arXiv:2511.20500v1 Announce Type: new 
Abstract: Advanced Persistent Threats (APT) pose a major cybersecurity challenge due to their stealth, persistence, and adaptability. Traditional machine learning detectors struggle with class imbalance, high dimensional features, and scarce real world traces. They often lack transferability-performing well in the training domain but degrading in novel attack scenarios. We propose a hybrid transfer framework that integrates Transfer Learning, Explainable AI (XAI), contrastive learning, and Siamese networks to improve cross-domain generalization. An attention-based autoencoder supports knowledge transfer across domains, while Shapley Additive exPlanations (SHAP) select stable, informative features to reduce dimensionality and computational cost. A Siamese encoder trained with a contrastive objective aligns source and target representations, increasing anomaly separability and mitigating feature drift. We evaluate on real-world traces from the DARPA Transparent Computing (TC) program and augment with synthetic attack scenarios to test robustness. Across source to target transfers, the approach delivers improved detection scores with classical and deep baselines, demonstrating a scalable, explainable, and transferable solution for APT detection.

تشير دراسة جديدة إلى إطار نقل هجين يستخدم التعلم بالنقل التبايني مع الشبكات السيامية لتحسين الكشف عن التهديدات المستمرة المتقدمة (APT). تتناول هذه الطريقة التحديات مثل عدم توازن الفئات وانجراف الميزات، والتي أعاقت الأساليب التقليدية للتعلم الآلي في الأمن السيبراني. يدمج الإطار الذكاء الاصطناعي القابل للتفسير (XAI) لتحسين اختيار الميزات وكشف الشذوذ عبر مجالات الهجوم المختلفة.

Un nuevo estudio propone un marco híbrido de transferencia que utiliza el aprendizaje por transferencia contrastivo con redes siamesas para mejorar la detección de Amenazas Persistentes Avanzadas (APT). Este enfoque aborda desafíos como el desequilibrio de clases y la deriva de características, que han obstaculizado los métodos tradicionales de aprendizaje automático en ciberseguridad. El marco integra la IA Explicable (XAI) para mejorar la selección de características y la detección de anomalías en diferentes dominios de ataque.

Une nouvelle étude propose un cadre hybride de transfert qui utilise l'apprentissage par transfert contrastif avec des réseaux Siamois pour améliorer la détection des menaces persistantes avancées (APT). Cette approche répond à des défis tels que le déséquilibre des classes et la dérive des caractéristiques, qui ont entravé les méthodes d'apprentissage automatique traditionnelles en cybersécurité. Le cadre intègre l'IA explicable (XAI) pour améliorer la sélection des caractéristiques et la détection des anomalies à travers différents domaines d'attaque.

A new study proposes a hybrid transfer framework utilizing contrastive transfer learning with Siamese networks to enhance the detection of Advanced Persistent Threats (APTs). This approach addresses challenges such as class imbalance and feature drift, which have hindered traditional machine learning methods in cybersecurity. The framework integrates Explainable AI (XAI) to improve feature selection and anomaly detection across different attack domains.

From One Attack Domain to Another: Contrastive Transfer Learning with Siamese Networks for APT Detection

arXiv:2511.20480v1 Announce Type: new 
Abstract: Advanced Persistent Threats (APTs) pose a significant challenge in cybersecurity due to their stealthy and long-term nature. Modern supervised learning methods require extensive labeled data, which is often scarce in real-world cybersecurity environments. In this paper, we propose an innovative approach that leverages AutoEncoders for unsupervised anomaly detection, augmented by active learning to iteratively improve the detection of APT anomalies. By selectively querying an oracle for labels on uncertain or ambiguous samples, we minimize labeling costs while improving detection rates, enabling the model to improve its detection accuracy with minimal data while reducing the need for extensive manual labeling. We provide a detailed formulation of the proposed Attention Adversarial Dual AutoEncoder-based anomaly detection framework and show how the active learning loop iteratively enhances the model. The framework is evaluated on real-world imbalanced provenance trace databases produced by the DARPA Transparent Computing program, where APT-like attacks constitute as little as 0.004\% of the data. The datasets span multiple operating systems, including Android, Linux, BSD, and Windows, and cover two attack scenarios. The results have shown significant improvements in detection rates during active learning and better performance compared to other existing approaches.

