{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T01:00:32Z","timestamp":1772499632671,"version":"3.50.1"},"reference-count":38,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2025,6,1]],"date-time":"2025-06-01T00:00:00Z","timestamp":1748736000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,6,1]],"date-time":"2025-06-01T00:00:00Z","timestamp":1748736000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,6]]},"DOI":"10.1007\/s10207-025-01053-9","type":"journal-article","created":{"date-parts":[[2025,6,3]],"date-time":"2025-06-03T18:01:47Z","timestamp":1748973707000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Ensemble learning-based adaptive and adversarial techniques for APT attack detection"],"prefix":"10.1007","volume":"24","author":[{"given":"Nguyen Thanh","family":"Tung","sequence":"first","affiliation":[]},{"given":"Cho","family":"Do Xuan","sequence":"additional","affiliation":[]},{"given":"Vu Thanh","family":"Long","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,6,3]]},"reference":[{"issue":"1","key":"1053_CR1","doi-asserted-by":"publisher","first-page":"22223","DOI":"10.1038\/s41598-024-72957-0","volume":"14","author":"CD Xuan","year":"2024","unstructured":"Xuan, C.D., Nguyen, T.T.: A novel approach for APT attack detection based on an advanced computing. Sci. Rep. 14(1), 22223 (2024)","journal-title":"Sci. Rep."},{"key":"1053_CR2","doi-asserted-by":"publisher","first-page":"4543","DOI":"10.1007\/s11227-016-1850-4","volume":"75","author":"S Singh","year":"2019","unstructured":"Singh, S., Sharma, P.K., Moon, S.Y., Moon, D., Park, J.H.: A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions. J. Supercomput. 75, 4543\u20134574 (2019)","journal-title":"J. Supercomput."},{"issue":"2","key":"1053_CR3","doi-asserted-by":"publisher","first-page":"1851","DOI":"10.1109\/COMST.2019.2891891","volume":"21","author":"A Alshamrani","year":"2019","unstructured":"Alshamrani, A., Myneni, S., Chowdhary, A., Huang, D.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun. Surveys Tutorials 21(2), 1851\u20131877 (2019)","journal-title":"IEEE Commun. Surveys Tutorials"},{"issue":"7","key":"1053_CR4","doi-asserted-by":"publisher","first-page":"9355","DOI":"10.1007\/s12652-023-04603-y","volume":"14","author":"A Sharma","year":"2023","unstructured":"Sharma, A., Gupta, B.B., Singh, A.K., Saraswat, V.K.: Advanced persistent threats (apt): evolution, anatomy, attribution and countermeasures. J. Ambient. Intell. Humaniz. Comput. 14(7), 9355\u20139381 (2023)","journal-title":"J. Ambient. Intell. Humaniz. Comput."},{"key":"1053_CR5","doi-asserted-by":"publisher","first-page":"101734","DOI":"10.1016\/j.cose.2020.101734","volume":"92","author":"B Stojanovi\u0107","year":"2020","unstructured":"Stojanovi\u0107, B., Hofer-Schmitz, K., Kleb, U.: APT datasets and attack modeling for automated detection methods: a review. Comput. Secur.. Secur. 92, 101734 (2020). https:\/\/doi.org\/10.1016\/j.cose.2020.101734","journal-title":"Comput. Secur.. Secur."},{"key":"1053_CR6","doi-asserted-by":"publisher","unstructured":"Mamun, M. and Shi, K.: DeepTaskAPT: Insider APT detection using Task-tree based Deep Learning. 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 693\u2013700, Shenyang, China, (2021). https:\/\/doi.org\/10.1109\/TrustCom53373.2021.00102.","DOI":"10.1109\/TrustCom53373.2021.00102"},{"key":"1053_CR7","doi-asserted-by":"publisher","first-page":"102809","DOI":"10.1016\/j.cose.2022.102809","volume":"120","author":"W Niu","year":"2022","unstructured":"Niu, W., Zhou, J., Zhao, Y., Zhang, X., Peng, Y., Huang, C.: Uncovering APT malware traffic using deep learning combined with time sequence and association analysis. Comput. Secur.. Secur. 