![[2506.12108] A Lightweight IDS for Early APT Detection Using a Novel Feature Selection Method](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2506.12108] A Lightweight IDS for Early APT Detection Using a Novel Feature Selection Method
Summary
This article presents a novel feature selection method for a lightweight intrusion detection system (IDS) aimed at early detection of Advanced Persistent Threats (APTs), achieving high precision and recall metrics.
Why It Matters
As cyber threats become increasingly sophisticated, early detection of APTs is crucial for network security. This research provides a method that not only enhances detection capabilities but also improves understanding of APT behaviors, which is vital for developing effective cybersecurity strategies.
Key Takeaways
- The proposed IDS utilizes XGBoost and SHAP for effective feature selection.
- It reduces feature count from 77 to 4 while maintaining high performance metrics.
- Achieved metrics include 97% precision, 100% recall, and 98% F1 score.
- The method enhances understanding of APT behaviors at the initial compromise stage.
- Early detection can significantly mitigate the impact of APTs on networks.
Computer Science > Cryptography and Security arXiv:2506.12108 (cs) This paper has been withdrawn by Bassam Noori [Submitted on 13 Jun 2025 (v1), last revised 26 Feb 2026 (this version, v2)] Title:A Lightweight IDS for Early APT Detection Using a Novel Feature Selection Method Authors:Bassam Noori Shaker, Bahaa Al-Musawi, Mohammed Falih Hassan View a PDF of the paper titled A Lightweight IDS for Early APT Detection Using a Novel Feature Selection Method, by Bassam Noori Shaker and 2 other authors No PDF available, click to view other formats Abstract:An Advanced Persistent Threat (APT) is a multistage, highly sophisticated, and covert form of cyber threat that gains unauthorized access to networks to either steal valuable data or disrupt the targeted network. These threats often remain undetected for extended periods, emphasizing the critical need for early detection in networks to mitigate potential APT consequences. In this work, we propose a feature selection method for developing a lightweight intrusion detection system capable of effectively identifying APTs at the initial compromise stage. Our approach leverages the XGBoost algorithm and Explainable Artificial Intelligence (XAI), specifically utilizing the SHAP (SHapley Additive exPlanations) method for identifying the most relevant features of the initial compromise stage. The results of our proposed method showed the ability to reduce the selected features of the SCVIC-APT-2021 dataset from 77 to just four while mai...