English

CSLE: A Reinforcement Learning Platform for Autonomous Security Management

Cryptography and Security 2026-04-20 v1 Artificial Intelligence

Abstract

Reinforcement learning is a promising approach to autonomous and adaptive security management in networked systems. However, current reinforcement learning solutions for security management are mostly limited to simulation environments and it is unclear how they generalize to operational systems. In this paper, we address this limitation by presenting CSLE: a reinforcement learning platform for autonomous security management that enables experimentation under realistic conditions. Conceptually, CSLE encompasses two systems. First, it includes an emulation system that replicates key components of the target system in a virtualized environment. We use this system to gather measurements and logs, based on which we identify a system model, such as a Markov decision process. Second, it includes a simulation system where security strategies are efficiently learned through simulations of the system model. The learned strategies are then evaluated and refined in the emulation system to close the gap between theoretical and operational performance. We demonstrate CSLE through four use cases: flow control, replication control, segmentation control, and recovery control. Through these use cases, we show that CSLE enables near-optimal security management in an environment that approximates an operational system.

Keywords

Cite

@article{arxiv.2604.15590,
  title  = {CSLE: A Reinforcement Learning Platform for Autonomous Security Management},
  author = {Kim Hammar},
  journal= {arXiv preprint arXiv:2604.15590},
  year   = {2026}
}

Comments

Accepted as Oral to the Ninth Annual Conference on Machine Learning and Systems (MLSys 2026), https://mlsys.org/virtual/2026/oral/3812

R2 v1 2026-07-01T12:13:39.750Z