ActivityRDI: A Centralized Solution Framework for Activity Retrieval and Detection Intelligence based on Knowledge Graph, Large Language Model and Imbalanced Learning

We propose a centralized Activity Retrieval and Detection Intelligence (ActivityRDI) solution framework, demonstrate its application performance in Network Threat Detection in detail, and show its generalization in other domains. Network threat detection is challenging due to the complex nature of attack activities and the limited historically revealed threat data to learn from. To help enhance the existing methods (e.g., analytics, machine learning, and artificial intelligence) to detect the network threats, we propose a multi-agent AI solution for agile threat detection. In this solution, a Knowledge Graph is used to analyze changes in user activity patterns and calculate the risk of unknown threats. Then, an Imbalanced Learning Model is used to prune and weigh the Knowledge Graph, and also calculate the risk of known threats. Finally, a Large Language Model (LLM) is used to retrieve and interpret the risk of user activities from the Knowledge Graph and the Imbalanced Learning Model. The preliminary results show that the solution improves the threat capture rate by 3\%-4\% and adds natural language interpretations of the risk predictions based on user activities. Furthermore, a demo application has been built to show how the proposed solution framework can be deployed and used.