Milestone Transactions on Artificial Intelligence

AI-Driven NLP Framework for Intelligent Cyber Threat Detection and Textual Threat Analysis

2026-01-31T07:00:13+00:00

With the rising complexity and volume of cyber threats, there is an urgent need for intelligent, adaptive solutions to effectively analyze unstructured textual data. Traditional signature and rule-based detection mechanisms fail to detect zero-day attacks and evolving threat patterns, especially when these threats are hidden in textual sources such as cyber threat intelligence reports, malware descriptions, vulnerability disclosures, and social media updates. This paper, therefore, proposes an artificial intelligence-based Natural Language Processing (NLP) solution for intelligent cyber threat detection and textual threat analysis. The solution proposes a hybrid CyberBERT-LSTM (Cybersecurity Bidirectional Encoder Representations from Transformers – Long Short-Term Memory) model that integrates transformation-based context features with sequential modeling to effectively capture semantic context and sequential relationships in cyber threat stories. This study evaluates the proposed CyberBERT-LSTM model in a rigorous comparison with other conventional machine learning models, including Logistic Regression, Support Vector Machines, LSTMs, and BERT. This study shows a consistent superiority of the proposed CyberBERT-LSTM model over all competitors, with accuracy = 0.98, precision = 0.97, recall rate = 0.99, and F1 measure = 0.98. Other tests performed to evaluate this proposed study include ROC AUC, precision, recall, and an F1-score of 0.98. Additional analyses using ROC-AUC, precision–recall curves, threshold sensitivity, and ablation studies further validate the robustness, reliability, and scalability of the proposed framework. The results underscore the need to integrate contextual intelligence with sequential models for effective cyber threat detection in texts, thereby firmly setting the stage for the proposed framework to serve as a viable solution to real-world challenges in cyber threat intelligence and security.

Zero-Trust Architectures for Secure DevOps Automation in Enterprise AI Systems

2026-01-31T07:29:28+00:00

The rapid adoption of Enterprise Artificial Intelligence (AI) and automated DevOps pipelines has significantly increased the attack surface of modern software ecosystems. Traditional perimeter-based security mechanisms are inadequate for protecting highly dynamic, cloud-native, and AI-driven environments. Enterprise AI systems increasingly rely on automated Development Operation (DevOp) pipelines, which introduce complex security challenges that traditional perimeter-based models fail to address. Zero-Trust Architecture (ZTA) provides continuous verification and least-privilege access but often lacks adaptability in dynamic DevOps environments. This paper proposes a hybrid machine learning–based zero-trust framework for secure DevOps automation by integrating an Autoencoder for unsupervised anomaly detection with an XGBoost classifier for trust decision-making. The framework is evaluated on the TII-SSRC-23 dataset and compared with Logistic Regression (LR), Random Forest (RF), Support Vector Machine (VM), and Long Short-Term Memory (LSTM) models. Experimental results show that the proposed approach achieves superior performance, with 99% accuracy and a ROC-AUC of 0.99. The findings demonstrate that the hybrid model enables scalable, adaptive, and reliable security enforcement for enterprise AI-driven DevOps ecosystems.

Enhancing TARA Through a Continuous Improvement Method Based on Cybersecurity Threat Intelligence

2026-02-06T15:59:20+00:00

The ever-increasing complexity and dynamics of cyber threats demand risk assessment tools that extend beyond the realm of static and periodic risk assessments. Although Threat Analysis and Risk Assessment (TARA) techniques are systematic, they are not flexible enough to handle dynamic cyber threats. To overcome the limitations of the conventional Threat Analysis and Risk Assessment techniques, this paper proposes a continuous improvement approach that incorporates Cybersecurity Threat Intelligence (CTI) and an intelligent risk prediction model. In this paper, a hybrid multimodal ensemble approach has been proposed to predict the CVSS score based on the structured vulnerability attributes and unstructured textual threat intelligence obtained from the CVE data. Comprehensive experiments have been performed using the large-scale CVE dataset to prove the efficiency of the proposed approach in efficiently predicting the risk with an R² value of 0.9947 and a Mean Absolute Error of 0.0133. Explainability analysis is performed to ensure that the proposed approach meets the predefined cybersecurity risk principles. The experimental outcome clearly demonstrates that the proposed CTI-based continuous TARA approach can enhance the accuracy of risk prediction in a dynamic cybersecurity setting.

Phishcatcher 2.0: Real-Time Adaptive Client -Side Defense Against Sophisticated Web Spoofing Attacks

2026-02-08T14:14:20+00:00

The emergence of sophisticated web-spoofing attacks, such as phishing sites, login page spoofing, Browser-in-the-Browser (BiTB) attacks, and visual brand mimicry, has made the web a perilous place. Both conventional and rule-driven client-side solutions have shown limited effectiveness against zero-day and dynamic obfuscation attacks, while many deep learning-based approaches suffer from low real-time efficiency. In this context, the objective of our paper is to propose PHISHCATCHER 2.0, an adaptive, real-time client-side system to defend web users against sophisticated web-spoofing attacks. PHISHCATCHER 2.0 combines conventional machine learning models (Random Forest (RF), Support Vector Machine (SVM), XGBoost, and SGDClassifier) as benchmark models with a new Convolutional Neural Network and Bi-directional Long Short-Term Memory (CNN-BiLSTM) Network model variant as the main phishing detection module. The role of the CNN part of this module is to capture detailed patterns in URLs, DOM, and injected scripts from phishing sites, while the Bi-LSTM handles any type of sequential patterns, including redirect paths and page transformations performed by phishing sites. To address ever-evolving phishing attacks, this phishing prevention framework integrates Cloud-Assisted Learning (CAL), enabling adaptive learning on phishing sites without sacrificing client-side latency. Experiments indicate that the designed CNN-BiLSTM model achieves 99.20% accuracy, 99.00% precision, 99.27% recall, and 99.20% F1-measure, while maintaining a suitable inference latency for real-time browser protection systems.

