An Integrated Cybersecurity Defense Framework for Attack Intelligence Analysis, Counteraction, and Traceability in Complex Network Architectures

INTRODUCTION: In response to the increasingly severe and complex cybersecurity threats posed by advanced persistent threats (APTs) and other sophisticated attacks, this paper proposes an integrated security defense framework for attack intelligence analysis, counteraction, and traceability in complex network architectures. Consolidating threat intelligence from multiple sources that provide different types of intelligence is a major obstacle for the cyber security defense community, particularly when serious challenges arise from complex advanced persistent threats (APTs) involving multiple entities. Inconsistent data formats and methods of structuring data further complicate analyzing the intelligence and creating improved strategies for defense from an all-source intelligence model.  OBJECTIVES: The proposed approach leverages both internal and external threat intelligence sources, standardizes and integrates them into a heterogeneous threat intelligence knowledge graph, and transforms it into a homogeneous representation to facilitate analysis. Here introduces a framework that allows integration of a heterogeneous threat intelligence knowledge graph, Bayesian game theoretic modeling, and a Graph Attention Network (GAT). It is a method that converts multi-source intelligence into a single, homogeneous graph that allows for more informative analysis and a greater adaptive decision-making capacity. METHODS: To model the strategic interaction between attackers and defenders under incomplete information and resource constraints, we construct a Network Attack-Defense Game Model (NADGM) based on Bayesian game theory and derive the equilibrium strategies using linear programming and Harsanyi transformation. RESULTS: Furthermore, a graph attention network (GAT) is applied to perform node classification on the threat intelligence reports, exploiting the semantic relations between entities to enhance the accuracy of organization-level attribution. The framework is validated through experiments using real-world APT reports and a case study on ransomware attack-defense scenarios. Experimental results demonstrate that the proposed method achieves superior classification performance, effective strategy optimization, and reasonable attack-defense situation evolution compared to baseline models such as GCN and GraphSAGE. Integrating heterogeneous threat intelligence from diverse sources is a significant challenge in cybersecurity, especially when dealing with complex, advanced persistent threats (APTs). The variation in data formats and structures complicates analysis and defense strategy optimization. Key Contributions This paper introduces a framework that integrates a heterogeneous threat intelligence knowledge graph with Bayesian game-theoretic modeling and a Graph Attention Network (GAT). It standardizes multi-source intelligence into a homogeneous graph for improved analysis and adaptive decision-making. Results Experimental results show that the proposed framework outperforms traditional models, achieving a classification accuracy of 0.81 for threat intelligence reports. This leads to enhanced detection performance and optimized strategic defense decisions. CONCLUSION: The findings suggest that integrating threat intelligence, game-theoretic modeling, and graph-based learning can significantly improve the efficiency of threat detection, response, and decision-making in large-scale, complex network environments. The novelty is to integrate a mixed threat intelligence knowledge graph with the application of Bayesian game-theoretic modeling and classifier based on Graph Attention Network (GAT). The classifier leads to a single structured representation of different threat data, recommends defenses that are best and at the same time, enhances the overall detection accuracy across multiple datasets.