{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,29]],"date-time":"2025-11-29T08:02:29Z","timestamp":1764403349340,"version":"3.37.3"},"reference-count":20,"publisher":"Springer Science and Business Media LLC","issue":"10","license":[{"start":{"date-parts":[[2024,3,16]],"date-time":"2024-03-16T00:00:00Z","timestamp":1710547200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,3,16]],"date-time":"2024-03-16T00:00:00Z","timestamp":1710547200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Supercomput"],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1007\/s11227-024-06010-2","type":"journal-article","created":{"date-parts":[[2024,3,16]],"date-time":"2024-03-16T09:02:03Z","timestamp":1710579723000},"page":"14143-14179","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["A comprehensive comparison study of ML models for multistage APT detection: focus on data preprocessing and resampling"],"prefix":"10.1007","volume":"80","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-6362-4128","authenticated-orcid":false,"given":"Dinh-Dong","family":"Dau","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4117-407X","authenticated-orcid":false,"given":"Soojin","family":"Lee","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0008-2365-4230","authenticated-orcid":false,"given":"Hanseok","family":"Kim","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,3,16]]},"reference":[{"key":"6010_CR1","doi-asserted-by":"crossref","unstructured":"Chen P, Desmet L, Huygens C (2014) A study on advanced persistent threats. In: Communications and Multimedia Security: 15th IFIP TC 6\/TC 11 International Conference, CMS 2014, Aveiro, Springer, Berlin Heidelberg, pp 63\u201372","DOI":"10.1007\/978-3-662-44885-4_5"},{"issue":"2","key":"6010_CR2","doi-asserted-by":"publisher","first-page":"1851","DOI":"10.1109\/COMST.2019.2891891","volume":"21","author":"A Alshamrani","year":"2019","unstructured":"Alshamrani A, Myneni S, Chowdhary A, Huang D (2019) A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun Surv Tutor 21(2):1851\u20131877","journal-title":"IEEE Commun Surv Tutor"},{"issue":"1","key":"6010_CR3","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/s10115-022-01772-8","volume":"65","author":"V Werner de Vargas","year":"2023","unstructured":"Werner de Vargas V, Schneider Aranda JA, dos Santos Costa R, da Silva Pereira PR, Vict\u00f3ria Barbosa JL (2023) Imbalanced data preprocessing techniques for machine learning: a systematic mapping study. Knowl Inf Syst 65(1):31\u201357","journal-title":"Knowl Inf Syst"},{"key":"6010_CR4","doi-asserted-by":"crossref","unstructured":"Seo JH (2022) Evolutionary data preprocessing to alleviate class imbalance. Secur Commun Netw 2022","DOI":"10.1155\/2022\/3761205"},{"key":"6010_CR5","doi-asserted-by":"crossref","unstructured":"Sharma A, Gupta BB, Singh AK, Saraswat VK (2023) Advanced persistent threats (APT): evolution, anatomy, attribution and countermeasures. J Ambient Intell Humaniz Comput 1\u201327","DOI":"10.1007\/s12652-023-04603-y"},{"issue":"13","key":"6010_CR6","doi-asserted-by":"publisher","first-page":"6816","DOI":"10.3390\/app12136816","volume":"12","author":"H Neuschmied","year":"2022","unstructured":"Neuschmied H, Winter M, Stojanovi\u0107 B, Hofer-Schmitz K, Bo\u017ei\u0107 J, Kleb U (2022) Apt-attack detection based on multi-stage autoencoders. Appl Sci 12(13):6816","journal-title":"Appl Sci"},{"issue":"6","key":"6010_CR7","doi-asserted-by":"publisher","first-page":"1055","DOI":"10.3390\/app9061055","volume":"9","author":"T Bodstr\u00f6m","year":"2019","unstructured":"Bodstr\u00f6m T, H\u00e4m\u00e4l\u00e4inen T (2019) A novel deep learning stack for APT detection. Appl Sci 9(6):1055","journal-title":"Appl Sci"},{"key":"6010_CR8","doi-asserted-by":"crossref","unstructured":"Shi Y, Li W, Zhang Y, Deng X, Yin D, Deng S (2021) Survey on APT attack detection in industrial cyber-physical system. In: 2021 International Conference on Electronic Information Technology and Smart Agriculture (ICEITSA). IEEE, pp 296\u2013301","DOI":"10.1109\/ICEITSA54226.2021.00064"},{"key":"6010_CR9","doi-asserted-by":"publisher","first-page":"13251","DOI":"10.1007\/s00521-021-05952-5","volume":"33","author":"C Do Xuan","year":"2021","unstructured":"Do Xuan C, Dao MH (2021) A novel approach for APT attack detection based on combined deep learning model. Neural Comput Appl 33:13251\u201313264","journal-title":"Neural Comput Appl"},{"key":"6010_CR10","doi-asserted-by":"crossref","unstructured":"Myneni S, Chowdhary A, Sabur A, Sengupta S, Agrawal G, Huang D, Kang M (2020) DAPT 2020-constructing a benchmark dataset for advanced persistent threats. In: Deployable Machine Learning for Security Defense: First International Workshop, MLHat 2020, San Diego. Springer, pp 