{"id":"https://openalex.org/W7133785960","doi":"https://doi.org/10.48550/arxiv.2603.03911","title":"From Threat Intelligence to Firewall Rules: Semantic Relations in Hybrid AI Agent and Expert System Architectures","display_name":"From Threat Intelligence to Firewall Rules: Semantic Relations in Hybrid AI Agent and Expert System Architectures","publication_year":2026,"publication_date":"2026-03-04","ids":{"openalex":"https://openalex.org/W7133785960","doi":"https://doi.org/10.48550/arxiv.2603.03911"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2603.03911","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5024709988","display_name":"Chiara Bonfanti","orcid":"https://orcid.org/0009-0007-8015-7786"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Bonfanti, Chiara","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126739310","display_name":"Davide Colaiacomo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Colaiacomo, Davide","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001746215","display_name":"Luca Cagliero","orcid":"https://orcid.org/0000-0002-7185-5247"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Cagliero, Luca","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5015749928","display_name":"Cataldo Basile","orcid":"https://orcid.org/0000-0002-8016-1490"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Basile, Cataldo","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5024709988"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.23160000145435333,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.23160000145435333,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.11259999871253967,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12203","display_name":"Mobile Agent-Based Network Management","score":0.10350000113248825,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firewall","display_name":"Firewall (physics)","score":0.7024000287055969},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5418999791145325},{"id":"https://openalex.org/keywords/semantic-web","display_name":"Semantic Web","score":0.4334000051021576},{"id":"https://openalex.org/keywords/application-firewall","display_name":"Application firewall","score":0.4092999994754791},{"id":"https://openalex.org/keywords/trustworthiness","display_name":"Trustworthiness","score":0.4016999900341034},{"id":"https://openalex.org/keywords/expert-system","display_name":"Expert system","score":0.40119999647140503},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.3865000009536743},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.3598000109195709}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7594000101089478},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.7024000287055969},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5418999791145325},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5180000066757202},{"id":"https://openalex.org/C2129575","wikidata":"https://www.wikidata.org/wiki/Q54837","display_name":"Semantic Web","level":2,"score":0.4334000051021576},{"id":"https://openalex.org/C86444895","wikidata":"https://www.wikidata.org/wiki/Q451816","display_name":"Application firewall","level":4,"score":0.4092999994754791},{"id":"https://openalex.org/C153701036","wikidata":"https://www.wikidata.org/wiki/Q659974","display_name":"Trustworthiness","level":2,"score":0.4016999900341034},{"id":"https://openalex.org/C58328972","wikidata":"https://www.wikidata.org/wiki/Q184609","display_name":"Expert system","level":2,"score":0.40119999647140503},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3865000009536743},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.3598000109195709},{"id":"https://openalex.org/C2778739407","wikidata":"https://www.wikidata.org/wiki/Q165372","display_name":"CLIPS","level":2,"score":0.3012000024318695},{"id":"https://openalex.org/C58166","wikidata":"https://www.wikidata.org/wiki/Q224821","display_name":"Fuzzy logic","level":2,"score":0.2915000021457672},{"id":"https://openalex.org/C157170001","wikidata":"https://www.wikidata.org/wiki/Q4781507","display_name":"Applications of artificial intelligence","level":2,"score":0.27140000462532043},{"id":"https://openalex.org/C544335954","wikidata":"https://www.wikidata.org/wiki/Q2553348","display_name":"Web intelligence","level":4,"score":0.2662000060081482},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.26429998874664307},{"id":"https://openalex.org/C517642484","wikidata":"https://www.wikidata.org/wiki/Q2388514","display_name":"Intelligence analysis","level":2,"score":0.26409998536109924},{"id":"https://openalex.org/C89057211","wikidata":"https://www.wikidata.org/wiki/Q432197","display_name":"Collective intelligence","level":2,"score":0.25609999895095825},{"id":"https://openalex.org/C102600418","wikidata":"https://www.wikidata.org/wiki/Q6517507","display_name":"Legal expert system","level":3,"score":0.2540999948978424},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.2533000111579895},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.250900000333786}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2603.03911","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2603.03911","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.03911","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2603.03911","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6915280222892761,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Web":[0],"security":[1,21,46],"demands":[2],"rapid":[3],"response":[4],"capabilities":[5],"to":[6,56,61,90,107],"evolving":[7],"cyber":[8],"threats.":[9,50,120],"Agentic":[10],"Artificial":[11],"Intelligence":[12,68],"(AI)":[13],"promises":[14],"automation,":[15],"but":[16],"the":[17,25,31,76,98,102,111,115],"need":[18],"for":[19,39,48,83],"trustworthy":[20],"responses":[22],"is":[23],"of":[24,33,101,114],"utmost":[26],"importance.":[27],"This":[28],"work":[29],"investigates":[30],"role":[32],"semantic":[34],"relations":[35,60],"in":[36,118],"extracting":[37],"information":[38,64],"sensitive":[40],"operational":[41],"tasks,":[42],"such":[43],"as":[44],"configuring":[45],"controls":[47],"mitigating":[49,119],"To":[51],"this":[52],"end,":[53],"it":[54],"proposes":[55],"leverage":[57],"hypernym-hyponym":[58,103],"textual":[59],"extract":[62],"relevant":[63],"from":[65],"Cyber":[66],"Threat":[67],"(CTI)":[69],"reports.":[70],"By":[71],"leveraging":[72],"a":[73],"neuro-symbolic":[74],"approach,":[75],"multi-agent":[77],"system":[78,86],"automatically":[79],"generates":[80],"CLIPS":[81],"code":[82],"an":[84],"expert":[85],"creating":[87],"firewall":[88],"rules":[89],"block":[91],"malicious":[92],"network":[93],"traffic.":[94],"Experimental":[95],"results":[96],"show":[97],"superior":[99],"performance":[100],"retrieval":[104],"strategy":[105],"compared":[106],"various":[108],"baselines":[109],"and":[110],"higher":[112],"effectiveness":[113],"agentic":[116],"approach":[117]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-03-06T00:00:00"}