120, 102809 (2022). https:\/\/doi.org\/10.1016\/j.cose.2022.102809","journal-title":"Comput. Secur.. Secur."},{"key":"1053_CR8","doi-asserted-by":"publisher","unstructured":"Han, X., Li, C., Li, X. and Lu, T.: Research on APT attack detection technology based on DenseNet convolutional neural network. 2021 International Conference on Computer Information Science and Artificial Intelligence (CISAI), pp. 440\u2013448, Kunming, China (2021).https:\/\/doi.org\/10.1109\/CISAI54367.2021.00091.","DOI":"10.1109\/CISAI54367.2021.00091"},{"key":"1053_CR9","doi-asserted-by":"publisher","first-page":"316","DOI":"10.1016\/j.procs.2019.02.058","volume":"150","author":"DX Cho","year":"2019","unstructured":"Cho, D.X., Nam, H.H.: A method of monitoring and detecting APT attacks based on unknown domains. Procedia Comput. Sci. 150, 316\u2013323 (2019). https:\/\/doi.org\/10.1016\/j.procs.2019.02.058","journal-title":"Procedia Comput. Sci."},{"issue":"6","key":"1053_CR10","doi-asserted-by":"publisher","first-page":"e0305618","DOI":"10.1371\/journal.pone.0305618","volume":"19","author":"C Do Xuan","year":"2024","unstructured":"Do Xuan, C., Cuong, N.H.: A novel approach for APT attack detection based on feature intelligent extraction and representation learning. PLoS ONE 19(6), e0305618 (2024)","journal-title":"PLoS ONE"},{"key":"1053_CR11","doi-asserted-by":"publisher","unstructured":"Yuan, W., Yang, C., Hung Nguyen, Q. V., Cui, L., He, T., Yin, H.: Interaction-level membership inference attack against federated recommender systems. WWW \u201823: Proceedings of the ACM Web Conference 2023 Pages 1053\u20131062 https:\/\/doi.org\/10.1145\/3543507.3583359","DOI":"10.1145\/3543507.3583359"},{"issue":"3","key":"1053_CR12","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3630005","volume":"42","author":"W Yuan","year":"2023","unstructured":"Yuan, W., Yuan, S., Yang, C., Quoc Viet Hung, N., Yin, H.: Manipulating visually aware federated recommender systems and its countermeasures. ACM Trans. Inf. Syst. 42(3), 1\u201326 (2023)","journal-title":"ACM Trans. Inf. Syst."},{"issue":"6","key":"1053_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3666088","volume":"42","author":"L Chen","year":"2024","unstructured":"Chen, L., Yuan, W., Chen, T., Ye, G., Hung, N.Q., Yin, H.: Adversarial item promotion on visually-aware recommender systems by guided diffusion. ACM Trans. Inf. Syst. 42(6), 1\u201326 (2024). https:\/\/doi.org\/10.1145\/3666088","journal-title":"ACM Trans. Inf. Syst."},{"key":"1053_CR14","unstructured":"Zongwei, W., Yu, J., Gao, M., Yuan, W., Ye, G., Sadiq, S., Yin, H.:. Poisoning Attacks and Defenses in Recommender Systems: A Survey. arXiv:2406.01022"},{"key":"1053_CR15","unstructured":"Yang, C., Yuan, W., Qu, L., Nguyen, T. T.: PDC-FRS: Privacy-preserving Data Contribution for Federated Recommender System. arXiv:2409.07773."},{"key":"1053_CR16","doi-asserted-by":"publisher","unstructured":"Graph Attention Networks, Petar Veli\u010dkovi\u0107, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Li\u00f2, Yoshua Bengio, To appear at ICLR 2018 https:\/\/doi.org\/10.48550\/arXiv.1710.10903.","DOI":"10.48550\/arXiv.1710.10903"},{"issue":"3","key":"1053_CR17","first-page":"3459","volume":"44","author":"HC Nguyen","year":"2023","unstructured":"Nguyen, H.C., Xuan, C.D., Nguyen, L.T., Nguyen, H.D.: A new framework for APT attack detection based on network traffic. J. Intell. Fuzzy Syst. 44(3), 3459\u20133474 (2023)","journal-title":"J. Intell. Fuzzy Syst."},{"issue":"1","key":"1053_CR18","doi-asserted-by":"publisher","first-page":"e70005","DOI":"10.1002\/sam.70005","volume":"18","author":"NH Cuong","year":"2025","unstructured":"Cuong, N.H., Do Xuan, C., Long, V.T., Dat, N.D., Anh, T.Q.: A novel approach for APT detection based on ensemble learning model. Stat. Anal. Data Min.: ASA Data Sci. J. 18(1), e70005 (2025)","journal-title":"Stat. Anal. Data Min.: ASA Data Sci. J."