Safety-Contract Graph Multi-Agent Reinforcement Learning for Autonomous Network Security Response

📄 arXiv: 2606.13832v1 📥 PDF

作者: Jose Luis Lima de Jesus Silva

分类: cs.MA, cs.AI, cs.CR, cs.LG

发布日期: 2026-06-11


💡 一句话要点

提出安全合同图多智能体强化学习框架以提升网络安全响应

🎯 匹配领域: 支柱二:RL算法与架构 (RL & Architecture)

关键词: 多智能体强化学习 网络安全 自主响应 约束优化 图注意力网络

📋 核心要点

  1. 现有的奖励导向多智能体强化学习方法在实际应用中无法有效控制网络安全响应的预算,导致高停机成本。
  2. 本文提出的ACD$^3$-GAT框架通过引入安全合同和图注意力网络,增强了对操作预算的控制能力。
  3. 实验结果表明,ACD$^3$-GAT在CAGE Challenge 4中显著降低了停机成本和预算违规率,展示了其优越性。

📝 摘要(中文)

自主网络安全响应系统有望降低安全运营中心的反应延迟,但仅依赖奖励的多智能体强化学习(MARL)方法在实际部署中存在局限性。本文提出了一种安全合同图MARL框架,并将其具体化为ACD$^3$-GAT(自适应约束反事实决策与图注意力网络编码器),该架构将模拟器观察与可重用的操作预算、约束优化、图状态编码和反事实动作筛选分离。通过在CAGE Challenge 4中的评估,发现每种不受约束的方法在100%的评估回合中违反了SOC停机预算,而ACD$^3$-GAT则在保持较低停机成本的同时,显著降低了预算违规率。

🔬 方法详解

问题定义:本文旨在解决现有多智能体强化学习方法在网络安全响应中无法有效控制预算的问题,导致高停机成本和低效反应。

核心思路:提出安全合同图MARL框架ACD$^3$-GAT,通过引入约束优化和图状态编码,提升对操作预算的管理能力,确保安全性与效率的平衡。

技术框架:ACD$^3$-GAT架构包括多个模块:模拟器观察、操作预算管理、约束优化、图状态编码和反事实动作筛选,形成一个完整的决策流程。

关键创新:最重要的创新在于引入了安全合同和图反事实风险传播(G-CRP),使得模型不仅关注奖励,还能有效控制操作成本与预算。

关键设计:模型设计中采用了Lagrangian操作成本控制、预算感知筛选和CVaR尾部风险估计等技术细节,确保在复杂环境下的稳定性与安全性。

🖼️ 关键图片

fig_0
fig_1
fig_2

📊 实验亮点

实验结果显示,C-MAPPO-GAT将停机违规率从100%降低至0.3%,平均停机成本从355.4降低至15.5,而ACD$^3$-GAT进一步将平均停机成本降低至48.2,违规率为13.8%,展示了其在安全合同前沿的优势。

🎯 应用场景

该研究的潜在应用领域包括网络安全响应系统、自动化安全监控和智能决策支持系统。通过提升多智能体系统的反应能力和预算控制能力,能够在实际操作中显著降低安全事件的影响,具有重要的实际价值和广泛的应用前景。

📄 摘要(原文)

Autonomous network-security response systems promise to reduce Security Operations Centre (SOC) reaction latency, but reward-only multi-agent reinforcement learning (MARL) can improve security reward while remaining non-deployable. We present a safety-contract graph MARL framework and instantiate it as ACD$^3$-GAT (Adaptive Constrained Counterfactual Decisioning with a Graph Attention Network encoder), an architecture that separates simulator observations from reusable operational budgets, constrained optimization, graph state encoding, and counterfactual action screening. We evaluate the method in CAGE Challenge 4, where agents operate under budgets for Mean Time to Recover (MTTR), false-positive response, and firewall change-management disruption. Across the benchmark, every unconstrained method violates the SOC downtime budget in 100% of evaluated episodes, with mean downtime proxy costs of 311-430 against a budget of 50. This complements prior CAGE Challenge 4 findings by showing that reward-only learning lacks operational discipline. Constrained MAPPO-GAT (C-MAPPO-GAT) isolates Lagrangian operational-cost control and budget-aware screening, while ACD$^3$-GAT adds budget context, CVaR tail-risk estimation, opponent-belief state, and Graph Counterfactual Risk Propagation (G-CRP). The replicated comparison includes three 200-episode seeds for IPPO, MAPPO-GAT, C-MAPPO-GAT, and ACD$^3$-GAT. C-MAPPO-GAT reduces downtime violation from 100% to 0.3% and mean downtime cost from 355.4 to 15.5 relative to MAPPO-GAT. ACD$^3$-GAT reduces mean downtime cost to 48.2 with a 13.8% violation rate, placing it on the safety-contract frontier rather than at the most conservative compliance point. Topology-seed and coupled adaptive Red-process stress tests preserve this contrast and show lower worst adaptive degradation for safety-constrained policies than reward-only MAPPO-GAT.