AN AI-DRIVEN MODEL FOR OPERATIONAL THREAT INTELLIGENCE TO ENHANCE REAL-TIME INCIDENT DETECTION AND RESPONSE IN THE KENYAN JUDICIARY

Paul Okanda; Muriithi Sarah

doi:10.29121/digisecforensics.v2.i2.2025.64

Authors

Paul Okanda Associate Professor, Computing and Informatics Department, School of Science and Technology, United States International University-Africa, Kenya.
Muriithi Sarah Graduate, Computing and Informatics Department, School of Science and Technology, United States International University-Africa, Kenya

DOI:

https://doi.org/10.29121/digisecforensics.v2.i2.2025.64

Keywords:

Cybersecurity, Incident Management, Real-Time Threat Detection, Cyber Threat Intelligence, Artificial Intelligence

Abstract

Current threat intelligence systems often lack scalable, adaptive AI architectures capable of delivering real time incident detection and dynamic response, particularly in resource constrained environment such as judicial institutions. This paper presents a novel AI-driven architectural design for operational threat intelligence, specifically tailored to enhance cybersecurity in the Kenyan judiciary system. The proposed model integrates three foundational frameworks which are, Integrated Adaptive Cyber Defense (IACD), the Cyber Kill Chain, and Moving Target Defense (MTD) into an architecture that supports real-time data ingestion, continuous AI model retraining, and automated response orchestration. Key features include a dynamic feedback loop for adaptive learning, AI-powered multi-stage threat detection aligned with attack lifecycle mapping, and resource-efficient dynamic defense mechanisms suitable for low-resource judicial environments. This design significantly improves incident response capabilities by enabling faster, more accurate threat detection and automated mitigation, reducing mean time to detect and respond. By providing a scalable, transparent, and explainable AI model, the architecture offers a practical blueprint for enhancing cybersecurity resilience in judicial systems worldwide, with applicability to the unique challenges faced by Kenyan courts. This study lays the foundation for future extensions involving federated learning to enable secure, multi-court deployments, further strengthening collective judicial cybersecurity defenses.

References

Adesokan-Imran, T. O., Popoola, A. D., Ejiofor, V. O., Salako, A. O., and Onyenaucheya, O. S. (2025). Predictive Cybersecurity Risk Modeling in Healthcare by Leveraging AI and Machine Learning for Proactive Threat Detection. Journal of Engineering Research and Reports, 27(4), 144–165. https://doi.org/10.9734/JERR/2025/V27I41463 | DOI: https://doi.org/10.9734/jerr/2025/v27i41463

Alfatemi, A., Rahouti, M., Amin, R., ALJamal, S., Xiong, K., and Xin, Y. (2024). Advancing DDoS Attack Detection: A Synergistic Approach Using Deep Residual Neural Networks and Synthetic Oversampling. arXiv.

ANOMALI. (2024). How AI is Driving the Evolution of Threat Intelligence. Anomali Blog.

Arora, S., Khare, P., and Gupta, S. (2024). AI-Driven DDoS Mitigation at the Edge: Leveraging Machine Learning for Real-Time Threat Detection and Response. In 2024 International Conference on Data Science and Network Security (ICDSNS) (pp. 1–7). IEEE. https://doi.org/10.1109/ICDSNS62112.2024.10690930 DOI: https://doi.org/10.1109/ICDSNS62112.2024.10690930

Bala, B., and Behal, S. (2024). A Brief Survey of Data Preprocessing in Machine Learning and Deep Learning Techniques. In Proceedings of the 8th International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (pp. 1755–1762). IEEE. https://doi.org/10.1109/I-SMAC61858.2024.10714767 DOI: https://doi.org/10.1109/I-SMAC61858.2024.10714767

Balbix. (2025). Understanding Agentic AI and its Cybersecurity Applications. Balbix Insights.

Chen, F., Wu, T., Nguyen, V., Wang, S., Hu, H., Abuadbba, A., and Rudolph, C. (2024). PEEK: Phishing Evolution Framework for Phishing Generation and Evolving Pattern Analysis using Large Language Models. arXiv.

Dai, Y., Qian, X., and Yang, C. (2025). Deep Reinforcement Learning-Based Asymmetric Convolutional Autoencoder for Intrusion Detection. Journal of ICT Standardization. https://doi.org/10.13052/JICTS2245-800X.1314 DOI: https://doi.org/10.13052/jicts2245-800X.1314

Darktrace. (2025). Cyber Kill Chain. Darktrace Cyber AI Glossary.

Deimos Blog. (2024). AI and Cybersecurity: Cloud Security. Deimos Blog.

