Beyond CAGE: Investigating Generalization of Learned Autonomous Network Defense Policies

Advancements in reinforcement learning (RL) have inspired new directions in intelligent automation of network defense. However, many of these advancements have either outpaced their application to network security or have not considered the challenges associated with implementing them in the real-wo...

Full description

Saved in:
Bibliographic Details
Published in:arXiv.org 2022-11
Main Authors: Wolk, Melody, Applebaum, Andy, Dennler, Camron, Dwyer, Patrick, Moskowitz, Marina, Nguyen, Harold, Nichols, Nicole, Park, Nicole, Rachwalski, Paul, Rau, Frank, Webster, Adrian
Format: Article
Language:English
Subjects:
Algorithms
Cages
Competition
Optimization
Simulator fidelity
Strategy
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Wolk, Melody
Applebaum, Andy
Dennler, Camron
Dwyer, Patrick
Moskowitz, Marina
Nguyen, Harold
Nichols, Nicole
Park, Nicole
Rachwalski, Paul
Rau, Frank
Webster, Adrian
description Advancements in reinforcement learning (RL) have inspired new directions in intelligent automation of network defense. However, many of these advancements have either outpaced their application to network security or have not considered the challenges associated with implementing them in the real-world. To understand these problems, this work evaluates several RL approaches implemented in the second edition of the CAGE Challenge, a public competition to build an autonomous network defender agent in a high-fidelity network simulator. Our approaches all build on the Proximal Policy Optimization (PPO) family of algorithms, and include hierarchical RL, action masking, custom training, and ensemble RL. We find that the ensemble RL technique performs strongest, outperforming our other models and taking second place in the competition. To understand applicability to real environments we evaluate each method's ability to generalize to unseen networks and against an unknown attack strategy. In unseen environments, all of our approaches perform worse, with degradation varied based on the type of environmental change. Against an unknown attacker strategy, we found that our models had reduced overall performance even though the new strategy was less efficient than the ones our models trained on. Together, these results highlight promising research directions for autonomous network defense in the real world.
format article
fullrecord <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2741133998</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2741133998</sourcerecordid><originalsourceid>FETCH-proquest_journals_27411339983</originalsourceid><addsrcrecordid>eNqNjcEOwUAURScSiYb-w0usJe1MKXZFlUTEwsJOGn2Vod5jZkr4el34AKubk3OS2xKeVCocjCMpO8K39hIEgRzFcjhUnjjM8M1UwDzJ0ims6YnW6XPuNJ0hQ0KTV_rTIBNwCRvMDWEBSe2Y-Ma1hS26F5srLLBEsgg7rvRJo-2JdplXFv3fdkV_me7nq8Hd8KNuXo4Xrg016ijjKAyVmkzG6r_qC2btQcQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2741133998</pqid></control><display><type>article</type><title>Beyond CAGE: Investigating Generalization of Learned Autonomous Network Defense Policies</title><source>Publicly Available Content Database</source><creator>Wolk, Melody ; Applebaum, Andy ; Dennler, Camron ; Dwyer, Patrick ; Moskowitz, Marina ; Nguyen, Harold ; Nichols, Nicole ; Park, Nicole ; Rachwalski, Paul ; Rau, Frank ; Webster, Adrian</creator><creatorcontrib>Wolk, Melody ; Applebaum, Andy ; Dennler, Camron ; Dwyer, Patrick ; Moskowitz, Marina ; Nguyen, Harold ; Nichols, Nicole ; Park, Nicole ; Rachwalski, Paul ; Rau, Frank ; Webster, Adrian</creatorcontrib><description>Advancements in reinforcement learning (RL) have inspired new directions in intelligent automation of network defense. However, many of these advancements have either outpaced their application to network security or have not considered the challenges associated with implementing them in the real-world. To understand these problems, this work evaluates several RL approaches implemented in the second edition of the CAGE Challenge, a public competition to build an autonomous network defender agent in a high-fidelity network simulator. Our approaches