Optimizing Cyber Defense in Dynamic Active Directories through Reinforcement Learning

The original AD graph is highly complex, making it difficult to process in its original state. To address this, we propose a graph optimization technique that utilizes structural features to create a more condensed representation. Below are some terminologies used in creating this condensed graph.

A block-worthy edge may be shared among two or more NSPs. For each NSP, we allocate single unit of budget for blocking purposes. Our AD graph optimization approach reduces the initial AD graph with $n$ nodes and $m$ edges to a graph containing $(|\textsc{Entry}|+|\textsc{Split}|+1)$ nodes and $|\text{NSP}|$ edges.

The attacker aims to develop an attacking strategy to optimize their chances of successfully reaching the DA in any given snapshot of AD graph. We design a Generalized Reinforcement Learning (GenRL) based attacking strategy. We concurrently train the RL agent across numerous defensive plans implemented across multiple graph snapshots in separate RL training environments.

Attacker’s Environment. Attacker’s goal of reaching DA can be formalized as a Markov Decision Process (MDP), $M=(S,A,R,T)$, where $S$, $A$, $R$, $T$ represents the state space, action space, reward function, and transition function, respectively. MDP serves as the attacker’s environment and is described below.

• •

  State space (S). The state space represents the potential states of the attacker, where each state $s\in S$ is a vector of length $|\text{NSP}|$, and each element in the state corresponds to an NSP in AD graph. Attacker’s state $s$ is denoted as:

  $$\text{s}=\underbrace{<F,S,\ldots,?,S,?,S,F>}_{\text{Length = \# NSP}}$$

  (1)

  Here, ‘$S$’ denotes that the attacker tried this NSP and successfully made it to the other end of NSP, ‘$F$’ indicates a failed attempt, and ‘$?$’ represents that the corresponding NSP has not been tried yet. For a given state $s$, the attacker selects an NSP marked as ‘$?$’, attempts to traverse it and updates its status to ‘$S$’ or ‘$F$’ according to the outcome. The process continues until the attacker reaches DA, gets detected, or exhausts all options. Throughout the attack, attacker’s current state $s$ serves as a knowledge base and provides information about NSPs under attacker’s control, failed attempt NSPs, and unexplored NSPs. In this way, our sophisticated attacker keeps track of past failed attempts and avoid wasting time on those attempts again, rendering attacker’s strategy more effective. There are two terminating states: 1) If attacker ends up reaching DA, the attack ends. 2) If attacker fails to reach DA due to detection or exhaustion of all options, the attack fails and terminates.

• •

  Action space (A). For a given state $s$, the action space $A$ represents the available actions from that state, i.e., NSPs outgoing from successful NSPs in $s$. An action $a\in A$ represents an NSP and indicates that the attacker may attempt to traverse the selected NSP to reach DA.

• •

  Reward function (R). Reward $r(s,a)$ for state $s$ on taking action $a$ is 1, if the attacker successfully reaches DA. Otherwise, the reward is 0.

• •

  Transition function (T). For any state-action pair $(s,a)$, the transition function executes action $a$ on state $s$, leading to a set of potential future states. Each potential state is linked to a transition probability, which determines the likelihood of transitioning to the specific state.

Training Procedure. We utilize the actor-critic-based Proximal Policy Optimization (PPO) algorithm to train the attacker’s strategy. We chose the PPO algorithm for its actor-critic framework suited to our attacker-defender RL policy and its efficient handling of discrete action spaces crucial for our AD network simulation. The actor network proposes actions to maximize rewards, while the critic network assesses the attacker’s success rate for each state. To ensure robust training on dynamic AD graphs, we utilize 50 graph snapshots per environment, each containing a specific defense strategy devised by the defender. The attacker’s initial state is determined by implementing the defense in one of these snapshots. Subsequently, the RL agent undergoes training against this snapshot with implemented defense. After each episode, a new snapshot is selected from a pool of 50, enabling training against diverse graph scenarios. The RL agent operates concurrently across multiple environments to gather data. At each step within an episode, the agent observes a state $s_{t}$, selects an action $a_{t}$ using the actor network, transitions to a new state $s_{t+1}$ based on the action, and receives a reward $r_{t+1}$. This process continues until the agent reaches DA or is detected. The training objective is to maximize cumulative rewards and learn a shared policy adaptable across different defense strategies and varying graph configurations. Initially, games may vary across environments, but as the agent learns, it refines its policy to accommodate decreasing differences between environments.

