Evolving Blue Team Strategies for Autonomous Cyber Defence Using an Evolutionary Heuristic Search

“

What did we find? Through extensive experiments using the TTCP CAGE Challenge 2 (Figure1) framework, we found that an evolutionary heuristic search can effectively optimize defensive strategies while maintaining explicit knowledge of network structure. Our method adapts to distinct attacker behaviours—such as the “B-line” and “Meander” red agents—by evolving specialized policy variations that remain interpretable and efficient. This demonstrates a promising middle ground between expert knowledge-based heuristics and opaque deep learning models. Looking at the official ranking board, our evolved blue team achieved second place among 17 international submissions, all of which are black box. Moreover, in local training environments, our approach consistently outperformed all published solutions, ranking first in measured performance. Who can benefit from this research? This work is valuable for researchers and practitioners in AI for cybersecurity, autonomous agents, and evolutionary computation, as well as organizations exploring automated network protection. It demonstrates that interpretable, knowledge-guided approaches can compete with complex neural systems in high-stakes cyber operations. Takeaway: By combining expert heuristics with evolutionary optimization, we show that cyber defence agents can learn, adapt, and succeed—while staying interpretable and keeping the human expert in the loop.

”