ProAPT: Projection of APT Threats with Deep Reinforcement Learning

  • 2022-09-15 12:16:40
  • Motahareh Dehghan, Babak Sadeghiyan, Erfan Khosravian, Alireza Sedighi Moghaddam, Farshid Nooshi
  • 0


The highest level in the Endsley situation awareness model is calledprojection when the status of elements in the environment in the near future ispredicted. In cybersecurity situation awareness, the projection for an AdvancedPersistent Threat (APT) requires predicting the next step of the APT. Thethreats are constantly changing and becoming more complex. As supervised andunsupervised learning methods require APT datasets for projecting the next stepof APTs, they are unable to identify unknown APT threats. In reinforcementlearning methods, the agent interacts with the environment, and so it mightproject the next step of known and unknown APTs. So far, reinforcement learninghas not been used to project the next step for APTs. In reinforcement learning,the agent uses the previous states and actions to approximate the best actionof the current state. When the number of states and actions is abundant, theagent employs a neural network which is called deep learning to approximate thebest action of each state. In this paper, we present a deep reinforcementlearning system to project the next step of APTs. As there exists some relationbetween attack steps, we employ the Long- Short-Term Memory (LSTM) method toapproximate the best action of each state. In our proposed system, based on thecurrent situation, we project the next steps of APT threats.


Quick Read (beta)

loading the full paper ...