Training Challenge. Training the attacker’s policy for dynamic AD graphs presents a significant challenge due to the exponential number of distinct snapshots available as starting points. The number of these snapshots can grow exponentially, reaching up to $2^{|NSPs|}$, assuming a 50% probability for each HasSession edge to be active. While not every NSP necessarily includes a HasSession edge, we consider the worst-case scenario where at least one HasSession edge is present in each NSP. However, training the RL agent against every possible $2^{|NSPs|}$ snapshots is impractical due to the large number of NSPs present in real-world AD graphs. To address this challenge, we propose an RL training facilitator designed to streamline and optimize the RL agent’s training process.

To address the challenge of training a generalized attacker policy across numerous graph snapshots, we propose the RL Training Facilitator (TrnF) to optimize the efficiency and effectiveness of the RL agent’s training. Specifically, we introduce two pruning approaches aimed at streamlining the training process by removing elements irrelevant to the attacker. This reduces computational overhead and enhances the agent’s capacity to learn effectively.

Environment Pruning via Simplification Agent. We introduce a simplification agent designed to optimize the environment by identifying and removing unnecessary NSPs (which can be labelled as noise) due to their non-utilization by attackers. This agent prunes irrelevant NSPs, thereby reducing the number of potential graph snapshots that the attacker’s policy needs to learn. Initially, we train the RL agent using the attacker’s policy (Section 4.2) and subsequently deploy the simplification agent for environment pruning. The simplification agent analyzes (state, action) pairs across episodes, and if the agent consistently takes specific actions (NSPs) for certain states, then it eliminates unused NSPs. Universally irrelevant NSPs are identified using the trained RL critic network, i.e., NSPs irrelevant across all environments. From this set, a subset of NSPs is randomly selected, and if their removal does not impact the critic value, they are discarded; iterative attempts with different NSP sets are conducted if there is a change in state value. We remove irrelevant NSPs from half of the environments only in order to expose the RL agent to diverse scenarios. After the iterative process, previously removed NSPs are reintroduced to confirm their irrelevance. If the RL agent still does not utilize them, it confirms their irrelevance. This reduction in NSPs limits the starting points for the attacker’s policy learning. Blocking $x$ irrelevant NSPs reduces starting points by $2^{x}$, thereby accelerating training and optimizing resource allocation.

Neural Network Pruning via Weight Reduction by Fixed Ratio. We propose a NN pruning technique to optimize NN architectures for enhancing RL agent training. This technique selectively reduces weights of less critical dimensions within the NN that correspond to less influential actions. The goal is to streamline the learning process, enabling faster convergence towards optimal weights. By ignoring unnecessary dimensions in input data, the NN reduces noise and expedites training. During training, the NN evaluates the importance of dimensions for actions at split nodes and adjusts weights accordingly. We iteratively block each dimension of a split node and monitor the critic value’s stability. Stable values prompt us to prune the dimension’s weight by a fixed ratio, guiding the NN towards minimizing irrelevant dimension weights. This proactive approach self-corrects weight reduction errors by adjusting weights in subsequent iterations, ensuring reliability. This method actively adjusts weights rather than relying solely on training. Similar to our environment pruning technique, we leverage domain knowledge to identify and reduce unnecessary dimensions, optimizing NN architecture for faster convergence towards optimal weights.

Our RL training facilitator provides several advantages. 1) By prioritizing important NSPs, it accelerates RL policy training and optimizes resource efficiency by focusing on relevant snapshots. 2) Removing irrelevant NSPs filters out noise, improving the accuracy of attacker behaviour modelling for precise decision-making. 3) Integrating the training facilitator enhances the scalability of attacker policies by simplifying both the environment and NN, thereby reducing complexity and enabling quicker convergence. These improvements collectively enhance the performance of the RL agent significantly.

