Browse by author
Lookup NU author(s): Professor Raj Ranjan
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
© The Author(s), under exclusive licence to Springer-Verlag GmbH Austria, part of Springer Nature 2024.This study introduces a Deep Reinforcement Learning approach (DRL-MD) aimed at optimizing the deployment of mitigations to minimize redundancy while ensuring effective defense against cyberattacks. DRL-MD initially enhances ATT &CK (Adversarial Tactics, Techniques, and Common Knowledge) to underscore the formal relationships between attacks and defenses. Over the enhanced ATT &CK, DRL-MD then operates in two phases: (1) Estimating Node Importance: DRL-MD proposes a model to estimate the importance of deployed nodes in the network, prioritizing mitigation deployment locations for better evaluation of mitigation effectiveness; and (2) Optimizing Mitigation Deployment: A Soft Actor-Critic algorithm finds the optimal mitigation deployment policy through multi-objective optimization of the importance of deployed nodes, the effectiveness of mitigations in preventing cyberattacks, vulnerability repair, and deployment cost. A case study with DRL-MD against the state-of-the-art counterparts has been performed considering the WannaCry threat, and results indicate that: (1) DRL-MD performs the best with 6.4–11% decrease in deployment cost; and (2) DRL-MD can significantly reduce redundancy in mitigation deployments, which partially benefits from the enhanced ATT &CK model. Overall, a comprehensive solution of mitigation deployment has been fostered to significantly lower the redundancy with more effective defenses against cyberattacks sustained.
Author(s): Liu Y, Guo Y, Ranjan R, Chen D
Publication type: Article
Publication status: Published
Journal: Computing
Year: 2024
Pages: epub ahead of print
Online publication date: 06/09/2024
Acceptance date: 28/08/2024
ISSN (print): 0010-485X
ISSN (electronic): 1436-5057
Publisher: Springer
URL: https://doi.org/10.1007/s00607-024-01344-4
DOI: 10.1007/s00607-024-01344-4
Altmetrics provided by Altmetric
