{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T21:04:41Z","timestamp":1765573481637,"version":"3.48.0"},"reference-count":38,"publisher":"Springer Science and Business Media LLC","issue":"18","license":[{"start":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T00:00:00Z","timestamp":1765497600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T00:00:00Z","timestamp":1765497600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Supercomput"],"DOI":"10.1007\/s11227-025-08129-2","type":"journal-article","created":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T08:36:14Z","timestamp":1765528574000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["L2DAPT \u2013 LLMs and Linux: decoding advanced persistent threats"],"prefix":"10.1007","volume":"81","author":[{"given":"Syed Sohaib","family":"Karim","sequence":"first","affiliation":[]},{"given":"Mehreen","family":"Afzal","sequence":"additional","affiliation":[]},{"given":"Waseem","family":"Iqbal","sequence":"additional","affiliation":[]},{"given":"Farooq","family":"Zaman","sequence":"additional","affiliation":[]},{"given":"Imran","family":"Rashid","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,12,12]]},"reference":[{"key":"8129_CR1","unstructured":"ESET Research, Eset apt activity report q4 2023-q1 2024, Tech. rep., ESET (Mar 2024). https:\/\/web-assets.esetstatic.com\/wls\/en\/papers\/threat-reports\/eset-apt-activity-report-q4-2023-q1-2024.pdf"},{"key":"8129_CR2","unstructured":"Vijayan J (2024) Xz utils backdoor implanted in intricate supply chain attack, Dark Reading https:\/\/www.darkreading.com\/cyber-risk\/xz-utils-backdoor-implanted-in-intricate-multi-year-supply-chain-attack"},{"key":"8129_CR3","unstructured":"The Hacker News, Akira ransomware gang extorts \\$42 million; now targets linux servers, The Hacker News (2024). https:\/\/thehackernews.com\/2024\/04\/akira-ransomware-gang-extorts-42.html"},{"key":"8129_CR4","unstructured":"The MITRE Corporation, Matrix - enterprise | mitre att&ck (2023). https:\/\/attack.mitre.org\/matrices\/enterprise\/linux\/"},{"issue":"2","key":"8129_CR5","doi-asserted-by":"publisher","first-page":"1851","DOI":"10.1109\/COMST.2019.2891891","volume":"21","author":"A Alshamrani","year":"2019","unstructured":"Alshamrani A, Myneni S, Chowdhary A, Huang D (2019) A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun Surv& Tutor 21(2):1851\u20131877","journal-title":"IEEE Commun Surv& Tutor"},{"key":"8129_CR6","unstructured":"Bowen M (2020) Advanced persistent threat groups target linux-based devices. https:\/\/www.intelligentcio.com\/me\/2020\/09\/10\/advanced-persistent-threat-groups-target-linux-based-devices\/"},{"key":"8129_CR7","unstructured":"Bianco DJ (2022) Stop using hashes for detection (and when you should use them), Enterprise Detection & Response. http:\/\/detect-respond.blogspot.com\/2022\/04\/stop-using-hashes-for-detection-and.html"},{"issue":"11","key":"8129_CR8","first-page":"15302","volume":"78","author":"M Panahnejad","year":"2022","unstructured":"Panahnejad M, Mirabi M (2022) Apt-dt-kc: advanced persistent threat detection based on kill-chain model. J Supercomput 78(11):15302\u201315335","journal-title":"J Supercomput"},{"issue":"1","key":"8129_CR9","first-page":"171","volume":"20","author":"XC Do","year":"2021","unstructured":"Do XC (2021) Detecting apt attacks based on network traffic using machine learning. J Web Eng 20(1):171\u2013190","journal-title":"J Web Eng"},{"key":"8129_CR10","doi-asserted-by":"publisher","first-page":"108548","DOI":"10.1016\/j.compeleceng.2022.108548","volume":"105","author":"N-E Park","year":"2023","unstructured":"Park N-E, Lee Y-R, Joo S, Kim S-Y, Kim S-H, Park J-Y, Kim S-Y, Lee I-G (2023) Performance evaluation of a fast and efficient intrusion detection framework for advanced persistent threat-based cyberattacks. Comput Electr Eng 105:108548","journal-title":"Comput