{"id":"https://openalex.org/W4402679520","doi":"https://doi.org/10.1007/s10462-024-10890-4","title":"Explainable deep learning approach for advanced persistent threats (APTs) detection in cybersecurity: a review","display_name":"Explainable deep learning approach for advanced persistent threats (APTs) detection in cybersecurity: a review","publication_year":2024,"publication_date":"2024-09-18","ids":{"openalex":"https://openalex.org/W4402679520","doi":"https://doi.org/10.1007/s10462-024-10890-4"},"language":"en","primary_location":{"id":"doi:10.1007/s10462-024-10890-4","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10462-024-10890-4","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10462-024-10890-4.pdf","source":{"id":"https://openalex.org/S122814990","display_name":"Artificial Intelligence Review","issn_l":"0269-2821","issn":["0269-2821","1573-7462"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Artificial Intelligence Review","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10462-024-10890-4.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5107607574","display_name":"Noor Hazlina Abdul Mutalib","orcid":null},"institutions":[{"id":"https://openalex.org/I33849332","display_name":"University of Malaya","ror":"https://ror.org/00rzspn62","country_code":"MY","type":"education","lineage":["https://openalex.org/I33849332"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Noor Hazlina Abdul Mutalib","raw_affiliation_strings":["Department of Artificial Intelligence, Faculty of Computer Science and Information Technology, University Malaya, Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, 50603, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Artificial Intelligence, Faculty of Computer Science and Information Technology, University Malaya, Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, 50603, Malaysia","institution_ids":["https://openalex.org/I33849332"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061102335","display_name":"Aznul Qalid Md Sabri","orcid":"https://orcid.org/0000-0002-4758-5400"},"institutions":[{"id":"https://openalex.org/I33849332","display_name":"University of Malaya","ror":"https://ror.org/00rzspn62","country_code":"MY","type":"education","lineage":["https://openalex.org/I33849332"]}],"countries":["MY"],"is_corresponding":true,"raw_author_name":"Aznul Qalid Md Sabri","raw_affiliation_strings":["Department of Artificial Intelligence, Faculty of Computer Science and Information Technology, University Malaya, Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, 50603, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Artificial Intelligence, Faculty of Computer Science and Information Technology, University Malaya, Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, 50603, Malaysia","institution_ids":["https://openalex.org/I33849332"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004213577","display_name":"Ainuddin Wahid Abdul Wahab","orcid":"https://orcid.org/0000-0003-1062-0329"},"institutions":[{"id":"https://openalex.org/I33849332","display_name":"University of Malaya","ror":"https://ror.org/00rzspn62","country_code":"MY","type":"education","lineage":["https://openalex.org/I33849332"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Ainuddin Wahid Abdul Wahab","raw_affiliation_strings":["Department of Computer System & Technology, Faculty of Computer Science and Information Technology, University Malaya, Wilayah Persekutuan Kuala Lumpur, Kuala Lumpur, 50603, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer System & Technology, Faculty of Computer Science and Information Technology, University Malaya, Wilayah Persekutuan Kuala Lumpur, Kuala Lumpur, 50603, Malaysia","institution_ids":["https://openalex.org/I33849332"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012821661","display_name":"Erma Rahayu Mohd Faizal Abdullah","orcid":"https://orcid.org/0000-0002-3026-9428"},"institutions":[{"id":"https://openalex.org/I33849332","display_name":"University of Malaya","ror":"https://ror.org/00rzspn62","country_code":"MY","type":"education","lineage":["https://openalex.org/I33849332"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Erma Rahayu Mohd Faizal Abdullah","raw_affiliation_strings":["Department of Artificial Intelligence, Faculty of Computer Science and Information Technology, University Malaya, Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, 50603, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Artificial Intelligence, Faculty of Computer Science and Information Technology, University Malaya, Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, 50603, Malaysia","institution_ids":["https://openalex.org/I33849332"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037300629","display_name":"Nouar AlDahoul","orcid":"https://orcid.org/0000-0001-5522-0033"},"institutions":[{"id":"https://openalex.org/I120250893","display_name":"New York University Abu Dhabi","ror":"https://ror.org/00e5k0821","country_code":"AE","type":"education","lineage":["https://openalex.org/I120250893","https://openalex.org/I57206974"]}],"countries":["AE"],"is_corresponding":false,"raw_author_name":"Nouar AlDahoul","raw_affiliation_strings":["Department of Computer Science, New York University Abu Dhabi, Abu Dhabi, United Arab Emirates"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, New York University Abu