Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Designing Robust Cyber-Defense Agents with Evolving Behavior Trees

Nicholas Potteiger, Ankita Samaddar, Hunter Bergstrom, Xenofon Koutsoukos

TL;DR

This paper develops an approach to design autonomous cyber defense agents using behavior trees with learning-enabled components, which it refers to as Evolving Behavior Trees (EBTs), and learns the structure of an EBT with a novel abstract cyber environment and optimize learning-enabled components for deployment.

Abstract

Modern network defense can benefit from the use of autonomous systems, offloading tedious and time-consuming work to agents with standard and learning-enabled components. These agents, operating on critical network infrastructure, need to be robust and trustworthy to ensure defense against adaptive cyber-attackers and, simultaneously, provide explanations for their actions and network activity. However, learning-enabled components typically use models, such as deep neural networks, that are not transparent in their high-level decision-making leading to assurance challenges. Additionally, cyber-defense agents must execute complex long-term defense tasks in a reactive manner that involve coordination of multiple interdependent subtasks. Behavior trees are known to be successful in modelling interpretable, reactive, and modular agent policies with learning-enabled components. In this paper, we develop an approach to design autonomous cyber defense agents using behavior trees with learning-enabled components, which we refer to as Evolving Behavior Trees (EBTs). We learn the structure of an EBT with a novel abstract cyber environment and optimize learning-enabled components for deployment. The learning-enabled components are optimized for adapting to various cyber-attacks and deploying security mechanisms. The learned EBT structure is evaluated in a simulated cyber environment, where it effectively mitigates threats and enhances network visibility. For deployment, we develop a software architecture for evaluating EBT-based agents in computer network defense scenarios. Our results demonstrate that the EBT-based agent is robust to adaptive cyber-attacks and provides high-level explanations for interpreting its decisions and actions.

Designing Robust Cyber-Defense Agents with Evolving Behavior Trees

TL;DR

This paper develops an approach to design autonomous cyber defense agents using behavior trees with learning-enabled components, which it refers to as Evolving Behavior Trees (EBTs), and learns the structure of an EBT with a novel abstract cyber environment and optimize learning-enabled components for deployment.

Abstract

Modern network defense can benefit from the use of autonomous systems, offloading tedious and time-consuming work to agents with standard and learning-enabled components. These agents, operating on critical network infrastructure, need to be robust and trustworthy to ensure defense against adaptive cyber-attackers and, simultaneously, provide explanations for their actions and network activity. However, learning-enabled components typically use models, such as deep neural networks, that are not transparent in their high-level decision-making leading to assurance challenges. Additionally, cyber-defense agents must execute complex long-term defense tasks in a reactive manner that involve coordination of multiple interdependent subtasks. Behavior trees are known to be successful in modelling interpretable, reactive, and modular agent policies with learning-enabled components. In this paper, we develop an approach to design autonomous cyber defense agents using behavior trees with learning-enabled components, which we refer to as Evolving Behavior Trees (EBTs). We learn the structure of an EBT with a novel abstract cyber environment and optimize learning-enabled components for deployment. The learning-enabled components are optimized for adapting to various cyber-attacks and deploying security mechanisms. The learned EBT structure is evaluated in a simulated cyber environment, where it effectively mitigates threats and enhances network visibility. For deployment, we develop a software architecture for evaluating EBT-based agents in computer network defense scenarios. Our results demonstrate that the EBT-based agent is robust to adaptive cyber-attacks and provides high-level explanations for interpreting its decisions and actions.

Paper Structure

This paper contains 19 sections, 2 equations, 8 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Works
  3. Autonomous Cyber-Defense
  4. Optimal BT Structure for Cyber-Defense
  5. Cyber-Firefighter Abstract Environment
  6. Cyber BT Behaviors
  7. Learning BT Structure using Genetic Programming
  8. Robust BTs with LECs
  9. Behavior Transfer in Realistic Cyber Environment
  10. Optimizing Behaviors
  11. Deployment
  12. Evaluation
  13. Software Architecture
  14. Genetic Programming Setup
  15. GP Performance
  16. ...and 4 more sections

Figures (8)

  • Figure 1: CybORG CAGE Challenge Scenario 2 cage_challenge_2; Subnet 1 has five user hosts; Subnet 2 has three enterprise servers and the cyber-defender; Subnet 3 has three operational hosts and one critical operational server.
  • Figure 2: Autonomous Cyber-Defense Agent
  • Figure 3: Robust Autonomous Cyber-Defense EBT Design Approach.
  • Figure 4: Learned GPBT Architecture for Strategy Switching
  • Figure 5: EBT and CybORG Software Architecture. A blackboard is used as a communication mechanism between the EBT and CybORG simulation.
  • ...and 3 more figures