Electr Eng"},{"issue":"4","key":"8129_CR11","first-page":"865","volume":"15","author":"PN Bahrami","year":"2019","unstructured":"Bahrami PN, Dehghantanha A, Dargahi T, Parizi RM, Choo K-KR, Javadi HH (2019) Cyber kill chain-based taxonomy of advanced persistent threat actors: analogy of tactics, techniques, and procedures. J Inform Process Sys 15(4):865\u2013889","journal-title":"J Inform Process Sys"},{"issue":"5","key":"8129_CR12","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3530812","volume":"55","author":"Z Chen","year":"2022","unstructured":"Chen Z, Liu J, Shen Y, Simsek M, Kantarci B, Mouftah HT, Djukic P (2022) Machine learning-enabled iot security: open issues and challenges under advanced persistent threats. ACM Comput Surv 55(5):1\u201337","journal-title":"ACM Comput Surv"},{"key":"8129_CR13","doi-asserted-by":"publisher","first-page":"401","DOI":"10.1016\/j.future.2020.02.015","volume":"108","author":"G Berrada","year":"2020","unstructured":"Berrada G, Cheney J, Benabderrahmane S, Maxwell W, Mookherjee H, Theriault A, Wright R (2020) A baseline for unsupervised advanced persistent threat detection in system-level provenance. Futur Gener Comput Syst 108:401\u2013413","journal-title":"Futur Gener Comput Syst"},{"issue":"1","key":"8129_CR14","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1016\/j.eij.2022.06.005","volume":"23","author":"J Al-Saraireh","year":"2022","unstructured":"Al-Saraireh J, Jray AAA, Al-Smadi I (2022) A novel approach for detecting advanced persistent threats. Egyptian Inform J 23(1):45\u201355","journal-title":"Egyptian Inform J"},{"key":"8129_CR15","doi-asserted-by":"publisher","unstructured":"Wang X et\u00a0al. (2022) An intrusion detection system based on extended bpf in linux kernel, Journal Name XX 103283. https:\/\/doi.org\/10.1016\/j.journal.2022.103283","DOI":"10.1016\/j.journal.2022.103283"},{"key":"8129_CR16","doi-asserted-by":"crossref","unstructured":"Lira OG, Marroquin A, To MA (2024) Harnessing the advanced capabilities of llm for adaptive intrusion detection systems. In: Barolli L (ed) Advanced Information Networking and Applications. Springer Nature Switzerland, pp 453\u2013464","DOI":"10.1007\/978-3-031-57942-4_44"},{"key":"8129_CR17","doi-asserted-by":"crossref","unstructured":"Zhang J, Bu H, Wen H, Chen Y, Li L, Zhu H (2024) When llms meet cybersecurity: a systematic literature review. arXiv:2405.03644","DOI":"10.1186\/s42400-025-00361-w"},{"key":"8129_CR18","doi-asserted-by":"publisher","unstructured":"Hassanin M, Keshk M, Salim S, Alsubaie M, Sharma D (2025) Pllm-cs: Pre-trained large language model (llm) for cyber threat detection in satellite networks. Ad Hoc Netw 166:103645. https:\/\/doi.org\/10.1016\/j.adhoc.2024.103645. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1570870524002567","DOI":"10.1016\/j.adhoc.2024.103645"},{"issue":"1s","key":"8129_CR19","doi-asserted-by":"publisher","first-page":"294","DOI":"10.52783\/jes.8791","volume":"21","author":"M Entezami","year":"2025","unstructured":"Entezami M, Harsini SR, Houshangi D, Entezami Z (2025) A novel framework for detecting anomalies in network security using llm and deep learning. J Electric Sys 21(1s):294\u2013302","journal-title":"J Electric Sys"},{"key":"8129_CR20","doi-asserted-by":"publisher","unstructured":"Karim SS, Iqbal W, Zaman F, Rashid I, Al-Abri D (2025) A ransomware resilience method with llm-driven threat intelligence, in: 2025 International Conference on Cybersecurity and AI-Based Systems (Cyber-AI), pp. 82\u201388. https:\/\/doi.org\/10.1109\/Cyber-AI66431.2025.11233514","DOI":"10.1109\/Cyber-AI66431.2025.11233514"},{"key":"8129_CR21","doi-asserted-by":"publisher","DOI":"10.1016\/j.dib.2024.110290","volume":"54","author":"SS Karim","year":"2024","unstructured":"Karim SS, Iqbal W, Abbas Y, Al Abri D (2024) Advanced persistent threat (apt) and intrusion detection