CyberForce: A Federated Reinforcement Learning Framework for Malware Mitigation

  • 2024-09-30 10:19:52
  • Chao Feng, Alberto Huertas Celdran, Pedro Miguel Sanchez Sanchez, Jan Kreischer, Jan von der Assen, Gerome Bovet, Gregorio Martinez Perez, Burkhard Stiller
  • 0

Abstract

Recent research has shown that the integration of Reinforcement Learning (RL)with Moving Target Defense (MTD) can enhance cybersecurity inInternet-of-Things (IoT) devices. Nevertheless, the practicality of existingwork is hindered by data privacy concerns associated with centralized dataprocessing in RL, and the unsatisfactory time needed to learn right MTDtechniques that are effective against a rising number of heterogeneous zero-dayattacks. Thus, this work presents CyberForce, a framework that combinesFederated and Reinforcement Learning (FRL) to collaboratively and privatelylearn suitable MTD techniques for mitigating zero-day attacks. CyberForceintegrates device fingerprinting and anomaly detection to reward or penalizeMTD mechanisms chosen by an FRL-based agent. The framework has been deployedand evaluated in a scenario consisting of ten physical devices of a real IoTplatform affected by heterogeneous malware samples. A pool of experiments hasdemonstrated that CyberForce learns the MTD technique mitigating each attackfaster than existing RL-based centralized approaches. In addition, when variousdevices are exposed to different attacks, CyberForce benefits from knowledgetransfer, leading to enhanced performance and reduced learning time incomparison to recent works. Finally, different aggregation algorithms usedduring the agent learning process provide CyberForce with notable robustness tomalicious attacks.

 

Quick Read (beta)

loading the full paper ...