A Lightweight AI-Driven Framework for Intelligent Cyber Threat Detection and Response
Keywords:
Abstract
The rapid increase in cyberattacks has created a serious challenge for modern digital infrastructures. Traditional intrusion detection systems mainly depend on static rules and known attack signatures; therefore, they are often unable to detect zero-day attacks, polymorphic malware, advanced persistent threats, and newly emerging network anomalies. At the same time, cyber threat intelligence reports contain valuable Indicators of Compromise such as malicious IP addresses, suspicious domains, CVE identifiers, malware names, and attack patterns, but such information is usually available in unstructured textual form and remains underutilized in many academic intrusion detection systems. To address these limitations, this paper proposes ThreatSeer, a lightweight AI-driven framework for intelligent cyber threat detection and response. The proposed framework integrates structured intrusion detection system logs, unstructured cyber threat intelligence reports, automated IoC extraction, machine learning-based anomaly detection, lightweight knowledge graph representation, alert generation, visualization, and report export facilities. The system uses Python-based technologies such as SQLite, pandas, scikit-learn, XGBoost, Plotly, and NiceGUI to provide an offline-capable and academic-friendly solution. Random Forest and XGBoost models are used for detecting suspicious traffic patterns, while regex and NLP-assisted methods are used for extracting IoCs from threat reports. The extracted indicators and detection results are further converted into alerts and visualized through an interactive dashboard. Unlike enterprise-level security platforms that require large-scale cloud or big-data infrastructure, ThreatSeer is designed for standard laptops and small-scale deployment. The proposed framework contributes to cybersecurity research by combining detection accuracy, interpretability, visualization, and practical usability into one integrated system.
