Operationalizing Cybersecurity Governance for Mitigation Planning with Attack-Path Modeling and Reinforcement Learning

We address a fundamental challenge in cybersecurity operations of translating governance frameworks into actionable mitigation decisions under realistic resource constraints. Frameworks such as the NIST Cybersecurity Framework CSF provide widely adopted measures of organizational maturity, but do...

Cyber Deception for Mission Surveillance Via Hypergame-Theoretic Deep Reinforcement Learning

Unmanned Aerial Vehicles UAVs are valuable for mission-critical systems like surveillance, rescue, or delivery. Not surprisingly, such systems attract cyberattacks, including Denial-of-Service DoS attacks to overwhelm the resources of mission drones MDs. How can we defend UAV mission systems...

Blockchain-Enabled Routing for Zero-Trust Low-Altitude Intelligent Networks

Due to the scalability and portability, low-altitude intelligent networks LAINs are essential in various fields such as surveillance and disaster rescue. However, in LAINs, unmanned aerial vehicles UAVs are characterized by the distributed topology and high mobility, thus vulnerable to security...

SoK: The Pitfalls of Deep Reinforcement Learning for Cybersecurity

Deep Reinforcement Learning DRL has achieved remarkable success in domains requiring sequential decision-making, motivating its application to cybersecurity problems. However, transitioning DRL from laboratory simulations to bespoke cyber environments can introduce numerous issues. This is furthe...

Deep Reinforcement Learning for Phishing Detection with Transformer-Based Semantic Features

Phishing is a cybercrime in which individuals are deceived into revealing personal information, often resulting in financial loss. These attacks commonly occur through fraudulent messages, misleading advertisements, and compromised legitimate websites. This study proposes a Quantile Regression De...

A Novel and Practical Universal Adversarial Perturbations against Deep Reinforcement Learning Based Intrusion Detection Systems

Intrusion Detection Systems IDS play a vital role in defending modern cyber physical systems against increasingly sophisticated cyber threats. Deep Reinforcement Learning-based IDS, have shown promise due to their adaptive and generalization capabilities. However, recent studies reveal their...

A DRL-Empowered Multi-Level Jamming Approach for Secure Semantic Communication

Semantic communication SemCom aims to transmit only task-relevant information, thereby improving communication efficiency but also exposing semantic information to potential eavesdropping. In this paper, we propose a deep reinforcement learning DRL-empowered multi-level jamming approach to enhanc...

Enhancing Security in Deep Reinforcement Learning: A Comprehensive Survey on Adversarial Attacks and Defenses

With the wide application of deep reinforcement learning DRL techniques in complex fields such as autonomous driving, intelligent manufacturing, and smart healthcare, how to improve its security and robustness in dynamic and changeable environments has become a core issue in current research...

DRMD: Deep Reinforcement Learning for Malware Detection under Concept Drift

Malware detection in real-world settings must deal with evolving threats, limited labeling budgets, and uncertain predictions. Traditional classifiers, without additional mechanisms, struggle to maintain performance under concept drift in malware domains, as their supervised learning formulation...

Beyond Training-Time Poisoning: Component-Level and Post-Training Backdoors in Deep Reinforcement Learning

Deep Reinforcement Learning DRL systems are increasingly used in safety-critical applications, yet their security remains severely underexplored. This work investigates backdoor attacks, which implant hidden triggers that cause malicious actions only when specific inputs appear in the observation...

Autonomous Cyber Resilience Via a Co-Evolutionary Arms Race within a Fortified Digital Twin Sandbox

The convergence of IT and OT has created hyper-connected ICS, exposing critical infrastructure to a new class of adaptive, intelligent adversaries that render static defenses obsolete. Existing security paradigms often fail to address a foundational "Trinity of Trust," comprising the fidelity of...

Adaptive Alert Prioritisation in Security Operations Centres Via Learning to Defer with Human Feedback

Alert prioritisation AP is crucial for security operations centres SOCs to manage the overwhelming volume of alerts and ensure timely detection and response to genuine threats, while minimising alert fatigue. Although predictive AI can process large alert volumes and identify known patterns, it...

From Static to Adaptive Defense: Federated Multi-Agent Deep Reinforcement Learning-Driven Moving Target Defense against DoS Attacks in UAV Swarm Networks

The proliferation of unmanned aerial vehicle UAV swarms has enabled a wide range of mission-critical applications, but also exposes UAV networks to severe Denial-of-Service DoS threats due to their open wireless environment, dynamic topology, and resource constraints. Traditional static or...

Application of Deep Reinforcement Learning for Intrusion Detection in Internet of Things: a Systematic Review

The Internet of Things IoT has significantly expanded the digital landscape, interconnecting an unprecedented array of devices, from home appliances to industrial equipment. This growth enhances functionality, e.g., automation, remote monitoring, and control, and introduces substantial security...

AutoPentest-DRL - Automated Penetration Testing Using Deep Reinforcement Learning

AutoPentest-DRL is an automated penetration testing framework based on Deep Reinforcement Learning DRL techniques. The framework determines the most appropriate attack path for a given network, and can be used to execute a simulated attack on that network via penetration testing tools, such as...

Manipulating Machine Learning Systems by Manipulating Training Data

Interesting research: "TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents": Abstract:: Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-ti...

Automatic Machine Learning Penetration Test Tool: Deep Exploit

DeepExploit is fully automated penetration tool linked with Metasploit. It identifies the status of all opened ports on the target server and executes the exploit at pinpoint using Machine Learning. DeepExploit consists of the machine learning model A3C and Metasploit . The A3C executes exploit t...