all build on the Proximal Policy Optimization (PPO) family of algorithms, and include hierarchical RL, action masking, custom training, and ensemble RL. We find that the ensemble RL technique performs strongest, outperforming our other models and taking second place in the competition. To understand applicability to real environments we evaluate each method's ability to generalize to unseen networks and against an unknown attack strategy. In unseen environments, all of our approaches perform worse, with degradation varied based on the type of environmental change. Against an unknown attacker strategy, we found that our models had reduced overall performance even though the new strategy was less efficient than the ones our models trained on. Together, these results highlight promising research directions for autonomous network defense in the real world.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Algorithms ; Cages ; Competition ; Optimization ; Simulator fidelity ; Strategy</subject><ispartof>arXiv.org, 2022-11</ispartof><rights>2022. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2741133998?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>780,784,25753,37012,44590</link.rule.ids></links><search><creatorcontrib>Wolk, Melody</creatorcontrib><creatorcontrib>Applebaum, Andy</creatorcontrib><creatorcontrib>Dennler, Camron</creatorcontrib><creatorcontrib>Dwyer, Patrick</creatorcontrib><creatorcontrib>Moskowitz, Marina</creatorcontrib><creatorcontrib>Nguyen, Harold</creatorcontrib><creatorcontrib>Nichols, Nicole</creatorcontrib><creatorcontrib>Park, Nicole</creatorcontrib><creatorcontrib>Rachwalski, Paul</creatorcontrib><creatorcontrib>Rau, Frank</creatorcontrib><creatorcontrib>Webster, Adrian</creatorcontrib><title>Beyond CAGE: Investigating Generalization of Learned Autonomous Network Defense Policies</title><title>arXiv.org</title><description>Advancements in reinforcement learning (RL) have inspired new directions in intelligent automation of network defense. However, many of these advancements have either outpaced their application to network security or have not considered the challenges associated with implementing them in the real-world. To understand these problems, this work evaluates several RL approaches implemented in the second edition of the CAGE Challenge, a public competition to build an autonomous network defender agent in a high-fidelity network simulator. Our approaches all build on the Proximal Policy Optimization (PPO) family of algorithms, and include hierarchical RL, action masking, custom training, and ensemble RL. We find that the ensemble RL technique performs strongest, outperforming our other models and taking second place in the competition. To understand applicability to real environments we evaluate each method's ability to generalize to unseen networks and against an unknown attack strategy. In unseen environments, all of our approaches perform worse, with degradation varied based on the type of environmental change. Against an unknown attacker strategy, we found that our models had reduced overall performance even though the new strategy was less efficient than the ones our models trained on. Together, these results highlight promising research directions for autonomous network defense in the real world.</description><subject>Algorithms</subject><subject>Cages</subject><subject>Competition</subject><subject>Optimization</subject><subject>Simulator fidelity</subject><subject>Strategy</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNqNjcEOwUAURScSiYb-w0usJe1MKXZFlUTEwsJOGn2Vod5jZkr4el34AKubk3OS2xKeVCocjCMpO8K39hIEgRzFcjhUnjjM8M1UwDzJ0ims6YnW6XPuNJ0hQ0KTV_rTIBNwCRvMDWEBSe2Y-Ma1hS26F5srLLBEsgg7rvRJo-2JdplXFv3fdkV_me7nq8Hd8KNuXo4Xrg016ijjKAyVmkzG6r_qC2btQcQ</recordid><startdate>20221130</startdate><enddate>20221130</enddate><creator>Wolk, Melody</creator><creator>Applebaum, Andy</creator><creator>Dennler, Camron</creator><creator>Dwyer, Patrick</creator><creator>Moskowitz, Marina</creator><creator>Nguyen, Harold</creator><creator>Nichols, Nicole</creator><creator>Park, Nicole</creator><creator>Rachwalski, Paul</creator><creator>Rau, Frank</creator><creator>Webster, Adrian</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20221130</creationdate><title>Beyond