An Exploratory Study on Domain Knowledge Infusion in Deep Learning for Automated Threat Defense | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article An Exploratory Study on Domain Knowledge Infusion in Deep Learning for Automated Threat Defense Suren Khanzadeh, Euclides Carlos Pinto Neto, Shahrear Iqbal, Manar Alalfi, and 1 more This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-5194547/v1 This work is licensed under a CC BY 4.0 License Status: Published Journal Publication published 28 Jan, 2025 Read the published version in International Journal of Information Security → Version 1 posted 9 You are reading this latest preprint version Abstract The wide adoption of interconnected services leads to the creation of supportive solutions and business opportunities. Conversely, this new paradigm is targeted by malicious activities, aiming to compromise systems' confidentiality, integrity, and availability. However, advanced methods lack contextual awareness, which prevents their deployment to real-world systems. Considering that the process of making informed decisions stems from the expertise of analysts based on their experience, the use of cybersecurity domain knowledge has the potential to improve Deep Learning (DL) and Deep Reinforcement Learning (DRL) operations in real scenarios. Therefore, the main goal of this research is to study and evaluate the use of Knowledge Infused Learning (KIL) in the context of automated threat defense. We define how cybersecurity domain knowledge can be infused into DL and RL, highlighting the main challenges and benefits. Besides, we present a roadmap to apply domain knowledge for red and blue teaming activities and discuss the implications of KIL in explainability, and actionable reporting. Finally, we list the open challenges to guide the development of next-generation security solutions. Cybersecurity Knowledge Infusion Explainable Artificial Intelligence (XAI) Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Published Journal Publication published 28 Jan, 2025 Read the published version in International Journal of Information Security → Version 1 posted Editorial decision: Revision requested 01 Dec, 2024 Reviews received at journal 01 Dec, 2024 Reviewers agreed at journal 01 Dec, 2024 Reviews received at journal 05 Nov, 2024 Reviewers agreed at journal 27 Oct, 2024 Reviewers invited by journal 27 Oct, 2024 Editor assigned by journal 04 Oct, 2024 Submission checks completed at journal 04 Oct, 2024 First submitted to journal 02 Oct, 2024 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-5194547","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":384885803,"identity":"f16090de-ddbb-49b3-830f-a6e339d2a55c","order_by":0,"name":"Suren Khanzadeh","email":"","orcid":"","institution":"Toronto Metropolitan University","correspondingAuthor":false,"prefix":"","firstName":"Suren","middleName":"","lastName":"Khanzadeh","suffix":""},{"id":384885804,"identity":"d8371718-6f1d-41bb-b41c-ecaea672f158","order_by":1,"name":"Euclides Carlos Pinto Neto","email":"","orcid":"","institution":"National Research Council Canada","correspondingAuthor":false,"prefix":"","firstName":"Euclides","middleName":"Carlos Pinto","lastName":"Neto","suffix":""},{"id":384885806,"identity":"60d87d72-460f-4dbd-80d0-448f83e047b4","order_by":2,"name":"Shahrear Iqbal","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABIElEQVRIiWNgGAWjYBAC+RkMbBAW/wEgo8CGsBaDGzAtzCCGQRoRWiRQtRwmQot087PHFRV2+QzMzNse/DA4n2fefoDxc+EeOwZ59wOMH35g8cucY+aGZ84kWzYws5Ub9hjcLpY5k8AsPeNZMoMhkCHZg8WaGwlmko1tzAYMzDxmEjwGtxNnSPB/Y+Y5cIDBEBQyPNi0pH+TbPxXD9Yi+cfgHFALAxtcC+MfbFpygLY0HAZrkeYxOIDQIg9mYPH+jZwyyYZjxw3YgH4xljFITpzBA/QLz4FkHgOexGZpGSzen5G+TbKhptqAn//wtodvKuwSZ7ADQ4zngJ2cfPvhgx/f4AltUKSgCAAdydiARwPEkWgOIKhhFIyCUTAKRggAAKLmWJtZIDCxAAAAAElFTkSuQmCC","orcid":"","institution":"National Research Council Canada","correspondingAuthor":true,"prefix":"","firstName":"Shahrear","middleName":"","lastName":"Iqbal","suffix":""},{"id":384885807,"identity":"57da812b-0162-486e-b72b-91b1bc3c804c","order_by":3,"name":"Manar Alalfi","email":"","orcid":"","institution":"Toronto Metropolitan University","correspondingAuthor":false,"prefix":"","firstName":"Manar","middleName":"","lastName":"Alalfi","suffix":""},{"id":384885809,"identity":"a7962b20-c98a-4719-ba97-28f1060bb8c7","order_by":4,"name":"Scott Buffett","email":"","orcid":"","institution":"National Research Council Canada","correspondingAuthor":false,"prefix":"","firstName":"Scott","middleName":"","lastName":"Buffett","suffix":""}],"badges":[],"createdAt":"2024-10-02 18:38:12","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-5194547/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-5194547/v1","draftVersion":[],"editorialEvents":[{"content":"https://doi.org/10.1007/s10207-025-00987-4","type":"published","date":"2025-01-28T15:57:01+00:00"}],"editorialNote":"","failedWorkflow":false,"files":[{"id":75352041,"identity":"06fa168a-ad45-40a7-b050-c598ac3fd5b8","added_by":"auto","created_at":"2025-02-03 16:12:57","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":542989,"visible":true,"origin":"","legend":"","description":"","filename":"manuscript.pdf","url":"https://assets-eu.researchsquare.com/files/rs-5194547/v1_covered_f5d16bb2-d136-44fa-8453-453c4eaf1649.