Detection of APTs by Machine Learning: A Performance Comparison

Abstract

[EN]Recent advances in machine learning and deep learning have significantly impacted multiple domains, including computervision, natural language processing and cybersecurity. In the context of increasingly sophisticated Advanced Persistent Threats(APTs), deep learning models have shown strong potential for network intrusion detection by addressing the limitations of tra-ditional methods. This study presents a comparative evaluation of classical and deep learning models for APT detection, high-lighting the ability of deep architectures, such as Convolutional Neural Networks and Long Short-Term Memory networks, toautomatically extract complex temporal and spatial patterns from network traffic data. A key objective is to maximise detectionaccuracy while minimising false positives and false negatives. Experimental results show that Convolutional Neural Networksapplied to the SCVIC-APT-2021 dataset achieved outstanding performance, with 99.24% accuracy, 99.39% precision, 99.24% re-call and a 99.24% F1-score. These results confirm the robustness of deep learning techniques for APT detection and underscoretheir effectiveness in identifying malicious activity in modern network environments.