Network defensive cyber operations (DCO) are inherently multi-domain, traversing different network segments and functional levels that encompass networking devices, protocols, services, applications and users. However, recent AI technologies threaten to complicate DCO as they can learn and adapt novel cyber-attack decision strategies to defeat countermeasures. Specifically, Reinforcement and Deep Reinforcement Learning (RL/DRL) are AI technologies for sequential decision-making in complex environments that have exceeded human master level performance in several domains through their ability to navigate the enormous state spaces of these environments. To investigate the effectiveness of AI-empowered autonomous cyber attacks, this work presents a preliminary study of DRL algorithms in training red AI agents in multi-domain computer networks. Employing a cyber network attack environment in the OpenAI Gym, the agents are trained to automatically establish and optimize their attack decision strategy. Different DRL algorithms are tested to evaluate the effectiveness against a selected set of network, service and application configurations, and to compare their stability, robustness and generalization characteristics. The results illustrate the potential of DRL-based cyber agents for researching new schemes to support cyber offence and defence operations.
|