Real-Time Source Attribution of Cyberattacks via AI-Driven Threat Intelligence
Abstract
Cyberattacks are dynamic and asymmetric in nature, and thus, it is tough to determine their real origins. Conventional detection systems that rely on fixed rules, manual forensics, and slow intelligence are not responsive in real time, leading to delays in operations and prolonged vulnerability. In this paper, we present the Dynamic Multi-Mode Source Attribution (DMSA) architecture, an autonomous, meta-learning-based AI system designed to support adaptive, explainable cyber attribution. DMSA uses self-learning artificial intelligence agents that work and compete with each other to improve attribution accuracy and resilience. This allows it to use multimodal telemetry from endpoints, networks, clouds, and the dark web to build a unified evidence graph, dynamically score confidence, and make real-time decisions. The experimental findings indicate that DMSA is very effective at reducing attribution latency and improving accuracy compared to traditional methods. The autoadaptation aspect of the framework retests decisions in the presence of new or conflicting information and is resistant to camouflaged attacks. Its probabilistic confidence scoring provides analysts with attribution confidence, which justifies proactive defence measures. In general, DMSA represents a significant breakthrough in scalable AI-based cyber attribution, providing real-time, responsible insights to enhance international cybersecurity resilience.