- Version
- Download 21
- File Size 381.62 KB
- File Count 1
- Create Date 06/09/2025
- Last Updated 06/09/2025
AI for Threat Detection & Response
Zubin Dhanjhisha Daruwala1, Balvant Shantilal Khara2, Praneta Siddharth Anand3, Miki Kantibhai Patel4, Yash Dipakkumar Kanani5
1Zubin Dhanjhisha Daruwala Student CIVIL, GIT
2Balvant Shantilal Khara Assistant Prof. CS/AI Department & College
3Praneta Siddharth Anand Assistant Prof. CS/AI Department & College
4Miki Kantibhai Patel Assistant Prof. CE Department & College
5Yash Dipakkumar Kanani Assistant Prof. CS/AI Department & College
Principal Investigator: Dr. Kamalesh V N Vice Chancellor of Gandhinagar University
Abstract -.Cyber threats continue to rise in number and complexity, making timely and accurate detection of critical importance.Machine learning (ML) and deep learning (DL) technologies are being increasingly adopted to use in cybersecurity to automate threat detection and response. Recent surveys show that ML/DLmethods significantly improve detection of heterogeneous attacks (spam, network intrusions, malware, etc.), but at the expense of careful feature engineering and voluminous data. This paper presents an extended architecture for an AI-driven threat detection and response system. In the Introduction, we offer rationale for AI in modern-day cybersecurity and contrast signature-based with anomaly-based detection. The Literature Review surveys existing AI-driven IDS methods, describing classical ML (SVM, Random Forest, etc.) and DL (CNN, RNN/LSTM, Autoencoders, Transformers) methods. We also discuss prominent datasets (e.g. KDD '99/NSL-KDD, CICIDS) and feature selection 's role. TheMethodology section describes our system design. We have an architecture diagram (Figure 1) with three phases: offline training, real-time detection, and post-classification filtering. The system ingests data (network flows, logs, threat intelligence), preprocesses it (normalization, feature extraction), and applies a hybrid CNN-LSTM model to classify. We describe why we used a CNN-LSTM: CNN layers learn spatial feature patterns without needing manual engineering, while LSTM layers encode temporal dependencies in traffic. A Random
Forest baseline is also used for comparison, based on its popular high accuracy in intrusion tasks .We then break the system down to modules: (1) Data Collection (packet captures, logs, sensors), (2)Feature Extraction/Preprocessing (dimensionality reduction, scaling, encoding), (3) Classification (AImodel training and inference), and (4) Alert Generation (alerting analysts or triggering automated
responses). Notably, feature selection is emphasized for improving efficacy. In Implementation andResults, we outline our experimental setup (Python, TensorFlow/Keras,scikit-learn, GPU acceleration) and
evaluation on benchmark sets. The CNN-LSTM achieved high accuracy (~98–99%) and F1-score,outperforming ML baselines. For example, SVM and RF models achieved ~95–97% accuracy on standard sets, whereas our deep model exceeded 98%. We provide metrics like accuracy,
precision, recall, F1, and ROC-AUC to robustly capture detection performance. Our findings are in accord with prior
studies: AI-augmented IDS can significantly improve detection rates, albeit at the cost of high datasets and computational resources. The Conclusion summarizes that AI in IDS greatly improves threat detection, but also identifies pitfalls (data requirement, false positives, adversarial robustness). We suggest future research on hybrid models, real-time application, and integrating AI-based detection into
automated response (SOAR) systems .
Key Words: Adaptive anomaly recognition,,Autonomous defense loops,,Predictive risk scoring,,Cognitive intrusion modeling,Intelligent threat hunting,Dynamic behavior baselining,Self-learning security agents,Context-aware detection,Zero-day exploit prediction,Hybrid threat intelligence fusion,Reinforcement-driven defense,Deep threat pattern mining,Real-time adversarial analysis,Automated incident triage,Proactive remediation engines,Behavioral deviation mapping,Threat provenance tracing,Adversarial AI resistance,Continuous trust validation,Security orchestration intelligence
