{"id":"https://openalex.org/W4402811769","doi":"https://doi.org/10.1109/csr61664.2024.10679510","title":"Leveraging Reinforcement Learning in Red Teaming for Advanced Ransomware Attack Simulations","display_name":"Leveraging Reinforcement Learning in Red Teaming for Advanced Ransomware Attack Simulations","publication_year":2024,"publication_date":"2024-09-02","ids":{"openalex":"https://openalex.org/W4402811769","doi":"https://doi.org/10.1109/csr61664.2024.10679510"},"language":"en","primary_location":{"id":"doi:10.1109/csr61664.2024.10679510","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr61664.2024.10679510","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100417052","display_name":"Cheng Wang","orcid":"https://orcid.org/0009-0009-5870-3554"},"institutions":[{"id":"https://openalex.org/I145325580","display_name":"Deloitte (United States)","ror":"https://ror.org/03xkm6e60","country_code":"US","type":"company","lineage":["https://openalex.org/I145325580","https://openalex.org/I4210139068"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Cheng Wang","raw_affiliation_strings":["Deloitte & Touche LLP"],"affiliations":[{"raw_affiliation_string":"Deloitte & Touche LLP","institution_ids":["https://openalex.org/I145325580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028087468","display_name":"Christopher Redino","orcid":null},"institutions":[{"id":"https://openalex.org/I145325580","display_name":"Deloitte (United States)","ror":"https://ror.org/03xkm6e60","country_code":"US","type":"company","lineage":["https://openalex.org/I145325580","https://openalex.org/I4210139068"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Christopher Redino","raw_affiliation_strings":["Deloitte & Touche LLP"],"affiliations":[{"raw_affiliation_string":"Deloitte & Touche LLP","institution_ids":["https://openalex.org/I145325580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001898925","display_name":"Ryan Clark","orcid":"https://orcid.org/0000-0002-2807-4584"},"institutions":[{"id":"https://openalex.org/I145325580","display_name":"Deloitte (United States)","ror":"https://ror.org/03xkm6e60","country_code":"US","type":"company","lineage":["https://openalex.org/I145325580","https://openalex.org/I4210139068"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ryan Clark","raw_affiliation_strings":["Deloitte & Touche LLP"],"affiliations":[{"raw_affiliation_string":"Deloitte & Touche LLP","institution_ids":["https://openalex.org/I145325580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100674691","display_name":"Abdul Rahman","orcid":"https://orcid.org/0000-0003-0953-5696"},"institutions":[{"id":"https://openalex.org/I145325580","display_name":"Deloitte (United States)","ror":"https://ror.org/03xkm6e60","country_code":"US","type":"company","lineage":["https://openalex.org/I145325580","https://openalex.org/I4210139068"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Abdul Rahman","raw_affiliation_strings":["Deloitte & Touche LLP"],"affiliations":[{"raw_affiliation_string":"Deloitte & Touche LLP","institution_ids":["https://openalex.org/I145325580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092023127","display_name":"Sal Aguinaga","orcid":null},"institutions":[{"id":"https://openalex.org/I145325580","display_name":"Deloitte (United States)","ror":"https://ror.org/03xkm6e60","country_code":"US","type":"company","lineage":["https://openalex.org/I145325580","https://openalex.org/I4210139068"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sal Aguinaga","raw_affiliation_strings":["Deloitte & Touche LLP"],"affiliations":[{"raw_affiliation_string":"Deloitte & Touche LLP","institution_ids":["https://openalex.org/I145325580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092119009","display_name":"Sathvik Murli","orcid":null},"institutions":[{"id":"https://openalex.org/I145325580","display_name":"Deloitte (United States)","ror":"https://ror.org/03xkm6e60","country_code":"US","type":"company","lineage":["https://openalex.org/I145325580","https://openalex.org/I4210139068"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sathvik Murli","raw_affiliation_strings":["Deloitte & Touche LLP"],"affiliations":[{"raw_affiliation_string":"Deloitte & Touche LLP","institution_ids":["https://openalex.org/I145325580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066946903","display_name":"Dhruv Nandakumar","orcid":null},"institutions":[{"id":"https://openalex.org/I145325580","display_name":"Deloitte (United States)","ror":"https://ror.org/03xkm6e60","country_code":"US","type":"company","lineage":["https://openalex.org/I145325580","https://openalex.org/I4210139068"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dhruv Nandakumar","raw_affiliation_strings":["Deloitte & Touche LLP"],"affiliations":[{"raw_affiliation_string":"Deloitte & Touche LLP","institution_ids":["https://openalex.org/I145325580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109788621","display_name":"Roland Rao","orcid":null},"institutions":[{"id":"https://openalex.org/I145325580","display_name":"Deloitte (United States)","ror":"https://ror.org/03xkm6e60","country_code":"US","type":"company","lineage":["https://openalex.org/I145325580","https://openalex.org/I4210139068"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Roland Rao","raw_affiliation_strings":["Deloitte & Touche LLP"],"affiliations":[{"raw_affiliation_string":"Deloitte & Touche LLP","institution_ids":["https://openalex.org/I145325580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022523600","display_name":"Lanxiao Huang","orcid":"https://orcid.org/0009-0005-6366-4781"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lanxiao Huang","raw_affiliation_strings":["Virginia Tech"],"affiliations":[{"raw_affiliation_string":"Virginia Tech","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035372552","display_name":"Daniel Radke","orcid":null},"institutions":[{"id":"https://openalex.org/I145325580","display_name":"Deloitte (United