Author
Listed:
- Nabeela Temitayo Adebola
- Williams Ezebuilo Eze
- Kamoru Emmanuel Umoru
- Kamoru Emmanuel Umoru
- Jamiu Akande
- Nuhu Ezra
Abstract
Security Information and Event Management systems are still at the core of threat monitoring in enterprises, but their rule-based detection methodology is mostly static in nature and always in need of manual tuning. As the nature of cyber-attacks becomes increasingly sophisticated, the complexity of the operating environment also increases, leading to a degradation in the accuracy of the rule-based methodology, with false positives and false negatives rising significantly. Recent studies show that adaptive learning methodologies can improve the accuracy of anomaly-based detection systems in a dynamic operating environment. Reinforcement learning is a methodology in which a learning agent learns through its interactions with its operating environment and improves its decision-making capabilities through a series of iterations. This research proposes a reinforcement learning-based framework for the continuous improvement of cyber threat detection rules in Security Information and Event Management systems. A reinforcement learning agent learns from the outcomes of the alerts generated in the system, the feedback from the Security Operations Center, and the threat intelligence available in the system to improve the thresholds and correlation values in real time for the rule-based methodology. This research uses benchmark intrusion datasets to evaluate the proposed methodology and compares its performance with static rulebased systems to show the improvement in accuracy and a reduction in false positives generated in the system.
Suggested Citation
Nabeela Temitayo Adebola & Williams Ezebuilo Eze & Kamoru Emmanuel Umoru & Kamoru Emmanuel Umoru & Jamiu Akande & Nuhu Ezra, 2026.
"Reinforcement Learning for Continuous Cyber Threat Detection Rule Improvement,"
International Journal of Innovative Science and Research Technology (IJISRT), IJISRT Publication, vol. 11(03), pages 486-495, March.
Handle:
RePEc:cvr:ijisrt:2026:03:ijisrt26mar324
DOI: 10.38124/ijisrt/26mar324
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:cvr:ijisrt:2026:03:ijisrt26mar324. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Rahul Goyel (email available below). General contact details of provider: https://www.ijisrt.com/ .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.
Printed from https://ideas.repec.org/a/cvr/ijisrt/202603ijisrt26mar324.html