Breadcrumb

  1. Home
  2. Research
  3. Programs
  4. CASTLE: Cyber Agents For Security Testing and Learning Environments

CASTLE: Cyber Agents for Security Testing and Learning Environments

 

Program Summary

Today, defensive cybersecurity operations anticipate threats with infrequent, internal vulnerability scanning. New vulnerabilities are published daily while attackers seek out new paths toward critical assets. The lack of data-driven descriptions of attacker tools limit efforts to improve defensive operations with real-time incident response and automated forensics. Instead, advanced defenses focus on detecting subtle network changes. In addition, detection performance degrades after continuous, legitimate network changes. Consequently, incident response can take months and is often incomplete.

Cyber Agents for Security Testing and Learning Environments (CASTLE) aims to address these challenges by developing a toolkit that instantiates realistic network environments and trains artificial intelligence agents to support in the defense against advanced persistent cyber threats. Researchers will explore the use of reinforcement learning to automate network hardening and ultimately accelerate cybersecurity assessments with approaches that are automated, repeatable, and measurable.

As an added benefit, CASTLE aims to promote open, rigorous evaluations of defensive approaches by publicly releasing toolkit-generated datasets, which can serve as benchmarks for rigorous measurement of cybersecurity performance beyond the life of the program.

Additional information is available in the CASTLE Broad Agency Announcement.

Contact