{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T06:39:07Z","timestamp":1776926347044,"version":"3.51.2"},"reference-count":58,"publisher":"Tech Science Press","issue":"3","license":[{"start":{"date-parts":[[2025,8,3]],"date-time":"2025-08-03T00:00:00Z","timestamp":1754179200000},"content-version":"vor","delay-in-days":214,"URL":"https:\/\/doi.org\/10.32604\/TSP-CROSSMARKPOLICY"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["CMC"],"published-print":{"date-parts":[[2025]]},"DOI":"10.32604\/cmc.2025.063451","type":"journal-article","created":{"date-parts":[[2025,7,11]],"date-time":"2025-07-11T07:53:19Z","timestamp":1752220399000},"page":"5665-5691","update-policy":"https:\/\/doi.org\/10.32604\/tsp-crossmarkpolicy","source":"Crossref","is-referenced-by-count":2,"title":["A Hybrid Feature Selection Method for Advanced Persistent Threat Detection"],"prefix":"10.32604","volume":"84","author":[{"given":"Adam","family":"Khalid","sequence":"first","affiliation":[]},{"given":"Anazida","family":"Zainal","sequence":"additional","affiliation":[]},{"given":"Fuad A.","family":"Ghaleb","sequence":"additional","affiliation":[]},{"given":"Bander Ali Saleh","family":"Al-rimy","sequence":"additional","affiliation":[]},{"given":"Yussuf","family":"Ahmed","sequence":"additional","affiliation":[]}],"member":"17807","published-online":{"date-parts":[[2025]]},"reference":[{"key":"ref1","doi-asserted-by":"crossref","first-page":"138","DOI":"10.30574\/wjarr.2022.15.1.0573","article-title":"A literature review of financial losses statistics for cyber security and future trend","volume":"15","author":"Sharif","year":"2022","journal-title":"World J Adv Res Rev"},{"key":"ref2","series-title":"2020 International Joint Conference on Neural Networks (IJCNN)","first-page":"1","article-title":"Untargeted, targeted and universal adversarial attacks and defenses on time series","author":"Rathore","year":"2020 Jul 19\u201324"},{"key":"ref3","doi-asserted-by":"crossref","first-page":"21670","DOI":"10.1109\/JIOT.2023.3289625","article-title":"A survey on cyber-physical systems security","volume":"10","author":"Yu","year":"2023","journal-title":"IEEE Internet Things J"},{"key":"ref4","doi-asserted-by":"crossref","first-page":"4543","DOI":"10.1007\/s11227-016-1850-4","article-title":"A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions","volume":"75","author":"Singh","year":"2016","journal-title":"J Supercomput"},{"key":"ref5","series-title":"Proceedings of the International MultiConference of Engineers and Computer Scientists, IMECS 2018","article-title":"An improved behaviour specification to stop advanced persistent threat on governments and organizations network","author":"Mohamed","year":"2018 Mar 14\u201316"},{"key":"ref6","doi-asserted-by":"crossref","first-page":"191","DOI":"10.3390\/info14030191","article-title":"A survey on feature selection techniques based on filtering methods for cyber attack detection","volume":"14","author":"Lyu","year":"2023","journal-title":"Information"},{"key":"ref7","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1541880.1541882","article-title":"Anomaly detection: a survey","volume":"41","author":"Chandola","year":"2009","journal-title":"ACM Comput Surv"},{"key":"ref8","series-title":"SoutheastCon 2024","first-page":"1064","article-title":"Detecting APT using machine learning: comparative performance analysis with proposed model","author":"Rajendran","year":"2024 Mar 15\u201324"},{"key":"ref9","first-page":"45","article-title":"AI-based anomaly detection for real-time cybersecurity","volume":"3","author":"Goswami","year":"2024","journal-title":"Int J Res Rev Tech"},{"key":"ref10","first-page":"171","article-title":"Detecting APT attacks based on network traffic using machine learning","volume":"20","author":"Xuan","year":"2021","journal-title":"J Web Eng"},{"key":"ref11","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1177\/0165551521991037","article-title":"A novel filter feature selection method for text classification: extensive feature selector","volume":"49","author":"Parlak","year":"2023","journal-title":"J Inf Sci"},{"key":"ref12","doi-asserted-by":"crossref","first-page":"e0305618","DOI":"10.1371\/journal.pone.0305618","article-title":"A novel approach for APT attack detection based on feature intelligent extraction and representation