Abstract

The speed of the cyber threats to national infrastructures has focused the necessity of autonomous and intelligence-based defense systems that are urgent. Conventional intrusion detection and response models are overly manual in compliance, have little data correlation, and set-based rules, which are inadequate to respond to modern, evolving adversaries. The study outlines the design and assessment of an Autonomous Threat Intelligence Aggregation and Decision Infrastructure that will enable the improvement of national cyber defense preparedness by automation, intelligence integration, and contextual decision-making. The suggested framework uses artificial intelligence (AI) and machine learning (ML) to streamline the process of collecting, analyzing, and correlating the data on the threats of various origins. Raw events in the network are processed by the system and converted into structured and machine-readable intelligence aligned to the Structured Threat Information eXpression (STIX 2.1) and Trusted Automated eXchange of Intelligence Information (TAXII 2.1) standards. The mapping of the identified threats onto familiar adversarial tactics, techniques, and procedures (TTPs) by integrating the MITRE ATT&CK framework is another way to promote contextual understanding. Model training and validation were conducted using UNSW-NB15 which contains more than 2.54 million labeled network records. Machine learning models, especially the Random Forest and Support Vector Machine (SVM), were found to be very accurate and stable in the process of detecting and classifying different types of attacks. The experimental findings proved the capability of the system to autonomously bring together intelligence, lay the emphasis on the most significant threats, and distribute the real-time notifications to the defense nodes through standardized protocols. The proposed study adds to the expanding literature of AI-based national cyber defense by suggesting a scalable, interoperable, and adaptive framework, which will decrease response time, decrease human reliance, and increase situational awareness in general. The results of the study support the possibilities of autonomous systems to change the approach to cyber defense, which is based on reactive detection to proactive and collaborative national intelligence campaigns.