pith. sign in

arxiv: 2604.06900 · v1 · submitted 2026-04-08 · 💻 cs.CE · cs.AI· cs.CR· cs.CY

SentinelSphere: Integrating AI-Powered Real-Time Threat Detection with Cybersecurity Awareness Training

Nikolaos D. Tantaroudas , Ilias Karachalios , Andrew J. McCracken This is my paper

Pith reviewed 2026-05-10 17:47 UTC · model grok-4.3

classification 💻 cs.CE cs.AIcs.CRcs.CY
keywords cybersecuritythreat detectionlarge language modelssecurity awareness trainingdeep neural networksHTTP featuresAI integrationhuman factors
0
0 comments X

The pith

A single AI platform can combine real-time threat detection with LLM-driven user training to address both technical and human cybersecurity vulnerabilities.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents SentinelSphere as a unified system that uses artificial intelligence to handle the shortage of cybersecurity experts and the dominance of human errors in security incidents. It pairs an enhanced deep neural network, improved with new HTTP-layer features for spotting application attacks, with a quantized large language model that delivers adaptive security education on ordinary computers. This setup provides automated detection alongside conversational training that validation workshops found usable for non-technical people. If the integration holds, it offers a way for organizations to tackle machine-level threats and user-level weaknesses together without needing separate tools or large expert teams.

Core claim

SentinelSphere shows that an Enhanced Deep Neural Network trained on CIC-IDS2017 and CIC-DDoS2019 datasets with added HTTP-layer features attains high detection accuracy and low false positives across DDoS, brute force, and web exploits, while a quantized Phi-4 model fine-tuned for cybersecurity enables conversational training that runs on 16 GB RAM hardware and proves intuitive in workshops with professionals and students.

What carries the argument

The SentinelSphere unified framework that couples an Enhanced Deep Neural Network using novel HTTP-layer features for threat detection with a quantized LLM assistant for adaptive security awareness training.

If this is right

  • The enhanced DNN achieves high accuracy with substantially lower false positives than baseline models on critical attack categories.
  • The traffic light visualization and conversational AI assistant make security concepts accessible and effective for users without technical backgrounds.
  • The full system deploys on commodity hardware using only 16 GB RAM without needing a GPU.
  • Validation with industry professionals and students confirms the platform's usability for both detection and education components.
  • Coupling detection and training in one framework addresses technical vulnerabilities and human-factor weaknesses together.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Smaller organizations lacking dedicated security staff could run continuous detection and ongoing education through this single accessible system.
  • The LLM assistant could be extended to pull real-time threat data from the DNN module and customize training examples to the specific attacks observed.
  • Longer-term field trials would be required to confirm whether the training produces measurable reductions in phishing clicks or other human errors beyond the initial workshops.
  • This design suggests treating user education as an active part of the defense layer rather than a separate annual exercise.

Load-bearing premise

The enhanced DNN will keep high accuracy and low false positives on unseen real-world traffic, and brief workshops will demonstrate that the LLM training produces lasting changes in user behavior.

What would settle it

Deploying the Enhanced DNN on live enterprise network traffic for several months and comparing its false positive rate and recall to ground-truth labels from security analysts, or re-testing workshop participants after three to six months to measure whether security incident rates or error behaviors have changed.

Figures

Figures reproduced from arXiv: 2604.06900 by Andrew J. McCracken, Ilias Karachalios, Nikolaos D. Tantaroudas.

Figure 1
Figure 1. Figure 1: High-level system architecture illustrating SentinelSphere integration with the ResilMesh [PITH_FULL_IMAGE:figures/full_fig_p005_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Data flow architecture showing SentinelSphere and ResilMesh integration paths. [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: SentinelSphere Dashboard displaying the Traffic Light Assessment and Event Trends & [PITH_FULL_IMAGE:figures/full_fig_p007_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Traffic Light Threat Calculation equation showing the mathematical formula for [PITH_FULL_IMAGE:figures/full_fig_p008_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Cybersecurity Conversation Agent, Phi-4 Model performance summary. [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: SentinelSphere Dashboard homepage with the integrated chatbot interaction panel. [PITH_FULL_IMAGE:figures/full_fig_p010_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Demonstration of the Phi-4 cybersecurity domain-specific LLM providing guidance on [PITH_FULL_IMAGE:figures/full_fig_p011_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: SentinelSphere Dashboard Cybersecurity Knowledge Base section. [PITH_FULL_IMAGE:figures/full_fig_p012_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: SentinelSphere scalability testing, processing nearly 11 million requests in approximately [PITH_FULL_IMAGE:figures/full_fig_p014_9.png] view at source ↗
read the original abstract

