Detection of APTs by Machine Learning: A Performance Comparison

[EN]Recent advances in machine learning and deep learning have significantly impacted multiple domains, including computervision, natural language processing and cybersecurity. In the context of increasingly sophisticated Advanced Persistent Threats(APTs), deep learning models have shown strong pote...

Descripción completa

Detalles Bibliográficos
Autores: Luengo Viñuela, Marcos, Román-Gallego, Jesús-Ángel, Pérez-Delgado, María-Luisa, Vega-Hernández, María-Concepción, Silva Varela, Hernando
Tipo de recurso: artículo
Fecha de publicación:2025
País:España
Institución:Universidad de Salamanca (USAL)
Repositorio:GREDOS. Repositorio Institucional de la Universidad de Salamanca
OAI Identifier:oai:gredos.usal.es:10366/169824
Acceso en línea:http://hdl.handle.net/10366/169824
Access Level:acceso abierto
Palabra clave:APTs
Deep learning
Machine learning
NetFlow traffic analysis
Neural networks
1203.17 Informática
1203.18 Sistemas de Información, Diseño Componentes
1209 Estadística
Descripción
Sumario:[EN]Recent advances in machine learning and deep learning have significantly impacted multiple domains, including computervision, natural language processing and cybersecurity. In the context of increasingly sophisticated Advanced Persistent Threats(APTs), deep learning models have shown strong potential for network intrusion detection by addressing the limitations of tra-ditional methods. This study presents a comparative evaluation of classical and deep learning models for APT detection, high-lighting the ability of deep architectures, such as Convolutional Neural Networks and Long Short-Term Memory networks, toautomatically extract complex temporal and spatial patterns from network traffic data. A key objective is to maximise detectionaccuracy while minimising false positives and false negatives. Experimental results show that Convolutional Neural Networksapplied to the SCVIC-APT-2021 dataset achieved outstanding performance, with 99.24% accuracy, 99.39% precision, 99.24% re-call and a 99.24% F1-score. These results confirm the robustness of deep learning techniques for APT detection and underscoretheir effectiveness in identifying malicious activity in modern network environments.