Machine Theory of Mind for Autonomous Cyber-Defence

TL;DR

A novel Graph Neural Network-based ToM architecture tailored for cyber-defence, Graph-In, Graph-Out (GIGO)-ToM, which can accurately predict both the targets and attack trajectories of adversarial cyber agents over arbitrary computer network topologies is introduced.

Abstract

Intelligent autonomous agents hold much potential for the domain of cyber-security. However, due to many state-of-the-art approaches relying on uninterpretable black-box models, there is growing demand for methods that offer stakeholders clear and actionable insights into their latent beliefs and motivations. To address this, we evaluate Theory of Mind (ToM) approaches for Autonomous Cyber Operations. Upon learning a robust prior, ToM models can predict an agent's goals, behaviours, and contextual beliefs given only a handful of past behaviour observations. In this paper, we introduce a novel Graph Neural Network (GNN)-based ToM architecture tailored for cyber-defence, Graph-In, Graph-Out (GIGO)-ToM, which can accurately predict both the targets and attack trajectories of adversarial cyber agents over arbitrary computer network topologies. To evaluate the latter, we propose a novel extension of the Wasserstein distance for measuring the similarity of graph-based probability distributions. Whereas the standard Wasserstein distance lacks a fixed reference scale, we introduce a graph-theoretic normalization factor that enables a standardized comparison between networks of different sizes. We furnish this metric, which we term the Network Transport Distance (NTD), with a weighting function that emphasizes predictions according to custom node features, allowing network operators to explore arbitrary strategic considerations. Benchmarked against a Graph-In, Dense-Out (GIDO)-ToM architecture in an abstract cyber-defence environment, our empirical evaluations show that GIGO-ToM can accurately predict the goals and behaviours of various unseen cyber-attacking agents across a range of network topologies, as well as learn embeddings that can effectively characterize their policies.

Figures (17)

• Figure 1: The original ToMnet architecture, adopted from Rabinowitz et al. rabinowitz2018machine. It consists of three components: a character network, a mental network, and a prediction network. The character network parses observations of past behaviour (e.g. previous episodes) to build a character embedding $e_{char}$. The mental network then uses this along with behavioural observations from a current episode to build a representation of the agent's current beliefs and intentions: the mental state embedding $e_{mental}$. Finally, the predictor network utilizes both these embeddings along with a snapshot of the current state of the environment to forecast future behaviour: the next-step action probabilities $\hat{\pi}$, probabilities of whether certain objects will be consumed $\hat{c}$, and the predicted successor representations $\hat{SR}$dayan1993improving.
• Figure 2: An illustration of the hot-desking user problem for cyber-defence. The node labelled '$E$' denotes the entry node for the Red cyber-attacking agent. Blue, red, and pink nodes represent current user locations. The color weighting of the remaining nodes represents their vulnerability to attacks, with darker shades representing higher vulnerability scores. In each episode the users may relocate to a different desk. Therefore, ToM solutions are required that can generalize across settings with respect to different user locations in each episode.
• Figure 3: Example visualizations of the five custom YAWNING-TITAN TreeNetwork topologies used in our experiments. For each topology, the node labelled '$E$' denotes the entry node for the Red agent. Pink nodes represent high-value nodes, with the dark blue node being the one ultimately targeted by a hypothetical Red agent.
• Figure 4: Shared architectural components of GIGO-ToM and GIDO-ToM.
• Figure 5: The Graph-In Dense-Out (GIDO-ToM) prediction network architecture. Output layers are implemented using dense neural network layers, necessitating a fixed number of output nodes.