DARPA使用人工智能創建現實環境并訓練網絡智能體以應對高級持續性網絡威脅
在保護關鍵計算資產方面,不斷擴大的網絡攻擊面、頻繁的計算機漏洞掃描和繁重的安全程序造成了一場看似不平衡的戰斗。將這些因素與通常缺乏可操作反饋的昂貴的網絡安全評估相結合,有利于網絡攻擊者。
DARPA打算通過一個專注于技術的CASTLE項目來改變這種態勢,該項目可以通過自動化、可重復和可測量的方法加速網絡安全評估。
用于安全測試和學習環境的網絡智能體(Cyber Agents for Security Testing and Learning Environments,CASTLE)項目旨在通過開發一個工具包來改進網絡測試和評估,該工具包可實例化現實網絡環境并訓練AI智能體以防御高級持續性網絡威脅(advanced persistent cyber threats,APT)。團隊將使用強化學習方法來自動化減少網絡漏洞的過程。
DARPA信息創新辦公室的CASTLE項目經理Tejas Patel說:“攻擊者通常比防御者更了解網絡漏洞”“強化學習可以創建和培訓網絡智能體,這些智能體比當前解決網絡中APT的手動方法更有效。”
CASTLE的另一個目標是創建開源軟件,幫助網絡防御者預測攻擊者可能利用的漏洞。作為一項重要的好處,CASTLE軟件創建的數據集將促進對超出程序生命周期的防御方法進行開放、嚴格的評估。
更多信息也可以在CASTLE廣泛的機構公告中找到。
https://www.darpa.mil/news-events/2022-10-24
DARPA’s CASTLE to Fortify Computer Networks
DARPA accepting proposals using AI to create realistic environments and train cyber agents to counter advanced persistent cyber threats
An ever-expanding cyber-attack surface, infrequent computer vulnerability scans, and burdensome security procedures create a seemingly lopsided battle when it comes to defending critical computing assets. Couple those factors with costly cybersecurity assessments that often lack actionable feedback, and the odds may appear to favor bad actors.
DARPA intends to change that dynamic through a new program focused on technology that can accelerate cybersecurity assessments with automated, repeatable, and measurable approaches.
The Cyber Agents for Security Testing and Learning Environments (CASTLE) program seeks to improve cyber testing and evaluation by developing a toolkit that instantiates realistic network environments and trains AI agents to defend against advanced persistent cyber threats (APTs). Teams will use a class of machine learning known as reinforcement learning to automate the process of reducing vulnerabilities within a network.
“Attackers often have a better understanding of network vulnerabilities than defenders but it doesn’t have to be that way,” said Tejas Patel, CASTLE program manager in DARPA’s Information Innovation Office. “Reinforcement learning may enable the creation and training of cyber agents that are much more effective than current manual approaches for addressing APTs in networks.”
Another goal of CASTLE is to create open-source software that can help network defenders anticipate vulnerabilities an attacker may exploit. As an important benefit, datasets created by the CASTLE software will promote open, rigorous evaluation of defensive approaches that last beyond the life of the program.
More information can also be found in the CASTLE Broad Agency Announcement.
