Iskandarani, Osama (2026) On Automating Cyber Threat Hunting using Generative Artificial Intelligence and Reinforcement Learning. Masters thesis, Concordia University.
Text (application/pdf)
2MBIskandarani_MASc_S2026.pdf - Accepted Version Restricted to Repository staff only Available under License Spectrum Terms of Access. |
Abstract
Cyber threats are evolving where threat actors diversify their attack strategies and patterns, which incorporate refined and new tools to conceal their real identity and fingerprints. The rapidly evolving nature of Advanced Persistent Threats (APTs) outpaces current reactive security solutions, which are not prepared to anticipate variants of future attacks. In this thesis, we introduce APTMORPH+, a proactive threat hunting solution that anticipates variants of emerging APT campaigns. APTMORPH+ leverages a Generative Adversarial Network (GAN) model empowered with Reinforcement Learning (RL) to generate those variant campaigns. APTMORPH+ is trained on temporal security context data across 2019-2025 from the MITRE ATT&CK knowledge base to learn how to generate variant campaigns using security contexts. The model consists of both an Adversarial and Reinforcement Learning loops, which incorporate (i) a Technique Generator to anticipate the techniques of an APT campaign, (ii) a Technique Discriminator to filter out the least probable techniques to occur, (iii) a Security Context Evaluator to evaluate the semantic meaning of the variant campaigns, (iv) a Sequence Assembler to assemble the final sequences of campaigns, and (v) a Campaign Classifier, which identifies the aligned variant campaigns based on semantic features. To validate APTMORPH+, we performed time-series splitting of the MITRE data in comparison with the campaigns pre- and post- a selected year. APTMORPH+ was able to anticipate emerging variant APT campaigns while maintaining a high behavioral similarity score.
| Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
|---|---|
| Item Type: | Thesis (Masters) |
| Authors: | Iskandarani, Osama |
| Institution: | Concordia University |
| Degree Name: | M.A. Sc. |
| Program: | Information Systems Security |
| Date: | March 2026 |
| Thesis Supervisor(s): | Assi, Chadi and Debbabi, Mourad and Nour, Boubakr |
| ID Code: | 997017 |
| Deposited By: | Osama Iskandarani |
| Deposited On: | 29 Jun 2026 14:44 |
| Last Modified: | 29 Jun 2026 14:44 |
Repository Staff Only: item control page


Download Statistics
Download Statistics