{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T16:14:14Z","timestamp":1774541654672,"version":"3.50.1"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"7","license":[{"start":{"date-parts":[[2025,7,31]],"date-time":"2025-07-31T00:00:00Z","timestamp":1753920000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,7,31]],"date-time":"2025-07-31T00:00:00Z","timestamp":1753920000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2025,9]]},"DOI":"10.1007\/s10586-025-05219-x","type":"journal-article","created":{"date-parts":[[2025,7,31]],"date-time":"2025-07-31T12:55:45Z","timestamp":1753966545000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Explainable AI for enhancing IDS against advanced persistent kill chain"],"prefix":"10.1007","volume":"28","author":[{"given":"Bassam Noori","family":"Shaker","sequence":"first","affiliation":[]},{"given":"Bahaa","family":"Al-Musawi","sequence":"additional","affiliation":[]},{"given":"Mohammed Falih","family":"Hassan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,31]]},"reference":[{"key":"5219_CR1","doi-asserted-by":"publisher","first-page":"402","DOI":"10.1016\/j.cose.2019.07.001","volume":"86","author":"A Ahmad","year":"2019","unstructured":"Ahmad, A., Webb, J., Desouza, K.C., Boorman, J.: Strategically-motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack. Comput. Secur. 86, 402\u2013418 (2019)","journal-title":"Comput. Secur."},{"key":"5219_CR2","unstructured":"A. Borgeaud, \u201cAdvanced persistent threat global market size 2015\u20132028.\u201d https:\/\/www.statista.com\/statistics\/497945\/advanced-persistent-threat-market-worldwide\/ (accessed May 21, 2024)."},{"key":"5219_CR3","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2023\/8981988","volume":"2023","author":"SVN Santhosh Kumar","year":"2023","unstructured":"Santhosh Kumar, S.V.N., Selvi, M., Kannan, A.: A Comprehensive survey on machine learning-based intrusion detection systems for secure communication in internet of things. Comput. Intel. Neurosci. 2023, 1\u201324 (2023). https:\/\/doi.org\/10.1155\/2023\/8981988","journal-title":"Comput. Intel. Neurosci."},{"issue":"August","key":"5219_CR4","doi-asserted-by":"publisher","first-page":"80348","DOI":"10.1109\/ACCESS.2023.3296444","volume":"11","author":"Z Azam","year":"2023","unstructured":"Azam, Z., Islam, M.M., Huda, M.N.: Comparative analysis of intrusion detection systems and machine learning-based model analysis through decision tree. IEEE Access 11(August), 80348\u201380391 (2023). https:\/\/doi.org\/10.1109\/ACCESS.2023.3296444","journal-title":"IEEE Access"},{"issue":"1","key":"5219_CR5","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1145\/3603273.3635058","volume":"1","author":"BN Shaker","year":"2023","unstructured":"Shaker, B.N., Al-Musawi, B.Q., Hassan, M.F.: A comparative study of IDS-based deep learning models for IoT network. ACM Int. Conf. Proc. Series 1(1), 15\u201321 (2023). https:\/\/doi.org\/10.1145\/3603273.3635058","journal-title":"ACM Int. Conf. Proc. Series"},{"key":"5219_CR6","doi-asserted-by":"publisher","first-page":"1657","DOI":"10.3390\/electronics12071657","volume":"12","author":"T Kim","year":"2023","unstructured":"Kim, T., Pak, W.: Integrated feature-based network intrusion detection system using incremental feature generation. Electronics 12, 1657 (2023)","journal-title":"Electronics"},{"key":"5219_CR7","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101734","volume":"92","author":"B Stojanovi\u0107","year":"2020","unstructured":"Stojanovi\u0107, B., Hofer-Schmitz, K., Kleb, U.: APT datasets and attack modeling for automated detection methods: a review. Comput. Secur. 92, 101734 (2020)","journal-title":"Comput. Secur."