This work addresses the challenges of detecting advanced persistent threats (APTs) in wireless Internet of Things (IoT) environments, where extreme class imbalance and model opacity hinder effective security monitoring. To this end, the study introduces a neuro-symbolic system tailored for IoT scenarios, integrating an optimized BERT architecture with temporal feature encoding to preserve contextual dependencies. The framework further incorporates Logic Tensor Networks (LTNs) for interpretable reasoning, focal loss to mitigate class imbalance, hierarchical classification, and an adaptive sampling strategy. Evaluated on the SCVIC-APT2021 dataset, the proposed method achieves a binary-class F1 score of 95.27% with a false positive rate of only 0.14%, and a macro F1 score of 76.75% for multi-class attack detection, demonstrating superior performance and interpretability compared to existing approaches.

The growing deployment of Internet of Things (IoT) devices in smart cities and industrial environments increases vulnerability to stealthy, multi-stage advanced persistent threats (APTs) that exploit wireless communication. Detection is challenging due to severe class imbalance in network traffic, which limits the effectiveness of traditional deep learning approaches and their lack of explainability in classification decisions. To address these challenges, this paper proposes a neurosymbolic architecture that integrates an optimized BERT model with logic tensor networks (LTN) for explainable APT detection in wireless IoT networks. The proposed method addresses the challenges of mobile IoT environments through efficient feature encoding that transforms network flow data into BERT-compatible sequences while preserving temporal dependencies critical for APT stage identification. Severe class imbalance is mitigated using focal loss, hierarchical classification that separates normal traffic detection from attack categorization, and adaptive sampling strategies. Evaluation on the SCVIC-APT2021 dataset demonstrates an operationally viable binary classification F1 score of 95.27% with a false positive rate of 0.14%, and a 76.75% macro F1 score for multi-class attack categorization. Furthermore, a novel explainability analysis statistically validates the importance of distinct network features. These results demonstrate that neurosymbolic learning enables high-performance, interpretable, and operationally viable APT detection for IoT network monitoring architectures.