Engineering 2 1156 High Street, Santa Cruz, California 95064

In response to the growing trend of Advanced Persistent Threats (APTs), multiple approaches have been proposed to secure systems, including adversary simulation and emulation exercises proactively. In these engagements, the attacking side is called the red team, and the defending is the blue team. Their goal is to reproduce APTs to discover new attack vectors and analyze defenders' responses. The security community has been working on automating tactics, techniques, and procedures used by both red and blue agents. State-of-the-art solutions propose Autonomous Cyber Operations (ACO) agents to increase the efficacy of threat response and deploy adversary simulation and emulation engagements, minimizing human intervention. Recent solutions use Reinforcement Learning (RL) for ACO agents' training, action selection, and decision-making, and model the adversary simulation as a partially observable Markov Decision Process (POMDP). Although promising, current approaches do not consider the security implications of deploying ACO agents in real-world networks. This work proposes an adversarial, proactive, reactive, and feasible approach to secure ACO agents. We develop an in-depth understanding of sophisticated threat actors. We then study how deploying Autonomous Cyber Defense (ACD) agents (defensive ACO agents) can increase the attack surface for an adversary. Finally, we propose solutions to these challenges by describing a research plan to build secure and feasible ACOs.

Event Host: Sebastián Castro, Ph.D. Student, Computer Science & Engineering

Advisor: Alvaro Cardenas

Event Details

See Who Is Interested

0 people are interested in this event

User Activity

No recent activity