},{"key":"5219_CR8","doi-asserted-by":"publisher","first-page":"1764","DOI":"10.3390\/sym13101764","volume":"13","author":"E Jaw","year":"2021","unstructured":"Jaw, E., Wang, X.: Feature selection and ensemble-based intrusion detection system: an efficient and comprehensive approach. Symmetry 13, 1764 (2021)","journal-title":"Symmetry"},{"key":"5219_CR9","doi-asserted-by":"publisher","DOI":"10.1186\/s40854-022-00441-7","author":"HH Htun","year":"2023","unstructured":"Htun, H.H., Biehl, M., Petkov, N.: Survey of feature selection and extraction techniques for stock market prediction. Financial Innov. (2023). https:\/\/doi.org\/10.1186\/s40854-022-00441-7","journal-title":"Financial Innov."},{"issue":"3","key":"5219_CR10","first-page":"426","volume":"16","author":"K Zhang","year":"2017","unstructured":"Zhang, K., Zhang, Y., Wang, M.: A unified approach to interpreting model predictions scott. Adv. Neural. Inf. Process. Syst. 16(3), 426\u2013430 (2017)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"5219_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.bdr.2022.100359","volume":"30","author":"M Sarhan","year":"2022","unstructured":"Sarhan, M., Layeghy, S., Portmann, M.: Evaluating standard feature sets towards increased generalisability and Explainability of ML-based network intrusion detection. Big Data Res. 30, 1\u201312 (2022)","journal-title":"Big Data Res."},{"key":"5219_CR12","doi-asserted-by":"publisher","first-page":"186125","DOI":"10.1109\/ACCESS.2020.3029202","volume":"8","author":"JH Joloudari","year":"2020","unstructured":"Joloudari, J.H., Haderbadi, M., Mashmool, A., Ghasemigol, M., Band, S.S., Mosavi, A.: Early detection of the advanced persistent threat attack using performance analysis of deep learning. IEEE Access 8, 186125\u2013186137 (2020)","journal-title":"IEEE Access"},{"issue":"6","key":"5219_CR13","first-page":"446","volume":"4","author":"L Dhanabal","year":"2015","unstructured":"Dhanabal, L., Shantharajah, S.P.: A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 4(6), 446\u2013452 (2015)","journal-title":"Int. J. Adv. Res. Comput. Commun. Eng."},{"key":"5219_CR14","doi-asserted-by":"publisher","first-page":"107937","DOI":"10.1016\/j.comnet.2021.107937","volume":"189","author":"L Shang","year":"2021","unstructured":"Shang, L., Guo, D., Ji, Y., Li, Q.: Discovering unknown advanced persistent threat using shared features mined by neural networks. Comput. Netw. 189, 107937 (2021)","journal-title":"Comput. Netw."},{"key":"5219_CR15","doi-asserted-by":"publisher","first-page":"102202","DOI":"10.1016\/j.cose.2021.102202","volume":"104","author":"LF Mart\u00edn Liras","year":"2021","unstructured":"Mart\u00edn Liras, L.F., de Soto, A.R., Prada, M.A.: Feature analysis for data-driven APT-related malware discrimination. Comput. Secur. 104, 102202 (2021)","journal-title":"Comput. Secur."},{"key":"5219_CR16","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MCOM.101.2001126","volume":"59","author":"K Yu","year":"2021","unstructured":"Yu, K., et al.: Securing critical infrastructures: deep learning-based threat detection in the IIoT. IEEE Commun. Mag. 59, 76\u201382 (2021)","journal-title":"IEEE Commun. Mag."},{"issue":"20","key":"5219_CR17","doi-asserted-by":"publisher","first-page":"13251","DOI":"10.1007\/s00521-021-05952-5","volume":"33","author":"C Do Xuan","year":"2021","unstructured":"Do Xuan, C., Dao, M.H.: A novel approach for APT attack detection based on combined deep learning model. Neural Comput. Appl. 33(20), 13251\u201313264 (2021). https:\/\/doi.org\/10.1007\/s00521-021-05952-5","journal-title":"Neural Comput. Appl."