Detection of APTs by Machine Learning: A Performance Comparison

Abstract

Recent advances in machine learning and deep learning have significantly impacted multiple domains, including computer vision, natural language processing and cybersecurity. In the context of increasingly sophisticated Advanced Persistent Threats (APTs), deep learning models have shown strong potential for network intrusion detection by addressing the limitations of traditional methods. This study presents a comparative evaluation of classical and deep learning models for APT detection, highlighting the ability of deep architectures, such as Convolutional Neural Networks and Long Short-Term Memory networks, to automatically extract complex temporal and spatial patterns from network traffic data. A key objective is to maximise detection accuracy while minimising false positives and false negatives. Experimental results show that Convolutional Neural Networks applied to the SCVIC-APT-2021 dataset achieved outstanding performance, with 99.24% accuracy, 99.39% precision, 99.24% recall and a 99.24% F1-score. These results confirm the robustness of deep learning techniques for APT detection and underscore their effectiveness in identifying malicious activity in modern network environments.