Login | Register

On Automating Cyber Threat Hunting using Generative Artificial Intelligence and Reinforcement Learning

Title:

On Automating Cyber Threat Hunting using Generative Artificial Intelligence and Reinforcement Learning

Iskandarani, Osama (2026) On Automating Cyber Threat Hunting using Generative Artificial Intelligence and Reinforcement Learning. Masters thesis, Concordia University.

[thumbnail of Iskandarani_MASc_S2026.pdf]
Text (application/pdf)
Iskandarani_MASc_S2026.pdf - Accepted Version
Restricted to Repository staff only
Available under License Spectrum Terms of Access.
2MB

Abstract

Cyber threats are evolving where threat actors diversify their attack strategies and patterns, which incorporate refined and new tools to conceal their real identity and fingerprints. The rapidly evolving nature of Advanced Persistent Threats (APTs) outpaces current reactive security solutions, which are not prepared to anticipate variants of future attacks. In this thesis, we introduce APTMORPH+, a proactive threat hunting solution that anticipates variants of emerging APT campaigns. APTMORPH+ leverages a Generative Adversarial Network (GAN) model empowered with Reinforcement Learning (RL) to generate those variant campaigns. APTMORPH+ is trained on temporal security context data across 2019-2025 from the MITRE ATT&CK knowledge base to learn how to generate variant campaigns using security contexts. The model consists of both an Adversarial and Reinforcement Learning loops, which incorporate (i) a Technique Generator to anticipate the techniques of an APT campaign, (ii) a Technique Discriminator to filter out the least probable techniques to occur, (iii) a Security Context Evaluator to evaluate the semantic meaning of the variant campaigns, (iv) a Sequence Assembler to assemble the final sequences of campaigns, and (v) a Campaign Classifier, which identifies the aligned variant campaigns based on semantic features. To validate APTMORPH+, we performed time-series splitting of the MITRE data in comparison with the campaigns pre- and post- a selected year. APTMORPH+ was able to anticipate emerging variant APT campaigns while maintaining a high behavioral similarity score.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Iskandarani, Osama
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:March 2026
Thesis Supervisor(s):Assi, Chadi and Debbabi, Mourad and Nour, Boubakr
ID Code:997017
Deposited By: Osama Iskandarani
Deposited On:29 Jun 2026 14:44
Last Modified:29 Jun 2026 14:44
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top