An Integrated Cybersecurity Defense Framework for Attack Intelligence Analysis, Counteraction, and Traceability in Complex Network Architectures
DOI:
https://doi.org/10.4108/eetsis.9770Keywords:
Threat Intelligence, Advanced Persistent Threat, Bayesian Game Theory, Graph Attention Network, Ransomware, Cybersecurity DefenseAbstract
INTRODUCTION: In response to the increasingly severe and complex cybersecurity threats posed by advanced persistent threats (APTs) and other sophisticated attacks, this paper proposes an integrated security defense framework for attack intelligence analysis, counteraction, and traceability in complex network architectures. Consolidating threat intelligence from multiple sources that provide different types of intelligence is a major obstacle for the cyber security defense community, particularly when serious challenges arise from complex advanced persistent threats (APTs) involving multiple entities. Inconsistent data formats and methods of structuring data further complicate analyzing the intelligence and creating improved strategies for defense from an all-source intelligence model.
OBJECTIVES: The proposed approach leverages both internal and external threat intelligence sources, standardizes and integrates them into a heterogeneous threat intelligence knowledge graph, and transforms it into a homogeneous representation to facilitate analysis. Here introduces a framework that allows integration of a heterogeneous threat intelligence knowledge graph, Bayesian game theoretic modeling, and a Graph Attention Network (GAT). It is a method that converts multi-source intelligence into a single, homogeneous graph that allows for more informative analysis and a greater adaptive decision-making capacity.
METHODS: To model the strategic interaction between attackers and defenders under incomplete information and resource constraints, we construct a Network Attack-Defense Game Model (NADGM) based on Bayesian game theory and derive the equilibrium strategies using linear programming and Harsanyi transformation.
RESULTS: Furthermore, a graph attention network (GAT) is applied to perform node classification on the threat intelligence reports, exploiting the semantic relations between entities to enhance the accuracy of organization-level attribution. The framework is validated through experiments using real-world APT reports and a case study on ransomware attack-defense scenarios. Experimental results demonstrate that the proposed method achieves superior classification performance, effective strategy optimization, and reasonable attack-defense situation evolution compared to baseline models such as GCN and GraphSAGE. Integrating heterogeneous threat intelligence from diverse sources is a significant challenge in cybersecurity, especially when dealing with complex, advanced persistent threats (APTs). The variation in data formats and structures complicates analysis and defense strategy optimization.
Key Contributions
This paper introduces a framework that integrates a heterogeneous threat intelligence knowledge graph with Bayesian game-theoretic modeling and a Graph Attention Network (GAT). It standardizes multi-source intelligence into a homogeneous graph for improved analysis and adaptive decision-making.
Results
Experimental results show that the proposed framework outperforms traditional models, achieving a classification accuracy of 0.81 for threat intelligence reports. This leads to enhanced detection performance and optimized strategic defense decisions.
CONCLUSION: The findings suggest that integrating threat intelligence, game-theoretic modeling, and graph-based learning can significantly improve the efficiency of threat detection, response, and decision-making in large-scale, complex network environments. The novelty is to integrate a mixed threat intelligence knowledge graph with the application of Bayesian game-theoretic modeling and classifier based on Graph Attention Network (GAT). The classifier leads to a single structured representation of different threat data, recommends defenses that are best and at the same time, enhances the overall detection accuracy across multiple datasets.
References
[1.] Santoso PA. The role of threat intelligence sharing in strengthening collective cyber defense across organizations. Glob Res Perspect Cybersecur Gov Policy Manag. 2024;8(12):24-33.
[2.] Alarood AA, Alzahrani AO. Interoperable defensive strategies of network security evaluation. IEEE Access. 2024;12:33959-33971.
[3.] Tahmasebi M. Beyond defense: Proactive approaches to disaster recovery and threat intelligence in modern enterprises. J Inf Secur. 2024;15(2):106-133.