Dhabi, Abu Dhabi, United Arab Emirates","institution_ids":["https://openalex.org/I120250893"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5061102335"],"corresponding_institution_ids":["https://openalex.org/I33849332"],"apc_list":{"value":2490,"currency":"EUR","value_usd":3090},"apc_paid":{"value":2490,"currency":"EUR","value_usd":3090},"fwci":19.2395,"has_fulltext":true,"cited_by_count":64,"citation_normalized_percentile":{"value":0.99482605,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"57","issue":"11","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7420874834060669},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5739251375198364},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.48160025477409363},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3361797332763672}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7420874834060669},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5739251375198364},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.48160025477409363},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3361797332763672}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s10462-024-10890-4","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10462-024-10890-4","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10462-024-10890-4.pdf","source":{"id":"https://openalex.org/S122814990","display_name":"Artificial Intelligence Review","issn_l":"0269-2821","issn":["0269-2821","1573-7462"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Artificial Intelligence Review","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s10462-024-10890-4","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10462-024-10890-4","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10462-024-10890-4.pdf","source":{"id":"https://openalex.org/S122814990","display_name":"Artificial Intelligence Review","issn_l":"0269-2821","issn":["0269-2821","1573-7462"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Artificial Intelligence Review","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7599999904632568}],"awards":[{"id":"https://openalex.org/G8846151432","display_name":null,"funder_award_id":"1000/016/018/25","funder_id":"https://openalex.org/F4320321709","funder_display_name":"Ministry of Higher Education, Malaysia"}],"funders":[{"id":"https://openalex.org/F4320321709","display_name":"Ministry of Higher Education, Malaysia","ror":"https://ror.org/05mcs2t73"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4402679520.pdf","grobid_xml":"https://content.openalex.org/works/W4402679520.grobid-xml"},"referenced_works_count":143,"referenced_works":["https://openalex.org/W1787224781","https://openalex.org/W2334853001","https://openalex.org/W2625013748","https://openalex.org/W2748696935","https://openalex.org/W2769405978","https://openalex.org/W2809925683","https://openalex.org/W2903165775","https://openalex.org/W2920971804","https://openalex.org/W2953684237","https://openalex.org/W2955468701","https://openalex.org/W2955692055","https://openalex.org/W2958285686","https://openalex.org/W2971724044","https://openalex.org/W2973136764","https://openalex.org/W2975495759","https://openalex.org/W2981560029","https://openalex.org/W2982145560","https://openalex.org/W2991507433","https://openalex.org/W2997590552","https://openalex.org/W3004179294","https://openalex.org/W3015551546","https://openalex.org/W3017093935","https://openalex.org/W3024905798","https://openalex.org/W3033013607","https://openalex.org/W3040320120","https://openalex.org/W3047506152","https://openalex.org/W3081876271","https://openalex.org/W3092257527","https://openalex.org/W3093433874","https://openalex.org/W3116286104","https://openalex.org/W3118600567","https://openalex.org/W3119835194","https://openalex.org/W3121787084","https://openalex.org/W3128834969","https://openalex.org/W3131172844","https://openalex.org/W3138344197","https://openalex.org/W3140854437","https://openalex.org/W3157189912","https://openalex.org/W3165381529","https://openalex.org/W3171973514","https://openalex.org/W3174621618","https://openalex.org/W3175075975","https://openalex.org/W3182546273","https://openalex.org/W3185234019","https://openalex.org/W3187431941","https://openalex.org/W3191161603","https://openalex.org/W3200314112","https://openalex.org/W3204466840","https://openalex.org/W3204683301","https://openalex.org/W3208113910","https://openalex.org/W3210680641","https://openalex.org/W3211639647","https://openalex.org/W3215572174","https://openalex.org/W3216835679","https://openalex.org/W3217005176","https://openalex.org/W4200187172","https://openalex.org/W4200304719","https://openalex.org/W4206487993","https://openalex.org/W4210422587","https://openalex.org/W4210659135","https://openalex.org/W4210779665","https://openalex.org/W4225996392","https://openalex.org/W4250685322","https://openalex.org/W4283159491","https://openalex.org/W4283396616","https://openalex.org/W4285048114","https://openalex.org/W4285058242","https://openalex.org/W4285198896","https://openalex.org/W4285248859","https://openalex.org/W4288046351","https://openalex.org/W4288083473","https://openalex.org/W4292794125","https://openalex.org/W4294663899","https://openalex.org/W4294691140","https://openalex.org/W4295190147","https://openalex.org/W4295854586","https://openalex.org/W4296105182","https://openalex.org/W4297538900","https://openalex.org/W