The field of cybersecurity is confronted with two interrelated challenges: a worldwide deficit of qualified practitioners and ongoing human-factor weaknesses that account for the bulk of security incidents. To tackle these issues, we present SentinelSphere, a platform driven by artificial intelligence that unifies machine learning-based threat identification with security training powered by a Large Language Model (LLM). The detection module uses an Enhanced Deep Neural Network (DNN) trained on the CIC-IDS2017 and CIC-DDoS2019 benchmark datasets, enriched with novel HTTP-layer feature engineering that captures application level attack signatures. For the educational component, we deploy a quantised variant of Phi-4 model (Q4_K_M), fine-tuned for the cybersecurity domain, enabling deployment on commodity hardware requiring only 16 GB of RAM without dedicated GPU resources. Experimental results show that the Enhanced DNN attains high detection accuracy while substantially lowering false positives relative to baseline models, and maintains strong recall across critical attack categories such as DDoS, brute force, and web-based exploits. Validation workshops involving industry professionals and university students confirmed that the Traffic Light visualisation system and conversational AI assistant are both intuitive and effective for users without technical backgrounds. SentinelSphere illustrates that coupling intelligent threat detection with adaptive, LLM-driven security education can meaningfully address both technical and human-factor cybersecurity vulnerabilities within a single, cohesive framework.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript presents SentinelSphere, a unified AI platform that integrates an enhanced deep neural network (DNN) for real-time threat detection—trained on the CIC-IDS2017 and CIC-DDoS2019 benchmark datasets with novel HTTP-layer feature engineering—with an LLM-based cybersecurity awareness training module using a quantized Phi-4 model (Q4_K_M) that runs on commodity hardware with 16 GB RAM. The paper reports that the DNN achieves high detection accuracy, substantially lower false positives than baselines, and strong recall across attack categories including DDoS, brute force, and web exploits. The educational component is validated via workshops with industry professionals and university students, who found the Traffic Light visualization and conversational AI assistant intuitive and effective for non-technical users. The central claim is that coupling intelligent threat detection with adaptive LLM-driven education can meaningfully address both technical and human-factor cybersecurity vulnerabilities within a single cohesive framework.

Significance. If the empirical claims hold, this work would be significant by demonstrating a practical, integrated AI framework that simultaneously tackles machine-detectable threats and the human element responsible for most security incidents. The deployment of a quantized domain-specific LLM on standard hardware without GPUs is a clear practical strength that could promote broader adoption. The use of established public benchmarks for the detection module provides a reproducible starting point, and the overall concept of a cohesive detection-plus-education platform could stimulate further research in holistic cybersecurity solutions.

major comments (2)
  1. [Validation workshops] The validation of the LLM-driven educational component (described in the abstract and validation workshops section) rests entirely on qualitative feedback from brief workshops with professionals and students indicating that the Traffic Light system and conversational assistant are 'intuitive and effective.' No quantitative metrics are reported on knowledge retention, pre/post behavior change, simulated attack resistance over time, or comparison to control groups. This is load-bearing for the central claim that the framework 'meaningfully address[es] both technical and human-factor cybersecurity vulnerabilities,' as the education module's long-term impact remains unproven while the DNN component has benchmark support.
  2. [Experimental results] The abstract and experimental results claim the Enhanced DNN 'attains high detection accuracy while substantially lowering false positives relative to baseline models' and 'maintains strong recall' but provide no specific numeric values, error bars, confusion matrices, or detailed comparison tables against standard models on the same CIC-IDS2017/CIC-DDoS2019 datasets. If these details (including the exact definition and impact of the novel HTTP-layer features) are absent or insufficiently documented in the full experimental section, the technical superiority claim cannot be fully evaluated.
minor comments (2)
  1. [Abstract] The abstract relies on qualitative terms ('high detection accuracy,' 'strong recall') without referencing specific performance numbers or tables; adding these would improve clarity even if detailed results appear later in the paper.
  2. [Educational component] The fine-tuning procedure and prompt engineering for the quantized Phi-4 model are mentioned but not described in sufficient detail (e.g., dataset used for fine-tuning, hyperparameters, or evaluation metrics for the LLM component).

