Reinforcement Learning–Driven Moving Target Defense for Ransomware Mitigation in SDN-Enabled Enterprise Networks

Abstract

Ransomware has evolved into a highly organized and technically sophisticated cyber threat capable of causing large-scale disruption to enterprise infrastructures. The increasing adoption of Software-Defined Networking (SDN) has introduced architectural efficiencies through centralized control and programmability; however, these same characteristics have expanded the attack surface available to adversaries. Conventional security mechanisms predominantly rely on static configurations and reactive detection models, which are insufficient against ransomware campaigns that employ adaptive reconnaissance, lateral movement, and evasion techniques [1]. This research presents the design and experimental evaluation of a Reinforcement Learning (RL)–based Moving Target defence (MTD) framework tailored for SDN-enabled enterprise environments. The framework models network defence as a sequential decision-making problem and dynamically mutates network attributes, routing paths, and exposure surfaces to invalidate attacker knowledge. A controlled experimental testbed is used to simulate realistic enterprise traffic and ransomware attack scenarios. The experimental analysis indicates measurable improvements in early-stage attack disruption, response latency, and containment efficiency when compared to traditional rule-based and static defence systems [2]. The results demonstrate that integrating RL-driven intelligence with proactive defence strategies significantly enhances the resilience of programmable enterprise networks against ransomware threats.