Enhanced APT detection with the improved KAN algorithm: capturing interdependencies for better accuracy

In real-world network environments, advanced persistent threats (APTs) are characterized by their complexity and persistence. Existing APT detection methods often struggle to comprehensively capture the complex and dynamic network relationships and covert attack patterns involved in the attack process, and they also suffer from insufficient detection effectiveness. To address this, we propose a model that combines bidirectional dynamic graph attention with the improved KAN network. The improved KAN model smoothly connects control points by using the interpolation properties of the Catmull–Rom spline function. This model also combines the feature extraction capabilities of graph neural networks with a bidirectional dynamic graph attention mechanism. By dynamically updating the states of network nodes, it captures multi-step, cross-node, and highly covert attack features in APT attacks. Experimental results show that this method achieves an accuracy of 97.10% in APT attack detection, with false positive and false negative rates of 0.2% and 9.02%, respectively. The effectiveness of the model in extracting complex behavioral features of APT attacks has been validated, providing a reliable solution for APT detection in complex network environments.