English

Discovering Exfiltration Paths Using Reinforcement Learning with Attack Graphs

Cryptography and Security 2022-04-26 v2 Machine Learning Networking and Internet Architecture

Abstract

Reinforcement learning (RL), in conjunction with attack graphs and cyber terrain, are used to develop reward and state associated with determination of optimal paths for exfiltration of data in enterprise networks. This work builds on previous crown jewels (CJ) identification that focused on the target goal of computing optimal paths that adversaries may traverse toward compromising CJs or hosts within their proximity. This work inverts the previous CJ approach based on the assumption that data has been stolen and now must be quietly exfiltrated from the network. RL is utilized to support the development of a reward function based on the identification of those paths where adversaries desire reduced detection. Results demonstrate promising performance for a sizable network environment.

Keywords

Cite

@article{arxiv.2201.12416,
  title  = {Discovering Exfiltration Paths Using Reinforcement Learning with Attack Graphs},
  author = {Tyler Cody and Abdul Rahman and Christopher Redino and Lanxiao Huang and Ryan Clark and Akshay Kakkar and Deepak Kushwaha and Paul Park and Peter Beling and Edward Bowen},
  journal= {arXiv preprint arXiv:2201.12416},
  year   = {2022}
}

Comments

The 5th IEEE Conference on Dependable and Secure Computing (IEEE DSC 2022)

R2 v1 2026-06-24T09:08:11.220Z