1145/3729213\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the ongoing network cybersecurity arms race, the defenders face a significant disadvantage as they must detect and counteract every attack. Conversely, the attacker only needs to succeed once to achieve their goal. To balance the odds, Autonomous Cyber Network Defence (ACND) employs autonomous agents for proactive and intelligent cyber-attack response. This article surveys the state of the art of Autonomous Blue and Red Teaming agents, as well as cyber operations environments. We begin by presenting a detailed set of criteria for ACND algorithms and systems that evaluate the preparedness of integrating autonomous agents into real-world networked environments. Our analysis identifies critical research gaps and challenges within the ACND landscape, including issues of autonomous agent explainability, continuous learning capability under evolving threats, and the development of realistic agent training environments. Based on these insights, we discuss promising research directions and open challenges that need to be addressed for the deployment of ACND agents in real-world networks.\",\"PeriodicalId\":50926,\"journal\":{\"name\":\"ACM Computing Surveys\",\"volume\":\"3 1\",\"pages\":\"\"},\"PeriodicalIF\":23.8000,\"publicationDate\":\"2025-05-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Computing Surveys\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1145/3729213\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Computing Surveys","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3729213","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

摘要

在正在进行的网络安全军备竞赛中，防御者面临着明显的劣势，因为他们必须检测并抵御每一次攻击。相反，攻击者只需要成功一次就可以实现他们的目标。为了平衡这种可能性，自主网络防御（acand）采用自主代理进行主动和智能的网络攻击响应。本文调查了自主蓝红队代理的最新技术，以及网络操作环境。我们首先提出了一套详细的acand算法和系统标准，用于评估将自主代理集成到现实世界的网络环境中的准备情况。我们的分析确定了acand领域的关键研究差距和挑战，包括自主智能体的可解释性、不断变化的威胁下的持续学习能力以及现实智能体训练环境的发展等问题。基于这些见解，我们讨论了在现实网络中部署acand代理需要解决的有前途的研究方向和开放的挑战。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Towards the Deployment of Realistic Autonomous Cyber Network Defence: A Systematic Review

In the ongoing network cybersecurity arms race, the defenders face a significant disadvantage as they must detect and counteract every attack. Conversely, the attacker only needs to succeed once to achieve their goal. To balance the odds, Autonomous Cyber Network Defence (ACND) employs autonomous agents for proactive and intelligent cyber-attack response. This article surveys the state of the art of Autonomous Blue and Red Teaming agents, as well as cyber operations environments. We begin by presenting a detailed set of criteria for ACND algorithms and systems that evaluate the preparedness of integrating autonomous agents into real-world networked environments. Our analysis identifies critical research gaps and challenges within the ACND landscape, including issues of autonomous agent explainability, continuous learning capability under evolving threats, and the development of realistic agent training environments. Based on these insights, we discuss promising research directions and open challenges that need to be addressed for the deployment of ACND agents in real-world networks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ACM Computing Surveys 工程技术-计算机：理论方法

CiteScore

33.20

自引率

0.60%

发文量

372

审稿时长

12 months

期刊介绍： ACM Computing Surveys is an academic journal that focuses on publishing surveys and tutorials on various areas of computing research and practice. The journal aims to provide comprehensive and easily understandable articles that guide readers through the literature and help them understand topics outside their specialties. In terms of impact, CSUR has a high reputation with a 2022 Impact Factor of 16.6. It is ranked 3rd out of 111 journals in the field of Computer Science Theory & Methods. ACM Computing Surveys is indexed and abstracted in various services, including AI2 Semantic Scholar, Baidu, Clarivate/ISI: JCR, CNKI, DeepDyve, DTU, EBSCO: EDS/HOST, and IET Inspec, among others.