A Q-Learning Based Method to Simulate the Propagation of APT Malware.

Advanced persistent threats are cyberattacks characterized by its complexity, persistence and stealth. One of the basic tools employed in an APT campaign is specific specimens of advanced malware whose malicious payload consists of infecting some concrete devices. Consequently, this type of malware needs to have some type of knowledge of the network and devices. The main goal of this work is to introduce a novel model to obtain the most efficient path that a malware must follow to achieve its objective when no kind of information about the devices and network is known. The proposed model is based on Q-Learning methodology and it allows to consider some security countermeasures like honeypots (the model is able of find a path that avoids these honeypots). Furthermore, in order to avoid that APT malware gathers the information of the network, we propose using Moving Target Defense (MTD) which does not avoid malware propagation but it triggers that malware learns in a not proper way.