{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T01:00:15Z","timestamp":1772499615493,"version":"3.50.1"},"reference-count":32,"publisher":"Springer Science and Business Media LLC","issue":"21","license":[{"start":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T00:00:00Z","timestamp":1748995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T00:00:00Z","timestamp":1748995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Neural Comput & Applic"],"published-print":{"date-parts":[[2025,7]]},"DOI":"10.1007\/s00521-025-11338-8","type":"journal-article","created":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T04:08:30Z","timestamp":1749010110000},"page":"16715-16734","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["SLF-ADM: Securing Linux frontiers: Advanced persistent threat (APT) detection using machine learning"],"prefix":"10.1007","volume":"37","author":[{"given":"Syed Sohaib","family":"Karim","sequence":"first","affiliation":[]},{"given":"Mehreen","family":"Afzal","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3616-2621","authenticated-orcid":false,"given":"Waseem","family":"Iqbal","sequence":"additional","affiliation":[]},{"given":"Dawood Al","family":"Abri","sequence":"additional","affiliation":[]},{"given":"Yawar","family":"Abbas","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,6,4]]},"reference":[{"issue":"2","key":"11338_CR1","doi-asserted-by":"publisher","first-page":"295","DOI":"10.25046\/aj060234","volume":"6","author":"AO Ishaya","year":"2021","unstructured":"Adelaiye OI, Aminat A, Hashim B, Adekunle AA (2021) Improved detection of advanced persistent threats using an anomaly detection ensemble approach. Adv Sci Technol Eng Syst J 6(2):295\u2013302. https:\/\/doi.org\/10.25046\/aj060234","journal-title":"Adv Sci Technol Eng Syst J"},{"issue":"18","key":"11338_CR2","doi-asserted-by":"publisher","first-page":"13820","DOI":"10.3390\/su151813820","volume":"15","author":"AS Al-Aamri","year":"2023","unstructured":"Al-Aamri AS, Abdulghafor R, Turaev S, Al-Shaikhli I, Zeki A, Talib S (2023) Machine learning for apt detection. Sustainability 15(18):13820. https:\/\/doi.org\/10.3390\/su151813820","journal-title":"Machine learning for apt detection. Sustainability"},{"issue":"4","key":"11338_CR3","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1016\/j.eij.2022.06.005","volume":"23","author":"J Al-Saraireh","year":"2022","unstructured":"Al-Saraireh J, Masarweh A (2022) A novel approach for detecting advanced persistent threats. Egypt Inform J 23(4):45\u201355. https:\/\/doi.org\/10.1016\/j.eij.2022.06.005","journal-title":"Egypt Inform J"},{"key":"11338_CR4","doi-asserted-by":"publisher","unstructured":"Ayoade G, Akbar KA, Sahoo P, Gao Y, Agarwal A, Jee K, Khan L, Singhal A (2020) Evolving advanced persistent threat detection using provenance graph and metric learning. In: 2020 IEEE conference on communications and network security (CNS), pp. 1\u20139. https:\/\/doi.org\/10.1109\/CNS48642.2020.9162264","DOI":"10.1109\/CNS48642.2020.9162264"},{"issue":"5","key":"11338_CR5","doi-asserted-by":"publisher","first-page":"470","DOI":"10.3844\/jcssp.2021.470.479","volume":"17","author":"PR Brandao","year":"2021","unstructured":"Brandao PR (2021) Advanced persistent threats (apt)-attribution-mictic framework extension. J Comput Sci 17(5):470\u2013479. https:\/\/doi.org\/10.3844\/jcssp.2021.470.479","journal-title":"J Comput Sci"},{"key":"11338_CR6","doi-asserted-by":"publisher","unstructured":"Chen Z, Zhou L, Yu W (2021) Adasyn-random forest based intrusion detection model. In: Proceedings of the 2021 4th international conference on signal processing and machine learning, SPML \u201921, p. 152-159. Association for computing machinery, New York, NY, USA . https:\/\/doi.org\/10.1145\/3483207.3483232","DOI":"10.1145\/3483207.3483232"},{"issue":"21","key":"11338_CR7","doi-asserted-by":"publisher","first-page":"4579","DOI":"10.3390\/app9214579","volume":"9","author":"WL Chu","year":"2019","unstructured":"Chu WL, Lin CJ, Chang KN (2019) Detection and classification of advanced persistent threats and attacks using the support vector machine. Appl Sci 9(21):4579. https:\/\/doi.org\/10.3390\/app9214579","journal-title":"Appl Sci"},{"key":"11338_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102496","volume":"112","author":"R Coulter","year":"2022","unstructured":"Coulter R, Zhang J, Pan L, Xiang Y (2022) Domain adaptation for windows advanced persistent threat detection. Comput & Secur 112:102496. https:\/\/doi.org\/10.1016\/j.cose.2021.102496","journal-title":"Comput & Secur"},{"key":"11338_CR9","doi-asserted-by":"publisher","unstructured":"Dijk A (2021) Detection of advanced