A Hybrid AI Approach to Predictive Cyber Threat Intelligence in Enterprise Networks

Abstract

The escalating sophistication of cyber threats, particularly advanced persistent threats (APTs) and zero-day exploits, has rendered traditional reactive security measures—such as signature-based intrusion detection systems—insufficient for modern enterprise networks. This paper proposes a novel hybrid artificial intelligence (AI) framework that synergistically integrates unsupervised learning for anomaly detection and supervised learning for threat classification to generate predictive cyber threat intelligence (CTI). Unlike conventional methods that rely on historical attack signatures, our approach leverages real-time network traffic analysis, system log data, and external threat feeds to forecast potential attack vectors before they manifest. The hybrid model employs a stacked autoencoder for unsupervised feature extraction, followed by a gradient-boosted decision tree (XGBoost) classifier for predictive labeling, all orchestrated within a continuous feedback loop for adaptive learning. Experimental evaluation on the CSE-CIC-IDS2018 dataset and a simulated enterprise network environment demonstrates a 23% improvement in early threat prediction accuracy (achieving 98.4% precision) and a 40% reduction in false positive rates compared to standalone supervised models. Furthermore, we introduce a confidence scoring mechanism that prioritizes high-risk predictions for security orchestration automation and response (SOAR) platforms. The findings indicate that hybrid AI not only enhances detection latency but also provides actionable predictive intelligence, enabling proactive defense postures. This research underscores the paradigm shift from reactive incident response to anticipatory cyber resilience.