The scientists detailed their discovery in a paper published on Feb. 3 and presented their findings at the Association for the Advancement of Artificial Intelligence’s annual meeting in Washington, D.C., on Tuesday. Using a closed attack-defense simulation environment created with Open AI Gym, the researchers tested four adaptive deep reinforcement learning algorithms. The algorithms displayed “proactive, context-aware, defense countermeasures that dynamically adapt to evolving adversarial behaviors while minimizing loss of cyber system operations,” the paper said. Deep reinforcement learning combines deep learning and reinforcement learning. It can be particularly useful in the fast-changing cybersecurity landscape as it can “sense, perceive, act and adapt, based on the information it can gather and on the results of decisions that it enacts,” Samrat Chatterjee, one of the scientists behind the paper, said.
Stopping Cyberattacks Before They Happen
The paper analyzed the efficacy of multiple DRL algorithms in dealing with “diverse adversarial uncertainties.” The researchers tested the algorithms against sophisticated cyber-attacks spread through multiple software processes such as Application Programming Interface (API) calls “to execute actions without inducing suspicion” instead of relying on a single process. They used the MITRE ATT&CK framework, developed by Mitre Corp., and real-world cyber-attack scenarios to test the defense capabilities of four different algorithms. “Within an attack-defense interaction, an adversary can start from any technique of the Reconnaissance/Initial Access tactic, and wins if they reach any technique of Impact/Exfiltration tactic. Based on defense actions, the attacker may abort (i.e., move to the Attack Terminated state or defender’s win) or persist to move on to the next stage,” the paper reads. “For example, from attack initiation an adversary may reach the Reconnaissance/Initial Access tactic by successfully executing either Active Scanning (e.g., scans to find vulnerable machines or services) or Phishing (e.g., sends malicious links to users),” the researchers added, giving an example of a typical multi-stage cyberattack. The main goal of the DRL defense mechanism is to prevent attackers from ever reaching the Impact/Exfiltration phase, the researchers explained. “Deep reinforcement learning holds great potential in this space, where the number of system states and action choices can be large,” Chatterjee said. Of all the algorithms the researchers tested, Deep Q-Network (DQ) was far superior in defending computer systems. DQN successfully stopped nearly 90 percent of highly sophisticated attacks by the final stage.
AI-Powered Cyber-Defense is the Future
While this finding is promising, we are still not at the stage where we can put our cybersecurity defense primarily on AI—particularly in large, complex environments like enterprise scenarios. Arnab Bhattacharya, researcher and co-author of the paper, echoed these same sentiments saying “human feedback and guidance” is still needed. In an exclusive interview with Indir Avdagic, SVP CISO at AdTheorent Holding Company Inc., last year, he told us that AI and machine learning (ML) still have a ways to go. “Simply said, AI/ML is not mature enough for some leadership teams to feel comfortable with the security of these solutions,” Avdagic noted. For now, adopting a “never trust, always verify” approach with the implementation of a zero-trust security strategy is more realistic. Ultimately, AI will help the cybersecurity industry reach “the final goal of near real-time orchestration of all infosec tools,” he added. There is growing interest in artificial intelligence technology with the introduction of ChatGPT, AI-based search engine integration, and more. AI systems have the potential to help take some pressure off of cybersecurity teams by offering protection against threats like DDoS and ransomware attacks. DRL defense mechanisms may also play a key part in the quantum readiness of a nation. Until we have access to fully developed AI neural networks for cyber defense, we recommend you use a premium antivirus solution to protect your device from malware and other threats. Check out our article on the best antivirus for our top picks.