This breakthrough model uses advanced graph neural networks and a novel evaluation metric to anticipate cyber attackers’ next moves, helping defenders stay ahead in the fight for network security.
Research: Machine Theory of Mind for Autonomous Cyber-Defence. Image Credit: Shutterstock AI
*Important notice: arXiv publishes preliminary scientific reports that are not peer-reviewed and, therefore, should not be regarded as definitive, used to guide development decisions, or treated as established information in the field of artificial intelligence research.
In an article submitted to the arXiv preprint* server, researchers at BAE Systems Applied Intelligence Labs evaluated Machine Theory of Mind (ToM) approaches for autonomous cyber operations to enhance interpretability in cybersecurity. They introduced a novel graph neural network-based architecture, Graph-In, Graph-Out (GIGO)-ToM, designed to predict adversarial targets and attack trajectories across variable-sized and heterogeneous network topologies. To assess these predictions, they proposed the Network Transport Distance (NTD), a graph-aware metric enabling standardized comparisons of graph-based probability distributions. Empirical evaluations demonstrated that GIGO-ToM effectively predicted cyber-attacking agents' goals and behaviors while accurately characterizing their policies, even in complex cyber-defense scenarios.
Related Work
Past work highlighted the potential of Theory of Mind (ToM) models, like the ToM network (ToMnet), for understanding agent behavior through predictions of actions, targets, and successor representations. However, ToMnet's original design was limited to fixed grid world environments, raising concerns about its scalability to dynamic and complex cybersecurity scenarios. Challenges include adapting ToMnet for variable input sizes, heterogeneous network features, and addressing the 'curse of dimensionality.' This study aimed to overcome these limitations by extending the original ToMnet framework and quantitatively evaluating its successor representations for realistic cyber-defense applications.
Predicting Cyber-Attack Behavior
To address the “hot-desking user problem” in cyber-defense, this study evaluates ToMnet architectures within a partially observable Markov game framework. It involves two agents: a Red attacker targeting high-value nodes and a Blue Defender protecting the network. Scenarios are simulated using a graph-based YAWNING-TITAN framework, incorporating customizable TreeNetwork topologies and rule-based agents for better interpretability and scalability. The ToMnet architecture predicts attack targets and trajectories by processing past and current agent trajectories. This approach demonstrates the potential for generalizing behavior prediction across diverse and dynamic network configurations.
Topology-Aware Defense
The methods section outlines novel adaptations of ToMnet for cyber-defense scenarios. Given the variability in network node numbers, a graph-based approach enhances ToMnet's applicability. Two architectures were introduced: Graph-In, Graph-Out (GIGO)-ToM and Graph-In, Dense-Out (GIDO)-ToM. Both employ graph attention network v2 (GATv2) layers for node feature extraction and use trajectories of graph-based state observations to generate character embeddings through long short-term memory networks (LSTMs).
GIDO-ToM retains dense layers for output, requiring fixed node numbers per output layer. At the same time, GIGO-ToM integrates graph neural network (GNN) layers for inputs and outputs, enabling flexible, scalable predictions without padding during inference. Both architectures predict the attacker's target and successor representation, optimized with specialized loss functions.
Additionally, a new metric, the Network Transport Distance (NTD), extends the Wasserstein distance to incorporate network-specific graph topology. NTD evaluates successor representations by considering node proximity and features, ensuring predictions align closely with network structure and strategic importance. A weighting function (NTDθ) further refines NTD by integrating user-defined strategic node features. This approach allows network administrators to prioritize specific nodes or paths of interest. Illustrations and experimental results emphasize the value of topology-aware evaluation and flexibility in cyber-defense applications.
Cyber-Attack Prediction
The experiments evaluated the performance of GIGO-ToM in understanding cyber-attacking agents’ behavior and predicting their actions within the YAWNING-TITAN environment. Using the hot-desking user problem, GIGO-ToM was benchmarked against GIDO-ToM, demonstrating its superior ability to learn character embeddings that effectively differentiate between previously unseen Red agents’ policies. GIGO-ToM consistently produced coherent clusters of embeddings, improving with additional past behavior data, while GIDO-ToM showed overlapping and inconsistent clusters with limited generalization.
GIGO-ToM achieved significantly higher weighted F1 scores for high-value node predictions than GIDO-ToM, even in complex network configurations. Its performance remained robust across network sizes but showed sensitivity to network branching complexity, with more branches increasing misclassification rates. Despite this, GIGO-ToM’s ability to accurately identify critical target nodes across diverse topologies demonstrates its strong predictive capabilities in challenging cyber-defense scenarios.
GIGO-ToM also excelled in predicting attack trajectories, consistently outperforming GIDO-ToM in accuracy (measured via NTD). Its predictions were resilient to increases in network size and complexity, particularly for shorter-term trajectories. However, its performance diminished slightly for long-term predictions and in cases where attack paths ventured into remote or sparsely connected regions of the network. This indicates that additional refinements to long-term trajectory predictions could further improve results.
An analysis of GIGO-ToM’s predictions revealed occasional hedging behavior, where the model mapped paths to multiple high-value nodes rather than committing to a single target. This behavior, observed in approximately 20% of test samples under the most challenging conditions, suggests uncertainty arising from ambiguous or conflicting training data. Nonetheless, GIGO-ToM confidently predicted distinct attack paths for the remaining 80% of cases, achieving a mean NTD of 0.08, highlighting its utility for practical cyber-defense operations.
Conclusion
This research evaluated GIGO-ToM, an advanced graph-based ToM model, for predicting adversarial cyber agents' behaviors. It also highlighted its effectiveness in identifying goals and attack paths in real-time. The integration of the Network Transport Distance (NTD) as both an evaluation metric and a loss function demonstrated its potential for improving successor representation predictions. The findings underscored GIGO-ToM's applicability for enhancing cyber-defense strategies and emphasized the broader utility of graph-based models in understanding network vulnerabilities and attacker strategies. Future research could explore scenarios with dynamic networks and adversarial learning to further enhance GIGO-ToM’s capabilities.
*Important notice: arXiv publishes preliminary scientific reports that are not peer-reviewed and, therefore, should not be regarded as definitive, used to guide development decisions, or treated as established information in the field of artificial intelligence research.
Journal reference:
- Preliminary scientific report.
Swaby, L., Stewart, M., Harrold, D., Willis, C., & Palmer, G. (2024). Machine Theory of Mind for Autonomous Cyber-Defence. ArXiv. https://arxiv.org/abs/2412.04367