To defend dynamic AD graphs, the defensive approach must minimize the attacker’s success rate across all potential AD graph snapshots. However, designing individual defensive strategies for each snapshot is impractical due to the exponential number of possible graph snapshots ($2^{|NSPs|}$). Therefore, our goal is to devise a generalized defensive policy that minimizes the attacker’s success probability across any conceivable snapshot. To address this, we propose a Reinforcement Learning assisted Evolutionary Diversity Optimization (RL-EDO) policy. Our approach involves extracting a set of static graph snapshots, denoted as $G_{s}$, from the dynamic AD graph and strategically blocking a subset of edges in the AD graph to minimize the attacker’s average success rate across all instances in $G_{s}$. The RL-EDO approach uses EDO to generate multiple diverse, high-quality defenses and allows the attacker to play against these defenses across multiple environments. After training the attacker’s policy, the defender employs the trained RL critic network to evaluate the attacker’s performance against each defense. Defenses that are advantageous for the attacker are replaced with better alternatives, avoiding the computational efforts required to train the policy against these defenses. The defender is constrained to block a maximum of $k$ edges³³3Only block-worthy edges can be blocked, as not all edges are blockable.. The defender uses the attacker’s trained RL critic network as a fitness metric for assessing individual defensive strategies. The fitness of a defensive plan indicates the attacker’s success rate when facing that specific defense. The defensive strategy can be depicted as follows:

$$\text{Defense plan vector}\,=\underbrace{<B,N,\,.\,.\,.\,,\,N,B,B>}_{\text{Length of vector = \#Block-worthy edges}}$$

(2)

Here, $B$’ and $N$’ represent blocked and non-blocked edges, respectively. The defender creates an initial defense population $P$, each represented as a vector of size $|BW|$ (Refer to Eq. 2). Each coordinate in the vector is either $B$ or $N$, and the count of ‘$B$’s in the vector equals the defensive budget $k$. To generate offspring (new defenses), the defender performs mutation or crossover operations with a probability of $0.5$ on randomly chosen individuals from $P$. These operations ensure that the total blocked edges remain within the budget $k$. Randomness is introduced into the operations by sampling a value $x$ from a Poisson distribution with a mean of 1. The mutation and crossover operations are performed as follows:

Mutation Operation. A randomly selected individual defense $p^{\prime}$ from $P$ undergoes mutation by swap** $x$ occurrences of $N$’s with $B$’s and $x$ occurrences of $B$’s with $N$’s to generate new offspring.

Crossover Operation. Two individuals, $p^{\prime}$ and $p^{\prime\prime}$, are randomly selected from $P$. We then identify $x$ coordinates where $p^{\prime}$ has $N$’s and $p^{\prime\prime}$ has $B$’s. We swap the values at these coordinates, replacing $N$’s in $p^{\prime}$ with $B$’s and $B$’s in $p^{\prime\prime}$ with $N$’s. Similarly, we identify another set of $x$ coordinates where $p^{\prime}$ has $B$’s and $p^{\prime\prime}$ has $N$’s and perform the swap again, substituting $B$’s with $N$’s and vice versa.

Diversity Optimization in Population. After generating offspring, we evaluate its fitness score and selectively incorporate it into $P$ only if its fitness falls within $(BEST\pm 0.1)$. If the offspring fails to meet this criterion, we reject it, even if it may bring potential diversity benefits to the population. This selective process balances the introduction of new genetic defense while maintaining the population’s superior fitness. Our goal upon adding an individual to $P$ is to optimize population diversity by removing the individual that contributes the least to diversity. We define diversity as blocking all edges deemed block-worthy, with the objective of enhancing the diversity of blocked edges across the defense plan population. This metric calculates the frequency with which each block-worthy edge is blocked across the population and aims to achieve an even distribution. In population $P$ of $\mu$ individuals, each individual $p_{i}$ can be represented as follows:

$$p_{i}=\big{(}(B/N,bw_{1}),(B/N,bw_{2}),...,(B/N,bw_{|BW|})\big{)}$$

Here, ‘$B$’ denotes the blocked status of the block-worthy edge, ‘$N$’ denotes the non-blocked status, and $i\in{1,...,\mu}$. We compute the count of individuals who have blocked each block-worthy edge $bw_{j}$, where $j\in{1,...,|BW|}$. This count is represented by the vector $C(bw)$ and is calculated as:

$$C(bw)=(c(bw_{1}),c(bw_{2}),...,c(bw_{|BW|}))$$

Here, $c(bw_{1})$ represents the count of individuals out of $\mu$ that have blocked the $bw_{1}$ edge. The diversity of $P$ without including individual $p_{i}$ is represented by vector $D(C(bw)\backslash{p_{i}})$, and is calculated as:

$$D(C(bw)\backslash{p_{i}})=C(bw)-p_{i}$$

The defender aims to maximize the diversity of blocked edges and compute $SortedD(C(bw)\backslash{p_{i}})$ as:

$\displaystyle\text{{SortedD}}(C(bw)\backslash{p_{i}})=\text{sort}\Big{(}D(C(bw)\backslash{p_{i}})\Big{)}$

To optimize the population diversity, we minimize $SortedD(C(bw)\backslash{p_{i}})$ in descending lexicographic order. We achieve this by eliminating the individual $h$ with the lowest $SortedD(C(bw)\backslash{p_{h}})$ score to maximize population’s diversity. If removing individual $h$ increases diversity and its fitness value is far from the best, we remove it from the population. Conversely, if newly generated offspring attain the best fitness value, they are included in $P$ regardless of their diversity, while the individual with the worst fitness value is eliminated. This approach enables the defender to create a diverse yet high-quality blocking plan.

