Kriativ-tech Volume 1, Issue 9, April 2018, Pages: xxx Received: Dec. 28, 2019; Accepted: Feb. 25, 2020. Published: Oct. 11, 2022.


Pedro Ramos Brandão, Full Professor – ISTEC Lisbon

Gabriel Pereira Matos, Computer Science MSc Student



To cite this article

Pedro Ramos Brandão, Gabriel Pereira Matos Machine Learning and APTsDOI: 10.31112/kriativ-tech-2022-06-79


APTs, also known as Advanced Persistent Threats, are a type of cyberattack characterized by slow and stealthy methods of attack. As one of the most worrying attack methods today, it's important to understand what they are and how they work. At the moment, there are already some techniques for detecting APTs through the training and learning method known as Machine Learning. This article introduces the definitions of APTs and machine learning clarifies the operation of APTs, and introduces and discusses some techniques for APTs detection.


Advanced Persistent Threats, Cybersecurity, Machine Learning


[1]A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, “A survey on Advanced persistent threats: Techniques, solutions, challenges, and research opportunities,” IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1851–1877, Jan. 2019.[2]R. S. Ross, “Managing information security risk: Organization, mission, and information system view,” Special Publication (NIST SP)- 800-39, 2011.[3]P. Chen, L. Desmet, and C. Huygens, “A study on advanced persistent threats,” in IFIP International Conference on Communications and Multimedia Security. Springer, 2014, pp. 63–72.[4] E. M. Hutchins, M. J. Cloppert, R. M. Amin, and others, “Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains,” Leading Issues in Information Warfare & Security Research, vol. 1, no. 1, p. 80, 2011.[5] A. K. Sood and R. J. Enbody, “Targeted cyberattacks: a superset of advanced persistent threats,” IEEE security & privacy, vol. 11, no. 1, pp. 54–61, 2013.[6] O. S. V. D. (OSVDB), “Open source vulnerability database (osvdb),” 2012.[7] P. Mell, K. Scarfone, and S. Romanosky, “Common vulnerability scoring system,” IEEE Security & Privacy, vol. 4, no. 6, 2006.[8] M. Motoyama, D. McCoy, K. Levchenko, S. Savage, and G. M. Voelker, “An analysis of underground forums,” in Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference. ACM, 2011, pp. 71–80.[9] M. Ussath, D. Jaeger, F. Cheng, and C. Meinel, “Advanced persistent threats: Behind the scenes,” in Information Science and Systems (CISS), 2016 Annual Conference on. IEEE, 2016, pp. 181–186.[10]A. TrendLabsSM, “Spear-Phishing Email: Most Favored APT Attack Bait”, 2012.[11]G. O’Gorman and G. McDonald, “The elderwood project”. Symantec Corporation, 2012.[12]W. Gragido, “Lions at the watering hole: The voho affair,” RSA blog, vol. 20, 2012.[13]D. Kindlund, D. Caselden, X. Chen, N. Moran, and M. Scott, “Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website,” FireEye, 13-Feb-2014. [Online]. Available: [Accessed: 13-Jul-2022].[14]S. McClure et al., “Protecting your critical assets-lessons learned from operation aurora,” Tech. Rep., 2010.[15]RSA FraudAction Research Labs, “The anatomy of the RSA attack,” RSA blog, 01-Apr-2011. [Online]. Available: [Accessed: 13-Jul-2022].[16]X. Wang, K. Zheng, X. Niu, B. Wu, and C. Wu, “Detection of command and control in advanced persistent threat based on independent access,” in Communications (ICC), 2016 IEEE International Conference on. IEEE, 2016, pp. 1–6.[17]B. Harris, “Shadows in the cloud: An investigation of cyber espionage 2.0,” GovTech, 02-Aug-2010. [Online]. Available: [Accessed: 13-Jul-2022].[18]M. Z. Rafique, P. Chen, C. Huygens, and W. Joosen, “Evolutionary algorithms for classification of malware families through different network behaviors,” in Proceedings of the 2014 Annual Conference on Genetic and Evolutionary Computation, 2014, pp. 1167–1174.[19]E. Rajalakshmi, N. Asik Ibrahim, and V. Subramaniyaswamy, “A survey of machine learning techniques used to combat against the advanced persistent threat,” Applications and Techniques in Information Security, pp. 159–172, Nov. 2019.[20]I. Ghafir, M. Hammoudeh, V. Prenosil, L. Han, R. Hegarty, K. Rabie, and F. J. Aparicio-Navarro, “Detection of advanced persistent threat using machine-learning correlation analysis,” Future Generation Computer Systems, vol. 89, pp. 349–359, Jul. 2018.[21]H. HaddadPajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “A deep recurrent neural network based approach for internet of things malware threat hunting,” Future Generation Computer Systems, vol. 85, pp. 88–96, Mar. 2018.[22]F. J. Aparicio-Navarro, K. G. Kyriakopoulos, Y. Gong, D. J. Parish, and J. A. Chambers, “Using Pattern-of-Life as Contextual Information for Anomaly-Based Intrusion Detection Systems,” IEEE Access, vol. 5, pp. 22177–22193, 2017, doi: 10.1109/ACCESS.2017.2762162.[23]S.-T. Liu, Y.-M. Chen, and S.-J. Lin, “A novel search engine to uncover potential victims for apt investigations,” in IFIP International Conference on Network and Parallel Computing, 2013, pp. 405–416.[24]G. E. Hinton, “Deep belief networks,” Scholarpedia, vol. 4, no. 5, p. 5947, 2009.[25]M. Moradi and M. Zulkernine, “A neural network based system for intrusion detection and classification of attacks,” in Proceedings of the IEEE international conference on advances in intelligent systems-theory and applications, 2004, pp. 15–18.[26]M. Balduzzi, V. Ciangaglini, and R. McArdle, “Targeted attacks detection with spunge,” in 2013 Eleventh Annual Conference on Privacy, Security and Trust, 2013, pp. 185–194.[27]A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, “Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning,” IEEE transactions on sustainable computing, vol. 4, no. 1, pp. 88–95, 2018.