Evaluation of Autonomous Intrusion Response Agents in Adversarial and Normal Scenarios
摘要
The emergence of threats to networked cyber-physical systems (CPS) such as FrostyGoop (2024), Pipedream (2022) and Industroyer2 (2022), motivates a desire for improved automated defences against such threats. Research has found deep reinforcement learning (DRL) can enable autonomous intrusion response systems (IRS) to learn optimal response policies from experience, without relying on static pre-configured rules or explicit system models. The goal of autonomous defence is protecting against multi-stage attacks by learning to minimise disruption to the normal operation of the system and restore CPS functionality. However, this approach is dependent on the training environment being representative of a real system while being conducive to learning. Previous approaches focus on designing agents to adapt to adverse training conditions and neglect evaluation in scenarios absent of the adversary and/or defence agent. In contrast, we focus on improving the design of the training environment proposing both adversarial and normal scenarios for evaluation. Our analysis reveals several novel observations linked to suboptimal training conditions. For example, through evaluation of normal scenarios, it was revealed that security alerts were still present in the absence of the adversary. These observations challenge the assumptions made about the environment implementation in previous work. Our contributions support improved agent training for effective autonomous IRS.