AI takes step closer to replacing human cybersecurity teams

US researchers say deep reinforcement learning offers a way for AI to help protect computer networks, but cybersecurity staff can breathe easy - for now

Scientists from the US Department of Energy’s Pacific Northwest National Laboratory have taken a crucial step in developing artificial intelligence to protect computer networks, but experts say AI agents are not yet ready to replace human cybersecurity professionals.

The research team tested deep reinforcement learning (DRL) in a rigorous simulation setting, where it effectively stopped adversaries from reaching their goals up to 95% of the time when faced with sophisticated cyberattacks. The success of DRL in this area has led to optimism about its potential role in proactive cyber defence. 

The researchers presented their findings this week at a workshop on AI for Cybersecurity during the Association for the Advancement of Artificial Intelligence annual meeting in Washington, D.C.

Powerful tool for cybersecurity experts

Deep reinforcement learning is emerging as a powerful decision-support tool for cybersecurity experts, providing a defence agent who can learn, adapt to quickly changing circumstances, and make decisions autonomously. This method offers a more comprehensive approach to cybersecurity, allowing for the orchestration of sequential decision-making plans in daily face-offs with adversaries.

While other forms of AI are standard in detecting intrusions or filtering spam messages, deep reinforcement learning expands defenders’ abilities to take preemptive steps to prevent cyberattacks. The researchers' findings offer a glimpse into a future where AI may play an increasingly significant role in protecting computer networks.

“An effective AI agent for cybersecurity needs to sense, perceive, act and adapt, based on the information it can gather and on the results of decisions that it enacts,” says Samrat Chatterjee, a data scientist who presented the team’s work. “Deep reinforcement learning holds great potential in this space, where the number of system states and action choices can be large.”

DRL combines reinforcement learning and deep learning. It is especially effective in situations where a series of decisions in a complex environment need to be made. The algorithm reinforces good decisions leading to desirable outcomes with a positive reward, while bad choices leading to undesirable results are discouraged via a negative cost.

This is similar to how people learn many tasks. For example, a child who completes their chores might receive positive reinforcement in the form of a desired playdate, while a child who doesn't do their work gets negative reinforcement, such as the takeaway of a digital device. DRL's ability to learn from experience and make decisions based on past outcomes makes it a valuable tool for complex decision-making processes in various fields, including cybersecurity.

“It’s the same concept in reinforcement learning,” says Chatterjee. “The agent can choose from a set of actions. With each action comes feedback, good or bad, that becomes part of its memory. There’s an interplay between exploring new opportunities and exploiting past experiences. The goal is to create an agent that learns to make good decisions.”

AI wins in rigorous testing environment

The research team created a custom simulation environment to evaluate the strengths and weaknesses of four deep reinforcement learning algorithms using the open-source software toolkit Open AI Gym. The team incorporated seven tactics and 15 techniques deployed by three adversaries. The attack stages included reconnaissance, execution, persistence, defence evasion, command and control, and collection and exfiltration (when data is transferred out of the system). The adversary was considered to have won if they successfully reached the final exfiltration stage. This rigorous testing environment enabled researchers to evaluate the effectiveness of the AI-based defensive methods, providing valuable insights into how to improve cybersecurity.

“Our algorithms operate in a competitive environment — a contest with an adversary intent on breaching the system,” said Chatterjee. “It’s a multistage attack, where the adversary can pursue multiple attack paths that can change over time as they try to go from reconnaissance to exploitation. Our challenge is to show how defences based on deep reinforcement learning can stop such an attack.”

The team trained defensive agents based on four deep reinforcement learning algorithms, DQN (Deep Q-Network) and three variations of what’s known as the actor-critic approach. The agents were trained with simulated data about cyberattacks and then tested against attacks they had not observed in training.

“Our goal is to create an autonomous defence agent that can learn the most likely next step of an adversary, plan for it, and then respond in the best way to protect the system,” says Chatterjee.

Despite the progress, no one is ready to entrust cyber defence entirely to an AI system. Instead, a DRL-based cybersecurity system would need to work in concert with humans, says coauthor Arnab Bhattacharya, formerly of PNNL.

“AI can be good at defending against a specific strategy but isn’t as good at understanding all the approaches an adversary might take,” says Bhattacharya. “We are nowhere near the stage where AI can replace human cyber analysts. Human feedback and guidance are important.”


Featured Articles

Virgin Atlantic accelerates AI transformation with Amperity

Leading enterprise customer data platform will help Virgin Atlantic leverage a data-driven strategy to deliver highly personalised customer experiences

Sustainability LIVE: Event for AI leaders

Featuring experts from companies including Microsoft, Google, AWS, Meta and Tech Mahindra, Sustainability LIVE offers a number of sessions for tech leaders

VMware and NVIDIA AI Foundation unlocks business potential

VMware and NVIDIA have partnered in a private AI foundation with a wide range of offerings, to aid businesses to better adopt and customise AI models

TimeAI Summit Oct 2023 to unite tech giants and visionaries


MIT suggest generative AI is democratising AI access

Machine Learning

How AI could help airlines mitigate contrail climate impact

Machine Learning