ABSTRACT This study offers a highly advanced cybersecurity system to detect and mitigate threats in real‐time with the help of a hybrid method that combines reinforcement learning (RL) and feature engineering. The model includes three stages, namely data preprocessing, feature extraction and selection, as well as attack classification with the help of ensemble RL models. Data in the network traffic is first preprocessed to Min–Max normalization to eliminate noise and scale attributes in improving the performance of the model. The network data is then extracted into relevant features through statistical, temporal and entropy‐based analysis and then a hybrid feature selection approach based on Snake Optimization (SO) and Harris Hawks Optimization (HHO) is used to simplify the model and enhance the classification accuracy. During the last stage, a multimodel RL procedure is utilized to detect and classify the attacks that combine double deep Q‐network (DDQN) to detect the anomalies and multiagent deep deterministic policy gradient (MADDPG) to analyze the threats conducted by the multiagent. Proximal Policy Optimization (PPO) is adopted to implement adaptive reduction. The combination of these models provides efficient identification, categorization, and reaction to cyber threats hence improving the robustness and scalability of the system in practicable applications. The efficacy of the suggested framework in identifying and preventing a broad scope of cyberattacks at better accuracy and lesser computational cost is evidenced experimentally. Compared to existing RL‐based intrusion detection models, the proposed framework achieves an improvement of 4.8% in accuracy, 6.3% in detection rate, and 18.5% reduction in computational overhead, demonstrating its superior effectiveness in real‐time cyberattack detection and mitigation.
Kalantri et al. (Thu,) studied this question.