Dimitriadis, A., Papoutsis, A., Kavalieros, D., Tsikrika, T., Vrochidis, S., and Kompatsiaris, I. (2025). EVACTI : Evaluating the Actionability of Cyber Threat Intelligence. International Journal of Information Security, 24(3), 1–13. https://doi.org/10.1007/s10207-025-01033-z DOI: https://doi.org/10.1007/s10207-025-01033-z

E'mari, S. Al, Sanjalawe, Y., and Fataftah, F. (2025). AI-Driven Security Systems and Intelligence Threat Response Using Autonomous Cyber Defense. In [Book chapter] (pp. 35–78). IGI Global. https://doi.org/10.4018/979-8-3373-0954-5.ch002 DOI: https://doi.org/10.4018/979-8-3373-0954-5.ch002

Google, N. S. (2020). GLU Variants Improve Transformer. arXiv. https://arxiv.org/pdf/2002.05202

Goswami, S. S., Mondal, S., Halder, R., Nayak, J., and Sil, A. (2024). Exploring the Impact of Artificial Intelligence Integration on Cybersecurity: A Comprehensive Analysis. Journal of Industrial Intelligence, 2(2), 73–93. https://doi.org/10.56578/JII020202 DOI: https://doi.org/10.56578/jii020202

Gummadi, H. S. B. (2025). AI-Augmented Workflow Resilience Framework for Cybersecurity Risk Mitigation in Hospital AI Systems. World Journal of Advanced Research and Reviews, 26(2), 1175–1182. https://doi.org/10.30574/WJARR.2025.26.2.1754 DOI: https://doi.org/10.30574/wjarr.2025.26.2.1754

Haug, M., and Velarde, G. (2025). Performance of Machine Learning Classifiers for Anomaly Detection in Cyber Security Applications. In Lecture Notes in Networks and Systems (Vol. 1346, pp. 285–294). Springer. https://doi.org/10.1007/978-3-031-87647-9_25 DOI: https://doi.org/10.1007/978-3-031-87647-9_25

Hejleh, A. A., Sufian, M., Almallah, O., and Abdelnabi, H. (2025). AI-Driven Intrusion Detection: A Machine Learning-Based Approach. In 2025 International Conference on New Trends in Computing Sciences (ICTCS 2025) (pp. 64–71). IEEE. https://doi.org/10.1109/ICTCS65341.2025.10989292 DOI: https://doi.org/10.1109/ICTCS65341.2025.10989292

Hemanth Kumar, B., Teja Nuka, S., Malempati, M., Kumar Sriram, H., Mashetty, S., Kannan, S., and Professor, A. (2025). Big Data in Cybersecurity: Enhancing Threat Detection with AI and ML. Metallurgical and Materials Engineering, 31(3), 12–20. https://doi.org/10.63278/1315 DOI: https://doi.org/10.63278/1315

IACD. (2024). Getting Ready for SOAR: Readiness framework. IACD Automate. https://www.iacdautomate.org/getting-ready-for-soar

IACD. (2025). Orchestration. IACD Automate.

Irshad, E., and Siddiqui, A. B. (2024). Accurate Attack Detection in Intrusion Detection System for Cyber Threat Intelligence Feeds using Machine Learning Techniques. KIET Journal of Computing and Information Sciences, 7(1), 28–41. https://doi.org/10.51153/KJCIS.V7I1.198 DOI: https://doi.org/10.51153/kjcis.v7i1.198

Jaiswal, B. D. (2025). Designing Scalable Software Automation Frameworks for Cybersecurity threat Detection and Response. International Journal of Scientific Research and Management, 13(2), 1958–1980. https://doi.org/10.18535/IJSRM/V13I02.EC03 DOI: https://doi.org/10.18535/ijsrm/v13i02.ec03

Khodaskar, M., Medhane, D., Ingle, R., Buchade, A., and Khodaskar, A. (2022). Feature-Based Intrusion Detection System with Support Vector Machine. In 2022 IEEE International Conference on Blockchain and Distributed Systems Security (ICBDS 2022). IEEE. https://doi.org/10.1109/ICBDS53701.2022.9935972 DOI: https://doi.org/10.1109/ICBDS53701.2022.9935972

Kwentoa, I. K. (2025). AI-Driven Threat Intelligence for Enterprise Cybersecurity. Journal of Next-Generation Research 5.0, 1(4). https://doi.org/10.70792/JNGR5.0.V1I4.125 DOI: https://doi.org/10.70792/jngr5.0.v1i4.125

Lakshmanan, M., Adnan, M. M., Reddy, R. A., Vasukidevi, G., and Aarthy, G. (2024). A Graph Neural Network and Transformer Encoder Technique for Anomaly and Cyber Threat Detection in Smart Grids. In International Conference on Intelligent Algorithms for Computational Intelligence Systems (IACIS 2024). IEEE. https://doi.org/10.1109/IACIS61494.2024.10721753 DOI: https://doi.org/10.1109/IACIS61494.2024.10721753

Lakshmi, S., Maalan, M. R., and Kishore Kumar, R. (2024). Parametric Cyber Defense: A Sophisticated Machine Learning Architecture for Advanced Intrusion Detection and Threat Classification. In Proceedings of the 5th International Conference on Data Intelligence and Cognitive Informatics (ICDICI 2024) (pp. 87–93). IEEE. https://doi.org/10.1109/ICDICI62993.2024.10810824 DOI: https://doi.org/10.1109/ICDICI62993.2024.10810824

Lakshminarayana, S., Chen, Y., Konstantinou, C., Mashima, D., and Srivastava, A. K. (2024). Survey of Moving Target Defense in Power Grids: Design Principles, Tradeoffs, and Future Directions. arXiv.