learning","volume":"19","author":"Do Xuan","year":"2024","journal-title":"PLoS One"},{"key":"ref13","doi-asserted-by":"crossref","first-page":"5457","DOI":"10.1007\/s10489-021-02524-x","article-title":"Feature selection based on mutual information with correlation coefficient","volume":"52","author":"Zhou","year":"2022","journal-title":"Appl Intell"},{"key":"ref14","doi-asserted-by":"crossref","first-page":"109566","DOI":"10.1016\/j.patcog.2023.109566","article-title":"A novel relation aware wrapper method for feature selection","volume":"140","author":"Liu","year":"2023","journal-title":"Pattern Recognit"},{"key":"ref15","first-page":"1","article-title":"Machine learning-enabled iot security: open issues and challenges under advanced persistent threats","volume":"55","author":"Chen","year":"2022","journal-title":"ACM Comput Surv"},{"key":"ref16","series-title":"International Workshop on Deployable Machine Learning for Security Defense","first-page":"138","article-title":"Dapt 2020-constructing a benchmark dataset for advanced persistent threats","author":"Myneni","year":"2020 Aug 24"},{"key":"ref17","first-page":"2497","article-title":"A cyber kill chain approach for detecting advanced persistent threats","volume":"67","author":"Ahmed","year":"2021","journal-title":"Comput Mater Contin"},{"key":"ref18","doi-asserted-by":"crossref","first-page":"102875","DOI":"10.1016\/j.cose.2022.102875","article-title":"APT beaconing detection: a systematic review","volume":"122","author":"Talib","year":"2022","journal-title":"Comput Secur"},{"key":"ref19","doi-asserted-by":"crossref","first-page":"145148","DOI":"10.1109\/ACCESS.2024.3473021","article-title":"APTracker: a comprehensive and analytical malware dataset, based on attribution to APT groups","volume":"12","author":"Mazaheri","year":"2024","journal-title":"IEEE Access"},{"key":"ref20","series-title":"International Conference on Advanced Computing Technologies and Applications (ICACTA)","first-page":"1","article-title":"Evaluating ML models on CTU-13 and IOT,-23 Datasets","author":"Patil","year":"2023 Oct 6\u20137"},{"key":"ref21","series-title":"Proceedings of the 26th ACM Symposium on Access Control Models and Technologies","first-page":"27","article-title":"Analyzing the usefulness of the DARPA OpTC dataset in cyber threat detection research","author":"Anjum","year":"2021 Jun 16\u201318; Online"},{"key":"ref22","series-title":"Deep Learning Theory and Applications (DeLTA 2023)","first-page":"1","article-title":"Synthetic network traffic data generation and classification of advanced persistent threat samples: a case study with GANs and XGBoost","author":"Anande","year":"2023"},{"key":"ref23","series-title":"Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP)","first-page":"108","article-title":"Toward generating a new intrusion detection dataset and intrusion traffic characterization","author":"Sharafaldin","year":"2018 Jan 22\u201324"},{"key":"ref24","doi-asserted-by":"crossref","first-page":"101734","DOI":"10.1016\/j.cose.2020.101734","article-title":"APT datasets and attack modeling for automated detection methods: a review","volume":"92","author":"Stojanovi\u0107","year":"2020","journal-title":"Comput Sec"},{"key":"ref25","series-title":"2014 IEEE High Performance Extreme Computing Conference (HPEC)","first-page":"1","article-title":"Characterization of semi-synthetic dataset for big-data semantic analysis","author":"Techentin","year":"2014 Sep 9\u201311"},{"key":"ref26","doi-asserted-by":"crossref","first-page":"152","DOI":"10.1016\/j.jocs.2017.03.006","article-title":"Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model","volume":"25","author":"Aljawarneh","year":"2018","journal-title":"J Comput Sci"},{"key":"ref27","doi-asserted-by":"crossref","first-page":"273","DOI":"10.1016\/S0004-3702(97)00043-X","article-title":"Wrappers for feature subset selection","volume":"97","author":"Kohavi","year":"1997","journal-title":"Artif Intell"},{"key":"ref28","doi-asserted-by":"crossref","first-page":"83","DOI":"10.32604\/iasc.2021.015460","article-title":"Filter-based feature selection and machine-learning classification of cancer data","volume":"28","author":"Farsi","year":"2021","journal-title":"Intell Autom Soft Comput"},{"key":"ref29","doi-asserted-by":"crossref","first-page":"2040019","DOI":"10.1142\/S0219649220400195","article-title":"Practical