Open Access

ARTICLE

Optimal Cyber Attack Strategy Using Reinforcement Learning Based on Common Vulnerability Scoring System

Bum-Sok Kim¹, Hye-Won Suk¹, Yong-Hoon Choi², Dae-Sung Moon³, Min-Suk Kim^2,*

1 Department of Electronic Information System Engineering, Sangmyung University, Cheonan, 31066, Republic of Korea
2 Department of Human Intelligence & Robot Engineering, Sangmyung University, Cheonan, 31066, Republic of Korea
3 Intelligent Convergence Research Laboratory, Electronics and Telecommunications Research Institute, Daejeon, 34129, Republic of Korea

* Corresponding Author: Min-Suk Kim. Email:

(This article belongs to the Special Issue: Advanced Security for Future Mobile Internet: A Key Challenge for the Digital Transformation)

Computer Modeling in Engineering & Sciences 2024, 141(2), 1551-1574. https://doi.org/10.32604/cmes.2024.052375

Received 31 March 2024; Accepted 15 August 2024; Issue published 27 September 2024

Abstract

Currently, cybersecurity threats such as data breaches and phishing have been on the rise due to the many different attack strategies of cyber attackers, significantly increasing risks to individuals and organizations. Traditional security technologies such as intrusion detection have been developed to respond to these cyber threats. Recently, advanced integrated cybersecurity that incorporates Artificial Intelligence has been the focus. In this paper, we propose a response strategy using a reinforcement-learning-based cyber-attack-defense simulation tool to address continuously evolving cyber threats. Additionally, we have implemented an effective reinforcement-learning-based cyber-attack scenario using Cyber Battle Simulation, which is a cyber-attack-defense simulator. This scenario involves important security components such as node value, cost, firewalls, and services. Furthermore, we applied a new vulnerability assessment method based on the Common Vulnerability Scoring System. This approach can design an optimal attack strategy by considering the importance of attack goals, which helps in developing more effective response strategies. These attack strategies are evaluated by comparing their performance using a variety of Reinforcement Learning methods. The experimental results show that RL models demonstrate improved learning performance with the proposed attack strategy compared to the original strategies. In particular, the success rate of the Advantage Actor-Critic-based attack strategy improved by 5.04 percentage points, reaching 10.17%, which represents an impressive 98.24% increase over the original scenario. Consequently, the proposed method can enhance security and risk management capabilities in cyber environments, improving the efficiency of security management and significantly contributing to the development of security systems.

---

Keywords

---