CAGE: Investigating Generalization of Learned Autonomous Network Defense Policies</title><author>Wolk, Melody ; Applebaum, Andy ; Dennler, Camron ; Dwyer, Patrick ; Moskowitz, Marina ; Nguyen, Harold ; Nichols, Nicole ; Park, Nicole ; Rachwalski, Paul ; Rau, Frank ; Webster, Adrian</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_27411339983</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Algorithms</topic><topic>Cages</topic><topic>Competition</topic><topic>Optimization</topic><topic>Simulator fidelity</topic><topic>Strategy</topic><toplevel>online_resources</toplevel><creatorcontrib>Wolk, Melody</creatorcontrib><creatorcontrib>Applebaum, Andy</creatorcontrib><creatorcontrib>Dennler, Camron</creatorcontrib><creatorcontrib>Dwyer, Patrick</creatorcontrib><creatorcontrib>Moskowitz, Marina</creatorcontrib><creatorcontrib>Nguyen, Harold</creatorcontrib><creatorcontrib>Nichols, Nicole</creatorcontrib><creatorcontrib>Park, Nicole</creatorcontrib><creatorcontrib>Rachwalski, Paul</creatorcontrib><creatorcontrib>Rau, Frank</creatorcontrib><creatorcontrib>Webster, Adrian</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>SciTech Premium Collection (Proquest) (PQ_SDU_P3)</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Wolk, Melody</au><au>Applebaum, Andy</au><au>Dennler, Camron</au><au>Dwyer, Patrick</au><au>Moskowitz, Marina</au><au>Nguyen, Harold</au><au>Nichols, Nicole</au><au>Park, Nicole</au><au>Rachwalski, Paul</au><au>Rau, Frank</au><au>Webster, Adrian</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Beyond CAGE: Investigating Generalization of Learned Autonomous Network Defense Policies</atitle><jtitle>arXiv.org</jtitle><date>2022-11-30</date><risdate>2022</risdate><eissn>2331-8422</eissn><abstract>Advancements in reinforcement learning (RL) have inspired new directions in intelligent automation of network defense. However, many of these advancements have either outpaced their application to network security or have not considered the challenges associated with implementing them in the real-world. To understand these problems, this work evaluates several RL approaches implemented in the second edition of the CAGE Challenge, a public competition to build an autonomous network defender agent in a high-fidelity network simulator. Our approaches all build on the Proximal Policy Optimization (PPO) family of algorithms, and include hierarchical RL, action masking, custom training, and ensemble RL. We find that the ensemble RL technique performs strongest, outperforming our other models and taking second place in the competition. To understand applicability to real environments we evaluate each method's ability to generalize to unseen networks and against an unknown attack strategy. In unseen environments, all of our approaches perform worse, with degradation varied based on the type of environmental change. Against an unknown attacker strategy, we found that our models had reduced overall performance even though the new strategy was less efficient than the ones our models trained on. Together, these results highlight promising research directions for autonomous network defense in the real world.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2022-11
issn 2331-8422
language eng
recordid cdi_proquest_journals_2741133998
source Publicly Available Content Database
subjects Algorithms
Cages
Competition
Optimization
Simulator fidelity
Strategy
title Beyond CAGE: Investigating Generalization of Learned Autonomous Network Defense Policies
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-07T15%3A33%3A51IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Beyond%20CAGE:%20Investigating%20Generalization%20of%20Learned%20Autonomous%20Network%20Defense%20Policies&rft.jtitle=arXiv.org&rft.au=Wolk,%20Melody&rft.date=2022-11-30&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2741133998%3C/proquest%3E%3Cgrp_id%3Ecdi_FETCH-proquest_journals_27411339983%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2741133998&rft_id=info:pmid/&rfr_iscdi=true