The defender uses RL-EDO to create multiple diverse defense plans for each of the attacker’s RL environments. Each RL environment contains a defense from the defender and multiple graph snapshots. Our RL agent undergoes parallel training across these RL environments, with each environment containing a defense plan from the defender implemented in numerous graph snapshots. We adopt a rotation mechanism that switches the graph snapshot the RL agent faces after each training episode. Our goal is to train a generalized attacking policy capable of achieving high success rates regardless of the AD snapshots. To address the computational challenge of training the attacker policy against numerous snapshots, we design an RL training facilitator that performs environment and NN pruning to simplify the RL training process. In environment pruning, we eliminate universally irrelevant NSPs, and in NN pruning, we reduce the weights of less important dimensions. We first train the RL agent to learn the optimal actions, and once it is trained, we perform the pruning steps. After pruning, we retrain the RL agent to optimize actions on the reduced graph. This iterative process of pruning and training ensures more efficient learning across multiple snapshots. After this iterative process, we reintroduce previously removed NSPs to verify their relevance by retraining the RL agent on the updated graph. The defender continuously evaluates the current set of defensive plans, replacing those that are advantageous for the attacker with superior alternatives. Notably, the attacker’s RL critic network is utilized by the attacker’s policy for implementing pruning techniques and the defender’s policy for assessing defensive strategies. Additionally, the diversity factor helps the RL agent avoid local optima and facilitates more precise learning of the attacking policy. Overall, the parallel gameplay between the attacker and defender helps each other’s policies to improve. Figure 2 illustrates our overall proposed approach.

In this study, we employ synthetic AD graph datasets to evaluate the effectiveness of our proposed attacker-defender strategies. Given the sensitive nature and limited accessibility of real-world AD data, synthetic datasets provide a crucial advantage in enabling controlled experiments and systematic exploration of cybersecurity strategies. We utilize DBCreator tool, which is a popular tool to generate synthetic AD graphs of three different sizes: r1000, r2000, and r4000, containing 1000, 2000, and 4000 computers in the graph, respectively. Details of the dataset are provided in Table 1. We consider three primary edge types present in BloodHound: AdminTo, HasSession, and MemberOf. For simulating attacker behaviour, we randomly select 20 starting nodes from a set of 40 nodes located at the maximum distance from the DA, ensuring coverage across a wide spectrum of potential attack paths. The probability of blocking an edge is determined based on its distance from the DA, i.e., edges farther away are more likely to be blocked. This probability is calculated as the ratio of minimum #hops between $e$ and DA to the maximum #hops between any edge and DA. We preprocess the AD graph by consolidating multiple DA nodes into one, removing all incoming edges to starting nodes and outgoing edges from the DA node alongside the inaccessible nodes. Each NSP is treated as a single edge.

Correlation Distributions. We analyze the impact of the correlation between each edge’s detection probability ($p_{d(e)}$) and failure probability ($p_{f(e)}$) on the attacker’s success probability under three distributions: Independent (Ind), Positive correlation (Pos), and Negative correlation (Neg). In the Independent distribution, $p_{d(e)}$ and $p_{f(e)}$ are uniformly distributed between 0 and 0.2. In the Positive correlation distribution, $p_{d(e)}$ and $p_{f(e)}$ follow a multivariate normal distribution with mean $\mu=[0.1,0.1]$ and covariance matrix $\Sigma=\left[\left[0.052,0.5\times 0.052\right],\left[0.5\times 0.052,0.052\right]\right]$. For the Negative correlation distribution, $p_{d(e)}$ and $p_{f(e)}$ follow a multivariate normal distribution with mean $\mu=[0.1,0.1]$ and covariance matrix $\Sigma=\left[\left[0.052,-0.5\times 0.052\right],\left[-0.5\times 0.052,0.052\right]\right]$.