AI-Driven Approaches for Developing Effective Cybersecurity Policies and Procedures

2026-02-08T14:48:41+00:00

The increasing complexity of cyber threats, coupled with the rapidly increasing pace of digital transformation fueled by cloud computing, IoT, and interconnected enterprise systems, has exposed the limitations of traditional, static cybersecurity policies and procedures. Traditional approaches are largely manual and compliance-oriented, and are not dynamic enough to keep up with the ever-changing nature of cyber threats such as zero-day attacks, advanced persistent threats, and AI-powered social engineering. Our objectives are to design an AI framework for automated generation of cybersecurity policies and procedures, enabling intelligent, data-driven, and dynamic policy design. The proposed system employs Natural Language Processing (NLP) for policy knowledge extraction and a Support Vector Machine (SVM) classifier for policy component classification and validation based on relevance, compliance level, and organizational context. The system design has four layers: input and knowledge acquisition, feature engineering, AI-based decision modeling, and automated policy generation with version control. The experimental results on the NSL-KDD dataset demonstrated that the SVM classifier outperforms Logistic Regression, XGBoost, and Random Forest in terms of accuracy, achieving 99-100%, validating the effectiveness of the proposed system in detecting threat patterns that can serve as a basis for policy formulation. The analysis using the confusion matrix and ROC curve shows that the model is stable, with low false-negative rates, which is significant for proactive cybersecurity governance. The research also considers governance, ethics, and compliance by aligning AI-based policy mechanisms with existing standards such as NIST CSF and ISO. The findings show that AI can play an important role in making policies more responsive, reducing human error, improving compliance, and making policies evolve.

Understanding the Evolving Landscape of Malware Threats Through Cyber Threat Intelligence

2026-02-08T15:15:17+00:00

The rapid development of sophisticated forms of malware and ever-changing cyber threats have become a major challenge for cybersecurity globally. Using cyber threat intelligence (CTI), this study aims to provide an overall analysis of the current trend of malware. It has identified various forms of recent attack patterns, behaviors, and evasion techniques of malware. The study has explored various forms of malware activation, propagation, and evasion techniques. It has evaluated their impact on critical infrastructure such as finance, healthcare, and other sectors. Using various case studies, experts, and threat intelligence, this study has demonstrated the importance of timely and accurate threat analysis. A comparative study of various machine learning-based threat classification has been implemented with RF, SVM, and DT algorithms. The performance evaluation of these classifiers shows that the RF classifier performs better than the others. It has achieved an accuracy of 95.57%. Hence, it has been able to show its efficiency while dealing with problems that involve a large number of dimensions, such as cybersecurity. The importance of intelligent detection and mitigation techniques in dealing with malware attacks has been revealed. The importance of international cooperation and collaboration in dealing with malware threats has been demonstrated.

NeuroGuard-X: A LangGraph - Orchestrated Autonomous Cybersecurity Framework Integrating Graph-Based AI Tools, Multistage NLP, Hybrid ML Detection, and Generative AI Reasoning

2026-02-24T16:04:00+00:00

Cybersecurity threats have evolved from static malware to multi-stage AI-generated attacks capable of autonomously evading detection systems. Traditional signature-based and rule-Based systems fail to provide contextual reasoning, multi-event correlation, or real-time adaptive mitigation. This paper presents NeuroGuard-X, a next-generation autonomous cybersecurity framework that integrates graph-based AI tools, LangGraph multi-agent orchestration, multistage NLP fusion, traditional ML anomaly detection, and generative AI reasoning. Traditional ML models, including LSTM, Autoencoders, Graph Neural Networks (GNN), and XGBoost detects behavioral anomalies, whereas Generative AI models interpret, contextualize, and narrate threats into analyst-ready incident summaries. A graph-driven agentic architecture enables multi-step reasoning, attack-path reconstruction, and autonomous mitigation. Evaluated using CIC-IDS-2017, DARPA, MAWI, and a custom AI-augmented phishing dataset, NeuroGuard-X achieves 97.8% detection accuracy, 92.4% zero-day recall, 98.3% malicious email precision, and reduces SOC alert fatigue by 71%. The proposed system demonstrates that combining graph intelligence, hybrid ML, and LLM-based reasoning creates a powerful framework for modern cyber defense across digital payment and e-commerce ecosystems. Overall, NeuroGuard-X bridges the gap between accurate threat detection and trustworthy autonomous reasoning, enabling practical deployment in real-world security operations