Skip to main content

Self-Learning Systems for Cyber Defense

A growing problem in system security stems from the fact that both attack methods and target systems constantly evolve: on the one hand attacks increase in sophistication over time, on the other hand target systems keep changing due to functional upgrades and innovation. As a consequence, a defender mustconstantly adapt and improve the target system in order to remain effective, which imposes an increasing burden on system designers and operators.

The goal of this project is to study, develop, and demonstrate strategies that will automate the defender’s task and keep a system secure in a changing environment. To this end, the project will investigate various approaches for self-learning systems that produce ever better defender strategies. The research adopts an adversarial approach, based on reinforcement learning, genetic algorithms, and game theory, whereby the strategies of simulated attackers and defenders co-evolve without human intervention.


K. Hammar and R. Stadler. "Learning Security Strategies through Game Play and Optimal Stopping." arXiv preprint arXiv: 2205.14694 .

K. Hammar and R. Stadler, "A System for Interactive Examination of Learned Security Policies," NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, 2022, pp. 1-3, doi: 10.1109/NOMS54207.2022.9789707

K. Hammar and R. Stadler, "Intrusion Prevention through Optimal Stopping," in IEEE Transactions on Network and Service Management, 10.1109/TNSM.2022.3176781 .

K. Hammar and R. Stadler, "Learning Intrusion Prevention Policies through Optimal Stopping," 2021 17th International Conference on Network and Service Management (CNSM), 2021, pp. 509-517, doi: 10.23919/CNSM52442.2021.9615542 .

K. Hammar and R. Stadler, "Finding Effective Security Strategies through Reinforcement Learning and Self-Play," 2020 16th International Conference on Network and Service Management (CNSM), Izmir, Turkey, 2020, pp. 1-9, doi: 10.23919/CNSM50824.2020.9269092.


Belongs to: Centre for Cyber Defence and Information Security
Last changed: Sep 14, 2022