evaluation dataset for linux systems 2024. Data in Brief 54:110290. https:\/\/doi.org\/10.1016\/j.dib.2024.110290","journal-title":"Data in Brief"},{"key":"8129_CR22","doi-asserted-by":"publisher","unstructured":"Farnaaz N, Jabbar M (2016) Random forest modeling for network intrusion detection system, Procedia Computer Science 89, 213\u2013217, twelfth International Conference on Communication Networks (ICCN 2016). https:\/\/doi.org\/10.1016\/j.procs.2016.06.047","DOI":"10.1016\/j.procs.2016.06.047"},{"issue":"1","key":"8129_CR23","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1186\/s40537-024-00886-w","volume":"11","author":"MA Talukder","year":"2024","unstructured":"Talukder MA, Islam MM, Uddin MA, Hasan KF, Sharmin S, Alyami SA, Moni MA (2024) Machine learning-based network intrusion detection for big and imbalanced data using oversampling, stacking feature embedding and feature extraction. J Big Data 11(1):8. https:\/\/doi.org\/10.1186\/s40537-024-00886-w","journal-title":"J Big Data"},{"key":"8129_CR24","doi-asserted-by":"publisher","unstructured":"Rosay A, Carlier F, Leroux P (2020) Feed-forward neural network for network intrusion detection, in: 2020 IEEE 91st Vehicular Technology Conference (VTC2020-Spring), pp. 1\u20136. https:\/\/doi.org\/10.1109\/VTC2020-Spring48590.2020.9129472","DOI":"10.1109\/VTC2020-Spring48590.2020.9129472"},{"key":"8129_CR25","doi-asserted-by":"publisher","unstructured":"Vinayakumar R, Soman KP, Poornachandran P (2017) Applying convolutional neural network for network intrusion detection, in: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 1222\u20131228. https:\/\/doi.org\/10.1109\/ICACCI.2017.8126009","DOI":"10.1109\/ICACCI.2017.8126009"},{"key":"8129_CR26","unstructured":"Su J, Jiang C, Jin X, Qiao Y, Xiao T, Ma H, Wei R, Jing Z, Xu J, Lin J (2024) Large language models for forecasting and anomaly detection: A systematic literature review. arXiv:2402.10350"},{"key":"8129_CR27","doi-asserted-by":"crossref","unstructured":"Ferrag MA, Alwahedi F, Battah A, Cherif B, Mechri A, Tihanyi N (2024) Generative ai and large language models for cyber security: All insights you need. arXiv:2405.12750","DOI":"10.2139\/ssrn.4853709"},{"key":"8129_CR28","unstructured":"Martinez NA. Understanding vector embeddings in nlp: An introduction with the all-minilm-l6-v2 model, LinkedIn. https:\/\/www.linkedin.com\/pulse\/understanding-vector-embeddings-nlp-introduction-model-martinez\/"},{"key":"8129_CR29","doi-asserted-by":"publisher","DOI":"10.1002\/sam.70005","author":"NH Cuong","year":"2025","unstructured":"Cuong NH, Do XC, Long VT, Dat ND, Anh TQ (2025) A novel approach for apt detection based on ensemble learning model. The ASA Data Sci J Stat Anal Data Mining. https:\/\/doi.org\/10.1002\/sam.70005","journal-title":"The ASA Data Sci J Stat Anal Data Mining"},{"key":"8129_CR30","doi-asserted-by":"publisher","unstructured":"Arefin S, Chowdhury M, Parvez R, Ahmed T, Abrar AS, Sumaiya F (2024) Understanding apt detection using machine learning algorithms: Is superior accuracy a thing?, in. IEEE International Conference on Electro Information Technology (eIT) 2024:532\u2013537. https:\/\/doi.org\/10.1109\/eIT60633.2024.10609886","DOI":"10.1109\/eIT60633.2024.10609886"},{"issue":"28","key":"8129_CR31","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.7865","volume":"35","author":"N Saini","year":"2023","unstructured":"Saini N, Kasaragod VB, Prakasha K, Das AK (2023) A hybrid ensemble machine learning model for detecting apt attacks based on network behavior anomaly detection. Concurr Comput: Pract Exp 35(28):e7865. https:\/\/doi.org\/10.1002\/cpe.7865","journal-title":"Concurr Comput: Pract Exp"},{"key":"8129_CR32","doi-asserted-by":"publisher","first-page":"186125","DOI":"10.1109\/ACCESS.2020.3029202","volume":"8","author":"JH Joloudari","year":"2020","unstructured":"Joloudari