persistent threats using artificial intelligence for deep packet inspection. In: 2021 IEEE international conference on big data (big data), pp. 2092\u20132097 . https:\/\/doi.org\/10.1109\/BigData52589.2021.9671464","DOI":"10.1109\/BigData52589.2021.9671464"},{"key":"11338_CR10","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-021-05952-5","author":"C Do Xuan","year":"2021","unstructured":"Do Xuan C, Dao MH (2021) A novel approach for apt attack detection based on combined deep learning model. Neural Comput Appl. https:\/\/doi.org\/10.1007\/s00521-021-05952-5","journal-title":"Neural Comput Appl"},{"key":"11338_CR11","doi-asserted-by":"publisher","unstructured":"Do\u00a0Xuan C, Nguyen HD, Dao MH (2020) Apt attack detection based on flow network analysis techniques using deep learning. J Intell & Fuzzy Syst p. 1\u201317 . https:\/\/doi.org\/10.3233\/jifs-200694","DOI":"10.3233\/jifs-200694"},{"key":"11338_CR12","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1016\/j.future.2018.06.055","volume":"89","author":"I Ghafir","year":"2018","unstructured":"Ghafir I, Hammoudeh M, Prenosil V, Han L, Hegarty R, Rabie K, Aparicio-Navarro FJ (2018) Detection of advanced persistent threat using machine-learning correlation analysis. Future Generation Comput Syst 89:349\u2013359. https:\/\/doi.org\/10.1016\/j.future.2018.06.055","journal-title":"Future Generation Comput Syst"},{"key":"11338_CR13","doi-asserted-by":"publisher","unstructured":"Han X, Li C, Li X, Lu T (2021) Research on apt attack detection technology based on densenet convolutional neural network. In: 2021 international conference on computer information science and artificial intelligence (CISAI), pp. 440\u2013448 . https:\/\/doi.org\/10.1109\/CISAI54367.2021.00091","DOI":"10.1109\/CISAI54367.2021.00091"},{"key":"11338_CR14","doi-asserted-by":"publisher","first-page":"44462","DOI":"10.1109\/ACCESS.2024.3381038","volume":"12","author":"E Hashmi","year":"2024","unstructured":"Hashmi E, Yayilgan SY, Yamin MM, Ali S, Abomhara M (2024) Advancing fake news detection: hybrid deep learning with fasttext and explainable ai. IEEE Access 12:44462\u201344480. https:\/\/doi.org\/10.1109\/ACCESS.2024.3381038","journal-title":"IEEE Access"},{"key":"11338_CR15","doi-asserted-by":"publisher","first-page":"186125","DOI":"10.1109\/ACCESS.2020.3029202","volume":"8","author":"J Hassannataj Joloudari","year":"2020","unstructured":"Hassannataj Joloudari J, Haderbadi M, Mashmool A, Ghasemigol M, Band SS, Mosavi A (2020) Early detection of the advanced persistent threat attack using performance analysis of deep learning. IEEE Access 8:186125\u2013186137. https:\/\/doi.org\/10.1109\/ACCESS.2020.3029202","journal-title":"IEEE Access"},{"key":"11338_CR16","unstructured":"Jha J, Ragha L (2013) ISSN : 2249-0868 foundation of computer science FCS . https:\/\/research.ijais.org\/icwac\/number3\/icwac1342.pdf"},{"key":"11338_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.dib.2024.110290","volume":"54","author":"SS Karim","year":"2024","unstructured":"Karim SS, Afzal M, Iqbal W, Abri DA (2024) Advanced persistent threat (apt) and intrusion detection evaluation dataset for linux systems 2024. Data Brief 54:110290. https:\/\/doi.org\/10.1016\/j.dib.2024.110290","journal-title":"Data Brief"},{"issue":"1","key":"11338_CR18","doi-asserted-by":"publisher","first-page":"4037","DOI":"10.22075\/ijnaa.2022.6230","volume":"13","author":"E Khaleefa","year":"2022","unstructured":"Khaleefa E, Abdulah D (2022) Concept and difficulties of advanced persistent threats (apt): survey. Int J Nonlinear Anal Appl 13(1):4037\u20134052. https:\/\/doi.org\/10.22075\/ijnaa.2022.6230","journal-title":"Int J Nonlinear Anal Appl"},{"key":"11338_CR19","unstructured":"Kinger P, Bharti S, Oliveira M (2023) The linux threat landscape report - security news - trend micro ie . https:\/\/www.trendmicro.com\/vinfo\/ie\/security\/news\/cybercrime-and-digital-threats\/the-linux-threat-landscape-report"},{"issue":"5","key":"11338_CR20","doi-asserted-by":"publisher","first-page":"2894","DOI":"10.3390\/app13052894","volume":"13","author":"K Lee","year":"2023","unstructured":"Lee K, Lee J, Yim K (2023) Classification and analysis of malicious code detection techniques based on the apt attack. Appl Sci 13(5):2894. https:\/\/doi.org\/10.3390\/app13052894","journal-title":"Appl Sci"},{"key":"11338_CR21","doi-asserted-by":"publisher","DOI":"10.1186\/s40537-020-00382-x","author":"JL Leevy","year":"2020","unstructured":"Leevy JL, Khoshgoftaar TM (2020) A survey and analysis of intrusion detection models based on cse-cic-ids2018 big data. J Big Data. https:\/\/doi.org\/10.1186\/s40537-020-00382-x","journal-title":"J Big