Abstract
This study introduces a Deep Reinforcement Learning approach (DRL-MD) aimed at optimizing the deployment of mitigations to minimize redundancy while ensuring effective defense against cyberattacks. DRL-MD initially enhances ATT &CK (Adversarial Tactics, Techniques, and Common Knowledge) to underscore the formal relationships between attacks and defenses. Over the enhanced ATT &CK, DRL-MD then operates in two phases: (1) Estimating Node Importance: DRL-MD proposes a model to estimate the importance of deployed nodes in the network, prioritizing mitigation deployment locations for better evaluation of mitigation effectiveness; and (2) Optimizing Mitigation Deployment: A Soft Actor-Critic algorithm finds the optimal mitigation deployment policy through multi-objective optimization of the importance of deployed nodes, the effectiveness of mitigations in preventing cyberattacks, vulnerability repair, and deployment cost. A case study with DRL-MD against the state-of-the-art counterparts has been performed considering the WannaCry threat, and results indicate that: (1) DRL-MD performs the best with 6.4–11% decrease in deployment cost; and (2) DRL-MD can significantly reduce redundancy in mitigation deployments, which partially benefits from the enhanced ATT &CK model. Overall, a comprehensive solution of mitigation deployment has been fostered to significantly lower the redundancy with more effective defenses against cyberattacks sustained.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Feng W, Liu C, Cheng B, Chen J (2021) Secure and cost-effective controller deployment in multi-domain sdn with baguette. J Netw Comput Appl 178:102969
Poolsappasit N, Dewri R, Ray I (2011) Dynamic security risk management using bayesian attack graphs. IEEE Trans Dependable Secure Comput 9(1):61–74
Muñoz-González L, Sgandurra D, Barrère M, Lupu EC (2017) Exact inference techniques for the analysis of bayesian attack graphs. IEEE Trans Dependable Secure Comput 16(2):231–244
Munoz-Gonzalez L, Sgandurra D, Paudice A, Lupu EC (2016) Efficient attack graph analysis through approximate inference. arXiv preprint arXiv:1606.07025
Miehling E, Rasouli M, Teneketzis D (2015) Optimal defense policies for partially observable spreading processes on bayesian attack graphs. In: Proceedings of the Second ACM Workshop on Moving Target Defense, pp 67–76
Manshaei MH, Zhu Q, Alpcan T, Bacşar T, Hubaux J-P (2013) Game theory meets network security and privacy. ACM Comput Surveys (CSUR) 45(3):1–39
Dahiya A, Gupta BB (2021) A reputation score policy and bayesian game theory based incentivized mechanism for ddos attacks mitigation and cyber defense. Futur Gener Comput Syst 117:193–204
Huang L, Zhu, Q (2019) In: Al-Shaer, E., Wei, J., Hamlen, K.W., Wang, C. (eds.) Dynamic Bayesian Games for Adversarial and Defensive Cyber Deception, Springer, Cham, pp 75–97
Sarker IH, Kayes A, Badsha S, Alqahtani H, Watters P, Ng A (2020) Cybersecurity data science: an overview from machine learning perspective. J Big Data 7(1):1–29
Mpatziakas A, Drosou A, Papadopoulos S, Tzovaras D (2022) Iot threat mitigation engine empowered by artificial intelligence multi-objective optimization. J Netw Comput Appl 203:103398
Yousefi M, Mtetwa N, Zhang Y, Tianfield H (2018) A reinforcement learning approach for attack graph analysis. In: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pp 212–217 . IEEE
De La Torre Parra G, Rad P, Choo KKR, Beebe N (2020) Detecting internet of things attacks using distributed deep learning. J Netw Comput Appl 163:102662
Strom BE, Applebaum A, Miller DP, Nickels KC, Pennington AG, Thomas CB (2018) Mitre att &ck: Design and philosophy. The MITRE Corporation
Han Y, Rubinstein BI, Abraham T, Alpcan T, Vel OD, Erfani S, Hubczenko D, Leckie C, Montague P (2018)Reinforcement learning for autonomous defence in software-defined networking. In: International Conference on Decision and Game Theory for Security, Springer, pp 145–165
Mowla NI, Tran NH, Doh I, Chae K (2020) Afrl: adaptive federated reinforcement learning for intelligent jamming defense in fanet. J Commun Netw 22(3):244–258
Leong AS, Ramaswamy A, Quevedo DE, Karl H, Shi L (2020) Deep reinforcement learning for wireless sensor scheduling in cyber-physical systems. Automatica 113:108759
Kwon R, Ashley T, Castleberry J, Mckenzie P, Gourisetti SNG (2020) Cyber threat dictionary using mitre att &ck matrix and nist cybersecurity framework mapping. In: 2020 Resilience Week (RWS), IEEE, pp 106–112
Xiong W, Legrand E, Åberg O, Lagerström R (2022) Cyber security threat modeling based on the mitre enterprise att &ck matrix. Softw Syst Model 21(1):157–177
Al-Shaer R, Spring JM, Christou E (2020) Learning the associations of mitre att & ck adversarial techniques. In: 2020 IEEE Conference on Communications and Network Security (CNS), IEEE, pp 1–9
Christey S, Martin RA (2007) Vulnerability type distributions in cve. Mitre report, May
Mo H, Deng Y (2019) Identifying node importance based on evidence theory in complex networks. Physica A 529:121538
Christodoulou P (2019) Soft actor-critic for discrete action settings. arXiv preprint arXiv:1910.07207
Mohurle S, Patil M (2017) A brief study of wannacry threat: Ransomware attack 2017. Int J Adv Res Comput Sci 8(5):1938–1940
Wang L, Zhang M, Jajodia S, Singhal A, Albanese M (2014) Modeling network diversity for evaluating the robustness of networks against zero-day attacks. In: European Symposium on Research in Computer Security, Springer, pp 494–511
Charpentier A, Boulahia Cuppens N, Cuppens F, Yaich R (2022) Deep reinforcement learning-based defense strategy selection. In: Proceedings of the 17th International Conference on Availability, Reliability and Security, pp 1–11
Zeng L, Yao W, Shuai H, Zhou Y, Ai X, Wen J (2022) Resilience assessment for power systems under sequential attacks using double dqn with improved prioritized experience replay. IEEE Syst J 17:1865
Zhai B, Song F, Huang J, Huang X, Zhou Z, Jin T (2021) Pre-event resilience enhancement strategy for distribution systems based on dueling ddqn. In: 2021 IEEE 4th International Conference on Electronics Technology (ICET), IEEE, pp 527–532
Muhati E. Rawat DB (2021) Asynchronous advantage actor-critic (a3c) learning for cognitive network security. In: 2021 Third IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), IEEE, pp 106–113
Hu Z, Zhu M, Liu P (2020) Adaptive cyber defense against multi-stage attacks using learning-based pomdp. ACM Trans Privacy Security (TOPS) 24(1):1–25
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no Conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Liu, Y., Guo, Y., Ranjan, R. et al. Optimization of mitigation deployment using deep reinforcement learning over an enhanced ATT &CK. Computing (2024). https://doi.org/10.1007/s00607-024-01344-4
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s00607-024-01344-4