RANK: AI-ASSISTED END-TO-END ARCHITECTURE FOR DETECTING PERSISTENT ATTACKS IN ENTERPRISE NETWORKS

Authors

  • CH. Swetha Author
  • M. Vasantha Author
  • V. Mounika Author
  • Ms M Swathi Author
  • Dr. Suma S Author

DOI:

https://doi.org/10.64751/ijdim.2026.v5.n2(1).pp213-219

Keywords:

RANK, Advanced Persistent Threats, MITRE ATT&CK, Cybersecurity, Alert Correlation, Incident Graphs, Machine Learning, Random Forest, DARPA Dataset

Abstract

Advanced Persistent Threats (APTs) are the main reason why companies’ networks have to face a very difficult and still developing problem. These attacks are hard to detect, they can be implemented in multiple stages, and they stay in the system for a long time. Traditional intrusion detection systems and security monitoring systems generate too many alerts that are isolated from each other and this very often results in the system lacking the correlation required for an unmasking of such sophisticated attacks. Consequently, security analysts are suffering from alert fatigue, dealing with a high number of false positives, and having their incident response delayed. This paper puts forward RANK, an artificially intelligent, endto-end, real-time architecture for detection, correlation, and prioritization of persistent cyber-attacks in enterprise environments. The proposed system collects raw alerts from numerous security sources, utilizes alert templating and merging to remove repetitions, and sets up alert correlation graphs that illustrate the chronological and behavioral links between alerts. Each of these graphs is further divided into incident sub-graphs, which represent possible attack scenarios, and the sub-graphs are then related to the MITRE ATTCK framework to provide clarity on the tactics and techniques of the adversary. To determine which incidents are high-risk, RANK uses several machine learning classifiers like Random Forest, De- cision Tree, Support Vector Machine (SVM), and Multi-Layer Perceptron (MLP). The classification and risk scoring are done using incidentlevel features extracted from graph structures and MITRE mappings. The proposed method’s effectiveness gets tested on the DARPA2000 dataset, which is accompanied by MITRE-based annotations. The experimental outcomes reveal that Random Forest and Decision Tree classifiers can reach an accuracy rate of 91% while at the same time considerably reducing false positives and enhancing the detection of multi- stage APT attacks. The result

Downloads

Published

2026-04-09

Issue

Vol. 5 No. 2(1) (2026): Volume 5, Issue 2(1), 2026

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

How to Cite

CH. Swetha, M. Vasantha, V. Mounika, Ms M Swathi, & Dr. Suma S. (2026). RANK: AI-ASSISTED END-TO-END ARCHITECTURE FOR DETECTING PERSISTENT ATTACKS IN ENTERPRISE NETWORKS. International Journal of Data Science and IoT Management System, 5(2(1), 213-219. https://doi.org/10.64751/ijdim.2026.v5.n2(1).pp213-219

Similar Articles

1-10 of 495

You may also start an advanced similarity search for this article.