Litcius/Paper detail

Advanced Persistent Threats (APT) Attribution Using Deep Reinforcement Learning

Animesh Singh Basnet, Mohamed Chahine Ghanem, Dipo Dunsin, Hamza Kheddar, Wiktor Sowinski-Mydlarz

2025Digital Threats Research and Practice12 citationsDOIOpen Access PDF

Abstract

This article investigates the application of Deep Reinforcement Learning (DRL) for attributing malware to specific Advanced Persistent Threat (APT) groups through detailed behavioural analysis. By analysing over 3,500 malware samples from 12 distinct APT groups, the study utilises sophisticated tools like Cuckoo Sandbox to extract behavioural data, providing a deep insight into the operational patterns of malware. The research demonstrates that the DRL model significantly outperforms traditional machine learning approaches such as SGD, SVC, KNN, MLP and Decision Tree Classifiers, achieving an impressive test accuracy of 94.12%. It highlights the model’s capability to adeptly manage complex, variable and elusive malware attributes. Furthermore, the article discusses the considerable computational resources and extensive data dependencies required for deploying these advanced AI models in cybersecurity frameworks. Future research is directed towards enhancing the efficiency of DRL models, expanding the diversity of the datasets, addressing ethical concerns and leveraging Large Language Models (LLMs) to refine reward mechanisms and optimise the DRL framework. By showcasing the transformative potential of DRL in malware attribution, this research advocates for a responsible and balanced approach to AI integration, with the goal of advancing cybersecurity through more adaptable, accurate and robust systems.

Topics & Concepts

AttributionReinforcementReinforcement learningPsychologyCognitive psychologyComputer scienceArtificial intelligenceSocial psychologyNetwork Security and Intrusion DetectionAdvanced Malware Detection TechniquesInformation and Cyber Security