Abstract

Frequent developments in cyber threats seriously threaten the digital systems in both the public and private sectors. Today, modern cyberattacks are too unpredictable for the old cybersecurity defenses and time-bound detection methods. Because there are more complex, numerous and distant threats today, to find them and address them before much damage can occur. In this work, look at integrating AI and OSINT to develop a system that can quickly detect any cyber threats in an organization. The researchers used the Hornet 40 dataset which includes network traffic collected over the course of 40 days from honeypots in eight places: Amsterdam, London, Frankfurt, San Francisco, New York, Singapore, Toronto, and Bangalore. To capture different activities from uninvited users, these honeypots received requests only on a specific non-standard SSH port. The information provided by Argus is in the form of detailed bidirectional NetFlow data that displays the effects of geography on various cyber-attacks. Various machine learning approaches are used within a data-driven system to spot and detect abnormal traffic and threats in the network such as Random Forest, Support Vector Machines (SVM), Long Short-Term Memory (LSTM) networks and Isolation Forests. At the same time, data, and findings from public threat intelligence, darknet sources and cybersecurity forums are studied using Natural Language Processing (NLP) to find important information about threats. As a result of this, the detection rate is improved by comparing suspicious traffic in honeypots with global findings and the reported IOCs. Combining AI and OSINT together allows the engine to read and analyze a lot of network data quickly and in almost real time. Joining these processes allows quick and early identification of advanced attacks such as zero-day attacks and intrusions. It is clear from the results that using this approach improves the accuracy of detection, lowers the number of false positives, and reveals attacks that tend to come from specific locations and are typically overlooked by other systems.