Tariq Ammar Almoabady ¹ Yasser Mohammad Alblawi ¹ Ahmad Emad Albalawi ¹ Majed Aborokbah ¹ Manimurugan S ¹ AHMED D. SAAD ALJUHANI ¹ Hussain Aldawood ² Tawfiq Alashoor ³ Karthikeyan P ^1,4*

• ¹ University of Tabuk, Tabuk, Tabuk, Saudi Arabia
• ² NEOM, Tabuk city, Saudi Arabia
• ³ University of Copenhagen, Copenhagen, Capital Region of Denmark, Denmark
• ⁴ RV University, Bengaluru, India

This paper introduces a comprehensive methodology designed to enhance Cyber Situational Awareness by integrating Isolation Forest and Autoencoder algorithms, Structured Threat Information Expression (STIX) implementation, and ontology development. This study emphasizes the crucial role of the Isolation Forest algorithm, which is renowned for its efficiency, scalability, and robustness in identifying anomalies in high-dimensional cybersecurity datasets. In combination, autoencoders offer nonlinear detection capabilities, feature learning, and adaptability. The proposed dual approach significantly improves proactive anomaly detection. Furthermore, the integration of STIX standardizes threat information expression, which enhances cyber threat intelligence. Feature mapping enriches datasets with contextual threat information, and ontology development facilitates structured knowledge representation in the cybersecurity domain, which facilitates dynamic assessment and semantic correlation of threat intelligence data. A comparative analysis of the unsupervised machine learning algorithms Isolation Forest, Local Outlier Factor (LOF), and Autoencoder was conducted on the UNSW-NB15 dataset. The proposed model outperformed the others in terms of all metrics, achieving 95% accuracy, 99% F1 score, and 94.60% recall rate, demonstrating its superior effectiveness relative to enhancing cybersecurity situational awareness.