Optimized hybrid deep learning for advanced persistent threat detection
Loading...
Supplementary material
Other Title
Authors
Raveendradasan, Hemavarna
Author ORCID Profiles (clickable)
Degree
Master of Applied Technology (Computing)
Grantor
Unitec, Te Pūkenga – New Zealand Institute of Skills and Technology
Date
2025
Supervisors
Sarrafpour, Bahman
Varastehpour, Soheil
Varastehpour, Soheil
Type
Masters Thesis
Ngā Upoko Tukutuku (Māori subject headings)
Keyword
intrusion detection systems (IDS)
advanced persistent threat (APT)
network based intrusion detection systems (NIDS)
cybersecurity
advanced persistent threat (APT)
network based intrusion detection systems (NIDS)
cybersecurity
ANZSRC Field of Research Code (2020)
Citation
Raveendradasan, H. (2025). Optimized hybrid deep learning for advanced persistent threat detection (Unpublished document submitted in partial fulfilment of the requirements for the degree of Master of Applied Technologies (Computing)). Unitec, Te Pūkenga - New Zealand Institute of Skills and Technology
https://hdl.handle.net/10652/6946
Abstract
Advanced Persistent Threats (APTs) pose a substantial threat to contemporary cybersecurity systems due to their covert behavior, ability to embed themselves, and remain active undetected. Although deep learning structures, such as Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks for intrusion detection have been promising, there are few works on hybrid frameworks with optimal feature selection.
In this study, we compare the effectiveness of the four hybrid deep learning architectures: CNN, LSTM, BiLSTM, and CNN-BiLSTM with attention. To tune these models, we used Particle Swarm Optimization (PSO) for feature selection, to reduce dimensionality of features, optimize accuracy, and computational time of prediction. To address the class imbalance problem in multiclass classification, the Synthetic Minority Over-sampling Technique (SMOTE) is combined with PSO.The models are evaluated on four established cybersecurity datasets, namely, Linux APT 2024, UNSW-NB15, CIC-IDS (2017–2019), and TON-IoT. Results show that the CNN-BiLSTM-attention model trained by PSO and SMOTE can reach at most statistical significance of 97% and F1-score = 0.98. By using this scheme, we achieve a gain of 3–7% accuracy on the deNoised model with 30% reduced training time. The model also has strong generalization to all APT categories.
In this paper, we present a scalable PSO-SMOTE-based detection framework for high-dimensional imbalanced security datasets. To the best of the author’s knowledge, it is also the first effort to perform an extensive comparison of hybrid deep learning models about the PSO-based feature selection. The results demonstrate that swarm intelligence and deep learning can be combined to form an effective & adaptive solution to real-time APT threat detection as well.
Publisher
Permanent link
Link to ePress publication
DOI
Copyright holder
Author
Copyright notice
All rights reserved