Association for Computing Machinery (ACM)
Digital Threats Research and Practice
volume 6 issue 3 pages 1-23

Advanced Persistent Threats (APT) Attribution Using Deep Reinforcement Learning

Animesh Singh Basnet 1, 2
M. Ghanem 3, 4
Dipo Dunsin 1, 5
Hamza Kheddar 6, 7
Wiktor Sowinski-Mydlarz 1, 2
1
 
2
 
3
 
4
 
5
 
6
 
7
 
Publication typeJournal Article
Publication date2025-09-29
Association for Computing Machinery (ACM)
scimago Q2
wos Q3
SJR0.573
CiteScore5.2
Impact factor2.3
ISSN26921626, 25765337
Abstract

This paper investigates the application of Deep Reinforcement Learning (DRL) for attributing malware to specific Advanced Persistent Threat (APT) groups through detailed behavioural analysis. By analysing over 3,500 malware samples from 12 distinct APT groups, the study utilises sophisticated tools like Cuckoo Sandbox to extract behavioural data, providing a deep insight into the operational patterns of malware. The research demonstrates that the DRL model significantly outperforms traditional machine learning approaches such as SGD, SVC, KNN, MLP, and Decision Tree Classifiers, achieving an impressive test accuracy of 94.12%. It highlights the model's capability to adeptly manage complex, variable, and elusive malware attributes. Furthermore, the paper discusses the considerable computational resources and extensive data dependencies required for deploying these advanced AI models in cybersecurity frameworks. Future research is directed towards enhancing the efficiency of DRL models, expanding the diversity of the datasets, addressing ethical concerns, and leveraging Large Language Models (LLMs) to refine reward mechanisms and optimise the DRL framework. By showcasing the transformative potential of DRL in malware attribution, this research advocates for a responsible and balanced approach to AI integration, with the goal of advancing cybersecurity through more adaptable, accurate, and robust systems.

Found 
Found 

Are you a researcher?

Create a profile to get free access to personal recommendations for colleagues and new articles.
Metrics
4
Share
Cite this
GOST |
Cite this
GOST Copy
Basnet A. S. et al. Advanced Persistent Threats (APT) Attribution Using Deep Reinforcement Learning // Digital Threats Research and Practice. 2025. Vol. 6. No. 3. pp. 1-23.
GOST all authors (up to 50) Copy
Basnet A. S., Ghanem M., Dunsin D., Kheddar H., Sowinski-Mydlarz W. Advanced Persistent Threats (APT) Attribution Using Deep Reinforcement Learning // Digital Threats Research and Practice. 2025. Vol. 6. No. 3. pp. 1-23.
RIS |
Cite this
RIS Copy
TY - JOUR
DO - 10.1145/3736654
UR - https://dl.acm.org/doi/10.1145/3736654
TI - Advanced Persistent Threats (APT) Attribution Using Deep Reinforcement Learning
T2 - Digital Threats Research and Practice
AU - Basnet, Animesh Singh
AU - Ghanem, M.
AU - Dunsin, Dipo
AU - Kheddar, Hamza
AU - Sowinski-Mydlarz, Wiktor
PY - 2025
DA - 2025/09/29
PB - Association for Computing Machinery (ACM)
SP - 1-23
IS - 3
VL - 6
SN - 2692-1626
SN - 2576-5337
ER -
BibTex |
Cite this
BibTex (up to 50 authors) Copy
@article{2025_Basnet,
author = {Animesh Singh Basnet and M. Ghanem and Dipo Dunsin and Hamza Kheddar and Wiktor Sowinski-Mydlarz},
title = {Advanced Persistent Threats (APT) Attribution Using Deep Reinforcement Learning},
journal = {Digital Threats Research and Practice},
year = {2025},
volume = {6},
publisher = {Association for Computing Machinery (ACM)},
month = {sep},
url = {https://dl.acm.org/doi/10.1145/3736654},
number = {3},
pages = {1--23},
doi = {10.1145/3736654}
}
MLA
Cite this
MLA Copy
Basnet, Animesh Singh, et al. “Advanced Persistent Threats (APT) Attribution Using Deep Reinforcement Learning.” Digital Threats Research and Practice, vol. 6, no. 3, Sep. 2025, pp. 1-23. https://dl.acm.org/doi/10.1145/3736654.