Offline RL+CKG: A hybrid AI model for cybersecurity tasks

Date

2023

Department

Program

Citation of Original Publication

Piplai, Aritran, Anupam Joshi, and Tim Finin. “Offline RL+CKG: A Hybrid AI Model for Cybersecurity Tasks.” Edited by A. Martin, K. Hinkelmann, H.-G. Fill, A. Gerber, D. Lenat, R. Stolle, and F. van Harmelen. Proceedings of the AAAI 2023 Spring Symposium on Challenges Requiring the Combination of Machine Learning and Knowledge Engineering (AAAI-MAKE 2023), April 2023. https://ceur-ws.org/Vol-3433/short1.pdf

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Attribution 4.0 International (CC BY 4.0)

Abstract

AI models for cybersecurity have to detect and defend against constantly evolving cyber threats. Much efort is spent building defenses for zero days and unseen variants of known cyber-attacks. Current AI models for cybersecurity struggle with these yet unseen threats due to the constantly evolving nature of threat vectors, vulnerabilities, and exploits. This paper shows that cybersecurity AI models will be improved and more general if we include semi-structured representations of background knowledge. This could include information about the software and systems, as well as information obtained from observing the behavior of malware samples captured and detonated in honeypots. We describe how we can transfer this knowledge into forms that the RL models can directly use for decision-making purposes.