Lin, Y.-D., Lu, Y.-H., Hwang, R.-H., Lai, Y.-C., Sudyana, D., and Lee, W.-B. (2025). Evolving ML-Based Intrusion Detection: Cyber Threat Intelligence for Dynamic Model Updates. IEEE Transactions on Machine Learning in Communications and Networking, 3, 605–622. https://doi.org/10.1109/TMLCN.2025.3564587 DOI: https://doi.org/10.1109/TMLCN.2025.3564587

Liu, Y., Li, W., and Chao, T. (2025). Defense System Modeling and Effectiveness Evaluation Analysis Based on Kill Chain Model. Advances in Transdisciplinary Engineering, 68, 219–228. https://doi.org/10.3233/ATDE250045 DOI: https://doi.org/10.3233/ATDE250045

Liu, Y., Tian, Y., Zhao, Y., Yu, H., Xie, L., Wang, Y., Ye, Q., Jiao, J., and Liu, Y. (2024). VMamba: Visual State Space Model. arXiv.

Manasa, K. (2025). Survey on Cyber Kill Chain. International Journal of Engineering Technology and Management Sciences, 9(Special Issue 1), 9. https://doi.org/10.46647/ijetms.2025.v09si01.020 DOI: https://doi.org/10.46647/ijetms.2025.v09si01.020

Olateju, O. O., Okon, S. U., Igwenagu, U. T. I., Salami, A. A., Oladoyinbo, T. O., and Olaniyi, O. O. (2024). Combating the Challenges of false Positives in AI-Driven Anomaly Detection Systems and Enhancing Data Security in the Cloud. Asian Journal of Research in Computer Science, 17(6), 264–292. https://doi.org/10.9734/AJRCOS/2024/V17I6472 DOI: https://doi.org/10.9734/ajrcos/2024/v17i6472

P, A., T, S., B, S., and Jose, J. (2025). Enhancing Cyber Threat Detection Accuracy: An AI-Powered Approach with Feature Selection and Ensemble Learning. IJFMR – International Journal for Multidisciplinary Research, 7(2). https://doi.org/10.36948/IJFMR.2025.V07I02.39812 DOI: https://doi.org/10.36948/ijfmr.2025.v07i02.39812

Pal, S., Joshi, I., and Devi, C. R. (2025). Deep Learning Architectures for Natural Language Understanding and Computer Vision Applications in Cybersecurity. Rademics. https://doi.org/10.71443/9789349552319 DOI: https://doi.org/10.71443/9789349552319

R, V. P. M., Vardhan, V. S., S, S., K, V. K., and G, M. M. R. (2025). AI-Driven Cyber Threat Detection and Log Analysis. In 2025 International Conference on Inventive Computation Technologies (ICICT) (pp. 676–681). IEEE. https://doi.org/10.1109/ICICT64420.2025.11004938 DOI: https://doi.org/10.1109/ICICT64420.2025.11004938

Rahmati, M. (2025). Towards Explainable and Lightweight AI for Real-Time Cyber Threat Hunting in Edge Networks. arXiv.

Raj, P., Rocha, A., Simar, Singh, P., Dutta, K., and Sundaravadivazhagan, B. (Eds.). (2025). Building Embodied AI Systems: The Agents, the Architecture Principles, Challenges, and Application Domains. Springer. https://doi.org/10.1007/978-3-031-68256-8 DOI: https://doi.org/10.1007/978-3-031-68256-8

Sani, A. I., and Sani, A. I. (2025). Cyber Threat Intelligence for Industrial Automation: AI-Powered Strategies. In [Book chapter] (pp. 131–148). IGI Global. https://doi.org/10.4018/979-8-3373-3241-3.ch007 DOI: https://doi.org/10.4018/979-8-3373-3241-3.ch007

SERP. (2025). ReGLU: GLU Activation Function and Its Variants. SERP AI.

Team, G., Riviere, M., Pathak, S., Sessa, P. G., Hardin, C., Bhupatiraju, S., Hussenot, L., Mesnard, T., Shahriari, B., Ramé, A., Ferret, J., Liu, P., Tafti, P., Friesen, A., Casbon, M., Ramos, S., Kumar, R., Lan, C. Le, Jerome, S., … Andreev, A. (2024). Gemma 2: Improving Open Language Models at a Practical Size. arXiv.

Uddin, M. A., and Sarker, I. H. (2024). An Explainable Transformer-Based Model for Phishing Email Detection: A Large Language Model Approach. arXiv. DOI: https://doi.org/10.2139/ssrn.4785953

Zhao, W. X., Zhou, K., Li, J., Tang, T., Wang, X., Hou, Y., Min, Y., Zhang, B., Zhang, J., Dong, Z., Du, Y., Yang, C., Chen, Y., Chen, Z., Jiang, J., Ren, R., Li, Y., Tang, X., Liu, Z., … Wen, J.-R. (2023). A Survey of Large Language Models. Proceedings of the Korean Computer Congress.