THREATSEER: A Lightweight AI-Driven Framework for Cyber Threat Intelligence Integration and Explainable Alert Visualization

The growing complexity of cybersecurity environments has made it difficult to analyze and correlate information coming from multiple heterogeneous sources. In particular, structured intrusion detection logs and unstructured cyber threat intelligence (CTI) reports are often processed separately, which limits the ability to generate meaningful and contextual insights. This work presents ThreatSeer, a lightweight and modular system designed to unify these data sources into a single, interpretable threat detection pipeline. The system performs automated ingestion of IDS flow data and CTI text, followed by extraction of Indicators of Compromise (IoCs) using natural language processing techniques. In parallel, machine learning models are applied to classify network flows as benign or malicious. A fusion mechanism then correlates these outputs to generate alerts that include both prediction scores and supporting intelligence evidence. The system is implemented using a normalized SQLite backend, ensuring that it remains portable, efficient, and suitable for offline or resource-constrained environments. The implementation is supported by an interactive dashboard that allows users to upload data, execute the detection pipeline, visualize alerts, and explore relationships between indicators through a knowledge graph. The interface also supports export and reporting functionalities, enabling users to analyze results in a structured format. Overall, the system demonstrates how combining machine learning with CTI-based context can improve the interpretability and usability of threat detection systems. The focus remains on practical implementation, modular design, and visual interaction, making the system suitable for both academic and lightweight operational use cases.