[2603.00453] Neurosymbolic Learning for Advanced Persistent Threat Detection under Extreme Class Imbalance

Computer Science > Cryptography and Security arXiv:2603.00453 (cs) [Submitted on 28 Feb 2026] Title:Neurosymbolic Learning for Advanced Persistent Threat Detection under Extreme Class Imbalance Authors:Quhura Fathima, Neda Moghim, Mostafa Taghizade Firouzjaee, Christo K. Thomas, Ross Gore, Walid Saad View a PDF of the paper titled Neurosymbolic Learning for Advanced Persistent Threat Detection under Extreme Class Imbalance, by Quhura Fathima and 5 other authors View PDF HTML (experimental) Abstract:The growing deployment of Internet of Things (IoT) devices in smart cities and industrial environments increases vulnerability to stealthy, multi-stage advanced persistent threats (APTs) that exploit wireless communication. Detection is challenging due to severe class imbalance in network traffic, which limits the effectiveness of traditional deep learning approaches and their lack of explainability in classification decisions. To address these challenges, this paper proposes a neurosymbolic architecture that integrates an optimized BERT model with logic tensor networks (LTN) for explainable APT detection in wireless IoT networks. The proposed method addresses the challenges of mobile IoT environments through efficient feature encoding that transforms network flow data into BERT-compatible sequences while preserving temporal dependencies critical for APT stage identification. Severe class imbalance is mitigated using focal loss, hierarchical classification that separates normal ...