TY - JOUR
T1 - Explainable Intelligence-Driven Defense Mechanism Against Advanced Persistent Threats
T2 - A Joint Edge Game and AI Approach
AU - Li, Huiling
AU - Wu, Jun
AU - Xu, Hansong
AU - Li, Gaolei
AU - Guizani, Mohsen
N1 - Funding Information:
This work was supported by the National Natural Science Foundation of China under Grants U21B2019 and U20B2048.
Publisher Copyright:
© 2004-2012 IEEE.
PY - 2022
Y1 - 2022
N2 - Advanced persistent threats (APT) have novel features such as long-term latency, precision strikes and uncertain strategies. APT poses severe threats to the resource-limited edge devices in advanced networks. Cyber threat intelligence (CTI) conducts data analysis on attack strategies by artificial intelligence (AI) and generates threat intelligence to optimize the detection model and guide defense strategies. However, AI lacks explanations for the decisions and thus reduces the transparency and performance of the detection model. Besides, the tradeoff between the detection accuracy and the computational resource limitation of edge devices needs an optimal and rapid dynamic resource allocation method, which edge game and AI can help. In this article, we propose an explainable intelligence-driven APT edge defense mechanism. The proposed mechanism provides guidelines and explanations for designing the defense strategy and resource allocation scheme of the edge defender to detect APT. The edge defense strategy model is based on edge Bayesian Stackelberg game and CTI. Meanwhile, we implement a DRL-based resource allocation scheme to meet rapid response requirements at the edges. We demonstrate that the proposed mechanism can improve the protection level of edges and defense capability against APT through extensive experiments.
AB - Advanced persistent threats (APT) have novel features such as long-term latency, precision strikes and uncertain strategies. APT poses severe threats to the resource-limited edge devices in advanced networks. Cyber threat intelligence (CTI) conducts data analysis on attack strategies by artificial intelligence (AI) and generates threat intelligence to optimize the detection model and guide defense strategies. However, AI lacks explanations for the decisions and thus reduces the transparency and performance of the detection model. Besides, the tradeoff between the detection accuracy and the computational resource limitation of edge devices needs an optimal and rapid dynamic resource allocation method, which edge game and AI can help. In this article, we propose an explainable intelligence-driven APT edge defense mechanism. The proposed mechanism provides guidelines and explanations for designing the defense strategy and resource allocation scheme of the edge defender to detect APT. The edge defense strategy model is based on edge Bayesian Stackelberg game and CTI. Meanwhile, we implement a DRL-based resource allocation scheme to meet rapid response requirements at the edges. We demonstrate that the proposed mechanism can improve the protection level of edges and defense capability against APT through extensive experiments.
KW - Advanced persistent threats
KW - Edge artificial intelligence
KW - Edge game
KW - Explainable threat intelligence
KW - Resource allocation
UR - http://www.scopus.com/inward/record.url?scp=85120567200&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85120567200&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2021.3130944
DO - 10.1109/TDSC.2021.3130944
M3 - Article
AN - SCOPUS:85120567200
SN - 1545-5971
VL - 19
SP - 757
EP - 775
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 2
ER -