Reinforcement Learning Journal, vol. TBD, 2025, pp. TBD.
Presented at the Reinforcement Learning Conference (RLC), Edmonton, Alberta, Canada, August 5–9, 2025.
Cyber resilience is the ability of a system to recover from an attack with minimal impact on system operations. However, characterizing a network's resilience under a cyber attack is challenging, as there are no formal definitions of resilience applicable to diverse network topologies and attack patterns. In this work, we propose a quantifiable formulation of resilience that considers multiple defender operational goals, the criticality of various network resources for daily operations, and provides interpretability to security operators about their system's resilience under attack. We evaluate our approach within the CybORG environment, a reinforcement learning (RL) framework for autonomous cyber defense, analyzing trade-offs between resilience, costs, and prioritization of operational goals. Furthermore, we introduce methods to aggregate resilience metrics across time-variable attack patterns and multiple network topologies, comprehensively characterizing system resilience. Using insights gained from our resilience metrics, we design RL autonomous defensive agents and compare them against several heuristic baselines, showing that proactive network hardening techniques and prompt recovery of compromised machines are critical for effective cyber defenses.
Xavier Cadet, Simona Boboila, Edward Koh, Peter Chin, and Alina Oprea. "Quantitative Resilience Modeling for Autonomous Cyber Defense." Reinforcement Learning Journal, vol. TBD, 2025, pp. TBD.
BibTeX:@article{cadet2025quantitative,
title={Quantitative Resilience Modeling for Autonomous Cyber Defense},
author={Cadet, Xavier and Boboila, Simona and Koh, Edward and Chin, Peter and Oprea, Alina},
journal={Reinforcement Learning Journal},
year={2025}
}