{"id":"https://openalex.org/W4404130094","doi":"https://doi.org/10.1145/3689933.3690834","title":"Automated APT Defense Using Reinforcement Learning and Attack Graph Risk-based Situation Awareness","display_name":"Automated APT Defense Using Reinforcement Learning and Attack Graph Risk-based Situation Awareness","publication_year":2023,"publication_date":"2023-11-06","ids":{"openalex":"https://openalex.org/W4404130094","doi":"https://doi.org/10.1145/3689933.3690834"},"language":"en","primary_location":{"id":"doi:10.1145/3689933.3690834","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3689933.3690834","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Workshop on Autonomous Cybersecurity","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3689933.3690834","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059875631","display_name":"Anhtuan Le","orcid":"https://orcid.org/0000-0001-8814-5711"},"institutions":[{"id":"https://openalex.org/I39555362","display_name":"University of Warwick","ror":"https://ror.org/01a77tt86","country_code":"GB","type":"education","lineage":["https://openalex.org/I39555362"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Anh Tuan Le","raw_affiliation_strings":["WMG, University of Warwick, Coventry, West Midland, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0001-8814-5711","affiliations":[{"raw_affiliation_string":"WMG, University of Warwick, Coventry, West Midland, United Kingdom","institution_ids":["https://openalex.org/I39555362"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043277300","display_name":"Gregory Epiphaniou","orcid":"https://orcid.org/0000-0003-1054-6368"},"institutions":[{"id":"https://openalex.org/I39555362","display_name":"University of Warwick","ror":"https://ror.org/01a77tt86","country_code":"GB","type":"education","lineage":["https://openalex.org/I39555362"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Gregory Epiphaniou","raw_affiliation_strings":["WMG, University of Warwick, Coventry, West Midland, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0003-1054-6368","affiliations":[{"raw_affiliation_string":"WMG, University of Warwick, Coventry, West Midland, United Kingdom","institution_ids":["https://openalex.org/I39555362"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080175512","display_name":"Carsten Maple","orcid":"https://orcid.org/0000-0002-4715-212X"},"institutions":[{"id":"https://openalex.org/I39555362","display_name":"University of Warwick","ror":"https://ror.org/01a77tt86","country_code":"GB","type":"education","lineage":["https://openalex.org/I39555362"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Carsten Maple","raw_affiliation_strings":["WMG, University of Warwick, Coventry, West Midland, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-4715-212X","affiliations":[{"raw_affiliation_string":"WMG, University of Warwick, Coventry, West Midland, United Kingdom","institution_ids":["https://openalex.org/I39555362"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046799023","display_name":"Konstantinos G. Kyriakopoulos","orcid":"https://orcid.org/0000-0002-7498-4589"},"institutions":[{"id":"https://openalex.org/I143804889","display_name":"Loughborough University","ror":"https://ror.org/04vg4w365","country_code":"GB","type":"education","lineage":["https://openalex.org/I143804889"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Konstantinos G. Kyriakopoulos","raw_affiliation_strings":["Loughborough University, Loughborough, West Midland, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-7498-4589","affiliations":[{"raw_affiliation_string":"Loughborough University, Loughborough, West Midland, United Kingdom","institution_ids":["https://openalex.org/I143804889"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064040875","display_name":"Lincoln Kiarie","orcid":"https://orcid.org/0000-0002-5749-2371"},"institutions":[{"id":"https://openalex.org/I143804889","display_name":"Loughborough University","ror":"https://ror.org/04vg4w365","country_code":"GB","type":"education","lineage":["https://openalex.org/I143804889"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Lincoln Kiarie","raw_affiliation_strings":["Loughborough University, Loughborough, West Midland, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-5749-2371","affiliations":[{"raw_affiliation_string":"Loughborough University, Loughborough, West Midland, United Kingdom","institution_ids":["https://openalex.org/I143804889"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005571228","display_name":"Marios Aristodemou","orcid":"https://orcid.org/0000-0002-7199-8133"},"institutions":[{"id":"https://openalex.org/I143804889","display_name":"Loughborough University","ror":"https://ror.org/04vg4w365","country_code":"GB","type":"education","lineage":["https://openalex.org/I143804889"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Marios Aristodemou","raw_affiliation_strings":["Loughborough University, Loughborough, West Midland, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-7199-8133","affiliations":[{"raw_affiliation_string":"Loughborough University, Loughborough, West Midland, United Kingdom","institution_ids":["https://openalex.org/I143804889"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075316109","display_name":"Iain Phillips","orcid":"https://orcid.org/0000-0001-8503-7651"},"institutions":[{"id":"https://openalex.org/I143804889","display_name":"Loughborough University","ror":"https://ror.org/04vg4w365","country_code":"GB","type":"education","lineage":["https://openalex.org/I143804889"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Iain Phillips","raw_affiliation_strings":["Loughborough University, Loughborough, West