Scientists have taken a key step toward harnessing a form of artificial intelligence known as deep reinforcement learning, or DRL, to protect computer networks.
When faced with sophisticated cyberattacks in a rigorous simulation setting, deep reinforcement learning was effective at stopping adversaries from reaching their goals up to 95 percent of the time. The outcome offers promise for a role for autonomous AI in proactive cyber defense.
Scientists from the Department of Energy's Pacific Northwest National Laboratory documented their findings in a research paper and presented their work Feb. 14 at a workshop on AI for Cybersecurity during the annual meeting of the Association for the Advancement of Artificial Intelligence in Washington, D.C.
The starting point was the development of a simulation environment to test multistage attack scenarios involving distinct types of adversaries. Creation of such a dynamic attack-defense simulation environment for experimentation itself is a win. The environment offers researchers a way to compare the effectiveness of different AI-based defensive methods under controlled test settings.
Such tools are essential for evaluating the performance of deep reinforcement learning algorithms. The method is emerging as a powerful decision-support tool for cybersecurity experts—a defense agent with the ability to learn, adapt to quickly changing circumstances, and make decisions autonomously. While other forms of AI are standard to detect intrusions or filter spam messages, deep reinforcement learning expands defenders' abilities to orchestrate sequential decision-making plans in their daily face-off with adversaries.
Deep reinforcement learning offers smarter cybersecurity, the ability to detect changes in the cyber landscape earlier, and the opportunity to take preemptive steps to scuttle a cyberattack. READ MORE...
Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks.
It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks and technologies.
Types of cyber threatsCommon cyber threats include:- Malware, such as ransomware, botnet software, RATs (remote access Trojans), rootkits and bootkits, spyware, Trojans, viruses and worms.
- Backdoors, which allow remote access.
- Formjacking, which inserts malicious code into online forms.
- Cryptojacking, which installs illicit cryptocurrency mining software.
- DDoS (distributed denial-of-service) attacks, which flood servers, systems and networks with traffic to knock them offline.
- DNS (domain name system) poisoning attacks, which compromise the DNS to redirect traffic to malicious sites.
What are the 5 types of cyber security?1. Critical infrastructure cyber securityCritical infrastructure organisations are often more vulnerable to attack than others because SCADA (supervisory control and data acquisition) systems often rely on older software.Operators of essential services in the UK’s energy, transport, health, water and digital infrastructure sectors, and digital service providers are bound by the NIS Regulations (Network and Information Systems Regulations 2018). Among other provisions, the Regulations require organisations to implement appropriate technical and organisational measures to manage their security risks.2. Network securityNetwork security involves addressing vulnerabilities affecting your operating systems and network architecture, including servers and hosts, firewalls and wireless access points, and network protocols.3. Cloud securityCloud security is concerned with securing data, applications and infrastructure in the Cloud.4. IoT (Internet of Things) securityIoT security involves securing smart devices and networks that are connected to the IoT. IoT devices include things that connect to the Internet without human intervention, such as smart fire alarms, lights, thermostats and other appliances.5. Application securityApplication security involves addressing vulnerabilities resulting from insecure development processes in the design, coding and publishing of software or a website.
