A B S T R A C T : In mobile fog computing (MFC), data processing and applications are concentrated in devices at the network’s edge. This means that data can be processed in local intelligent devices without being sent to the cloud for execution, bringing great convenience to end-users. Fog computing is a semi-virtualised service computing architecture model between cloud computing and personal computing. However, its virtualized environment is vulnerable to advanced persistent threats (APT). In this paper, we propose an APT defense scheme based on MFC’s Double Q-learning (DQL) algorithm. First, we apply prospect theory (PT) to build a static subjective game model between APT attackers and legitimate users. In addition, a dynamic game scheme based on DQL is proposed against APT attacks. Finally, we compare our proposed method with the existing methods, i.e., the Q-learning algorithm, Sarsa algorithm and Greedy algorithm. The experimental results show that the proposed method can effectively suppress the attack motivation of APT attackers, improve the utility of legitimate users, and protect the security of the fog computing environment.