🤖 AI Summary
This work addresses the challenge in enterprise cybersecurity where mitigation strategies against known attackers rely heavily on expert intuition, hindering efficient generation and rigorous validation. The authors propose the first end-to-end automated framework that leverages multi-agent large language models to collaboratively generate, deploy, and refine mitigation strategies expressed as real device commands. These strategies are validated through attack replay in a high-fidelity GNS3 simulation environment populated with genuine vendor firmware from firewalls, switches, and routers. The approach introduces an adversarial verification mechanism based on raw attack replays, augmented by connectivity regression testing and cumulative state evaluation, thereby eliminating dependence on reward signals or manual judgment. Evaluated across three network topologies and four attack scenarios, 46.7% of the generated strategies successfully blocked attacks while preserving normal connectivity—outperforming a single-agent baseline by a factor of 4.4.
📝 Abstract
Mitigating an observed adversary in an enterprise network typically takes weeks of expert work: an analyst derives a mitigation tailored to that adversary, validates it without breaking production, and verifies it disrupts the specific attack. The procedure relies on expert judgment and cannot safely be exercised against the production network. COHORT is the first end-to-end framework to automate this procedure for deployable mitigations. A role-decomposed multi-agent LLM workflow proposes candidates, implements them as real device commands, and refines them through a critique loop, all on a high-fidelity GNS3 emulator running real vendor firmware (firewall, switch, router). Each candidate is evaluated by offensive replay: re-executing the original adversary on the mitigated network for a paired comparison against the unmitigated baseline, rather than the reward-signal or expert-judgment proxies used in prior simulation, hybrid, and configuration-generation work. Two further checks complement replay: a connectivity-regression check (LAN ping and internet HTTP probe) rejects mitigations that disrupt legitimate LAN or internet connectivity, and a cumulative evaluation stacks approved mitigations onto a persistent state to surface compound effects. Across three topologies and four attack scenarios (ransomware, lateral movement, DNS exfiltration, data theft), 46.7% of generated mitigations both disrupt the attack and preserve connectivity under replay, 4.4 times the rate of a single-agent baseline using the same model and tool access. A demo video walking through the framework is available with our released artifacts.