},{"issue":"3","key":"1053_CR19","first-page":"3527","volume":"43","author":"CD Xuan","year":"2022","unstructured":"Xuan, C.D., Huong, D.T., Nguyen, T.: A novel intelligent cognitive computing-based APT malware detection for endpoint systems. J. Intell. Fuzzy Syst. 43(3), 3527\u20133547 (2022)","journal-title":"J. Intell. Fuzzy Syst."},{"key":"1053_CR20","doi-asserted-by":"publisher","first-page":"8644","DOI":"10.1007\/s11227-021-04201-9","volume":"78","author":"M Panahnejad","year":"2022","unstructured":"Panahnejad, M., Mirabi, M.: APT-Dt-KC: advanced persistent threat detection based on kill-chain model. J. Supercomput. 78, 8644\u20138677 (2022). https:\/\/doi.org\/10.1007\/s11227-021-04201-9","journal-title":"J. Supercomput."},{"issue":"6","key":"1053_CR21","first-page":"11311","volume":"40","author":"CD Xuan","year":"2021","unstructured":"Xuan, C.D., Duong, D., Dau, H.X.: A multi-layer approach for advanced persistent threat detection using machine learning based on network traffic. J. Intell. Fuzzy Syst. 40(6), 11311\u201311329 (2021)","journal-title":"J. Intell. Fuzzy Syst."},{"key":"1053_CR22","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1186\/s42400-024-00240-w","volume":"7","author":"B Xu","year":"2024","unstructured":"Xu, B., Gong, Y., Geng, X., et al.: ProcSAGE: an efficient host threat detection method based on graph representation learning. Cybersecurity 7, 51 (2024). https:\/\/doi.org\/10.1186\/s42400-024-00240-w","journal-title":"Cybersecurity"},{"key":"1053_CR23","doi-asserted-by":"publisher","first-page":"3349","DOI":"10.3390\/electronics12153349","volume":"12","author":"G Xiang","year":"2023","unstructured":"Xiang, G., Shi, C., Zhang, Y.: An APT event extraction method based on BERT-BiGRU-CRF for APT attack detection. Electronics 12, 3349 (2023). https:\/\/doi.org\/10.3390\/electronics12153349","journal-title":"Electronics"},{"key":"1053_CR24","doi-asserted-by":"publisher","first-page":"4363","DOI":"10.1109\/TIFS.2021.3098977","volume":"16","author":"H Irshad","year":"2021","unstructured":"Irshad, H., et al.: TRACE: enterprise-wide provenance tracking for real-time APT detection. IEEE Trans. Inf. Forensics Secur. 16, 4363\u20134376 (2021). https:\/\/doi.org\/10.1109\/TIFS.2021.3098977","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"28","key":"1053_CR25","doi-asserted-by":"publisher","first-page":"e7865","DOI":"10.1002\/cpe.7865","volume":"35","author":"N Saini","year":"2023","unstructured":"Saini, N., Bhat Kasaragod, V., Prakasha, K., Das, A.K.: A hybrid ensemble machine learning model for detecting APT attacks based on network behavior anomaly detection. Concurr. Comput.: Practice Exp. 35(28), e7865 (2023)","journal-title":"Concurr. Comput.: Practice Exp."},{"key":"1053_CR26","unstructured":"Chen, T., Dong, C., Lv, M., Song, Q., Liu, H., Zhu, T., and Fan, Y.: APT-KGL: An intelligent APT detection system based on threat knowledge and heterogeneous provenance graph learning. IEEE Transactions on Dependable and Secure Computing (2022)"},{"issue":"1","key":"1053_CR27","first-page":"171","volume":"20","author":"C Do Xuan","year":"2021","unstructured":"Do Xuan, C.: Detecting APT attacks based on network traffic using machine learning. J. Web Eng. 20(1), 171\u2013190 (2021)","journal-title":"J. Web Eng."