For defender, the edge-blocking budget is set at 5. The defender generates a population of 20 blocking plans over 20,000 iterations⁴⁴4Edge-blocking is expensive due to the need to securely audit access logs for edge deletion; therefore, the budget is generally low.. We set the crossover and mutation probabilities to 0.5. For training the attacker’s policy, we implement RL environments using OpenAI Gym [33] and employ the PPO algorithm for training the RL agent. We implement the actor and critic networks using multi-layer NN. The model is optimized with an Adam optimizer using a learning rate of 0.0005, a batch size of 800 states, and a hidden layer size of 128. For PPO-specific hyperparameters, we follow the standard settings from the original paper [34]. We train the RL policy concurrently across 20 RL environments. Upon reaching the termination criterion, defender selects the defense with the least attacker success rate as the Best Defense. To simulate the dynamic behaviour of AD graph, each HasSession edge is randomly added to graph with a probability of 0.5.

We train the attacker-defender approach for 1200 epochs, spanning approximately 4-5 days to complete the training process. During this process, the defender generates 20 diverse defensive plans, against which the attacker plays concurrently. Each RL environment contains 50 graph snapshots and a specific defense from defender. The attacker’s policy undergoes continuous training, while the defender evaluates and resets defensive environments after every 50 epochs. To facilitate the training of RL agent across multiple graph snapshots, we generate 50 different graph snapshots for each environment and load a new snapshot from the pool of 50 to train the policy against diverse scenarios across all 20 environments. Upon reaching the termination condition, the defender evaluates the performance of 20 defensive plans using the RL critic network, selecting the best plan based on the lowest attacker success rate. For our proposed training facilitator, within every 50 epochs before the defender evaluates and resets the environments, we perform environment pruning in the 30^th and 40^th epochs. In the 45^th epoch, we reintroduce all removed edges, and training continues for 5 more epochs to confirm the irrelevance of the removed edges. Furthermore, we conduct environment pruning in 10 environments to expose the RL agent to both pruned and original environments. Additionally, our NN pruning technique gradually reduces the weights of less important dimensions by 2% after every 10 minutes.

1. 1.

   GenRL-TrnF+RL-EDO (Proposed). GenRL is employed as attacker’s policy, utilizing a training facilitator to support RL agent’s training process. Meanwhile, defender employs RL-EDO approach to generate defense strategies.

2. 2.

   GenRL+C-EDO [11]. GenRL is employed as the attacker’s policy, while EDO is utilized as the defender’s policy. Notably, the attacker GenRL policy in this approach operates without the support of the training facilitator.

In this setup, our objective is to evaluate the performance of our proposed generalized attacking policy, GenRL-TrnF, and assess the impact of our training facilitator on the RL agent’s learning capacity for dynamic AD graphs.

Baselines. The comparative attacker’s policies are:

• •

  GenRL-TrnF(Proposed). A single generalized RL agent serves as the attacker’s policy, trained to adapt to 50 distinct graph snapshots with the support of a training facilitator to enhance its training process.

• •

  GenRL. A single generalized RL agent serves as attacker’s policy, learning from 50 graph snapshots independently, without using any training facilitator.

• •

  50 SpecRL Agents. RL is employed as attacker’s policy without a training facilitator. Instead of using a single generalized agent, 50 distinct RL agents are trained, each dedicated to a specific snapshot. This approach aims to develop a more sophisticated attack strategy tailored to diverse scenarios.

Results. To assess the performance of the attacker’s policy, we deploy the best defense derived from our GenRL-TrnF+RL-EDO approach across 50 random graph snapshots. Both GenRL-TrnF and GenRL attacking policies are trained on these snapshots against the best defense for 200 epochs, and we evaluate the performance over 5000 episodes to measure effectiveness. GenRL-TrnF performs environment pruning every 30 epochs and NN pruning of 2% every 5 minutes. We compare a single generalized RL agent trained across all snapshots against 50 specialized RL agents (50 SpecRL Agents), aiming to quantify performance differences and identify the best attacker strategies. Results averaged over five seeds (0 to 4) of AD graphs are presented in Table 2. Our proposed GenRL-TrnF consistently outperforms the GenRL attacking policy and closely matches the performance of 50 SpecRL Agents across all graph scales. For example, on the r1000 AD graph (Ind distribution), GenRL-TrnF achieves a 54.69% success rate, deviating by only 2.86% from 50 SpecRL Agents, while GenRL achieves 46.27%, deviating notably by 5.56%. Similarly, on the r2000 AD graph (Ind distribution), GenRL-TrnF achieves a 40.45% success rate with a smaller deviation of 1.86%, compared to GenRL’s 35.89% success rate with a deviation of 6.42% from 50 SpecRL Agents. The deviation of GenRL-TrnF and GenRL from 50 SpecRL Agents is illustrated in Figure 3. Our findings demonstrate that integrating a training facilitator into a generalized attacker policy enables GenRL-TrnF to perform competitively with 50 specialized RL agents, showing only slight deviations in success rate. Conversely, GenRL struggles to generalize effectively across attacker problem accurately, underscoring the crucial role of the training facilitator in enhancing RL policy efficacy by accurately modelling dynamic attacker behaviours.

