Explainable deep learning approach for advanced persistent threats (APTs) detection in cybersecurity: A review

Abdul Mutalib, Noor Hazlina and Md Sabri, Aznul Qalid and Abdul Wahab, Ainuddin Wahid and Abdullah, Erma Rahayu Mohd Faizal and Aldahoul, Nouar (2024) Explainable deep learning approach for advanced persistent threats (APTs) detection in cybersecurity: A review. Artificial Intelligence Review, 57 (11). ISSN 0269-2821, DOI https://doi.org/10.1007/s10462-024-10890-4.

Full text not available from this repository.

Abstract

In recent years, Advanced Persistent Threat (APT) attacks on network systems have increased through sophisticated fraud tactics. Traditional Intrusion Detection Systems (IDSs) suffer from low detection accuracy, high false-positive rates, and difficulty identifying unknown attacks such as remote-to-local (R2L) and user-to-root (U2R) attacks. This paper addresses these challenges by providing a foundational discussion of APTs and the limitations of existing detection methods. It then pivots to explore the novel integration of deep learning techniques and Explainable Artificial Intelligence (XAI) to improve APT detection. This paper aims to fill the gaps in the current research by providing a thorough analysis of how XAI methods, such as Shapley Additive Explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME), can make black-box models more transparent and interpretable. The objective is to demonstrate the necessity of explainability in APT detection and propose solutions that enhance the trustworthiness and effectiveness of these models. It offers a critical analysis of existing approaches, highlights their strengths and limitations, and identifies open issues that require further research. This paper also suggests future research directions to combat evolving threats, paving the way for more effective and reliable cybersecurity solutions. Overall, this paper emphasizes the importance of explainability in enhancing the performance and trustworthiness of cybersecurity systems.

Item Type: Article
Funders: Ministry of Higher Education, Malaysia, JPT [Grant no. 1000/016/018/25], Universiti Malaya [Grant no.KKP002-2021]
Uncontrolled Keywords: Advanced persistent threats (APTs); Explainable artificial intelligence (XAI); Interpretability; Deep learning; Black-box models; Cybersecurity
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Faculty of Computer Science & Information Technology > Department of Artificial Intelligence
Faculty of Computer Science & Information Technology > Department of Computer System & Technology
Depositing User: Ms. Juhaida Abd Rahim
Date Deposited: 24 Oct 2025 12:17
Last Modified: 24 Oct 2025 12:17
URI: http://eprints.um.edu.my/id/eprint/46466

Actions (login required)

View Item View Item
UM Research Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.