Explainable Intelligence-Driven Defense Mechanism Against Advanced Persistent Threats: A Joint Edge Game and AI Approach

Authors

Huiling Li, Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China
Jun Wu, Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China
Hansong Xu, Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China
Gaolei Li, Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China
Mohsen Guizani, Mohamed Bin Zayed University of Artificial IntelligenceFollow

Document Type

Article

Publication Title

IEEE Transactions on Dependable and Secure Computing

Abstract

Advanced persistent threats (APT) have novel features such as long-term latency, precision strikes and uncertain strategies. APT poses severe threats to the resource-limited edge devices in advanced networks. Cyber threat intelligence (CTI) conducts data analysis on attack strategies by artificial intelligence (AI) and generates threat intelligence to optimize the detection model and guide defense strategies. However, AI lacks explanations for the decisions and thus reduces the transparency and performance of the detection model. Besides, the tradeoff between the detection accuracy and the computational resource limitation of edge devices needs an optimal and rapid dynamic resource allocation method, which edge game and AI can help. In this article, we propose an explainable intelligence-driven APT edge defense mechanism. The proposed mechanism provides guidelines and explanations for designing the defense strategy and resource allocation scheme of the edge defender to detect APT. The edge defense strategy model is based on edge Bayesian Stackelberg game and CTI. Meanwhile, we implement a DRL-based resource allocation scheme to meet rapid response requirements at the edges. We demonstrate that the proposed mechanism can improve the protection level of edges and defense capability against APT through extensive experiments. © 2004-2012 IEEE.

First Page

757

Last Page

775

DOI

10.1109/TDSC.2021.3130944

Publication Date

11-26-2021

Keywords

Artificial intelligence, Cybersecurity, Edge detection, Hidden Markov models, Interactive computer systems, Network security, Resource allocation, Advanced persistent threat, Edge artificial intelligence, Edge game, Explainable threat intelligence, Game, Hidden-Markov models, Image edge detection, Real - Time system, Resource management, Resources allocation, Security, Real time systems

Comments

IR Deposit conditions:

OA version (pathway a): Accepted version

No embargo

When accepted for publication, set statement to accompany deposit (see policy)

Must link to publisher version with DOI

Publisher copyright and source must be acknowledged

Recommended Citation

H. Li, J. Wu, H. Xu, G. Li and M. Guizani, "Explainable Intelligence-Driven Defense Mechanism Against Advanced Persistent Threats: A Joint Edge Game and AI Approach," in IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 2, pp. 757-775, 1 March-April 2022, doi: 10.1109/TDSC.2021.3130944.