AI/ML-Driven Cyber Threat Intelligence for Proactive Detection and Mitigation: Threat Intelligence Generation & Automated Response System

In this paper, the researchers introduce the conclusion and final phase of a twelve-month long research project that created the ADCTI-AR (AI-based Cyber Threat Intelligence and Adaptive Response) framework. Based on the systematic literature review and conceptual architecture of Stage I, the data engineering and initial result representation of Stage II, Stage III reports the completion of the most sophisticated components of the system: The Threat Intelligence Generation (TIG) module including risk-based prioritization and structured report generation, and the Reinforcement Learning (RL)-based Automated Response System (ARS) with formal safety constraints. An overall analysis of the fully integrated ADCTI-AR system including the TABAP (Threat Actor Behavioural Analysis and Prediction) system is discussed over a six-month implementation in a 200-node production-like laboratory set-up. The overall system has the Detection rate of 99.14%, the False Positive rate of 0.43%, the Mean Time to Detect (MTTD) of 1.7s and the Mean Time to respond (MTTR) of 4.2s, which is an improvement of 4.43 percentage points in the detection rate and a 97.3 percent improvement in the Mean Time to Detect (MTTD) vs the current signature-based IDS.