Representing context, reasoning within contexts, and providing quantitative assessments of machine learning (ML) model certainty are all tasks of fundamental importance for secure, interpretable, and reliable model development. Recent enthusiasm regarding generative ML models has highlighted the importance of representing context, which is contingent on relevant and contextual features of data and model predictions are unreliable on out-of-context inputs. Herein, we develop the theory of graph representation learning (GRL) to extend to Bayesian Graph Neural Networks and to incorporate various forms of uncertainty quantification to improve model development and application in the presence of adversarial attacks. Within this framework, we approach the challenge of adversarial patch detection using a synthesized dataset consisting of images from the APRICOT and COCO datasets to study various binary classification models for patch detection. We present GRL models with two layers of edge convolution that are capable of detecting patches with up to 93.5% accuracy. Further, we find evidence supporting the use of the certainty and competence framework for model predictions as a tool for detecting patches, particularly when the former is included as a model feature in graph neural networks.
KEYWORDS: Network security, Machine learning, Defense and security, Computer networks, Monte Carlo methods, Inspection, Data modeling, Windows, Transformers
In this work, we demonstrate the potential of dynamic reinforcement learning (RL) methods to revolutionize cybersecurity. The RL framework we develop is shown to be capable of shutting down an aggressive botnet, which initially uses spear phishing to establish itself in a Department of Defense (DoD) network. To ensure a suitable real-time response, we employ CP, a transformer model trained for network anomaly detection, to factorize the state space accessible to our RL agent. As the fidelity of our cyber scenario is of the utmost importance for meaningful RL training, we leverage the CyberVAN emulation environment to model an appropriate DoD enterprise network to attack and defend. Our work represents an important step towards harnessing the power of RL to automate general and fully-realistic Defensive Cyber Operations (DCOs).
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.