Modern Security Operations Centers (SOCs) face the dual challenge of identifying zero-day threats in high-throughput network streams and mitigating analyst alert fatigue. This paper proposes Sentinel AI, a hybrid detection framework orchestrating unsupervised statistical learning with Large Language Model (LLM) reasoning. We introduce a novel dual-engine architecture: a low-latency Isolation Forest model for real-time anomaly filtration ( O (n) complexity), and a semantic analysis engine utilizing Google Gemini Pro for context-aware threat interpretation and automated playbook execution. We present a reproducible reference architecture based on FastAPI and WebSocket streaming. Experimental validation on synthetic datasets demonstrating DDoS and data exfiltration patterns reveals that Sentinel AI achieves a 93% F1-score, significantly outperforming traditional signature-based baselines in zero-day scenarios, while reducing the cognitive load on analysts through natural language incident reporting.
Cite this paper
Yanguema, A. A. I. and Yin, C. (2026). Real-Time Cyber Monitoring and Threat Detection System with Hybrid AI Analysis. Open Access Library Journal, 13, e14742. doi: http://dx.doi.org/10.4236/oalib.1114742.
Schölkopf, B., Platt, J.C., Shawe-Taylor, J., Smola, A.J. and Williamson, R.C. (2001) Estimating the Support of a High-Dimensional Distribution. Neural Computation, 13, 1443-1471. https://doi.org/10.1162/089976601750264965
Sommer, R. and Paxson, V. (2010). Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. 2010 IEEE Symposium on Security and Privacy, Oak-land, 16-19 May 2010, 305-316. https://doi.org/10.1109/sp.2010.25
Liu, F.T., Ting, K.M. and Zhou, Z. (2008) Isola-tion Forest. 2008 8th IEEE International Conference on Data Mining, Pisa, 15-19 December 2008, 413-422. https://doi.org/10.1109/icdm.2008.17
Gupta, M., Akiri, C., Aryal, K., Parker, E. and Praharaj, L. (2023) From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy. IEEE Access, 11, 80218-80245. https://doi.org/10.1109/access.2023.3300381
D’Amico, A. and Kocka, M. (2005) Information Assurance Visualiza-tions for Specific Stages of Situational Awareness and Intended Uses: Lessons Learned. IEEE Workshop on Visualization for Computer Security (VizSec). https://securedecisions.com/wp-content/uploads/2011/06/Information-Assurance-Visualizations-for-Specific-Stages-of-Situational-Awareness-and-Intended-Uses.pdf
Vaswani, A., et al. (2017) Attention Is All You Need. Proceedings of the 31st International Conference on Neural Information Processing Systems, Long Beach, 4-9 December 2017, 6000-6010.
Lundberg, S.M. and Lee, S.-I. (2017) A Unified Approach to Interpreting Model Predictions. NIPS’17: Proceedings of the 31st International Conference on Neural Information Processing Systems, Long Beach, 4-9 De-cember 2017, 4768-4777.
