Go to ACL ARR 2025 May homepageLLM-Assisted Advanced Persistent Threat Detection and Technique Explanation (LADE)
Abstract: Advanced Persistent Threat (APT) attacks are sophisticated cyberattacks characterized by stealth, persistence, and long-term engagement with targeted systems. Traditional detection methods using machine learning (ML) and deep learning (DL) often rely on internal models or post hoc explainability techniques, which typically lack human-readable context and require manual interpretation. In this paper, we investigate the use of large language models (LLMs) for APT detection through code analysis. Specifically, we evaluate the ability of LLMs to (i) detect APT-related behavior in code snippet sequences, (ii) identify malicious components, and (iii) recognize relevant MITRE ATT\&CK Tactics, Techniques, and Procedures (TTPs). Our results indicate that while LLMs show moderate effectiveness in detecting APTs and identifying malicious code, they perform well in recognizing ATT\&CK techniques, when supplemented with domain-specific knowledge from the ATT\&CK framework.
Paper Type: Long
Research Area: NLP Applications
Research Area Keywords: security/privacy
Contribution Types: NLP engineering experiment, Data resources
Languages Studied: English
Submission Number: 4538
Loading