},{"issue":"5","key":"5219_CR18","first-page":"1","volume":"11","author":"SH Javed","year":"2022","unstructured":"Javed, S.H., Binahmad, M., Asif, M., Almotiri, S.H., Masood, K., Al Ghamdi, M.A.: An intelligent system to detect advanced persistent threats in industrial internet of things (I-IoT). Electronics (Switzerland) 11(5), 1\u201325 (2022)","journal-title":"Electronics (Switzerland)"},{"issue":"June","key":"5219_CR19","doi-asserted-by":"publisher","first-page":"74000","DOI":"10.1109\/ACCESS.2023.3291599","volume":"11","author":"SH Javed","year":"2023","unstructured":"Javed, S.H., et al.: APT adversarial defence mechanism for industrial IoT enabled cyber-physical system. IEEE Access 11(June), 74000\u201374020 (2023). https:\/\/doi.org\/10.1109\/ACCESS.2023.3291599","journal-title":"IEEE Access"},{"issue":"10","key":"5219_CR20","doi-asserted-by":"publisher","first-page":"14143","DOI":"10.1007\/s11227-024-06010-2","volume":"80","author":"DD Dau","year":"2024","unstructured":"Dau, D.D., Lee, S., Kim, H.: A comprehensive comparison study of ML models for multistage APT detection: focus on data preprocessing and resampling. J. Supercomput. 80(10), 14143\u201314179 (2024)","journal-title":"J. Supercomput."},{"key":"5219_CR21","first-page":"1","volume":"8","author":"A Alshamrani","year":"2019","unstructured":"Alshamrani, A., Myneni, S., Chowdhary, A., Huang, D.: A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities. IEEE Commun. Surv. Tutorials 8, 1 (2019)","journal-title":"IEEE Commun. Surv. Tutorials"},{"issue":"22","key":"5219_CR22","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3390\/s20226420","volume":"20","author":"F Pereira","year":"2020","unstructured":"Pereira, F., Correia, R., Pinho, P., Lopes, S.I., Carvalho, N.B.: Challenges in resource-constrained iot devices: energy and communication as critical success factors for future iot deployment. Sensors 20(22), 1\u201330 (2020)","journal-title":"Sensors"},{"key":"5219_CR23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-61313-9","volume-title":"Attribution of advanced persistent threats","author":"T Steffens","year":"2020","unstructured":"Steffens, T.: Attribution of advanced persistent threats. Springer, Berlin (2020)"},{"key":"5219_CR24","doi-asserted-by":"publisher","unstructured":"T. Chen and C. Guestrin, \u201cXGBoost: A scalable tree boosting system,\u201d Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, vol. 13\u201317, pp. 785\u2013794, 2016, https:\/\/doi.org\/10.1145\/2939672.2939785.","DOI":"10.1145\/2939672.2939785"},{"key":"5219_CR25","doi-asserted-by":"publisher","DOI":"10.3390\/info9070149","author":"SS Dhaliwal","year":"2018","unstructured":"Dhaliwal, S.S., Al Nahid, A., Abbas, R.: Effective intrusion detection system using XGBoost. Information (Switzerland) (2018). https:\/\/doi.org\/10.3390\/info9070149","journal-title":"Information (Switzerland)"},{"key":"5219_CR26","doi-asserted-by":"publisher","DOI":"10.3390\/SYM12091424","author":"S Alabdulwahab","year":"2020","unstructured":"Alabdulwahab, S., Moon, B.K.: Feature selection methods simultaneously improve the detection accuracy and model building time of machine learning classifiers. Symmetry (2020). https:\/\/doi.org\/10.3390\/SYM12091424","journal-title":"Symmetry"},{"key":"5219_CR27","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107247","author":"Y Zhou","year":"2020","unstructured":"Zhou, Y., Cheng, G., Jiang, S., Dai, M.: Building an efficient intrusion detection system based on feature selection and ensemble classifier. Comput. Netw. (2020). https:\/\/doi.org\/10.1016\/j.comnet.2020.107247","journal-title":"Comput. Netw."},{"key":"5219_CR28","doi-asserted-by":"publisher","DOI":"10.33022\/ijcs.v13i2.3798","author":"O Ahmed Al-Zakhali","year":"2024","unstructured":"Ahmed Al-Zakhali, O., Zeebaree, S., Askar, S.: Comparative analysis of XGBoost performance for text classification with CPU parallel and non-parallel processing. Indonesian J. Comput. Sci. (2024). https:\/\/doi.org\/10.33022\/ijcs.v13i2.3798","journal-title":"Indonesian J. Comput. Sci."},{"key":"5219_CR29","doi-asserted-by":"publisher","unstructured":"T. Chen and C. Guestrin, \u201cXGBoost: A scalable tree boosting system,\u201d Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, vol. 13\u201317, pp. 785\u2013794, (2016), https:\/\/doi.org\/10.1145\/2939672.2939785.","DOI":"10.1145\/2939672.2939785"},{"key":"5219_CR30","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102906","author":"A Al-Bakaa","year":"2022","unstructured":"Al-Bakaa, A., Al-Musawi, B.: A new intrusion detection system based on using non-linear statistical analysis and features selection techniques. Comput. Secur. (2022). https:\/\/doi.org\/10.1016\/j.cose.2022.102906","journal-title":"Comput. Secur."