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their thorough and constructive review. We address each major comment below, committing to revisions that improve clarity, documentation, and scope without overstating our current results.

read point-by-point responses

  1. Referee: [Validation workshops] The validation of the LLM-driven educational component (described in the abstract and validation workshops section) rests entirely on qualitative feedback from brief workshops with professionals and students indicating that the Traffic Light system and conversational assistant are 'intuitive and effective.' No quantitative metrics are reported on knowledge retention, pre/post behavior change, simulated attack resistance over time, or comparison to control groups. This is load-bearing for the central claim that the framework 'meaningfully address[es] both technical and human-factor cybersecurity vulnerabilities,' as the education module's long-term impact remains unproven while the DNN component has benchmark support.

    Authors: We agree that the educational validation relies on qualitative workshop feedback and does not include quantitative metrics such as pre/post knowledge scores, retention tests, or controlled comparisons. In the revised manuscript we will expand the Validation Workshops section with additional details on participant demographics, workshop protocol, session duration, and representative feedback quotes. We will also add an explicit limitations paragraph noting that long-term behavioral impact studies lie outside the current scope of this platform paper. These changes will better frame the strength of the existing evidence. revision: partial

  2. Referee: [Experimental results] The abstract and experimental results claim the Enhanced DNN 'attains high detection accuracy while substantially lowering false positives relative to baseline models' and 'maintains strong recall' but provide no specific numeric values, error bars, confusion matrices, or detailed comparison tables against standard models on the same CIC-IDS2017/CIC-DDoS2019 datasets. If these details (including the exact definition and impact of the novel HTTP-layer features) are absent or insufficiently documented in the full experimental section, the technical superiority claim cannot be fully evaluated.

    Authors: We thank the referee for highlighting this gap. While the experimental section contains performance tables, we will revise the abstract and main text to prominently report key numeric results (accuracy, precision, recall, F1-score, false-positive rate) with direct baseline comparisons on both datasets. We will also insert confusion matrices, error bars from repeated runs or cross-validation, and a new subsection that precisely defines the novel HTTP-layer features together with an ablation study quantifying their contribution to improved detection. revision: yes

Circularity Check

0 steps flagged

No significant circularity detected

full rationale

The paper describes an empirical system integrating a DNN for threat detection (trained on public CIC-IDS2017 and CIC-DDoS2019 benchmarks with added HTTP features) and a quantized LLM for education, validated via workshops. No equations, derivations, or mathematical claims exist that could reduce predictions to inputs by construction. No self-citations, ansatzes, or uniqueness theorems are invoked as load-bearing elements. The central claim of a cohesive framework rests on independent empirical training results and qualitative feedback rather than any self-referential reduction, making the derivation chain self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claims rest on the representativeness of two public benchmark datasets, the effectiveness of post-hoc HTTP feature engineering, and the assumption that workshop feedback generalizes to real deployment. No new physical entities or mathematical axioms are introduced.

axioms (2)
  • domain assumption CIC-IDS2017 and CIC-DDoS2019 datasets contain representative samples of real-world attack traffic.
    Invoked when claiming the enhanced DNN will generalize; no independent validation on live networks is described.
  • domain assumption Quantized Phi-4 model fine-tuned on cybersecurity text will produce accurate and helpful responses for non-experts.
    Central to the training component; supported only by workshop impressions rather than quantitative metrics.

