{"id":"https://openalex.org/W4415427437","doi":"https://doi.org/10.3233/faia251464","title":"Inferring Hidden Behavioral Signatures of Cyber Adversaries Using Inverse Reinforcement Learning","display_name":"Inferring Hidden Behavioral Signatures of Cyber Adversaries Using Inverse Reinforcement Learning","publication_year":2025,"publication_date":"2025-10-21","ids":{"openalex":"https://openalex.org/W4415427437","doi":"https://doi.org/10.3233/faia251464"},"language":null,"primary_location":{"id":"doi:10.3233/faia251464","is_oa":true,"landing_page_url":"https://doi.org/10.3233/faia251464","pdf_url":null,"source":{"id":"https://openalex.org/S4210201731","display_name":"Frontiers in artificial intelligence and applications","issn_l":"0922-6389","issn":["0922-6389","1879-8314"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Frontiers in Artificial Intelligence and Applications","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.3233/faia251464","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063539255","display_name":"Aditya Shinde","orcid":"https://orcid.org/0000-0002-7926-9365"},"institutions":[{"id":"https://openalex.org/I165733156","display_name":"University of Georgia","ror":"https://ror.org/00te3t702","country_code":"US","type":"education","lineage":["https://openalex.org/I165733156"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Aditya Shinde","raw_affiliation_strings":["THINC Lab, School of Computing, University of Georgia, Athens, GA 30602"],"affiliations":[{"raw_affiliation_string":"THINC Lab, School of Computing, University of Georgia, Athens, GA 30602","institution_ids":["https://openalex.org/I165733156"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001254145","display_name":"Prashant Doshi","orcid":"https://orcid.org/0000-0001-9042-9131"},"institutions":[{"id":"https://openalex.org/I165733156","display_name":"University of Georgia","ror":"https://ror.org/00te3t702","country_code":"US","type":"education","lineage":["https://openalex.org/I165733156"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Prashant Doshi","raw_affiliation_strings":["THINC Lab, Institute for AI & School of Computing, University of Georgia, Athens, GA 30602"],"affiliations":[{"raw_affiliation_string":"THINC Lab, Institute for AI & School of Computing, University of Georgia, Athens, GA 30602","institution_ids":["https://openalex.org/I165733156"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5063539255"],"corresponding_institution_ids":["https://openalex.org/I165733156"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.67889908,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12357","display_name":"Digital Media Forensic Detection","score":0.9761000275611877,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12357","display_name":"Digital Media Forensic Detection","score":0.9761000275611877,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9742000102996826,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9488999843597412,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5789999961853027},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5681999921798706},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.46389999985694885},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.43790000677108765},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.41339999437332153},{"id":"https://openalex.org/keywords/behavioral-pattern","display_name":"Behavioral pattern","score":0.3977999985218048},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.3693999946117401},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.35749998688697815}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7318999767303467},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5789999961853027},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5681999921798706},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5493000149726868},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.46389999985694885},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.43790000677108765},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.41339999437332153},{"id":"https://openalex.org/C83804111","wikidata":"https://www.wikidata.org/wiki/Q1063558","display_name":"Behavioral pattern","level":2,"score":0.3977999985218048},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.39489999413490295},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3725999891757965},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.3693999946117401},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.35749998688697815},{"id":"https://openalex.org/C78639753","wikidata":"https://www.wikidata.org/wiki/Q3318160","display_name":"Behavioral