challenges and recommendations of filter methods for feature selection","volume":"19","author":"Rajab","year":"2020","journal-title":"J Inf Knowl Manag"},{"key":"ref30","doi-asserted-by":"crossref","first-page":"39833","DOI":"10.1109\/ACCESS.2022.3165814","article-title":"Wrapper and hybrid feature selection methods using metaheuristic algorithms for English text classification: a systematic review","volume":"10","author":"Alyasiri","year":"2022","journal-title":"IEEE Access"},{"key":"ref31","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1186\/s40537-023-00694-8","article-title":"IGRF-RFE: a hybrid feature selection method for MLP-based network intrusion detection on UNSW-NB15 dataset","volume":"10","author":"Yin","year":"2023","journal-title":"J Big Data"},{"key":"ref32","series-title":"2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications","first-page":"1","article-title":"A detailed analysis of the KDD CUP 99 data set","author":"Tavallaee","year":"2009 Jul 8\u201310"},{"key":"ref33","first-page":"45","article-title":"A novel approach for detecting advanced persistent threats","volume":"23","author":"Al-Saraireh","year":"2022","journal-title":"Egypt Inf J"},{"key":"ref34","doi-asserted-by":"crossref","unstructured":"Huang S, Poskitt CM, Shar LK. Security modelling for cyber-physical systems: a systematic literature review. arXiv:240407527. 2024.","DOI":"10.1145\/3776549"},{"key":"ref35","unstructured":"Pols P, van den Berg J, Hague. The unified kill chain. CSA Thesis, Hague. 2017 [Internet]. p. 1\u2013104. [cited 2025 Jun 24]. Available from: https:\/\/www.unifiedkillchain.com\/assets\/The-Unified-Kill-Chain.pdf."},{"key":"ref36","series-title":"2022 IEEE International Symposium on Systems Engineering (ISSE)","first-page":"1","article-title":"Comparing attack models for it systems: Lockheed martin\u2019s cyber kill chain, MITRE ATT&CK framework and diamond model","author":"Naik","year":"2022 Oct 24\u201326"},{"key":"ref37","unstructured":"Hutchins EM, Cloppert MJ, Amin RM. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Vol. 1. Leading issues in information warfare & security research; 2011 [Internet]. [cited 2025 Jun 24]. Available from: https:\/\/securityandtechnology.org\/wp-content\/uploads\/2020\/07\/lm-white-paper-intel-driven-defense.pdf."},{"key":"ref38","doi-asserted-by":"crossref","first-page":"8644","DOI":"10.1007\/s11227-021-04201-9","article-title":"APT-Dt-KC: advanced persistent threat detection based on kill-chain model","volume":"78","author":"Panahnejad","year":"2022","journal-title":"J Supercomput"},{"key":"ref39","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3687300","article-title":"Mitre att&ck: state of the art and way forward","volume":"57","author":"Al-Sada","year":"2024","journal-title":"ACM Comput Surv"},{"key":"ref40","first-page":"2675","article-title":"A comprehensive survey on advanced persistent threat (APT) detection techniques","volume":"80","author":"Krishnapriya","year":"2024","journal-title":"Comput Mater Contin"},{"key":"ref41","doi-asserted-by":"crossref","first-page":"110353","DOI":"10.1016\/j.ecolmodel.2023.110353","article-title":"Cyber Kill Chain ontology to support automated cyber threat intelligence","volume":"481","author":"Chollet Ramampiandra","year":"2023","journal-title":"Ecol Model"},{"key":"ref42","first-page":"865","article-title":"Cyber kill chain-based taxonomy of advanced persistent threat actors: analogy of tactics, techniques, and procedures","volume":"15","author":"Bahrami","year":"2019","journal-title":"J Inf Process Syst"},{"key":"ref43","series-title":"International Conference on Advances in Computing, Communication and Materials (ICACCM)","first-page":"1","article-title":"An intrusion detection model for cicids-2017 dataset using machine learning algorithms","author":"Panwar","year":"2022 Nov 10\u201311"},{"key":"ref44","series-title":"2015 Military Communications and Information Systems Conference (MilCIS)","first-page":"1","article-title":"UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)","author":"Moustafa","year":"2015 Nov 10\u201312"},{"key":"ref45","doi-asserted-by":"crossref","first-page":"e17156","DOI":"10.1016\/j.heliyon.2023.e17156","article-title":"A systematic literature review for APT detection and effective