An advanced persistent threat (“APT”) is a network attack in which the threat remains in the network for as long as possible to avoid traditional threat detection methods and to remain hidden from system administrators. In so doing, an APT may allow an attacker to compromise the integrity of the network, e.g., by installing malware, creating backdoor entries into the network, creating unauthorized connections and bridges between different switches and routers, or exfiltrating sensitive information out to an external collector device. For example, a hidden rootkit may hook out network monitoring entry points as a means to avoid detection, providing an attacker with root access to the network system.