With the rapid digitalization of critical infrastructure sectors, cybersecurity threats have grown in scale and complexity, posing significant risks to national security and operational continuity. Traditional security systems suffer from high alert volumes, frequent false positives, and limited context awareness, making timely and accurate threat assessment increasingly difficult. This paper presents a multi-model AI-driven threat assessment approach tailored to critical infrastructure scenarios. The proposed architecture integrates structured and unstructured data sources and combines two complementary components: (1) a UEBA-based lightweight anomaly detection model, responsible for high-frequency behavioral screening, and (2) a retrieval-augmented large language model (RAG-LLM), which supports semantic reasoning and threat interpretation. The system further features a browser-based interactive interface that enables human-in-the-loop decision-making. By integrating behavioral analytics and semantic inference into a unified pipeline, the system achieves intelligent, context-aware, and explainable threat assessment. Real-world deployment shows improved detection precision, reduced analyst burden, and better support for timely cybersecurity response. Extensive evaluations conducted on hybrid datasets—comprising real-world logs and simulated attack chains—demonstrate that the proposed system achieves strong performance in both detection and reasoning. The LSTM-based model attains an F1-score of 0.901 and an AUC of 0.943 in anomaly detection tasks, while the RAG-LLM module delivers response accuracy of 88.3% and a BLEU score of 0.678 in semantic reasoning. Furthermore, the system maintains low resource overhead and ensures an end-to-end response latency under 5 s, validating its practicality for real-time security operations in critical infrastructure environments.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

From Noise to Knowledge: A Multi-model AI Approach to Threat Assessment in Cybersecurity Operations

  • Qiyu Chen,
  • Bin Li,
  • Hao Wang,
  • Di Zhang,
  • Chunshu Chao

摘要

With the rapid digitalization of critical infrastructure sectors, cybersecurity threats have grown in scale and complexity, posing significant risks to national security and operational continuity. Traditional security systems suffer from high alert volumes, frequent false positives, and limited context awareness, making timely and accurate threat assessment increasingly difficult. This paper presents a multi-model AI-driven threat assessment approach tailored to critical infrastructure scenarios. The proposed architecture integrates structured and unstructured data sources and combines two complementary components: (1) a UEBA-based lightweight anomaly detection model, responsible for high-frequency behavioral screening, and (2) a retrieval-augmented large language model (RAG-LLM), which supports semantic reasoning and threat interpretation. The system further features a browser-based interactive interface that enables human-in-the-loop decision-making. By integrating behavioral analytics and semantic inference into a unified pipeline, the system achieves intelligent, context-aware, and explainable threat assessment. Real-world deployment shows improved detection precision, reduced analyst burden, and better support for timely cybersecurity response. Extensive evaluations conducted on hybrid datasets—comprising real-world logs and simulated attack chains—demonstrate that the proposed system achieves strong performance in both detection and reasoning. The LSTM-based model attains an F1-score of 0.901 and an AUC of 0.943 in anomaly detection tasks, while the RAG-LLM module delivers response accuracy of 88.3% and a BLEU score of 0.678 in semantic reasoning. Furthermore, the system maintains low resource overhead and ensures an end-to-end response latency under 5 s, validating its practicality for real-time security operations in critical infrastructure environments.