Saved in:
Bibliographic Details
Main Authors: Shaker, Bassam Noori, Al-Musawi, Bahaa, Hassan, Mohammed Falih
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2506.12108
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866918388625833984
author Shaker, Bassam Noori
Al-Musawi, Bahaa
Hassan, Mohammed Falih
author_facet Shaker, Bassam Noori
Al-Musawi, Bahaa
Hassan, Mohammed Falih
contents An Advanced Persistent Threat (APT) is a multistage, highly sophisticated, and covert form of cyber threat that gains unauthorized access to networks to either steal valuable data or disrupt the targeted network. These threats often remain undetected for extended periods, emphasizing the critical need for early detection in networks to mitigate potential APT consequences. In this work, we propose a feature selection method for developing a lightweight intrusion detection system capable of effectively identifying APTs at the initial compromise stage. Our approach leverages the XGBoost algorithm and Explainable Artificial Intelligence (XAI), specifically utilizing the SHAP (SHapley Additive exPlanations) method for identifying the most relevant features of the initial compromise stage. The results of our proposed method showed the ability to reduce the selected features of the SCVIC-APT-2021 dataset from 77 to just four while maintaining consistent evaluation metrics for the suggested system. The estimated metrics values are 97% precision, 100% recall, and a 98% F1 score. The proposed method not only aids in preventing successful APT consequences but also enhances understanding of APT behavior at early stages.
format Preprint
id arxiv_https___arxiv_org_abs_2506_12108
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle A Lightweight IDS for Early APT Detection Using a Novel Feature Selection Method
Shaker, Bassam Noori
Al-Musawi, Bahaa
Hassan, Mohammed Falih
Cryptography and Security
Artificial Intelligence
An Advanced Persistent Threat (APT) is a multistage, highly sophisticated, and covert form of cyber threat that gains unauthorized access to networks to either steal valuable data or disrupt the targeted network. These threats often remain undetected for extended periods, emphasizing the critical need for early detection in networks to mitigate potential APT consequences. In this work, we propose a feature selection method for developing a lightweight intrusion detection system capable of effectively identifying APTs at the initial compromise stage. Our approach leverages the XGBoost algorithm and Explainable Artificial Intelligence (XAI), specifically utilizing the SHAP (SHapley Additive exPlanations) method for identifying the most relevant features of the initial compromise stage. The results of our proposed method showed the ability to reduce the selected features of the SCVIC-APT-2021 dataset from 77 to just four while maintaining consistent evaluation metrics for the suggested system. The estimated metrics values are 97% precision, 100% recall, and a 98% F1 score. The proposed method not only aids in preventing successful APT consequences but also enhances understanding of APT behavior at early stages.
title A Lightweight IDS for Early APT Detection Using a Novel Feature Selection Method
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2506.12108