Semantic Web-Driven Unsupervised Detection of APT Attacks in Network Traffic Using Enhanced DBSCAN++ and aiNet

• Published in: International journal on semantic web and information systems Vol. 21; no. 1; pp. 1 - 31
• Main Authors: Yuan, Kun, Xia, Zhouqun, Shi, Yuanquan
• Format: Journal Article
• Language: English
• Published: Hershey IGI Global 26.02.2025
• Subjects: Algorithms; Anomalies; Antibodies; Cluster analysis; Clustering; Communications traffic; Datasets; Semantic web; Semantics; Vector quantization
• ISSN: 1552-6283; 1552-6291
• DOI: 10.4018/IJSWIS.370387

Advanced persistent threats (APT) attacks are very low-frequency, hidden in network traffic, and it's difficult to detect APT attacks with traditional detection methods. Therefore, this paper presents a Semantic Web-driven unsupervised detection framework for APT attacks in network traffic, leveraging Enhanced DBSCAN++ and aiNet algorithms. The proposed DBSCAN++ based aiNet clustering algorithm (D-aiNet) is firstly used for clustering the training samples on the extracted network traffic, and then generates a Self Set (Ss) and an Antibody Set (As). In the testing phase, an Immune Network based anomaly detection model (INAD) is employed to match network traffic samples from the selected dataset with antibodies of the Antibody Set (As) in order to detect APT attacks. To validate the effectiveness of UADDN, experimental studies were conducted using the SCVIC-APT-2021 dataset. Compared with UADAIN, and the other detection methods based on K-means clustering, aiNet-HC clustering, the experimental results demonstrate that the proposed UADDN shows superior performance in detecting APT attacks.