JH, Haderbadi M, Mashmool A, Ghasemigol M, Band SS, Mosavi A (2020) Early detection of the advanced persistent threat attack using performance analysis of deep learning. IEEE Access 8:186125\u2013186137. https:\/\/doi.org\/10.1109\/ACCESS.2020.3029202","journal-title":"IEEE Access"},{"key":"8129_CR33","doi-asserted-by":"publisher","unstructured":"ur\u00a0Rehman H, Jalil Z, Fahim S (2024) Ai-driven apt detection framework: Early Threat Identification Using ml, in: 2024 21st International Bhurban Conference on Applied Sciences and Technology (IBCAST), pp. 84\u201391. https:\/\/doi.org\/10.1109\/IBCAST61650.2024.10877259","DOI":"10.1109\/IBCAST61650.2024.10877259"},{"issue":"2","key":"8129_CR34","doi-asserted-by":"publisher","first-page":"1","DOI":"10.22042\/isecure.2024.428569.1052","volume":"16","author":"M Dehghan","year":"2024","unstructured":"Dehghan M, Sadeghian B, Khosravian E, Moghaddam A, Nooshi F (2024) Proapt: projection of apts with deep reinforcement learning, ISeCure, the ISC. Int J Inf Secur 16(2):1\u201317. https:\/\/doi.org\/10.22042\/isecure.2024.428569.1052","journal-title":"Int J Inf Secur"},{"key":"8129_CR35","doi-asserted-by":"publisher","DOI":"10.1145\/3736654","author":"AS Basnet","year":"2025","unstructured":"Basnet AS, Ghanem MC, Dunsin D, Kheddar H, Sowinski-Mydlarz W (2025) Advanced persistent threats (apt) attribution using deep reinforcement learning. ACM Digital Threats Res PracticeJust Accept. https:\/\/doi.org\/10.1145\/3736654","journal-title":"ACM Digital Threats Res PracticeJust Accept"},{"key":"8129_CR36","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-025-11338-8","author":"SS Karim","year":"2025","unstructured":"Karim SS, Afzal M, Iqbal W, Al Abri D, Abbas Y (2025) Slf-adm: securing linux frontiers-advanced persistent threat (apt) detection using machine learning. Neural Comput Appl. https:\/\/doi.org\/10.1007\/s00521-025-11338-8","journal-title":"Neural Comput Appl"},{"issue":"6","key":"8129_CR37","doi-asserted-by":"publisher","first-page":"5247","DOI":"10.1109\/TDSC.2023.3243667","volume":"20","author":"T Zhu","year":"2023","unstructured":"Zhu T, Yu J, Xiong C, Cheng W, Yuan Q, Ying J, Chen T, Zhang J, Lv M, Chen Y, Wang T, Fan Y (2023) Aptshield: a stable, efficient and real-time apt detection system for linux hosts. IEEE Trans Dependable Secure Comput 20(6):5247\u20135264. https:\/\/doi.org\/10.1109\/TDSC.2023.3243667","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"8129_CR38","doi-asserted-by":"publisher","first-page":"1064","DOI":"10.1109\/SoutheastCon52093.2024.10500217","volume":"2024","author":"RM Rajendran","year":"2024","unstructured":"Rajendran RM, Vyas B (2024) Detecting apt using machine learning: comparative performance analysis with proposed model, in. SoutheastCon 2024:1064\u20131069. https:\/\/doi.org\/10.1109\/SoutheastCon52093.2024.10500217","journal-title":"SoutheastCon"}],"container-title":["The Journal of Supercomputing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-025-08129-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11227-025-08129-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-025-08129-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T21:01:57Z","timestamp":1765573317000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11227-025-08129-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,12]]},"references-count":38,"journal-issue":{"issue":"18","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["8129"],"URL":"https:\/\/doi.org\/10.1007\/s11227-025-08129-2","relation":{},"ISSN":["1573-0484"],"issn-type":[{"type":"electronic","value":"1573-0484"}],"subject":[],"published":{"date-parts":[[2025,12,12]]},"assertion":[{"value":"14 June 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 November 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 December 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"1645"}}