تم اقتراح نهج جديد للكشف عن الشذوذ في الأمن السيبراني، باستخدام AutoEncoders ثنائية الانتباه المدعومة بالتعلم النشط لتحسين الكشف عن التهديدات المستمرة المتقدمة (APTs). يتناول هذا الأسلوب تحدي نقص البيانات المعلّمة في البيئات الواقعية من خلال استخدام تقنيات التعلم غير الخاضع للإشراف والتعلم النشط لتحسين دقة الكشف بشكل تكراري.

Se ha propuesto un nuevo enfoque para la detección de anomalías en ciberseguridad, utilizando Autoencoders Adversariales de Doble Atención Asistidos por Aprendizaje Activo para mejorar la detección de Amenazas Persistentes Avanzadas (APT). Este método aborda el desafío de la escasez de datos etiquetados en entornos reales mediante el uso de técnicas de aprendizaje no supervisado y aprendizaje activo para mejorar iterativamente la precisión de detección.

Une nouvelle approche de détection des anomalies en cybersécurité a été proposée, utilisant des AutoEncoders adversariaux à double attention assistés par apprentissage actif pour améliorer la détection des menaces persistantes avancées (APT). Cette méthode répond au défi des données étiquetées limitées dans les environnements réels en utilisant des techniques d'apprentissage non supervisé et d'apprentissage actif pour améliorer itérativement la précision de détection.

A new approach to anomaly detection in cybersecurity has been proposed, utilizing Active Learning-Assisted Attention Adversarial Dual AutoEncoders to enhance the detection of Advanced Persistent Threats (APTs). This method addresses the challenge of limited labeled data in real-world environments by employing unsupervised learning and active learning techniques to iteratively improve detection accuracy.

Ranking-Enhanced Anomaly Detection Using Active Learning-Assisted Attention Adversarial Dual AutoEncoders

arXiv:2510.13814v2 Announce Type: replace-cross 
Abstract: Both humans and machine learning models learn from experience, particularly in safety- and reliability-critical domains. While psychology seeks to understand human cognition, the field of Explainable AI (XAI) develops methods to interpret machine learning models. This study bridges these domains by applying computational tools from XAI to analyze human learning. We modeled human behavior during a complex real-world task -- tuning a particle accelerator -- by constructing graphs of operator subtasks. Applying techniques such as community detection and hierarchical clustering to archival operator data, we reveal how operators decompose the problem into simpler components and how these problem-solving structures evolve with expertise. Our findings illuminate how humans develop efficient strategies in the absence of globally optimal solutions, and demonstrate the utility of XAI-based methods for quantitatively studying human cognition.

استخدمت دراسة حديثة الذكاء الاصطناعي القابل للتفسير (XAI) لتحليل الخبرة البشرية في المهام المعقدة، مع التركيز بشكل خاص على تشغيل مسرع الجسيمات. من خلال نمذجة السلوك البشري عبر اكتشاف المجتمعات والتجميع الهرمي لبيانات المشغلين، تكشف الأبحاث كيف يبسط المشغلون المشكلات ويعدلون استراتيجياتهم مع اكتسابهم الخبرة.

Un estudio reciente ha utilizado la IA Explicable (XAI) para analizar la experiencia humana en tareas complejas, centrándose específicamente en la operación de un acelerador de partículas. Al modelar el comportamiento humano a través de la detección de comunidades y el agrupamiento jerárquico de datos de operadores, la investigación revela cómo los operadores simplifican problemas y adaptan sus estrategias a medida que adquieren experiencia.

Une étude récente a utilisé l'IA explicable (XAI) pour analyser l'expertise humaine dans des tâches complexes, en se concentrant spécifiquement sur l'opération d'un accélérateur de particules. En modélisant le comportement humain à travers la détection de communautés et le regroupement hiérarchique des données des opérateurs, la recherche révèle comment les opérateurs simplifient les problèmes et adaptent leurs stratégies au fur et à mesure qu'ils acquièrent de l'expérience.

A recent study has utilized Explainable AI (XAI) to analyze human expertise in complex tasks, specifically focusing on the operation of a particle accelerator. By modeling human behavior through community detection and hierarchical clustering of operator data, the research reveals how operators simplify problems and adapt their strategies as they gain experience.

From One Attack Domain to Another: Contrastive Transfer Learning with Siamese Networks for APT Detection

Was this article worth reading? Share it

GPTHumanizer

Https

LucidQuery AI