This section assesses the performance of our proposed defensive strategy.

Baseline. We compare the best defense from our GenRL-TrnF+RL-EDO approach with the GenRL+C-EDO approach [11]. In the GenRL-TrnF+RL-EDO approach, GenRL serves as the attacker’s policy with the support of a training facilitator, while the defender utilizes RL-EDO. In contrast, the GenRL+C-EDO approach employs RL alone for the attacker without any training facilitator, coupled with C-EDO for the defender.

Results. We train both approaches, GenRL-TrnF+RL-EDO and GenRL+C-EDO, using the attacker-defender approach discussed in section 5.3 to obtain the best defense. Subsequently, we generate 50 random AD graph snapshots. For each snapshot, we train one specialized RL agent integrated with the training facilitator (GenRL-TrnF) to play against the best defense obtained. We train each specialized RL agent for 200 epochs and we evaluate the GenRL-TrnF policy’s performance against the best defense through simulations over 5000 episodes. The average success rate across 50 trained agents is reported in Table 3. The defense yielding the minimal attacker success rate is identified as the best-generalized defense. Our results consistently show that the defense from GenRL-TrnF+RL-EDO outperforms the defense from GenRL+C-EDO in reducing the attacker’s success rates across all graph instances. For instance, on the r2000 graph (Ind distribution), the attacker success rate against the GenRL-TrnF+RL-EDO defense is 42.37%, lower than the 46.05% success rate against the GenRL+C-EDO defense. Similarly, for r1000 and r4000 AD graphs, the defense from the GenRL-TrnF+RL-EDO approach effectively reduces the attacker’s success rate compared to the GenRL+C-EDO approach. Our results demonstrate that the proposed GenRL-TrnF+RL-EDO approach consistently generates superior defense against dynamic AD graphs compared to the baseline approach⁵⁵5The dynamic nature of AD graph problem poses significant challenges to achieving substantial reductions in attacker success rates. Even marginal decreases in success rates can yield significant benefits, considering the substantial costs associated with security breaches for organizations..

Our empirical findings underscore the superior performance of our GenRL-TrnF attacker policy compared to baseline approaches. This improvement is primarily attributed to our innovative training facilitator, which enhances the efficiency of attacker training by systematically pruning irrelevant elements, guided by extensively trained RL agents. We further validated the irrelevance of these elements using a trained RL critic network, ensuring that the critic value before and after removal remains the same. As a result, our generalized GenRL-TrnF attacker policy achieves performance levels comparable to specialized agents without compromising critical network dynamics. By focusing on relevant elements identified through RL agent training, we reduce computational load and strengthen learning capacity. Furthermore, our defensive strategy significantly reduces the attacker’s success rate through extensive training augmented by the training facilitator. Our integrated attacker-defender approaches reinforce each other, where a more robust attacking policy contributes to a resilient defense. Concurrent training of the RL attacker policy across multiple environments enables quicker learning of shared policies. Our proposed defense strategy demonstrates versatility in enhancing network security across various sectors: enterprise networks prevent unauthorized lateral movement, cloud environments safeguard resources and data integrity, IoT mitigates cyber-physical risks, and critical sectors like utilities, healthcare, and financial systems ensure operational resilience. Our model currently includes three edge types: AdminTo, HasSession, and MemberOf. However, real-world AD environments feature a broader range of edge types, which limits our ability to fully capture their complexities and vulnerabilities. Our future research aims to expand the model to encompass additional edge types, thereby enhancing the accuracy of our simulations and defense strategies for AD environments. Although synthetic AD graphs effectively simulate key aspects of real-world environments, they have inherent limitations in replicating complex dynamics and vulnerabilities. Validation against real AD datasets is essential to ensure the generalizability of our findings to practical cybersecurity scenarios. In future research, we will focus on validating our results using real-world AD datasets.