{"title":"Enhanced APT detection with the improved KAN algorithm: capturing interdependencies for better accuracy","authors":"Weiwu Ren, Hewen Zhang, Yu Hong, Zhiwei Wang","doi":"10.1007/s40747-025-01898-6","DOIUrl":null,"url":null,"abstract":"<p>In real-world network environments, advanced persistent threats (APTs) are characterized by their complexity and persistence. Existing APT detection methods often struggle to comprehensively capture the complex and dynamic network relationships and covert attack patterns involved in the attack process, and they also suffer from insufficient detection effectiveness. To address this, we propose a model that combines bidirectional dynamic graph attention with the improved KAN network. The improved KAN model smoothly connects control points by using the interpolation properties of the Catmull–Rom spline function. This model also combines the feature extraction capabilities of graph neural networks with a bidirectional dynamic graph attention mechanism. By dynamically updating the states of network nodes, it captures multi-step, cross-node, and highly covert attack features in APT attacks. Experimental results show that this method achieves an accuracy of 97.10% in APT attack detection, with false positive and false negative rates of 0.2% and 9.02%, respectively. The effectiveness of the model in extracting complex behavioral features of APT attacks has been validated, providing a reliable solution for APT detection in complex network environments.</p>","PeriodicalId":10524,"journal":{"name":"Complex & Intelligent Systems","volume":"58 1","pages":""},"PeriodicalIF":5.0000,"publicationDate":"2025-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Complex & Intelligent Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s40747-025-01898-6","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
Abstract
In real-world network environments, advanced persistent threats (APTs) are characterized by their complexity and persistence. Existing APT detection methods often struggle to comprehensively capture the complex and dynamic network relationships and covert attack patterns involved in the attack process, and they also suffer from insufficient detection effectiveness. To address this, we propose a model that combines bidirectional dynamic graph attention with the improved KAN network. The improved KAN model smoothly connects control points by using the interpolation properties of the Catmull–Rom spline function. This model also combines the feature extraction capabilities of graph neural networks with a bidirectional dynamic graph attention mechanism. By dynamically updating the states of network nodes, it captures multi-step, cross-node, and highly covert attack features in APT attacks. Experimental results show that this method achieves an accuracy of 97.10% in APT attack detection, with false positive and false negative rates of 0.2% and 9.02%, respectively. The effectiveness of the model in extracting complex behavioral features of APT attacks has been validated, providing a reliable solution for APT detection in complex network environments.
期刊介绍:
Complex & Intelligent Systems aims to provide a forum for presenting and discussing novel approaches, tools and techniques meant for attaining a cross-fertilization between the broad fields of complex systems, computational simulation, and intelligent analytics and visualization. The transdisciplinary research that the journal focuses on will expand the boundaries of our understanding by investigating the principles and processes that underlie many of the most profound problems facing society today.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
