Discovering Exfiltration Paths Using Reinforcement Learning with Attack Graphs

Add code
Jan 28, 2022
Tyler Cody, Abdul Rahman, Christopher Redino, Lanxiao Huang, Ryan Clark, Akshay Kakkar, Deepak Kushwaha, Paul Park, Peter Beling, Edward Bowen
Figure 1 for Discovering Exfiltration Paths Using Reinforcement Learning with Attack Graphs
Figure 2 for Discovering Exfiltration Paths Using Reinforcement Learning with Attack Graphs
Figure 3 for Discovering Exfiltration Paths Using Reinforcement Learning with Attack Graphs
Figure 4 for Discovering Exfiltration Paths Using Reinforcement Learning with Attack Graphs

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Reinforcement learning (RL), in conjunction with attack graphs and cyber terrain, are used to develop reward and state associated with determination of optimal paths for exfiltration of data in enterprise networks. This work builds on previous crown jewels (CJ) identification that focused on the target goal of computing optimal paths that adversaries may traverse toward compromising CJs or hosts within their proximity. This work inverts the previous CJ approach based on the assumption that data has been stolen and now must be quietly exfiltrated from the network. RL is utilized to support the development of a reward function based on the identification of those paths where adversaries desire reduced detection. Results demonstrate promising performance for a sizable network environment.

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon