Effective defense strategies in network security using improved double dueling deep Q-network

Network security is a critical discipline in the contemporary digital world, encompassing diverse technologies and strategies aimed at safeguarding computer systems, networks, and data resources against malicious activities. The attackers and defenders are vital components in the context of network security and defense. Attackers employ various means to steal sensitive information, compromise system functionality, and potentially lead to substantial economic and societal damages. To address these challenges, various network attack and defense scenarios were constructed within the CybORG framework in this paper. In various scenarios, attacks were carried out by different attackers. This was done to investigate the diverse strategies employed by defenders in response to network intrusions across different scenarios. Additionally, real-time assessments of the effectiveness of defensive measures were conducted. To assess the efficacy of defense strategies, we propose DDQN-DuelingNoisy-Experience Replay (DDQN-DNER), a deep reinforcement learning algorithm that trains the defense agent to take appropriate actions to protect the network as it transitions into various states of being under attack. Built upon the Deep Q-Network (DQN) algorithm, the DDQN-DNER method incorporates noise networks, additional experience replay, and distinguishes outputs into value functions and advantage functions, enabling the proactive updating of Q-network parameters based on optimal actions. Simultaneously, Gaussian noise is incorporated into the actions undertaken by the agents. Research findings indicate that as network complexity increases, it becomes more challenging for agents to formulate effective strategies, while lower network security enhances agent capability in strategic decision-making. Compared to the DDQN algorithm, the DDQN-DNER algorithm accelerates the convergence of the model. In all scenarios, this algorithm consistently achieves the highest scores, indicating that the defensive strategies and measures generated by the blue agent are highly effective. The blue agent can promptly detect potential threats and attacks and take appropriate actions to address and mitigate these attacks, thereby ensuring network security.