138\u2013163","DOI":"10.1007\/978-3-030-59621-7_8"},{"issue":"3","key":"6010_CR11","doi-asserted-by":"publisher","first-page":"162","DOI":"10.1109\/LNET.2022.3185553","volume":"4","author":"J Liu","year":"2022","unstructured":"Liu J, Shen Y, Simsek M, Kantarci B, Mouftah HT, Bagheri M, Djukic P (2022) A new realistic benchmark for advanced persistent threats in network traffic. IEEE Netw Lett 4(3):162\u2013166","journal-title":"IEEE Netw Lett"},{"key":"6010_CR12","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1016\/j.cose.2014.09.006","volume":"48","author":"I Friedberg","year":"2015","unstructured":"Friedberg I, Skopik F, Settanni G, Fiedler R (2015) Combating advanced persistent threats: from network event correlation to incident detection. Comput Secur 48:35\u201357","journal-title":"Comput Secur"},{"key":"6010_CR13","doi-asserted-by":"crossref","unstructured":"Siddiqui S, Khan MS, Ferens K, Kinsner W (2016) Detecting advanced persistent threats using fractal dimension based machine learning classification. In: Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics, pp 64\u201369","DOI":"10.1145\/2875475.2875484"},{"key":"6010_CR14","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1016\/j.future.2018.06.055","volume":"89","author":"I Ghafir","year":"2018","unstructured":"Ghafir I, Hammoudeh M, Prenosil V, Han L, Hegarty R, Rabie K, Aparicio-Navarro FJ (2018) Detection of advanced persistent threat using machine-learning correlation analysis. Future Gener Comput Syst 89:349\u2013359","journal-title":"Future Gener Comput Syst"},{"issue":"3","key":"6010_CR15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3386581","volume":"1","author":"G Laurenza","year":"2020","unstructured":"Laurenza G, Lazzeretti R, Mazzotti L (2020) Malware triage for early identification of advanced persistent threat activities. Digit Threats Res Pract 1(3):1\u201317","journal-title":"Digit Threats Res Pract"},{"issue":"3","key":"6010_CR16","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1007\/s42979-023-01744-x","volume":"4","author":"MM Hasan","year":"2023","unstructured":"Hasan MM, Islam MU, Uddin J (2023) Advanced persistent threat identification with boosting and explainable AI. SN Comput Sci 4(3):271","journal-title":"SN Comput Sci"},{"key":"6010_CR17","unstructured":"Brownlee J (2020). Data preparation for machine learning: data cleaning, feature selection, and data transforms in Python. Machine Learning Mastery"},{"key":"6010_CR18","unstructured":"Brownlee J (2020). Imbalanced classification with Python: better metrics, balance skewed classes, cost-sensitive learning. Machine Learning Mastery"},{"issue":"7","key":"6010_CR19","doi-asserted-by":"publisher","first-page":"e0271260","DOI":"10.1371\/journal.pone.0271260","volume":"17","author":"M Kim","year":"2022","unstructured":"Kim M, Hwang KB (2022) An empirical evaluation of sampling methods for the classification of imbalanced data. PLoS ONE 17(7):e0271260","journal-title":"PLoS ONE"},{"issue":"3","key":"6010_CR20","doi-asserted-by":"publisher","first-page":"685","DOI":"10.1007\/s12525-021-00475-2","volume":"31","author":"C Janiesch","year":"2021","unstructured":"Janiesch C, Zschech P, Heinrich K (2021) Machine learning and deep learning. Electron Mark 31(3):685\u2013695","journal-title":"Electron Mark"}],"container-title":["The Journal of Supercomputing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-024-06010-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11227-024-06010-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-024-06010-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,10]],"date-time":"2024-06-10T11:18:16Z","timestamp":1718018296000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11227-024-06010-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,16]]},"references-count":20,"journal-issue":{"issue":"10","published-print":{"date-parts":[[2024,7]]}},"alternative-id":["6010"],"URL":"https:\/\/doi.org\/10.1007\/s11227-024-06010-2","relation":{},"ISSN":["0920-8542","1573-0484"],"issn-type":[{"type":"print","value":"0920-8542"},{"type":"electronic","value":"1573-0484"}],"subject":[],"published":{"date-parts":[[2024,3,16]]},"assertion":[{"value":"19 February 2024","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 March 2024","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interests"}},{"value":"Not applicable, as this study did not involve human participants or animals.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval"}},{"value":"Not applicable, as this study did not involve human participants.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent to participate"}},{"value":"All authors have consented to the publication of this research.","order":5,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}}]}}