Data"},{"key":"11338_CR22","doi-asserted-by":"publisher","unstructured":"Matsuda W, Fujimoto M, Mitsunaga T (2018) Detecting apt attacks against active directory using machine leaning. In: 2018 IEEE conference on application, information and network security (AINS), pp. 60\u201365 . https:\/\/doi.org\/10.1109\/AINS.2018.8631486","DOI":"10.1109\/AINS.2018.8631486"},{"key":"11338_CR23","unstructured":"MITRE: Mitre attck\u00ae. https:\/\/attack.mitre.org"},{"issue":"6","key":"11338_CR24","doi-asserted-by":"publisher","first-page":"8644","DOI":"10.1007\/s11227-021-04201-9","volume":"78","author":"M Panahnejad","year":"2022","unstructured":"Panahnejad M, Mirabi M (2022) APT-Dt-KC: advanced persistent threat detection based on kill-chain model. J Supercomput 78(6):8644\u20138677","journal-title":"J Supercomput"},{"issue":"28","key":"11338_CR25","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.7865","volume":"35","author":"N Saini","year":"2023","unstructured":"Saini N, Bhat Kasaragod V, Prakasha K, Das AK (2023) A hybrid ensemble machine learning model for detecting apt attacks based on network behavior anomaly detection. Concurrency Comput: Practice Experience 35(28):e7865. https:\/\/doi.org\/10.1002\/cpe.7865","journal-title":"Concurrency Comput: Practice Experience"},{"key":"11338_CR26","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.7865","author":"N Saini","year":"2023","unstructured":"Saini N, Kasaragod VB, Prakash K, Das AK (2023) A hybrid ensemble machine learning model for detecting apt attacks based on network behavior anomaly detection. Concurrency and Computation: Practice and Experience. https:\/\/doi.org\/10.1002\/cpe.7865","journal-title":"Concurrency and Computation: Practice and Experience"},{"key":"11338_CR27","first-page":"2828","volume":"07","author":"K Saraswat","year":"2016","unstructured":"Saraswat K, Devi M, Professor D, Guleria A (2016) Decision tree based algorithm for intrusion detection. Int J Adv Netw Appl 07:2828\u20132834","journal-title":"Int J Adv Netw Appl"},{"issue":"3","key":"11338_CR28","doi-asserted-by":"publisher","first-page":"3691","DOI":"10.32604\/iasc.2023.036946","volume":"36","author":"U Sakthivelu","year":"2023","unstructured":"Sakthivelu U, Vinoth Kumar CNS (2023) Advanced persistent threat detection and mitigation using machine learning model. Intell Autom & Soft Comput 36(3):3691\u20133707. https:\/\/doi.org\/10.32604\/iasc.2023.036946","journal-title":"Intell Autom & Soft Comput"},{"key":"11338_CR29","unstructured":"Wake T.T (2023) Linux intrusions - a growing problem | sans . https:\/\/www.sans.org\/blog\/linux-intrusions-a-growing-problem\/"},{"issue":"1","key":"11338_CR30","doi-asserted-by":"publisher","first-page":"171","DOI":"10.13052\/jwe1540-9589.2019","volume":"20","author":"CD Xuan","year":"2021","unstructured":"Xuan CD (2021) Detecting apt attacks based on network traffic using machine learning. J Web Eng 20(1):171\u2013190. https:\/\/doi.org\/10.13052\/jwe1540-9589.2019","journal-title":"J Web Eng"},{"key":"11338_CR31","doi-asserted-by":"publisher","first-page":"138","DOI":"10.54097\/hset.v23i.3215","volume":"23","author":"J Zheng","year":"2022","unstructured":"Zheng J (2022) Intrusion detection system with supervised learning models. Highlights in Science. EngTechnol 23:138\u2013144. https:\/\/doi.org\/10.54097\/hset.v23i.3215","journal-title":"EngTechnol"},{"key":"11338_CR32","unstructured":"Zhu T, Yu J, Chen T, Wang J, Ying J, Tian Y, Lv M, Chen Y, Fan Y, Wang T (2021) Aptshield: a stable, efficient and real-time apt detection system for linux hosts . arxiv:2112.09008"}],"container-title":["Neural Computing and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-025-11338-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00521-025-11338-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-025-11338-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,6]],"date-time":"2025-09-06T17:32:42Z","timestamp":1757179962000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00521-025-11338-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,4]]},"references-count":32,"journal-issue":{"issue":"21","published-print":{"date-parts":[[2025,7]]}},"alternative-id":["11338"],"URL":"https:\/\/doi.org\/10.1007\/s00521-025-11338-8","relation":{},"ISSN":["0941-0643","1433-3058"],"issn-type":[{"value":"0941-0643","type":"print"},{"value":"1433-3058","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,4]]},"assertion":[{"value":"17 April 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 May 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 June 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"There is no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}