cyber situational awareness (ECSA) conceptual model","volume":"9","author":"Salim","year":"2023","journal-title":"Heliyon"},{"key":"ref46","series-title":"2023 International Conference on Machine Learning","first-page":"6424","article-title":"Learning to maximize mutual information for dynamic feature selection","author":"Covert","year":"2023 Jul 23\u201329"},{"key":"ref47","series-title":"2009 International Workshop on Cryptographic Hardware and Embedded Systems","first-page":"429","article-title":"Mutual information analysis: how, when and why?","author":"Veyrat-Charvillon","year":"2009 Sep 6\u20139"},{"key":"ref48","series-title":"37th Conference on Neural Information Processing Systems (NeurIPS 2023)","first-page":"1","article-title":"Max-sliced mutual information","author":"Tsur","year":"2023 Dec 10\u201316"},{"key":"ref49","doi-asserted-by":"crossref","first-page":"168","DOI":"10.1016\/j.neucom.2016.11.047","article-title":"Theoretical evaluation of feature selection methods based on mutual information","volume":"226","author":"Pascoal","year":"2017","journal-title":"Neurocomputing"},{"key":"ref50","doi-asserted-by":"crossref","first-page":"934","DOI":"10.1201\/9781003370628-19","author":"Agrawal","year":"2023","journal-title":"Recent advances in material, manufacturing, and machine learning"},{"key":"ref51","doi-asserted-by":"crossref","first-page":"1226","DOI":"10.1109\/TPAMI.2005.159","article-title":"Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy","volume":"27","author":"Peng","year":"2005","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"key":"ref52","doi-asserted-by":"crossref","first-page":"280","DOI":"10.1016\/j.jeconom.2022.04.007","article-title":"Model averaging prediction by K-fold cross-validation","volume":"235","author":"Zhang","year":"2023","journal-title":"J Econo"},{"key":"ref53","doi-asserted-by":"crossref","first-page":"1250","DOI":"10.3390\/e25091250","article-title":"Distance correlation-based feature selection in random forest","volume":"25","author":"Ratnasingam","year":"2023","journal-title":"Entropy"},{"key":"ref54","first-page":"104076","article-title":"A comprehensive survey of automated advanced persistent threat attribution: taxonomy, methods, challenges and open research problems","volume":"92","author":"Rani","year":"2025","journal-title":"J Inf Secur Appl"},{"key":"ref55","doi-asserted-by":"crossref","first-page":"448","DOI":"10.1002\/wics.1278","article-title":"Decision trees","volume":"5","author":"De Ville","year":"2013","journal-title":"Wiley Interdiscip Rev Comput Stat"},{"key":"ref56","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1016\/j.neunet.2014.09.003","article-title":"Deep learning in neural networks: an overview","volume":"61","author":"Schmidhuber","year":"2015","journal-title":"Neural Netw"},{"key":"ref57","doi-asserted-by":"crossref","first-page":"e20220055","DOI":"10.1590\/1806-9126-rbef-2022-0055","article-title":"Mutual information: a way to quantify correlations","volume":"44","author":"Tisoc","year":"2022","journal-title":"Revista Brasileira De Ensino De F\u00edsica"},{"key":"ref58","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1145\/2445566.2445569","article-title":"Automated anomaly detector adaptation using adaptive threshold tuning","volume":"15","author":"Ali","year":"2013","journal-title":"ACM Trans Inf Syst Secur"}],"container-title":["Computers, Materials &amp; Continua"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/cdn.techscience.cn\/files\/cmc\/2025\/TSP_CMC-84-3\/TSP_CMC_63451\/TSP_CMC_63451.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T05:45:33Z","timestamp":1776923133000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.techscience.com\/cmc\/v84n3\/63127"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":58,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2025]]},"published-print":{"date-parts":[[2025]]}},"URL":"https:\/\/doi.org\/10.32604\/cmc.2025.063451","relation":{},"ISSN":["1546-2226"],"issn-type":[{"value":"1546-2226","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"2025-01-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-06-25","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-07-30","order":2,"name":"published","label":"Published Online","group":{"name":"publication_history","label":"Publication History"}}]}}