4306764526","https://openalex.org/W4308292292","https://openalex.org/W4309345954","https://openalex.org/W4310762541","https://openalex.org/W4311768551","https://openalex.org/W4313650676","https://openalex.org/W4313880566","https://openalex.org/W4322123792","https://openalex.org/W4323313312","https://openalex.org/W4324029729","https://openalex.org/W4327750468","https://openalex.org/W4327935688","https://openalex.org/W4353072214","https://openalex.org/W4366262984","https://openalex.org/W4367016553","https://openalex.org/W4367309662","https://openalex.org/W4372342980","https://openalex.org/W4376624734","https://openalex.org/W4377091294","https://openalex.org/W4379382625","https://openalex.org/W4380201339","https://openalex.org/W4380987977","https://openalex.org/W4382052217","https://openalex.org/W4382053932","https://openalex.org/W4385215070","https://openalex.org/W4385380505","https://openalex.org/W4385732922","https://openalex.org/W4386142022","https://openalex.org/W4386804668","https://openalex.org/W4387333217","https://openalex.org/W4388201606","https://openalex.org/W4388210747","https://openalex.org/W4388326161","https://openalex.org/W4388938416","https://openalex.org/W4390343272","https://openalex.org/W4390692351","https://openalex.org/W4390741016","https://openalex.org/W4391031596","https://openalex.org/W4391089346","https://openalex.org/W4392108922","https://openalex.org/W4392296741","https://openalex.org/W4392386117","https://openalex.org/W4392452874","https://openalex.org/W4392980982","https://openalex.org/W4393970627","https://openalex.org/W4395085347","https://openalex.org/W4395449056","https://openalex.org/W4396241811","https://openalex.org/W4396561785","https://openalex.org/W4396583078","https://openalex.org/W4396822685","https://openalex.org/W4396918602","https://openalex.org/W4397009843","https://openalex.org/W4398151371","https://openalex.org/W4398165763","https://openalex.org/W4398174014","https://openalex.org/W4398197978","https://openalex.org/W4398241734","https://openalex.org/W4398775145","https://openalex.org/W4399397368","https://openalex.org/W4399422086","https://openalex.org/W4399564030","https://openalex.org/W4399928165","https://openalex.org/W6602913128","https://openalex.org/W6834628200"],"related_works":["https://openalex.org/W2731899572","https://openalex.org/W3215138031","https://openalex.org/W3009238340","https://openalex.org/W4321369474","https://openalex.org/W4360585206","https://openalex.org/W4285208911","https://openalex.org/W3082895349","https://openalex.org/W4213079790","https://openalex.org/W2248239756","https://openalex.org/W4323565446"],"abstract_inverted_index":{"Abstract":[0],"In":[1],"recent":[2],"years,":[3],"Advanced":[4],"Persistent":[5],"Threat":[6],"(APT)":[7],"attacks":[8,35],"on":[9],"network":[10],"systems":[11],"have":[12],"increased":[13],"through":[14],"sophisticated":[15],"fraud":[16],"tactics.":[17],"Traditional":[18],"Intrusion":[19],"Detection":[20],"Systems":[21],"(IDSs)":[22],"suffer":[23],"from":[24],"low":[25],"detection":[26,61,135],"accuracy,":[27],"high":[28],"false-positive":[29],"rates,":[30],"and":[31,40,56,75,110,122,136,143,159,161,186,202],"difficulty":[32],"identifying":[33],"unknown":[34],"such":[36,104],"as":[37,105],"remote-to-local":[38],"(R2L)":[39],"user-to-root":[41],"(U2R)":[42],"attacks.":[43],"This":[44,84,169],"paper":[45,85,170,192],"addresses":[46],"these":[47,146],"challenges":[48],"by":[49,95],"providing":[50,96],"a":[51,97,150],"foundational":[52],"discussion":[53],"of":[54,59,71,100,131,145,153,196,204],"APTs":[55],"the":[57,68,89,92,129,141,181,194,200],"limitations":[58],"existing":[60,154],"methods.":[62],"It":[63,148],"then":[64],"pivots":[65],"to":[66,80,87,127,176],"explore":[67],"novel":[69],"integration":[70],"deep":[72],"learning":[73],"techniques":[74],"Explainable":[76],"Artificial":[77],"Intelligence":[78],"(XAI)":[79],"improve":[81],"APT":[82,134],"detection.":[83],"aims":[86],"fill":[88],"gaps":[90],"in":[91,133,198],"current":[93],"research":[94,174],"thorough":[98],"analysis":[99,152],"how":[101],"XAI":[102],"methods,":[103],"Shapley":[106],"Additive":[107],"Explanations":[108,114],"(SHAP)":[109],"Local":[111],"Interpretable":[112],"Model-agnostic":[113],"(LIME),":[115],"can":[116],"make":[117],"black-box":[118],"models":[119],"more":[120,184],"transparent":[121],"interpretable.":[123],"The":[124],"objective":[125],"is":[126],"demonstrate":[128],"necessity":[130],"explainability":[132,197],"propose":[137],"solutions":[138],"that":[139,165],"enhance":[140],"trustworthiness":[142,203],"effectiveness":[144],"models.":[147],"offers":[149],"critical":[151],"approaches,":[155],"highlights":[156],"their":[157],"strengths":[158],"limitations,":[160],"identifies":[162],"open":[163],"issues":[164],"require":[166],"further":[167],"research.":[168],"also":[171],"suggests":[172],"future":[173],"directions":[175],"combat":[177],"evolving":[178],"threats,":[179],"paving":[180],"way":[182],"for":[183],"effective":[185],"reliable":[187],"cybersecurity":[188,205],"solutions.":[189],"Overall,":[190],"this":[191],"emphasizes":[193],"importance":[195],"enhancing":[199],"performance":[201],"systems.":[206]},"counts_by_year":[{"year":2026,"cited_by_count":17},{"year":2025,"cited_by_count":44},{"year":2024,"cited_by_count":3}],"updated_date":"2026-06-20T22:02:38.213706","created_date":"2025-10-10T00:00:00"}