Open Access Open Access  Restricted Access Subscription Access

An Approach to AI-Powered Threat Intelligence and Malware Analysis Using Disruptive Technology

Hrisikesh Pal, Ayan Ghosh

Abstract


In today’s dynamic cybersecurity landscape, real-time threat intelligence and automated analysis are essential for proactive defense. This project presents an AI-powered solution for threat intelligence and malware analysis, integrating diverse intelligence sources and tools within an interactive system. Built using Python, the platform operates through a Telegram-based chatbot and a user-friendly web dashboard.

The chatbot aggregates vulnerability, CVE, and exploit data from CIRCL.lu, NVD, and ExploitDB, conducts IP/domain reputation checks via AbuseIPDB, IPinfo, and Pulsedive, and performs file analysis through VirusTotal and Google Drive scanning. AI capabilities, powered by the Gemini 1.5 Flash NLP model, support intelligent threat summarization and contextual responses. A tiered subscription model with Stripe integration enables secure access.

An Admin Command Module enhances user management, alert broadcasting, and operational control from within the chatbot. The system improves threat detection, reduces response time, and delivers actionable cybersecurity insights. Planned enhancements include dark web monitoring, multi-platform integration, and advanced malware analysis, positioning this tool as a comprehensive solution for modern cyber defense.

Full Text:

PDF

References


Kaheh, M., Khosh Kholgh, D., and Kostakos, P., “Cyber Sentinel: Exploring Conversational Agents in Streamlining Security Tasks with GPT-4,” arXiv preprint arXiv:2309.16422, 2023. [Online]. Available: https://arxiv.org/abs/2309.16422

CIRCL.lu, “CVE Data Feeds.” [Online]. Available: https://circl.lu/services/data-feeds-cve/

CVE-Search, “CVE-Search Dataset.” [Online]. Available: https://www.cve-search.org/dataset/

CIRCL.lu, “CIRCL API Documentation.” [Online]. Available: https://cve.circl.lu/api/

CIRCL.lu, “CVE Search Tool.” [Online]. Available: https://github.com/cve-search/cve-search

ExploitDB, “Exploit Database RSS Feed.” [Online]. Available: https://www.exploit-db.com/rss.xml

ExploitDB, “Exploit Database Homepage.” [Online]. Available: https://www.exploit-db.com/

ExploitDB, “Google Hacking Database.” [Online]. Available: https://www.exploit-db.com/google-hacking-database

Holm Security, “Exploit-DB Overview.” [Online]. Available: https://support.holmsecurity.com/knowledge/what-is-exploit-db-database

qazbnm456, “Awesome CVE PoC Repository.” GitHub. [Online]. Available: https://github.com/qazbnm456/awesome-cve-poc#toc473


Refbacks

  • There are currently no refbacks.