Abstract

As the digital realm continues to expand, the complexity of modern software ecosystems has increased the frequency and severity of zero-day attacks, rendering traditional cyber defence mechanisms insufficient. Purpose: This paper presents an autonomous cyber defence architecture that utilises a graph-based modelling and artificial intelligence (AI) to proactively detect and mitigate zero-day threats in complex environments. Methodology: The system dynamically generates dependency graphs to identify critical nodes and aberrant connections, which are then used to locate behavioural anomalies via Graph Neural Networks (GNNs). In addition, Reinforcement learning agents further enhance the ability to evaluate threats in real time and take mitigation actions without relying on a predetermined signature. Findings: Results of experimentation illustrate that the system's detection and performance capabilities were robust and efficient, achieving a detection rate of 96.8%, precision of 94.3%, recall of 92.7, and an F1 score of 93.5, along with a 3.1% false positive rate. The completion of threat response processes averaged 1.8 seconds, yielding a containment rate of 91.4% and an impact mitigation rate of 87.2%. Additionally, the system exhibited scalability to 10,000 software nodes. Practical Implications: The results presented herein provide evidence for the feasibility of the framework to be implemented in a modern enterprise and cloud-native systems. Since the proposed system is able to adapt autonomously to ever changing threats in real time, it paves the way for intelligent, scalable, and zero-trust cyber defence architectures for the next-generation software ecosystem

Keywords: Autonomous Cyber Defence, Zero-Day Threat Detection, Graph Neural Networks, Reinforcement Learning, Anomaly Detection, Complex Software Ecosystems, Dynamic Dependency Graph, AI-Driven Security, Threat Mitigation, Behavioural Analysis