Author
Abstract
Cyber defense systems face increasingly sophisticated threats that rapidly evolve and exploit vulnerabilities in complex environments. Traditional approaches which often rely on centralized monitoring and static rule-based detection, struggle to adapt to new, crafted, and novel attack patterns. This paper presents the Adaptive Zero-Shot Hierarchical Multi-Agent Reinforcement Learning (AZH-MARL) framework, a novel approach that integrates hierarchical reinforcement learning, zero-shot learning capabilities, and federated knowledge sharing to build resilient cyber defense systems. The hierarchical structure decomposes complex defense tasks into specialized sub-tasks managed by agents, reducing the learning problem’s complexity and enabling more efficient coordination. The zero-shot learning component allows the framework to recognize and response to previously unseen attack patterns through semantic mapping. Furthermore, the federated learning learning component facilitates for knowledge sharing across network domains while preserving data privacy, enabling collaborative defense without exposing sensitive information. The detailed evaluation demonstrates that our approach significantly outperforms existing methods across a range of scenarios. It achieves a high detection rate of 94.2% for known attacks and 82.7% for zero-day exploits, while maintaining a low false positive rate of 3.8%. This robust performance extends to the most sophisticated threats, achieving an 87.3% containment rate against Advanced Persistent Threats (APTs). The framework’s zero-shot capability is underpinned by a semantic mapping accuracy of 89.3%, which enables rapid adaptation to novel threats. Consequently, the mean response time is reduced by 35% for known attacks and 42% for zero-day exploits compared to the best-performing baseline. Finally, the federated learning architecture proves highly efficient, reducing communication overhead by 45% while preserving privacy. These results collectively demonstrate our framework’s potential to set a new standard for resilient and adaptive cyber defense in complex, distributed environments.
Suggested Citation
Adel Alshamrani, 2025.
"Federated hierarchical MARL for zero-shot cyber defense,"
PLOS ONE, Public Library of Science, vol. 20(8), pages 1-29, August.
Handle:
RePEc:plo:pone00:0329969
DOI: 10.1371/journal.pone.0329969
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:plo:pone00:0329969. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: plosone (email available below). General contact details of provider: https://journals.plos.org/plosone/ .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.
Printed from https://ideas.repec.org/a/plo/pone00/0329969.html
My bibliography
Save this article