},{"key":"1053_CR28","doi-asserted-by":"crossref","unstructured":"Fawaz, H. I., Forestier, G., Weber, J., Idoumghar, L., and Muller, P. A.: Deep learning for time series classification: a review. Data Mining and Knowledge Discovery, 33(4), 917\u2013963. (2019) Link","DOI":"10.1007\/s10618-019-00619-1"},{"issue":"10","key":"1053_CR29","doi-asserted-by":"publisher","first-page":"e0291750","DOI":"10.1371\/journal.pone.0291750","volume":"18","author":"G Zhao","year":"2023","unstructured":"Zhao, G., Liu, P., Sun, K., Yang, Y., Lan, T., Yang, H.: Research on data imbalance in intrusion detection using CGAN. PLoS ONE 18(10), e0291750 (2023)","journal-title":"PLoS ONE"},{"key":"1053_CR30","doi-asserted-by":"publisher","first-page":"4391","DOI":"10.1007\/s00170-019-04916-3","volume":"106","author":"X Wu","year":"2020","unstructured":"Wu, X., Li, J., Jin, Y., Zheng, S.: Modeling and analysis of tool wear prediction based on SVD and BiLSTM. Int. J. Adv. Manuf. Technol.. J. Adv. Manuf. Technol. 106, 4391\u20134399 (2020)","journal-title":"Int. J. Adv. Manuf. Technol.. J. Adv. Manuf. Technol."},{"key":"1053_CR31","unstructured":"Vaswani, A.: Attention is all you need. Advances in Neural Information Processing Systems (2017)"},{"key":"1053_CR32","unstructured":"Malware Capture Facility Project. Available online: https:\/\/www.stratosphereips.org\/datasets-malware. (accessed on 8 June 2020)."},{"key":"1053_CR33","unstructured":"Quang Nam Portal.Available online: http:\/\/english.quangnam.gov.vn\/default.aspx (accessed on 8 June 2020)"},{"key":"1053_CR34","doi-asserted-by":"crossref","unstructured":"Lin, S., Clark, R., Birke, R., Sch\u00f6nborn, S., Trigoni, N., and Roberts, S.: Anomaly detection for time series using vae-lstm hybrid model. In ICASSP 2020\u20132020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (pp. 4322\u20134326). IEEE (2020)","DOI":"10.1109\/ICASSP40776.2020.9053558"},{"issue":"1","key":"1053_CR35","first-page":"9084704","volume":"2020","author":"F Bao","year":"2020","unstructured":"Bao, F., Wu, Y., Li, Z., Li, Y., Liu, L., Chen, G.: Effect improved for high-dimensional and unbalanced data anomaly detection model based on KNN-SMOTE-LSTM. Complexity 2020(1), 9084704 (2020)","journal-title":"Complexity"},{"key":"1053_CR36","doi-asserted-by":"crossref","unstructured":"Al, A. A. A. M. H.: IoT Maleware Detection Based On Anomaly Traffic Identification Using CNN-LSTM. In 2024 16th International Conference on Electronics, Computers and Artificial Intelligence (ECAI) (pp. 1\u20136). IEEE (2024)","DOI":"10.1109\/ECAI61503.2024.10607471"},{"key":"1053_CR37","doi-asserted-by":"crossref","unstructured":"Li, X., Niu, W., Zhang, X., Zhang, R., Yu, Z., and Li, Z.: Improving performance of log anomaly detection with semantic and time features based on bilstm-attention. In 2021 2nd International Conference on Electronics, Communications and Information Technology (CECIT) (pp. 661\u2013666). IEEE (2021)","DOI":"10.1109\/CECIT53797.2021.00121"},{"key":"1053_CR38","doi-asserted-by":"crossref","unstructured":"Tong, X., Tan, X., and Sun, X.: Abnormal behavior detection based on GCN-BiLSTM. In Third International Conference on Machine Learning and Computer Application (ICMLCA 2022) (Vol. 12636, pp. 468\u2013474). SPIE (2023)","DOI":"10.1117\/12.2675168"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01053-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01053-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01053-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:11:32Z","timestamp":1750500692000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01053-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6]]},"references-count":38,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["1053"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01053-9","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6]]},"assertion":[{"value":"2 May 2025","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 June 2025","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"152"}}