A Zero Trust Hybrid Machine Learning Algorithms for Threat Detection and Prevention with Explainable Threat Intelligence.

Abstract

This study presents a dual-model intelligent cybersecurity framework integrating Malware Detection and SQL Injection Detection to enhance automated threat identification and prevention. For malware detection, a Random Forest classifier was employed to analyze users activities. The model achieved an accuracy of 99.13%, precision of 98.52%, and recall of 98.56%, demonstrating exceptional reliability in differentiating malicious from benign files. The ROC curve (AUC = 0.9994) and Precision–Recall curve confirmed the model’s high discriminative power,  while  LIME  and  Permutation  Feature  Importance  analyses  provided  interpretability,  revealing  that features like MajorSubsystemVersion and SectionsMeanEntropy strongly influence classification outcomes. For SQL injection detection, a feedforward neural network (FFNN) with two dense layers (32 and 64 neurons) was implemented using three handcrafted features—query length, punctuation, and SQL  keywords. The model achieved an accuracy of 99.73%, precision of 99.7%, recall of 99.95%, and F1-score of 99.8%, indicating near- perfect discrimination between malicious and benign queries. The ROC (AUC = 1.00) and Precision–Recall curves  further confirmed its robustness.  LIME explanations provided local interpretability by highlighting influential query attributes driving predictions. A real-time detection dashboard continuously validates every access attempt—file uploads or SQL queries—using both models in parallel. Malicious inputs are instantly flagged and blocked, ensuring proactive protection. Overall, the proposed framework combines high detection accuracy with explainable artificial intelligence (XAI) techniques, providing both transparency and reliability for modern cybersecurity defense systems.