EIReLaND: Evaluating and Interpreting Reinforcement-Learning-based Network Defenses

Open Webpage

Steven Cheung, Jared Claypoole, Prakhar Sharma, Vinod Yegneswaran, Ashish Gehani, Susmit Jha, John Anthony Emanuello, Ahmad Ridley

Published: 17 Aug 2023, Last Modified: 05 Mar 20252nd International Workshop on Adaptive Cyber Defense (ACD '23)EveryoneCC BY 4.0
Abstract: This paper explores the application of goal-oriented machine-learning techniques, and in particular leveraging recent advances in deep reinforcement-learning (RL) networks to automatically discover deviations from normal network activity and choose actions that mitigate unwanted network flows. We develop a software-defined network (SDN)-based evaluation environment called EIReLaND, using OpenAI gym and ContainerNet. We demonstrate that EIReLaND successfully mitigates three popular attack techniques (TCP state exhaustion, CPU/memory exhaustion, brute-force). Finally, we identify the strengths and blindspots of these trained models using four different interpretability techniques.