The growing system complexity from microservice architectures and the bilateral enhancement of artificial intelligence (AI) for both attackers and defenders presents increasing security challenges for cloud-native operations. In particular, cloud-native operators require a holistic view of the dynamic security posture for the cloud-native environment from a defense aspect. Additionally, both attackers and defenders can adopt advanced AI technologies. This makes the dynamic interaction and benchmark among different intelligent offense and defense strategies more crucial. Hence, following the multi-agent deep reinforcement learning (RL) paradigm, this research develops an agent-based intelligent security service framework (ISSF) for cloud-native operation. It includes a dynamic access graph model to represent the cloud-native environment and an action model to represent offense and defense actions. Then we develop an approach to enable the training, publishing, and evaluating of intelligent security services using diverse deep RL algorithms and training strategies, facilitating their systematic development and benchmark. The experiments demonstrate that our framework can sufficiently model the security posture of a cloud-native system for defenders, effectively develop and quantitatively benchmark different services for both attackers and defenders and guide further service optimization.

翻译：微服务架构带来的系统复杂性持续增长，以及人工智能技术对攻击者和防御者的双向增强，为云原生运维带来了日益严峻的安全挑战。具体而言，云原生运维人员需要从防御视角全面把握云原生环境的动态安全态势。同时，攻击者和防御者均可采用先进的人工智能技术，这使得不同智能攻防策略间的动态交互与基准测试变得更为关键。因此，本研究遵循多智能体深度强化学习范式，开发了一种面向云原生运维的智能体安全服务框架。该框架包含用于表征云原生环境的动态访问图模型和用于表征攻防行为的动作模型。随后，我们提出一种方法，支持利用多种深度强化学习算法和训练策略对智能安全服务进行训练、发布与评估，从而促进其系统化开发与基准测试。实验结果表明，该框架能够为防御者充分建模云原生系统的安全态势，有效开发并量化对比攻击者和防御者的不同服务，进而指导服务的进一步优化。