},{"issue":"12","key":"5219_CR31","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3390\/electronics9122114","volume":"9","author":"MA Siddiqi","year":"2020","unstructured":"Siddiqi, M.A., Pak, W.: Optimizing filter-based feature selection method flow for intrusion detection system. Electronics 9(12), 1\u201318 (2020)","journal-title":"Electronics"},{"issue":"1","key":"5219_CR32","first-page":"329","volume":"26","author":"YB Wah","year":"2018","unstructured":"Wah, Y.B., Ibrahim, N., Hamid, H.A., Abdul-Rahman, S., Fong, S.: Feature selection methods: case of filter and wrapper approaches for maximising classification accuracy. Pertanika J. Sci. Technol. 26(1), 329\u2013340 (2018)","journal-title":"Pertanika J. Sci. Technol."},{"issue":"3","key":"5219_CR33","doi-asserted-by":"publisher","first-page":"162","DOI":"10.1109\/LNET.2022.3185553","volume":"4","author":"J Liu","year":"2022","unstructured":"Liu, J., et al.: A new realistic benchmark for advanced persistent threats in network traffic. IEEE Netw. Lett. 4(3), 162\u2013166 (2022)","journal-title":"IEEE Netw. Lett."},{"issue":"14","key":"5219_CR34","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3390\/su14148707","volume":"14","author":"TTH Le","year":"2022","unstructured":"Le, T.T.H., Oktian, Y.E., Kim, H.: XGBoost for imbalanced multiclass classification-based industrial internet of things intrusion detection systems. Sustainability (Switzerland) 14(14), 1\u201321 (2022). https:\/\/doi.org\/10.3390\/su14148707","journal-title":"Sustainability (Switzerland)"},{"issue":"11","key":"5219_CR35","first-page":"11","volume":"2","author":"G Kumar Ahuja","year":"2014","unstructured":"Kumar Ahuja, G., Kumar, G.: Evaluation metrics for intrusion detection systems-a study. Evaluation 2(11), 11\u201317 (2014)","journal-title":"Evaluation"},{"key":"5219_CR36","first-page":"3551","volume":"2022","author":"Y Shen","year":"2022","unstructured":"Shen, Y., Simsek, M., Kantarci, B., Mouftah, H.T., Bagheri, M., Djukic, P.: Prior knowledge based Advanced persistent threats detection for IoT in a realistic benchmark. GLOBECOM IEEE Global Commun. Conf. 2022, 3551\u20133556 (2022)","journal-title":"GLOBECOM IEEE Global Commun. Conf."},{"issue":"3","key":"5219_CR37","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s42979-023-01744-x","volume":"4","author":"MM Hasan","year":"2023","unstructured":"Hasan, M.M., Islam, M.U., Uddin, J.: Advanced persistent threat identification with boosting and explainable AI. SN Comput. Sci. 4(3), 1\u20139 (2023)","journal-title":"SN Comput. Sci."}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-025-05219-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10586-025-05219-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-025-05219-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,9]],"date-time":"2025-09-09T17:43:06Z","timestamp":1757439786000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10586-025-05219-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,31]]},"references-count":37,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2025,9]]}},"alternative-id":["5219"],"URL":"https:\/\/doi.org\/10.1007\/s10586-025-05219-x","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"value":"1386-7857","type":"print"},{"value":"1573-7543","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,7,31]]},"assertion":[{"value":"3 October 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 January 2025","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 February 2025","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"31 July 2025","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"459"}}