• Stars
    star
    743
  • Rank 61,046 (Top 2 %)
  • Language
  • License
    Other
  • Created almost 3 years ago
  • Updated about 1 month ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A curated list of resources dedicated to reinforcement learning applied to cyber security.

Awesome Reinforcement Learning
for Cyber Security

A curated list of resources dedicated to reinforcement learning applied to cyber security. Note that the list includes only work that uses reinforcement learning, general machine learning methods applied to cyber security are not included in this list.

For other related curated lists, see :

Table of Contents

↑ Environments

AutoPentest-DRL

AutoPentest-DRL: Automated Penetration Testing Using Deep Reinforcement Learning
  • AutoPentest-DRL is an automated penetration testing framework based on Deep Reinforcement Learning (DRL) techniques. AutoPentest-DRL can determine the most appropriate attack path for a given logical network, and can also be used to execute a penetration testing attack on a real network via tools such as Nmap and Metasploit. This framework is intended for educational purposes, so that users can study the penetration testing attack mechanisms. AutoPentest-DRL is being developed by the Cyber Range Organization and Design (CROND) NEC-endowed chair at the Japan Advanced Institute of Science and Technology (JAIST) in Ishikawa,Japan.

NASimEmu

NASimEmu
  • NASimEmu is a framework for training deep RL agents in offensive penetration-testing scenarios. It includes both a simulator and an emulator so that a simulation-trained agent can be seamlessly deployed in emulation. Additionally, it includes a random generator that can create scenario instances varying in network configuration and size while fixing certain features, such as exploits and privilege escalations. Furthermore, agents can be trained and tested in multiple scenarios simultaneously.

    Paper: (2023) NASimEmu: Network Attack Simulator & Emulator for Training Agents Generalizing to Novel Scenarios
    Framework: NASimEmu
    Implemented agents: NASimEmu-agents

gym-idsgame

gym-idsgame

CyberBattleSim (Microsoft)

CyberBattleSim
  • CyberBattleSim is an experimentation research platform to investigate the interaction of automated agents operating in a simulated abstract enterprise network environment. The simulation provides a high-level abstraction of computer networks and cyber security concepts. Its Python-based Open AI Gym interface allows for the training of automated agents using reinforcement learning algorithms. Blogpost: (2021) Gamifying machine learning for stronger security and AI models

gym-malware

gym-malware

malware-rl

malware-rl

gym-flipit

gym-flipit

gym-threat-defense

gym-threat-defense

gym-nasim

gym-nasim

gym-optimal-intrusion-response

gym-optimal-intrusion-response

sql_env

sql_env

cage-challenge

cage-challenge-1
  • The first Cyber Autonomos Gym for Experimentation (CAGE) challenge environment released at the 1st International Workshop on Adaptive Cyber Defense held as part of the 2021 International Joint Conference on Artificial Intelligence (IJCAI).
cage-challenge-2
  • The second Cyber Autonomous Gym for Experimentation (CAGE) challenge environment announced at the AAAI-22 Workshop on Artificial Intelligence for Cyber Security Workshop (AICS).
cage-challenge-3
  • The third Cyber Autonomous Gym for Experimentation (CAGE) challenge environment.

ATMoS

ATMoS

MAB-Malware

MAB-malware

ASAP

Autonomous Security Analysis and Penetration Testing framework (ASAP)

Yawning Titan

Yawning Titan

Cyborg

Cyborg
  • Cyborg is a gym for autonomous cyberg operations research that is driven by the need to efficiently support reinforcement learning to train adversarial decision-making models through simulation and emulation. This is a variation of the environments used by cage-challenge above.

    Paper: (2021) CybORG: A Gym for the Development of Autonomous Cyber Agents

FARLAND

FARLAND (github repository missing)
  • FARLAND is a framework for advanced Reinforcement Learning for autonomous network defense, that uniquely enables the design of network environments to gradually increase the complexity of models, providing a path for autonomous agents to increase their performance from apprentice to superhuman level, in the task of reconfiguring networks to mitigate cyberattacks.

    Paper: (2021) Network Environment Design for Autonomous Cyberdefense

SecureAI

SecureAI

CYST

CYST

CLAP

CLAP: Curiosity-Driven Reinforcment Learning Automatic Penetration Testing Agent

CyGIL

CyGIL: A Cyber Gym for Training Autonomous Agents over Emulated Network Systems
  • CyGIL is an experimental testbed of an emulated RL training environment for network cyber operations. CyGIL uses a stateless environment architecture and incorporates the MITRE ATT&CK framework to establish a high fidelity training environment, while presenting a sufficiently abstracted interface to enable RL training. Its comprehensive action space and flexible game design allow the agent training to focus on particular advanced persistent threat (APT) profiles, and to incorporate a broad range of potential threats and vulnerabilities. By striking a balance between fidelity and simplicity, it aims to leverage state of the art RL algorithms for application to real-world cyber defence.

    Paper: (2021) CyGIL: A Cyber Gym for Training Autonomous Agents over Emulated Network Systems

↑ Papers

Surveys

Demonstration papers

Position papers

Regular Papers

PhD Theses

Master Theses

Bachelor Theses

Posters

↑ Books

↑ Blogposts

↑ Talks

↑ Miscellaneous

Contribute

Contributions are very welcome. Please use Github issues and pull requests.

List of Contributors

Thanks for all your contributions and keeping this project up-to-date.

License

LICENSE

Creative Commons

(C) 2021-2023

More Repositories

1

csle

A research platform to develop automated security policies using quantitative methods, e.g., optimal control, computational game theory, reinforcement learning, optimization, evolutionary methods, and causal inference.
Python
115
star
2

gym-idsgame

An Abstract Cyber Security Simulation and Markov Game for OpenAI Gym
Python
71
star
3

gym-optimal-intrusion-response

A Simulated Optimal Intrusion Response Game
Python
18
star
4

erl_pengine

Erlang Pengine, Erlang client to prolog pengine server.
Erlang
11
star
5

Distributed_ML

Distributed Machine Learning
Python
6
star
6

FastTextOnSpark

FastTextOnSpark brings the FastText algorithm for training word embeddings to Spark clusters.
Scala
6
star
7

Basic_SSL_VPN

C
3
star
8

idsgame

Python
3
star
9

Encrypted-chat

Encrypted chat in java
Java
3
star
10

cache_simulator

Cache Simulator - Web application with React
JavaScript
3
star
11

Webserver

A simple webserver in Erlang
Erlang
3
star
12

Advent-Of-Code16-Prolog

Advent of Code 2016 - Prolog Solutions
Prolog
3
star
13

TNSM_Learning_IRS_Supplementary

Supplementary material for "Learning Near-Optimal Intrusion Responses Against Dynamic Attackers" by Hammar & Stadler, 2023, IEEE TNSM
Python
3
star
14

Pengine_RCE_Exploit

An example exploit for a vulnerable prolog pengine server
Prolog
2
star
15

KompicsLogoot

Implementation of the Logoot CRDT in Kompics framework
Java
2
star
16

Limmen.github.io

limmen.dev
TeX
2
star
17

automated-intrusion-prevention-dashboard

A dashboard for inspecting and validating intrusion prevention policies.
JavaScript
2
star
18

SecLists

1
star
19

Distributed-KV-store

Distributed-KV-store using Kompics framework in Java.
Java
1
star
20

gpu_benchmark

a notebook for a basic gpu vs cpu benchmark
Jupyter Notebook
1
star
21

chinook

React front-end that consumes REST-API for the chinook database
Java
1
star