English

Crown Jewels Analysis using Reinforcement Learning with Attack Graphs

Cryptography and Security 2021-08-24 v1 Machine Learning Networking and Internet Architecture

Abstract

Cyber attacks pose existential threats to nations and enterprises. Current practice favors piece-wise analysis using threat-models in the stead of rigorous cyber terrain analysis and intelligence preparation of the battlefield. Automated penetration testing using reinforcement learning offers a new and promising approach for developing methodologies that are driven by network structure and cyber terrain, that can be later interpreted in terms of threat-models, but that are principally network-driven analyses. This paper presents a novel method for crown jewel analysis termed CJA-RL that uses reinforcement learning to identify key terrain and avenues of approach for exploiting crown jewels. In our experiment, CJA-RL identified ideal entry points, choke points, and pivots for exploiting a network with multiple crown jewels, exemplifying how CJA-RL and reinforcement learning for penetration testing generally can benefit computer network operations workflows.

Cite

@article{arxiv.2108.09358,
  title  = {Crown Jewels Analysis using Reinforcement Learning with Attack Graphs},
  author = {Rohit Gangupantulu and Tyler Cody and Abdul Rahman and Christopher Redino and Ryan Clark and Paul Park},
  journal= {arXiv preprint arXiv:2108.09358},
  year   = {2021}
}
R2 v1 2026-06-24T05:17:47.077Z