Design and Evaluation of an Integrated Framework for Real-Time Cybersecurity Threat Detection and Automated Incident Response Using Machine Learning-Enhanced Network Forensics and Behavioral Analytics in Enterprise Environments
Keywords:
Real-time threat detection, cybersecurity, machine learning, network forensics, behavioral analytics, incident response, enterprise networksAbstract
As cyber threats become increasingly sophisticated and rapid in execution, enterprise environments require real-time threat detection and adaptive response mechanisms. This paper presents the design and evaluation of an integrated cybersecurity framework that combines machine learning (ML)-enhanced network forensics with behavioral analytics for dynamic threat identification and automated incident response. The proposed architecture leverages live traffic monitoring, anomaly detection, and intelligent automation to detect threats such as advanced persistent threats (APTs), insider risks, and zero-day attacks. Through simulation in a hybrid testbed and evaluation with real-world enterprise datasets, the system demonstrated a high detection accuracy and reduced response latency, supporting its viability for modern enterprise networks.
References
Ahmad, Imran, et al. Machine Learning Approaches to Cybersecurity Intrusion Detection: A Comparative Analysis. Springer, 2021.
Zuech, Richard, Taghi M. Khoshgoftaar, and Randall Wald. "Intrusion detection and Big Heterogeneous Data: A Survey." Journal of Big Data 2.1 (2015): 1–41.
Saxe, Joshua, and Hillary Sanders. Malware Data Science: Attack Detection and Attribution. No Starch Press, 2018.
Sommer, Robin, and Vern Paxson. "Outside the Closed World: On Using Machine Learning for Network Intrusion Detection." IEEE Symposium on Security and Privacy. IEEE, 2010. 305–316.
Shone, Nathan, et al. "A Deep Learning Approach to Network Intrusion Detection." IEEE Transactions on Emerging Topics in Computational Intelligence 2.1 (2018): 41–50.
Garcia-Teodoro, Pedro, et al. "Anomaly-Based Network Intrusion Detection: Techniques, Systems and Challenges." Computers & Security 28.1–2 (2009): 18–28.
McHugh, John. "Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory." ACM Transactions on Information and System Security (TISSEC) 3.4 (2000): 262–294.
Kim, Young-Sik, et al. "Behavioral Profiling for Insider Threat Detection Using Graph-Based Approach." Information Sciences 512 (2020): 1066–1083.
Chandola, Varun, Arindam Banerjee, and Vipin Kumar. "Anomaly Detection: A Survey." ACM Computing Surveys (CSUR) 41.3 (2009): 1–58.
Liu, Wei, et al. "A Survey of Deep Neural Network Architectures and Their Applications." Neurocomputing 234 (2017): 11–26.
Ring, Markus, et al. "A Survey of Network-Based Intrusion Detection Data Sets." Computers & Security 86 (2019): 147–167.
Tang, Tianyu, et al. "Deep Learning Approach for Network Intrusion Detection in Software Defined Networking." IEEE Access 6 (2018): 53980–53988.
Du, Ming, et al. "DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning." Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017. 1285–1298.
Buczak, Anna L., and Erhan Guven. "A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection." IEEE Communications Surveys & Tutorials 18.2 (2015): 1153–1176.
Creech, Graham, and Jiankun Hu. "A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguous and Discontiguous System Call Patterns." IEEE Transactions on Computers 63.4 (2014): 807–819.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Vanessa Teague (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