Midland, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0001-8503-7651","affiliations":[{"raw_affiliation_string":"Loughborough University, Loughborough, West Midland, United Kingdom","institution_ids":["https://openalex.org/I143804889"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.3793,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.65117083,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"23","last_page":"33"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6927621364593506},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.6506068706512451},{"id":"https://openalex.org/keywords/situation-awareness","display_name":"Situation awareness","score":0.44533824920654297},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4198628067970276},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.37438544631004333},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.35558825731277466},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.12716922163963318},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.10603511333465576}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6927621364593506},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.6506068706512451},{"id":"https://openalex.org/C145804949","wikidata":"https://www.wikidata.org/wiki/Q478123","display_name":"Situation awareness","level":2,"score":0.44533824920654297},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4198628067970276},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37438544631004333},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35558825731277466},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.12716922163963318},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.10603511333465576},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3689933.3690834","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3689933.3690834","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Workshop on Autonomous Cybersecurity","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3689933.3690834","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3689933.3690834","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Workshop on Autonomous Cybersecurity","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G5042591242","display_name":null,"funder_award_id":"EP/V056883/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G7282611729","display_name":null,"funder_award_id":"EP/R007195/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W2031175798","https://openalex.org/W2069406854","https://openalex.org/W2072493607","https://openalex.org/W2308142228","https://openalex.org/W2563512010","https://openalex.org/W2785621229","https://openalex.org/W2792415149","https://openalex.org/W2982586338","https://openalex.org/W3160354837","https://openalex.org/W4210344620","https://openalex.org/W4220955296","https://openalex.org/W4387415009","https://openalex.org/W4388736719"],"related_works":["https://openalex.org/W4306904969","https://openalex.org/W3024912289","https://openalex.org/W2415747217","https://openalex.org/W2138720691","https://openalex.org/W2143767096","https://openalex.org/W4362501864","https://openalex.org/W4380318855","https://openalex.org/W3084456289","https://openalex.org/W2561023719","https://openalex.org/W2024136090"],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threats":[2],"pose":[3],"significant":[4,160],"risks":[5],"to":[6,20,122,171],"communication":[7],"and":[8,14,35,40,62,111,119,134,141],"infrastructure":[9],"systems.":[10],"While":[11],"both":[12,132],"heuristic":[13],"reinforcement":[15],"learning":[16,82],"have":[17],"been":[18],"applied":[19],"address":[21],"this":[22,43],"challenge,":[23],"current":[24],"approaches":[25],"rely":[26],"on":[27,145],"fixed":[28],"assumptions":[29],"or":[30],"use":[31],"simplistic":[32],"state":[33,78],"representations":[34],"reward":[36,101],"functions,":[37],"compromising":[38],"adaptability":[39],"accuracy.":[41],"In":[42],"paper,":[44],"we":[45,139],"propose":[46],"a":[47,75,99],"novel":[48],"intelligent":[49],"agent":[50],"system":[51,144,150],"that":[52,103],"enhances":[53],"security":[54],"against":[55],"APTs":[56],"by":[57],"leveraging":[58],"MulVAL":[59,70],"attack":[60,71,90],"graphs":[61],"quantitative":[63,89],"risk":[64,92,107],"assessment.":[65],"Our":[66],"approach":[67,115,165],"translates":[68],"complex":[69],"graph":[72],"states":[73],"into":[74,94],"compact":[76],"RL":[77,96,124,168],"representation,":[79],"enabling":[80],"efficient":[81],"in":[83,166,180],"dynamic":[84],"network":[85],"environments.":[86],"We":[87],"integrate":[88],"graph-based":[91],"assessment":[93],"the":[95,123,159],"framework,":[97],"employing":[98],"hybrid":[100],"function":[102],"incorporates":[104],"residual":[105],"risk,":[106],"reduction,":[108],"control":[109,149,184],"efficacy,":[110],"cost.":[112],"This":[113],"risk-based":[114,164],"provides":[116],"enhanced":[117],"context":[118],"situation":[120],"awareness":[121],"agent,":[125],"facilitating":[126],"more":[127],"informed":[128],"long-term":[129,189],"decision-making.":[130],"Using":[131],"Q-learning":[133],"Proximal":[135],"Policy":[136],"Optimization":[137],"algorithms,":[138],"train":[140],"evaluate":[142],"our":[143,163,174],"an":[146],"emulated":[147],"industrial":[148],"environment":[151],"under":[152],"realistic":[153],"APT":[154,181],"attacks.":[155],"Experimental":[156],"results":[157],"demonstrate":[158],"benefits":[161],"of":[162],"guiding":[167],"agents.":[169],"Compared":[170],"non-risk":[172],"configurations,":[173],"method":[175],"shows":[176],"improved":[177],"success":[178],"rates":[179],"mitigation,":[182],"reduced":[183],"costs,":[185],"which":[186],"imply":[187],"better":[188],"strategic":[190],"planning.":[191]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}