Detection of APTs by Machine Learning: A Performance Comparison

Luengo Viñuela, Marcos; Román-Gallego, Jesús-Ángel; Pérez-Delgado, María-Luisa; Vega-Hernández, María-Concepción; Silva Varela, Hernando

doi:10.1111/exsy.70181

Título

Detection of APTs by Machine Learning: A Performance Comparison

dc.contributor.author	Luengo Viñuela, Marcos
dc.contributor.author	Román-Gallego, Jesús-Ángel
dc.contributor.author	Pérez-Delgado, María-Luisa
dc.contributor.author	Vega-Hernández, María-Concepción
dc.contributor.author	Silva Varela, Hernando
dc.date.accessioned	2026-02-16T12:41:00Z
dc.date.available	2026-02-16T12:41:00Z
dc.date.issued	2025-12-09
dc.identifier.citation	Luengo Viñuela, M., J.-Á. Román-Gallego, M.-L. Pérez-Delgado, M. A. Conde, M.-C. Vega-Hernández, and H. Silva Varela. 2026. “ Detection of APTs by Machine Learning: A Performance Comparison.” Expert Systems 43, no. 1: e70181. https://doi.org/10.1111/exsy.70181.	es_ES
dc.identifier.issn	0266-4720
dc.identifier.uri	http://hdl.handle.net/10366/169824
dc.description.abstract	[EN]Recent advances in machine learning and deep learning have significantly impacted multiple domains, including computervision, natural language processing and cybersecurity. In the context of increasingly sophisticated Advanced Persistent Threats(APTs), deep learning models have shown strong potential for network intrusion detection by addressing the limitations of tra-ditional methods. This study presents a comparative evaluation of classical and deep learning models for APT detection, high-lighting the ability of deep architectures, such as Convolutional Neural Networks and Long Short-Term Memory networks, toautomatically extract complex temporal and spatial patterns from network traffic data. A key objective is to maximise detectionaccuracy while minimising false positives and false negatives. Experimental results show that Convolutional Neural Networksapplied to the SCVIC-APT-2021 dataset achieved outstanding performance, with 99.24% accuracy, 99.39% precision, 99.24% re-call and a 99.24% F1-score. These results confirm the robustness of deep learning techniques for APT detection and underscoretheir effectiveness in identifying malicious activity in modern network environments.	es_ES
dc.description.sponsorship	This research stems from the Secure Certified Resources in IoTNetworks (SCRIN) project (C068/23), the result of a collaboration agree-ment signed between the National Institute of Cybersecurity (INCIBE)and the University of Salamanca. This initiative is being carried outwithin the framework of the EU-funded Recovery, Transformation andResilience Plan (Next Generation).	es_ES
dc.language.iso	eng	es_ES
dc.publisher	WILEY	es_ES
dc.relation.ispartofseries	43;1
dc.rights	Attribution-NonCommercial-NoDerivatives 4.0 Internacional	*
dc.rights.uri	http://creativecommons.org/licenses/by-nc-nd/4.0/	*
dc.subject	APTs	es_ES
dc.subject	Deep learning	es_ES
dc.subject	Machine learning	es_ES
dc.subject	NetFlow traffic analysis	es_ES
dc.subject	Neural networks	es_ES
dc.title	Detection of APTs by Machine Learning: A Performance Comparison	es_ES
dc.type	info:eu-repo/semantics/article	es_ES
dc.relation.publishversion	https://doi.org/10.1111/exsy.70181
dc.subject.unesco	1203.17 Informática	es_ES
dc.subject.unesco	1203.18 Sistemas de Información, Diseño Componentes	es_ES
dc.subject.unesco	1209 Estadística	es_ES
dc.identifier.doi	10.1111/exsy.70181
dc.rights.accessRights	info:eu-repo/semantics/openAccess	es_ES