pith-pipeline@v0.9.0 · 5555 in / 1494 out tokens · 45129 ms · 2026-05-10T17:47:03.429774+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

36 extracted references · 36 canonical work pages

  1. [1]

    Ramezan, C.A. (2023). Examining the Cyber Skills Gap: An Analysis of Cybersecurity Positions by Sub-Field. Journal of Information Systems Education, 34(1):94--105. https://jise.org/Volume34/n1/JISE2023v34n1pp94-105.html

    work page 2023

  2. [2]

    ISC2 Cybersecurity Workforce Study 2023

    ISC2 (2023). ISC2 Cybersecurity Workforce Study 2023. International Information System Security Certification Consortium, Alexandria, VA. https://www.isc2.org/research

    work page 2023

  3. [3]

    and Uysal, I

    Kucuk, M.F. and Uysal, I. (2022). Anomaly Detection in Self-Organizing Networks: Conventional Versus Contemporary Machine Learning. IEEE Access, 10:61744--61752. doi:10.1109/ACCESS.2022.3181910

    work page doi:10.1109/access.2022.3181910 2022

  4. [4]

    The Cost of Malware Containment

    Ponemon Institute (2023). The Cost of Malware Containment. Ponemon Institute LLC, Traverse City, MI

    work page 2023

  5. [5]

    2025 Data Breach Investigations Report

    Verizon (2025). 2025 Data Breach Investigations Report. Verizon Business, New York. https://www.verizon.com/business/resources/reports/dbir/

    work page 2025

  6. [6]

    ENISA Threat Landscape 2023

    ENISA (2023). ENISA Threat Landscape 2023. European Union Agency for Cybersecurity, Luxembourg. doi:10.2824/782573

    work page doi:10.2824/782573 2023

  7. [7]

    2024.The NIST Cybersecurity Framework 2.0

    National Institute of Standards and Technology (2024). The NIST Cybersecurity Framework (CSF) 2.0. NIST Cybersecurity White Paper, U.S. Department of Commerce, Washington DC. doi:10.6028/NIST.CSWP.29

    work page doi:10.6028/nist.cswp.29 2024

  8. [8]

    ResilMesh: Situation Aware enabled Cyber Resilience for Dispersed, Heterogenous Cyber Systems

    ResilMesh Consortium (2023). ResilMesh: Situation Aware enabled Cyber Resilience for Dispersed, Heterogenous Cyber Systems. EU Horizon Europe Project 101119681, Technical Report

    work page 2023

  9. [9]

    Nguyen, T., Sipola, T., and Hautam \"a ki, J. (2024). Machine Learning Applications of Quantum Computing: A Review. In Proceedings of the 23rd European Conference on Cyber Warfare and Security (ECCWS 2024), pp.\ 370--377. Academic Conferences International. doi:10.34190/eccws.23.1.2390

    work page doi:10.34190/eccws.23.1.2390 2024

  10. [10]

    Sadlek, L., Hus \'a k, M., and C eleda, P. (2024). Hierarchical Modeling of Cyber Assets in Kill Chain Attack Graphs. In 2024 20th International Conference on Network and Service Management (CNSM), pp.\ 1--7. IEEE. doi:10.23919/CNSM62983.2024

    work page doi:10.23919/cnsm62983.2024 2024

  11. [11]

    Tantaroudas, N.D., Karachalios, I., and McCracken, A.J. (2026). SentinelSphere: AI-Driven Cybersecurity Platform Combining Threat Detection with Security Awareness. In Proceedings of the 21st International Conference on Availability, Reliability and Security (ARES 2025). ACM. doi:10.1145/3664476.3670446

    work page doi:10.1145/3664476.3670446 2026

  12. [12]

    Outside the closed world: On using machine learning for network intrusion detection

    Sommer, R. and Paxson, V. (2010). Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In 2010 IEEE Symposium on Security and Privacy, pp.\ 305--316. IEEE. doi:10.1109/SP.2010.25

    work page doi:10.1109/sp.2010.25 2010

  13. [13]

    Yin, C., Zhu, Y., Fei, J., and He, X. (2017). A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks. IEEE Access, 5:21954--21961. doi:10.1109/ACCESS.2017.2762418

    work page doi:10.1109/access.2017.2762418 2017

  14. [14]