[4.] Khaleel YL, Habeeb MA, Albahri AS, Al-Quraishi T, Albahri OS, Alamoodi AH. Network and cybersecurity applications of defense in adversarial attacks: A state-of-the-art using machine learning and deep learning methods. J Intell Syst. 2024;33(1):20240153.
[5.] Wang L, Zhang C, Chen Q, Liu Z, Liu S, Yang Z, Li H. A communication strategy of proactive nodes based on loop theorem in wireless sensor networks. In: Proc Int Conf Intell Control Inf Process (ICICIP). 2018; pp. 160-167.
[6.] Arifkhodzhaieva T. Digitalisation and counteraction to information threats in the state security management system. Visegrad J Hum Rights. 2024;(5):6-12.
[7.] Sengupta A, Ramteke V. Leveraging next-generation business intelligence for proactive cybersecurity defense. In: Proc IEEE Int Conf Commun Syst Netw Technol (CSNT). 2025; pp. 414-419.
[8.] Priyadharshini SL, Al Mamun MA, Khandakar S, Prince NNU, Shnain AH, Abdelghafour ZA, Brahim SM. Unlocking cybersecurity value through advance technology and analytics from data to insight. Nanotechnol Percept. 2024;:202-210.
[9.] Lysenko S, Bobro N, Korsunova K, Vasylchyshyn O, Tatarchenko Y. The role of artificial intelligence in cybersecurity: Automation of protection and detection of threats. Econ Aff. 2024;69:43-51.
[10.] Basholli F, Juraev DA, Egamberdiev K. Framework, tools and challenges in cyber security. Karshi Multidiscip Int Sci J. 2024;1(1):94-104.
[11.] Samonte MJC, Laurenio ENB, Lazaro JRM. Enhancing port and maritime cybersecurity through AI-enabled threat detection and response. In: Proc Int Conf Smart Grid Smart Cities (ICSGSC). 2024; pp. 412-420.
[12.] Alanezi M, AL-Azzawi RMA. AI-powered cyber threats: A systematic review. Mesopotamian J Cybersecur. 2024;4(3):166-188.
[13.] Malve D, Reddy CKK, Meenal H, Indira P, Lippert K. AI-enhanced threat detection and response framework for advanced cyber-physical smart ecosystems. Inf Secur Gov Artif Intell Things Smart Environ. 2024;:111-128.
[14.] Ji R, Padha D, Singh Y, Sharma S. Review of intrusion detection system in cyber-physical system based networks: Characteristics, industrial protocols, attacks, data sets and challenges. Trans Emerg Telecommun Technol. 2024;35(9):e5029.
[15.] Talakola S. Security challenges in autonomous systems: A zero-trust approach. Int J Emerg Trends Comput Sci Inf Technol. 2025;:56-66.
[16.] Papalkar RR, Alvi AS. A Hybrid CNN Approach for Unknown Attack Detection in Edge-Based IoT Networks. EAI Endorsed Transactions on Scalable Information Systems. 2024;11(6):10.
[17.] Lv H, Ding Y. A Hybrid Intrusion Detection System with K-means and CNN+LSTM. EAI Endorsed Transactions on Scalable Information Systems. 2024;11(6).
[18.] Yin J, Hong W, Wang H, Cao J, Miao Y, Zhang Y. A Compact Vulnerability Knowledge Graph for Risk Assessment. ACM Transactions on Knowledge Discovery from Data. 2024;18(8):1–17.
[19.] Manoharan P, Hong W, Yin J, Wang H, Zhang Y, Ye W. Optimising Insider Threat Prediction: Exploring BiLSTM Networks and Sequential Features. Data Science and Engineering. 2024;9(4):393–408.
[20.] Mohamed N, Taherdoost H, Madanchian M. Enhancing Spear Phishing Defense with AI: A Comprehensive Review and Future Directions. EAI Endorsed Transactions on Scalable Information Systems. 2025;12(1).