modeling","level":2,"score":0.3107999861240387},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.299699991941452},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.2996000051498413},{"id":"https://openalex.org/C2781249084","wikidata":"https://www.wikidata.org/wiki/Q908656","display_name":"Preference","level":2,"score":0.29580000042915344},{"id":"https://openalex.org/C2779458634","wikidata":"https://www.wikidata.org/wiki/Q24963715","display_name":"Debiasing","level":2,"score":0.2870999872684479},{"id":"https://openalex.org/C33676613","wikidata":"https://www.wikidata.org/wiki/Q13415176","display_name":"Dimension (graph theory)","level":2,"score":0.28540000319480896},{"id":"https://openalex.org/C132829578","wikidata":"https://www.wikidata.org/wiki/Q581151","display_name":"Situated","level":2,"score":0.2849999964237213},{"id":"https://openalex.org/C62230096","wikidata":"https://www.wikidata.org/wiki/Q275969","display_name":"Crowdsourcing","level":2,"score":0.2768000066280365},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.2759999930858612},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.26980000734329224},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.2637999951839447},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.25380000472068787}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3233/faia251464","is_oa":true,"landing_page_url":"https://doi.org/10.3233/faia251464","pdf_url":null,"source":{"id":"https://openalex.org/S4210201731","display_name":"Frontiers in artificial intelligence and applications","issn_l":"0922-6389","issn":["0922-6389","1879-8314"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Frontiers in Artificial Intelligence and Applications","raw_type":"book-chapter"}],"best_oa_location":{"id":"doi:10.3233/faia251464","is_oa":true,"landing_page_url":"https://doi.org/10.3233/faia251464","pdf_url":null,"source":{"id":"https://openalex.org/S4210201731","display_name":"Frontiers in artificial intelligence and applications","issn_l":"0922-6389","issn":["0922-6389","1879-8314"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Frontiers in Artificial Intelligence and Applications","raw_type":"book-chapter"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"This":[0],"paper":[1],"presents":[2],"an":[3,22,48,95,152,159],"emerging":[4],"approach":[5,74,127],"to":[6,38,56,116,162,171,185],"attacker":[7,52,65,93],"preference":[8],"modeling":[9,20,163],"from":[10,82],"system-level":[11],"audit":[12,114,132],"logs":[13,115,133],"using":[14],"inverse":[15],"reinforcement":[16],"learning":[17],"(IRL).":[18],"Adversary":[19],"is":[21],"important":[23],"capability":[24],"in":[25,104],"cybersecurity":[26],"that":[27,145,182],"lets":[28],"defenders":[29],"characterize":[30],"behaviors":[31],"of":[32,51,79,113,121,131,200],"potential":[33],"attackers,":[34],"which":[35,156],"enables":[36],"attribution":[37],"known":[39,58],"cyber":[40,80,166],"adversary":[41],"groups.":[42],"Existing":[43],"approaches":[44],"rely":[45],"on":[46,85,128],"documenting":[47,165],"ever-evolving":[49],"set":[50],"tools":[53,87,178],"and":[54,70,88,164,179,202],"techniques":[55],"track":[57],"threat":[59,204],"actors.":[60],"Although":[61],"attacks":[62],"evolve":[63],"constantly,":[64],"behavioral":[66,77,101,198],"preferences":[67,78,102,169,192],"are":[68,183],"intrinsic":[69],"less":[71,173],"volatile.":[72],"Our":[73,138],"learns":[75],"the":[76,92,122,142,186],"adversaries":[81],"forensics":[83,147],"data":[84,148],"their":[86,176],"techniques.":[89],"We":[90,108,124],"model":[91],"as":[94,158,196],"expert":[96],"decision-making":[97],"agent":[98],"with":[99],"unknown":[100],"situated":[103],"a":[105,118],"computer":[106],"host.":[107],"leverage":[109],"attack":[110,136],"provenance":[111],"graphs":[112],"derive":[117],"state-action":[119],"trajectory":[120],"attack.":[123],"test":[125],"our":[126],"open":[129],"datasets":[130],"containing":[134],"real":[135],"data.":[137],"results":[139],"demonstrate":[140],"for":[141],"first":[143],"time":[144],"low-level":[146],"can":[149,193],"automatically":[150],"reveal":[151],"adversary\u2019s":[153],"subjective":[154],"preferences,":[155],"serves":[157],"additional":[160],"dimension":[161],"adversaries.":[167],"Attackers\u2019":[168],"tend":[170],"be":[172],"dynamic":[174],"despite":[175],"different":[177],"indicate":[180],"predispositions":[181],"inherent":[184],"attacker.":[187],"As":[188],"such,":[189],"these":[190],"inferred":[191],"potentially":[194],"serve":[195],"unique":[197],"signatures":[199],"attackers":[201],"improve":[203],"attribution.":[205]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-24T00:00:00"}