CYBER THREAT DETECTION USING DEEP REINFORCEMENT LEARNING

Abstract

The proliferation of sophisticated cyber threats has rendered conventional intrusion detection systems increasingly inadequate, necessitating intelligent, self-adaptive security mechanisms. This paper proposes a Deep Reinforcement Learning (DRL) framework for autonomous network intrusion detection wherein a Deep Q-Network (DQN) agent interacts continuously with a network traffic environment to acquire an optimal threat-classification policy. The agent perceives feature vectors derived from the NSL-KDD benchmark, selects among three protective actions—Safe, Alert, and Block—and refines its policy via reward feedback that incentivizes true detections while penalizing false positives and missed attacks. Preprocessing integrates StandardScaler normalization with label encoding of categorical protocol attributes, yielding compact state representations amenable to efficient Q-value approximation. Training employs experience replay and an ε-greedy exploration schedule to stabilize convergence. Empirical evaluation on a held-out test partition yields 96.8% classification accuracy, 95.2% precision, 94.5% recall, an F1-score of 94.8%, and a false positive rate of only 3.5%—surpassing both rule-based systems and traditional machine learning baselines. The trained agent is deployed through a Flask-based RESTful interface supporting real-time single-record and batch predictions. These results substantiate DRL as a scalable, adaptive, and deployable paradigm for next-generation intrusion detection against known and zero-day cyber threats.