The cybersecurity threat landscape has lately become overly complex. Threat actors leverage weaknesses in the network and endpoint security in a very coordinated manner to perpetuate sophisticated attacks that could bring down the entire network and many critical hosts in the network. Increasingly advanced deep and machine learning-based solutions have been used in threat detection and protection. The application of these techniques has been reviewed well in the scientific literature. Deep Reinforcement Learning has shown great promise in developing AI-based solutions for areas that had earlier required advanced human cognizance. Different techniques and algorithms under deep reinforcement learning have shown great promise in applications ranging from games to industrial processes, where it is claimed to augment systems with general AI capabilities. These algorithms have recently also been used in cybersecurity, especially in threat detection and endpoint protection, where these are showing state-of-the-art results. Unlike supervised machines and deep learning, deep reinforcement learning is used in more diverse ways and is empowering many innovative applications in the threat defense landscape. However, there does not exist any comprehensive review of these unique applications and accomplishments. Therefore, in this paper, we intend to fill this gap and provide a comprehensive review of the different applications of deep reinforcement learning in cybersecurity threat detection and protection.
翻译:威胁行为体以非常协调的方式利用网络和终端安全方面的弱点,使可能摧毁整个网络和网络中许多关键主机的复杂袭击永久化。在发现和保护威胁方面,使用了日益先进的深层次和机器学习解决方案。科学文献对这些技术的应用进行了很好地审查。深度强化学习在为以前需要高级人类认知的领域开发基于AI的解决方案方面显示了巨大的希望。深入强化学习中的不同技术和算法在从游戏到工业流程的应用中显示了巨大的希望,声称这些应用将增强通用的AI能力。这些算法最近还被用于网络安全,特别是威胁探测和终端保护,这些算法正在显示最新的结果。不同于监管的机器和深层学习,深入强化学习正在以更多样化的方式使用,正在增强威胁防御领域的许多创新应用。然而,对于这些独特的应用和成就没有进行任何全面的审查。因此,我们打算在本文件中填补这一空白,并全面审查在发现和保护网络安全威胁时,对深度强化学习的不同应用。