[21.] Chaure S, Mane V. Digital forensic framework for protecting data privacy during investigation. EAI Endorsed Transactions on Scalable Information Systems. 2023;11(2).
[22.] Pashaj K, Tomço V, Gjika E. From threat to response: Cybersecurity evolution in Albania. Smart Cities Reg Dev J. 2025;9(1):17-27.
[23.] Iacovazzi A, Wang H, Butun I, Raza S. Towards cyber threat intelligence for the IoT. In: 2023 19th International Conference on Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT); 2023 Jun; pp. 483-490. IEEE.
[24.] Zabihi A, Parhamfar M, Khodadadi M. Strengthening resilience: A brief review of cybersecurity challenges in IoT-driven smart grids. J Mod Technol. 2024;:106-120.
[25.] Abomakhelb A, Jalil KA, Buja AG, Alhammadi A, Alenezi AM. A comprehensive review of adversarial attacks and defense strategies in deep neural networks. Technol. 2025;13(5):202.
[26.] Reddy DR, Ramani S, Mohan D, Sahukar L, Ramaswamy T. Secure IoTNet: A graph-residual adversarial network integrated with Hawk-Bee optimizer for intrusion detection in IoT wireless networks. Int J Data Sci Anal. 2025;:1-19.
[27.] Morić Z, Dakić V, Kapulica A, Regvart D. Forensic investigation capabilities of Microsoft Azure: A comprehensive analysis and its significance in advancing cloud cyber forensics. Electron. 2024;13(22):4546.
[28.] Pashaj K, Tomço V, Gjika E. From threat to response: Cybersecurity evolution in Albania. Smart Cities Reg Dev J. 2025;9(1):17-27.
[29.] Iacovazzi A, Wang H, Butun I, Raza S. Towards cyber threat intelligence for the IoT. In: 2023 19th International Conference on Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT); 2023 Jun; pp. 483-490. IEEE.
[30.] Adil M, Khan MK, Kumar N, Attique M, Farouk A, Pahlevan M, Voulkidis A, Velivassaki TH. Secure exchange of cyber threat intelligence using TAXII and distributed ledger technologies - application for electrical power and energy system. In: Proceedings of the 16th International Conference on Availability, Reliability and Security; 2021 Aug; pp. 1-8.
[31.] Gržinić, T., & González, E. B. (2022). Methods for automatic malware analysis and classification: a survey. International Journal of Information and Computer Security, 17(1-2), 179-203.
[32.] Sengupta S, Roy S. Artificial intelligence (AI) in cybersecurity: A revolution in threat detection and prevention. In: Int Ethical Hack Conf. 2024; pp. 497-514.
[33.] Reis J. EU space security–An 8-step online discourse analysis to decode hybrid threats. PLoS One. 2024;19(7):e0303524.
[34.] Adil M, Khan MK, Kumar N, Attique M, Farouk A, Guizani M, Jin Z. Healthcare internet of things: Security threats, challenges, and future research directions. IEEE Internet Things J. 2024;11(11):19046-19069.
[35.] Neoaz N. Role of artificial intelligence in enhancing information assurance. Bull J Multidisiplin Ilmu. 2024;3(5):749-758.
[36.] Röttinger R. Implementing the capabilities of the ATLAS network to improve the European Union's counter-terrorism efforts. In: Proc Int Sci Pract Conf Environ Technol Resour. 2025; 5:247-253.
[37.] Sowmya N, Rao BS. Adaptive honeypot strategies: Redefining security in cloud environments. Metall Mater Eng. 20=25;:1679-1686.
[38.] Kala EM. Public-private synergy in cybersecurity: Advanced strategies for bridging regulatory gaps and enhancing digital resilience. Int J Res. 2024;10(2):31-40.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Xiangyu Le, Hushuang Zeng
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
This is an open access article distributed under the terms of the CC BY-NC-SA 4.0, which permits copying, redistributing, remixing, transformation, and building upon the material in any medium so long as the original work is properly cited.