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"An Exploratory Study on Domain Knowledge Infusion in Deep Learning for Automated Threat Defense","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"international-journal-of-information-security","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ijis","sideBox":"Learn more about [International Journal of Information Security](http://link.springer.com/journal/10207)","snPcode":"10207","submissionUrl":"https://submission.nature.com/new-submission/10207/3","title":"International Journal of Information Security","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"Cybersecurity, Knowledge Infusion, Explainable Artificial Intelligence (XAI)","lastPublishedDoi":"10.21203/rs.3.rs-5194547/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-5194547/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"The wide adoption of interconnected services leads to the creation of supportive solutions and business opportunities. Conversely, this new paradigm is targeted by malicious activities, aiming to compromise systems' confidentiality, integrity, and availability. However, advanced methods lack contextual awareness, which prevents their deployment to real-world systems. Considering that the process of making informed decisions stems from the expertise of analysts based on their experience, the use of cybersecurity domain knowledge has the potential to improve Deep Learning (DL) and Deep Reinforcement Learning (DRL) operations in real scenarios. Therefore, the main goal of this research is to study and evaluate the use of Knowledge Infused Learning (KIL) in the context of automated threat defense. We define how cybersecurity domain knowledge can be infused into DL and RL, highlighting the main challenges and benefits. Besides, we present a roadmap to apply domain knowledge for red and blue teaming activities and discuss the implications of KIL in explainability, and actionable reporting. Finally, we list the open challenges to guide the development of next-generation security solutions.","manuscriptTitle":"An Exploratory Study on Domain Knowledge Infusion in Deep Learning for Automated Threat Defense","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-12-13 15:24:31","doi":"10.21203/rs.3.rs-5194547/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2024-12-02T02:34:05+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-12-01T15:37:35+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"167812916237654265989326851007513905757","date":"2024-12-01T15:23:36+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-11-05T14:54:49+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"194095281270781278413976447161045814438","date":"2024-10-27T18:51:11+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2024-10-27T14:36:11+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2024-10-04T07:12:59+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2024-10-04T07:12:31+00:00","index":"","fulltext":""},{"type":"submitted","content":"International Journal of Information Security","date":"2024-10-02T18:29:55+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"international-journal-of-information-security","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ijis","sideBox":"Learn more about [International Journal of Information Security](http://link.springer.com/journal/10207)","snPcode":"10207","submissionUrl":"https://submission.nature.com/new-submission/10207/3","title":"International Journal of Information Security","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"76fd0656-287d-46a7-b6bc-be57feec6b24","owner":[],"postedDate":"December 13th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"published-in-journal","subjectAreas":[],"tags":[],"updatedAt":"2025-02-03T16:08:43+00:00","versionOfRecord":{"articleIdentity":"rs-5194547","link":"https://doi.org/10.1007/s10207-025-00987-4","journal":{"identity":"international-journal-of-information-security","isVorOnly":false,"title":"International Journal of Information Security"},"publishedOn":"2025-01-28 15:57:01","publishedOnDateReadable":"January 28th, 2025"},"versionCreatedAt":"2024-12-13 15:24:31","video":"","vorDoi":"10.1007/s10207-025-00987-4","vorDoiUrl":"https://doi.org/10.1007/s10207-025-00987-4","workflowStages":[]},"version":"v1","identity":"rs-5194547","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-5194547","identity":"rs-5194547","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.