Explainable Intelligence-Driven Defense Mechanism Against Advanced Persistent Threats: A Joint Edge Game and AI Approach

Advanced persistent threats (APT) have novel features such as long-term latency, precision strikes and uncertain strategies. APT poses severe threats to the resource-limited edge devices in advanced networks. Cyber threat intelligence (CTI) conducts data analysis on attack strategies by artificial intelligence (AI) and generates threat intelligence to optimize the detection model and guide defense strategies. However, AI lacks explanations for the decisions and thus reduces the transparency and performance of the detection model. Besides, the tradeoff between the detection accuracy and the computational resource limitation of edge devices needs an optimal and rapid dynamic resource allocation method, which edge game and AI can help. In this article, we propose an explainable intelligence-driven APT edge defense mechanism. The proposed mechanism provides guidelines and explanations for designing the defense strategy and resource allocation scheme of the edge defender to detect APT. The edge defense strategy model is based on edge Bayesian Stackelberg game and CTI. Meanwhile, we implement a DRL-based resource allocation scheme to meet rapid response requirements at the edges. We demonstrate that the proposed mechanism can improve the protection level of edges and defense capability against APT through extensive experiments.