Authors - N. Revathy, V. Latha Sivasankari, Nikileshwar V, Surendhiran G, Abijith M, Sheik Mohamed S Abstract - Enterprise networks face escalating cyber threats as cloud, IoT, and remote work adoption expand attack surfaces. Traditional signature-based detection and manual response suffer average breach detection intervals of 287 days, failing to scale against rising alert volumes [9]. CyberSentinel addresses this through an autonomous pipeline processing Windows Security Event Logs: Isolation Forest anomaly detection on engineered behavioral features, large language model (LLM) threat explanations via local Ollama inference, and automated remediation including account deactivation, process termination, and firewall adjustment. A Flask web dashboard provides real-time threat visualization. Evaluation across 72 hours on a controlled Windows 10 Enterprise testbed with 28 injected anomalies confirms an F1-score of 0.78, 84.2% remediation success, and mean end-to-end latency of 24.7 seconds. The modular Python architecture enables fully autonomous operation on standard Windows hosts without dedicated SOC infrastructure.
Open Zoom