    Vinayakumar, R., Alazab, M., Soman, K.P., Poornachandran, P., Al-Nemrat, A., and Venkatraman, S. (2019). Deep Learning Approach for Intelligent Intrusion Detection System. IEEE Access, 7:41525--41550. doi:10.1109/ACCESS.2019.2895334

    work page doi:10.1109/access.2019.2895334 2019

  15. [15]

    Sharafaldin, I., Lashkari, A.H., and Ghorbani, A.A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterisation. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), pp.\ 108--116. doi:10.5220/0006639801080116

    work page doi:10.5220/0006639801080116 2018

  16. [16]

    Sharafaldin, I., Lashkari, A.H., Hakak, S., and Ghorbani, A.A. (2019). Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST), pp.\ 1--8. IEEE. doi:10.1109/CCST.2019.8888419

    work page doi:10.1109/ccst.2019.8888419 2019

  17. [17]

    Sharafaldin, I., Lashkari, A.H., and Ghorbani, A.A. (2018). A Detailed Analysis of the CICIDS2017 Data Set. In Information Systems Security and Privacy, pp.\ 172--188. Springer. doi:10.1007/978-3-030-25109-3_9

    work page doi:10.1007/978-3-030-25109-3_9 2018

  18. [18]

    Khan, M.A., Iqbal, N., Jamil, H., and Kim, D.-H. (2023). An optimised ensemble prediction model using AutoML based on soft voting classifier for network intrusion detection. Journal of Network and Computer Applications, 212:103560. doi:10.1016/j.jnca.2022.103560

    work page doi:10.1016/j.jnca.2022.103560 2023

  19. [19]

    Ferrag, M.A., Maglaras, L., Moschoyiannis, S., and Janicke, H. (2020). Deep Learning for Cyber Security Intrusion Detection: Approaches, Datasets, and Comparative Study. Journal of Information Security and Applications, 50:102419. doi:10.1016/j.jisa.2019.102419

    work page doi:10.1016/j.jisa.2019.102419 2020

  20. [20]

    and Nur, A.Y

    Aktar, S. and Nur, A.Y. (2023). Towards DDoS attack detection using deep learning approach. Computers & Security, 129:103251. doi:10.1016/j.cose.2023.103251

    work page doi:10.1016/j.cose.2023.103251 2023

  21. [21]

    Motlagh, F.N., Hajizadeh, M., Majd, M., Najafi, P., Cheng, F., and Meinel, C. (2024). Large Language Models in Cybersecurity: State-of-the-Art. arXiv preprint arXiv:2402.00891. doi:10.48550/arXiv.2402.00891

    work page doi:10.48550/arxiv.2402.00891 2024

  22. [22]

    Xu, H., Wang, S., Li, N., Zhao, Y., Chen, K., Wang, K., Liu, Y., Yu, T., and Wang, H. (2024). Large Language Models for Cyber Security: A Systematic Literature Review. arXiv preprint arXiv:2405.04760. doi:10.48550/arXiv.2405.04760

    work page doi:10.48550/arxiv.2405.04760 2024

  23. [23]

    Zhang, J., Bu, H., Wen, H., Liu, Y., Fei, H., Xi, R., Li, L., Yang, Y., Zhu, H., and Meng, D. (2025). When LLMs Meet Cybersecurity: A Systematic Literature Review. Cybersecurity, 8:55. doi:10.1186/s42400-025-00357-y

    work page doi:10.1186/s42400-025-00357-y 2025

  24. [24]

    Jaffal, N.O., Alkhanafseh, M., and Mohaisen, D. (2025). Large Language Models in Cybersecurity: A Survey of Applications, Vulnerabilities, and Defense Techniques. AI, 6(9):216. doi:10.3390/ai6090216

    work page doi:10.3390/ai6090216 2025

  25. [25]

    Atlam, H.F. (2025). LLMs in Cyber Security: Bridging Practice and Education. Big Data and Cognitive Computing, 9(7):184. doi:10.3390/bdcc9070184

    work page doi:10.3390/bdcc9070184 2025

  26. [26]