States)","ror":"https://ror.org/03xkm6e60","country_code":"US","type":"company","lineage":["https://openalex.org/I145325580","https://openalex.org/I4210139068"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Daniel Radke","raw_affiliation_strings":["Deloitte & Touche LLP"],"affiliations":[{"raw_affiliation_string":"Deloitte & Touche LLP","institution_ids":["https://openalex.org/I145325580"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063742042","display_name":"Edward Bowen","orcid":"https://orcid.org/0000-0002-6566-1710"},"institutions":[{"id":"https://openalex.org/I145325580","display_name":"Deloitte (United States)","ror":"https://ror.org/03xkm6e60","country_code":"US","type":"company","lineage":["https://openalex.org/I145325580","https://openalex.org/I4210139068"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Edward Bowen","raw_affiliation_strings":["Deloitte & Touche LLP"],"affiliations":[{"raw_affiliation_string":"Deloitte & Touche LLP","institution_ids":["https://openalex.org/I145325580"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":11,"corresponding_author_ids":["https://openalex.org/A5100417052"],"corresponding_institution_ids":["https://openalex.org/I145325580"],"apc_list":null,"apc_paid":null,"fwci":3.3753,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.93462898,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"262","last_page":"269"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9937000274658203,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9775000214576721,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.9400897026062012},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.7842016220092773},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6812156438827515},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4528639018535614},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.35561272501945496},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.3472018241882324},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2336144745349884}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.9400897026062012},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.7842016220092773},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6812156438827515},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4528639018535614},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.35561272501945496},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.3472018241882324},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2336144745349884}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csr61664.2024.10679510","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr61664.2024.10679510","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1534271906","https://openalex.org/W2130778370","https://openalex.org/W2215444025","https://openalex.org/W2887954984","https://openalex.org/W2895830121","https://openalex.org/W2963563709","https://openalex.org/W2974072230","https://openalex.org/W3034402928","https://openalex.org/W3093593591","https://openalex.org/W3099702369","https://openalex.org/W3132588576","https://openalex.org/W3194526190","https://openalex.org/W3201224956","https://openalex.org/W3202592743","https://openalex.org/W3202594349","https://openalex.org/W4200055159","https://openalex.org/W4214717370","https://openalex.org/W4297098541","https://openalex.org/W4360764871","https://openalex.org/W4366447842","https://openalex.org/W4375853921","https://openalex.org/W4390636702","https://openalex.org/W6683204974","https://openalex.org/W6800226346"],"related_works":["https://openalex.org/W3201228709","https://openalex.org/W2922354075","https://openalex.org/W4389157351","https://openalex.org/W4232561318","https://openalex.org/W4253977752","https://openalex.org/W3120595989","https://openalex.org/W2942879794","https://openalex.org/W2964829536","https://openalex.org/W2962911305","https://openalex.org/W4224941017"],"abstract_inverted_index":{"Ransomware":[0],"presents":[1],"a":[2,20,50,67,118],"significant":[3],"and":[4,9,15,109,136],"increasing":[5],"threat":[6],"to":[7,42,57,99,134,149],"individuals":[8],"organizations":[10,32],"by":[11,91],"encrypting":[12],"their":[13],"systems":[14],"not":[16],"releasing":[17],"them":[18,104],"until":[19],"large":[21],"fee":[22],"has":[23],"been":[24],"extracted.":[25],"To":[26],"bolster":[27],"preparedness":[28],"against":[29],"potential":[30],"attacks,":[31],"commonly":[33],"conduct":[34],"red":[35],"teaming":[36],"exercises,":[37],"which":[38],"involve":[39],"simulated":[40,68],"attacks":[41,138],"assess":[43],"existing":[44],"security":[45],"measures.":[46,114],"This":[47],"paper":[48],"proposes":[49],"novel":[51],"approach":[52],"utilizing":[53],"reinforcement":[54],"learning":[55],"(RL)":[56],"simulate":[58],"ransomware":[59],"attacks.":[60],"By":[61],"training":[62],"an":[63],"RL":[64,93,131],"agent":[65,94],"in":[66],"environment":[69],"mirroring":[70],"real-world":[71],"networks,":[72],"effective":[73],"attack":[74,88],"strategies":[75],"can":[76,95],"be":[77],"learned":[78],"quickly,":[79],"significantly":[80],"streamlining":[81],"traditional,":[82],"manual":[83],"penetration":[84],"testing":[85],"processes.":[86],"The":[87],"pathways":[89],"revealed":[90],"the":[92,100,123,126,130],"provide":[96],"valuable":[97],"insights":[98],"defense":[101],"team,":[102],"helping":[103],"identify":[105],"network":[106,121],"weak":[107],"points":[108],"develop":[110],"more":[111],"resilient":[112],"defensive":[113],"Experimental":[115],"results":[116],"on":[117,139],"152-host":[119],"example":[120],"confirm":[122],"effectiveness":[124],"of":[125],"proposed":[127],"approach,":[128],"demonstrating":[129],"agent's":[132],"capability":[133],"discover":[135],"orchestrate":[137],"high-value":[140],"targets":[141],"while":[142],"evading":[143],"honeyfiles":[144],"(decoy":[145],"files":[146],"strategically":[147],"placed":[148],"detect":[150],"unauthorized":[151],"access).":[152]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":1}],"updated_date":"2025-12-21T23:12:01.093139","created_date":"2025-10-10T00:00:00"}