Next Article in Journal
Can Generative Artificial Intelligence Outperform Self-Instructional Learning in Computer Programming?: Impact on Motivation and Knowledge Acquisition
Previous Article in Journal
Biomechanical Evaluation of Attachment and Trimline Modifications in Maxillary Molar Distalization Using Clear Aligners
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 15
Issue 11
10.3390/app15115872
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
This is an early access version, the complete PDF, HTML, and XML versions will be available soon.
Article

APT Detection via Hypergraph Attention Network with Community-Based Behavioral Mining

by
Qijie Song
*,
Tieming Chen
,
Tiantian Zhu
,
Mingqi Lv
,
Xuebo Qiu
and
Zhiling Zhu
College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou 310014, China
*
Author to whom correspondence should be addressed.
Appl. Sci. 2025, 15(11), 5872; https://doi.org/10.3390/app15115872
Submission received: 27 April 2025 / Revised: 19 May 2025 / Accepted: 20 May 2025 / Published: 23 May 2025
Versions Notes

Abstract

Advanced Persistent Threats (APTs) challenge cybersecurity due to their stealthy, multi-stage nature. For the provenance graph based on fine-grained kernel logs, existing methods have difficulty distinguishing behavior boundaries and handling complex multi-entity dependencies, which exhibit high false positives in dynamic environments. To address this, we propose a Hypergraph Attention Network framework for APT detection. First, we employ anomaly node detection on provenance graphs constructed from kernel logs to select seed nodes, which serve as starting points for discovering overlapping behavioral communities via node aggregation. These communities are then encoded as hyperedges to construct a hypergraph that captures high-order interactions. By integrating hypergraph structural semantics with nodes and hyperedge dual attention mechanisms, our framework achieves robust APT detection by modeling complex behavioral dependencies. Experiments on DARPA and Unicorn show superior performance: 97.73% accuracy, 98.35% F1-score, and a 0.12% FPR. By bridging hypergraph theory and adaptive attention, the framework effectively models complex attack semantics, offering a robust solution for real-time APT detection.
Keywords: seed nodes; hypergraph; HyperGAT; overlapping community; APT seed nodes; hypergraph; HyperGAT; overlapping community; APT

Share and Cite

MDPI and ACS Style

Song, Q.; Chen, T.; Zhu, T.; Lv, M.; Qiu, X.; Zhu, Z. APT Detection via Hypergraph Attention Network with Community-Based Behavioral Mining. Appl. Sci. 2025, 15, 5872. https://doi.org/10.3390/app15115872

AMA Style

Song Q, Chen T, Zhu T, Lv M, Qiu X, Zhu Z. APT Detection via Hypergraph Attention Network with Community-Based Behavioral Mining. Applied Sciences. 2025; 15(11):5872. https://doi.org/10.3390/app15115872

Chicago/Turabian Style

Song, Qijie, Tieming Chen, Tiantian Zhu, Mingqi Lv, Xuebo Qiu, and Zhiling Zhu. 2025. "APT Detection via Hypergraph Attention Network with Community-Based Behavioral Mining" Applied Sciences 15, no. 11: 5872. https://doi.org/10.3390/app15115872

APA Style

Song, Q., Chen, T., Zhu, T., Lv, M., Qiu, X., & Zhu, Z. (2025). APT Detection via Hypergraph Attention Network with Community-Based Behavioral Mining. Applied Sciences, 15(11), 5872. https://doi.org/10.3390/app15115872

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop