Attackers Strike Back? Not Anymore -- An Ensemble of RL Defenders Awakens for APT Detection
This addresses the challenge of adaptive cyberattacks for cybersecurity systems, representing an incremental improvement over existing static detection methods.
The paper tackles the problem of detecting Advanced Persistent Threats (APTs) by introducing a novel framework that combines deep learning, reinforcement learning, and active learning, achieving improved detection accuracy with concrete performance gains reported in the abstract.
Advanced Persistent Threats (APTs) represent a growing menace to modern digital infrastructure. Unlike traditional cyberattacks, APTs are stealthy, adaptive, and long-lasting, often bypassing signature-based detection systems. This paper introduces a novel framework for APT detection that unites deep learning, reinforcement learning (RL), and active learning into a cohesive, adaptive defense system. Our system combines auto-encoders for latent behavioral encoding with a multi-agent ensemble of RL-based defenders, each trained to distinguish between benign and malicious process behaviors. We identify a critical challenge in existing detection systems: their static nature and inability to adapt to evolving attack strategies. To this end, our architecture includes multiple RL agents (Q-Learning, PPO, DQN, adversarial defenders), each analyzing latent vectors generated by an auto-encoder. When any agent is uncertain about its decision, the system triggers an active learning loop to simulate expert feedback, thus refining decision boundaries. An ensemble voting mechanism, weighted by each agent's performance, ensures robust final predictions.