Autonomous Cyber Threat and Defence Mapping Using Self Evolving Knowledge Graphs

International Journal of Emerging Research in Science, Engineering, and Management
Vol. 2, Issue 1, pp. 188-195, January 2026.

https://doi.org/10.58482/ijersem.v2i1.26

This work is licensed under a Creative Commons Attribution 4.0 International License.

Autonomous Cyber Threat and Defence Mapping Using Self Evolving Knowledge Graphs

Full Text PDF

K.G. Mohanavalli

Eepuri Lava Kumar

Gaddam Hari Bramha

C.M. Arun

K. Haritha

Dervish Talari

Department of CSE, Siddartha Institute of Science and Technology, Puttur, India.

Abstract: The rapid growth of cyber-attacks has significantly increased the need for intelligent and adaptive cybersecurity mechanisms. Most existing security systems rely heavily on external threat intelligence frameworks such as MITRE ATT&CK, D3FEND, CVE, and CVSS for mapping vulnerabilities to defensive controls. Although these frameworks provide structured guidance, excessive dependence on them creates serious limitations, including delayed updates, lack of adaptability, and risk of failure when frameworks become outdated or unavailable. To address these issues, this paper proposes an Autonomous Cyber Threat and Defense Mapping System using Self-Evolving Knowledge Graphs (SEKG). The proposed system integrates cybersecurity data from multiple sources such as system logs, network traffic, and threat reports, and automatically constructs a dynamic knowledge graph that continuously evolves with new threat information. Machine learning and graph reasoning techniques are applied to detect emerging threats, predict attack paths, and recommend real-time defense strategies. The system reduces manual intervention, improves situational awareness, and enhances response efficiency without relying solely on external frameworks. Experimental evaluation demonstrates that the proposed approach provides faster threat detection, accurate defense mapping, and better adaptability to evolving cyber threats.

Keywords: Cybersecurity, Self-Evolving Knowledge Graphs, Threat Intelligence, Graph Analytics, Cyber Threat Mapping.

References: 

  1. J. Loevenich, E. Adler, T. Hürten, and R. R. F. Lopes, “Design and evaluation of an Autonomous Cyber Defence agent using DRL and an augmented LLM,” Computer Networks, vol. 262, p. 111162, Mar. 2025, doi: 10.1016/j.comnet.2025.111162.
  2. F. Baiardi and V. Sammartino, “A quantitative framework for the validation of Twin-Based Cyber Defense,” Procedia Computer Science, vol. 274, pp. 721–730, Jan. 2025, doi: 10.1016/j.procs.2025.12.070.
  3. A. Mahboubi et al., “Evolving techniques in cyber threat hunting: A systematic review,” Journal of Network and Computer Applications, vol. 232, p. 104004, Aug. 2024, doi: 10.1016/j.jnca.2024.104004.
  4. T. Purves, K. G. Kyriakopoulos, S. Jenkins, I. Phillips, and T. Dudman, “Causally aware reinforcement learning agents for autonomous cyber defence,” Knowledge-Based Systems, vol. 304, p. 112521, Sep. 2024, doi: 10.1016/j.knosys.2024.112521.
  5. F. Baiardi and V. Sammartino, “A quantitative framework for the validation of Twin-Based Cyber Defense,” Procedia Computer Science, vol. 274, pp. 721–730, Jan. 2025, doi: 10.1016/j.procs.2025.12.070.
  6. F. Baiardi and V. Sammartino, “A quantitative framework for the validation of Twin-Based Cyber Defense,” Procedia Computer Science, vol. 274, pp. 721–730, Jan. 2025, doi: 10.1016/j.procs.2025.12.070.
  7. T. Purves, K. G. Kyriakopoulos, S. Jenkins, I. Phillips, and T. Dudman, “Causally aware reinforcement learning agents for autonomous cyber defence,” Knowledge-Based Systems, vol. 304, p. 112521, Sep. 2024, doi: 10.1016/j.knosys.2024.112521.
  8. S. Bag, S. Sarkar, and I. Bose, “Enhancing cybersecurity risk assessment using temporal knowledge graph-based explainable decision support system,” Decision Support Systems, vol. 198, p. 114526, Sep. 2025, doi: 10.1016/j.dss.2025.114526.
  9. J. J. Olthuis, S. Sciancalepore, and N. Zannone, “Cyberattacks and defenses for Autonomous Navigation Systems: A systematic literature review,” Computer Networks, vol. 267, p. 111331, May 2025, doi: 10.1016/j.comnet.2025.111331.
  10. Y. Jiang, “Dynamic protection of human-cyber-physical systems based on CPN and multi-agent reinforcement learning: Evidence from smart coal mines,” International Journal of Critical Infrastructure Protection, vol. 52, p. 100831, Jan. 2026, doi: 10.1016/j.ijcip.2026.100831.
  11. S. Ali, J. Wang, and V. C. M. Leung, “AI-driven fusion with cybersecurity: Exploring current trends, advanced techniques, future directions, and policy implications for evolving paradigms– A comprehensive review,” Information Fusion, vol. 118, p. 102922, Jan. 2025, doi: 10.1016/j.inffus.2024.102922.
  12. Y. Li, S. Zhang, and Y. Li, “AI-enhanced resilience in power systems: Adversarial deep learning for robust short-term voltage stability assessment under cyber-attacks,” Chaos Solitons & Fractals, vol. 196, p. 116406, Apr. 2025, doi: 10.1016/j.chaos.2025.116406.
  13. M. Rigaki, C. A. Catania, and S. García, “Building adaptative and transparent cyber agents with local language models,” Expert Systems With Applications, vol. 299, p. 129987, Oct. 2025, doi: 10.1016/j.eswa.2025.129987.
  •  
Download PDF

This article is part of Volume 2, Issue 1 (January 2026)