This paper addresses adversarial reinforcement learning (ARL) for cyber defense under a zero-sum game framework between attackers and defenders. Methodologically, it introduces a realistic simulation environment featuring multi-port services, background traffic, and honeypots, and establishes a co-evolutionary training paradigm for attacker and defender agents under a zero-sum reward structure. The approach integrates Deep Q-Networks (DQN), reward shaping, progressive training scheduling, and fine-grained defensive mechanisms—including adaptive IP blocking and port-level control. Experimental results over 50,000 training episodes demonstrate sustained strategic superiority of the defender, effectively mitigating brute-force attacks. Crucially, the study quantifies—for the first time—the critical roles of defense observability and honeypot efficacy in attack suppression. These findings provide reproducible theoretical foundations and practical technical pathways for designing autonomous defense systems and enabling cross-scenario transfer learning in cybersecurity.

This paper presents a controlled study of adversarial reinforcement learning in network security through a custom OpenAI Gym environment that models brute-force attacks and reactive defenses on multi-port services. The environment captures realistic security trade-offs including background traffic noise, progressive exploitation mechanics, IP-based evasion tactics, honeypot traps, and multi-level rate-limiting defenses. Competing attacker and defender agents are trained using Deep Q-Networks (DQN) within a zero-sum reward framework, where successful exploits yield large terminal rewards while incremental actions incur small costs. Through systematic evaluation across multiple configurations (varying trap detection probabilities, exploitation difficulty thresholds, and training regimens), the results demonstrate that defender observability and trap effectiveness create substantial barriers to successful attacks. The experiments reveal that reward shaping and careful training scheduling are critical for learning stability in this adversarial setting. The defender consistently maintains strategic advantage across 50,000+ training episodes, with performance gains amplifying when exposed to complex defensive strategies including adaptive IP blocking and port-specific controls. Complete implementation details, reproducible hyperparameter configurations, and architectural guidelines are provided to support future research in adversarial RL for cybersecurity. The zero-sum formulation and realistic operational constraints make this environment suitable for studying autonomous defense systems, attacker-defender co-evolution, and transfer learning to real-world network security scenarios.