    A comprehensive overview of large language models (llms) for cyber defences: Opportunities and direc- tions,

    Hassanin, M. and Moustafa, N. (2024). A Comprehensive Overview of Large Language Models (LLMs) for Cyber Defences: Opportunities and Directions. arXiv preprint arXiv:2405.14487. doi:10.48550/arXiv.2405.14487

    work page doi:10.48550/arxiv.2405.14487 2024

  27. [27]

    Chhetri, C. (2024). Exploring Large Language Model-Powered Pedagogical Approaches to Cybersecurity Education. In Proceedings of the 25th Annual Conference on Information Technology Education (SIGITE '24), pp.\ 115--120. ACM. doi:10.1145/3686612.3686643

    work page doi:10.1145/3686612.3686643 2024

  28. [28]

    Hadlington, L. (2017). Human Factors in Cybersecurity: Examining the Link Between Internet Addiction, Impulsivity, Attitudes Towards Cybersecurity, and Risky Cybersecurity Behaviours. Heliyon, 3(7):e00346. doi:10.1016/j.heliyon.2017.e00346

    work page doi:10.1016/j.heliyon.2017.e00346 2017

  29. [29]

    and Skinner, G

    Aldawood, H. and Skinner, G. (2019). Reviewing Cyber Security Social Engineering Training and Awareness Programs---Pitfalls and Ongoing Issues. Future Internet, 11(3):73. doi:10.3390/fi11030073

    work page doi:10.3390/fi11030073 2019

  30. [30]

    Bada, M., Sasse, A.M., and Nurse, J.R. (2019). Cyber Security Awareness Campaigns: Why do they fail to change behaviour? arXiv preprint arXiv:1901.02672. doi:10.48550/arXiv.1901.02672

    work page doi:10.48550/arxiv.1901.02672 2019

  31. [31]

    and Chiasson, S

    Zhang-Kennedy, L. and Chiasson, S. (2021). A Systematic Review of Multimedia Tools for Cybersecurity Awareness and Education. ACM Computing Surveys, 54(1):12. doi:10.1145/3427920

    work page doi:10.1145/3427920 2021

  32. [32]

    Araujo, M.S.d., Machado, B.A.S., and Passos, F.U. (2024). Resilience in the Context of Cyber Security: A Review of the Fundamental Concepts and Relevance. Applied Sciences, 14(5):2116. doi:10.3390/app14052116

    work page doi:10.3390/app14052116 2024

  33. [33]

    Ramos-Cruz, B., Andreu-Perez, J., and Mart \' nez, L. (2024). The Cybersecurity Mesh: A Comprehensive Survey of Involved Artificial Intelligence Methods, Cryptographic Protocols and Challenges for Future Research. arXiv preprint arXiv:2402.18373. doi:10.48550/arXiv.2402.18373

    work page doi:10.48550/arxiv.2402.18373 2024

  34. [34]

    Somma, M., Flatscher, A., and Stojanovi \'c , B. (2024). Edge-Based Anomaly Detection: Enhancing Performance and Sustainability in Smart Water Distribution Systems. In 2024 32nd Telecommunications Forum (TELFOR), pp.\ 1--4. IEEE. doi:10.1109/TELFOR63250.2024

    work page doi:10.1109/telfor63250.2024 2024

  35. [35]

    Bhatt, S., Manadhata, P.K., and Zomlot, L. (2014). The Operational Role of Security Information and Event Management Systems. IEEE Security & Privacy, 12(5):35--41. doi:10.1109/MSP.2014.103

    work page doi:10.1109/msp.2014.103 2014

  36. [36]

    Tantaroudas, N.D., Karachalios, I., and McCracken, A.J. (2026). SentinelSphere: An AI-driven cybersecurity platform integrating real-time threat detection with security awareness education [version 1; peer review: 2 approved with reservations]. Open Research Europe, 6:58. doi:10.12688/openreseurope.22957.1

    work page doi:10.12688/openreseurope.22957.1 2026