APT-LLM is a novel framework that leverages large language models to detect Advanced Persistent Threats (APTs) through embedding-based anomaly detection, addressing limitations of traditional methods.

• Transforms cybersecurity logs into embeddings using LLMs specifically fine-tuned for security context
• Employs a hybrid approach combining supervised and unsupervised learning techniques
• Demonstrates superior detection capabilities even with highly imbalanced datasets
• Offers practical implementation for real-world enterprise security operations

This research provides security teams with new tools to identify sophisticated threats that intentionally mimic normal system behavior, potentially reducing detection time and improving defense posture against targeted attacks.

APT-LLM: Embedding-Based Anomaly Detection of Cyber Advanced Persistent Threats Using Large Language Models