{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,19]],"date-time":"2026-06-19T14:34:51Z","timestamp":1781879691019,"version":"3.54.5"},"reference-count":57,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3602681","type":"journal-article","created":{"date-parts":[[2025,8,25]],"date-time":"2025-08-25T20:47:29Z","timestamp":1756154849000},"page":"150199-150215","source":"Crossref","is-referenced-by-count":10,"title":["A Multi-Agent System for Cybersecurity Threat Detection and Correlation Using Large Language Models"],"prefix":"10.1109","volume":"13","author":[{"given":"Yasser","family":"Hmimou","sequence":"first","affiliation":[{"name":"Multidisciplinary Laboratory of Research and Innovation (LPRI), Moroccan School of Engineering Sciences (EMSI), Casablanca, Morocco"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3938-3566","authenticated-orcid":false,"given":"Mohamed","family":"Tabaa","sequence":"additional","affiliation":[{"name":"Multidisciplinary Laboratory of Research and Innovation (LPRI), Moroccan School of Engineering Sciences (EMSI), Casablanca, Morocco"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7090-9098","authenticated-orcid":false,"given":"Azeddine","family":"Khiat","sequence":"additional","affiliation":[{"name":"2IACS Laboratory, ENSET, Hassan II University of Casablanca, Casablanca, Morocco"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1104-4896","authenticated-orcid":false,"given":"Zineb","family":"Hidila","sequence":"additional","affiliation":[{"name":"Multidisciplinary Laboratory of Research and Innovation (LPRI), Moroccan School of Engineering Sciences (EMSI), Casablanca, Morocco"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/bigdata62323.2024.10825018"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.3390\/electronics13234718"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/access.2024.3483905"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/mnet.2024.3510936"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.3390\/computation13020030"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-023-00199-0"},{"key":"ref7","doi-asserted-by":"crossref","DOI":"10.24251\/HICSS.2025.194","article-title":"Zero-shot comparison of large language models (LLMs) reasoning abilities on long-text analogies","volume-title":"Proc. Annu. Hawaii Int. Conf. Syst. Sci.","author":"Combs"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.mlwa.2023.100470"},{"key":"ref9","first-page":"1","article-title":"AI and LLM models to analyze and identify cybersecurity incidents","volume-title":"Proc. CEUR Workshop","author":"Ruzickova"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2024.125509"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ISDFS65363.2025.11012055"},{"key":"ref12","volume-title":"Public Corpus","year":"2006"},{"key":"ref13","first-page":"108","article-title":"Toward generating a new intrusion detection dataset and intrusion traffic characterization","volume-title":"Proc. 4th Int. Conf. Inf. Syst. Secur. Privacy","author":"Sharafaldin"},{"key":"ref14","volume-title":"National Vulnerability Database (NVD)","year":"2023"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.3390\/s24216878"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.3390\/smartcities8010019"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/access.2024.3505983"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.104016"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.3390\/s24072077"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.3390\/electronics12204261"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3639478.3643108"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/icmcsi64620.2025.10883511"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.3390\/make6010018"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.22399\/ijcesen.469"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1016\/j.hcc.2024.100211"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/access.2024.3468914"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-025-00361-w"},{"key":"ref28","article-title":"Robust LLMs in cybersecurity: Protection against attacks and preventing malicious use","author":"Jawad","year":"2025"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/icecet61485.2024.10698605"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1063\/5.0227627"},{"issue":"5","key":"ref31","doi-asserted-by":"crossref","first-page":"365","DOI":"10.3390\/info16050365","article-title":"Toward robust security orchestration and automated response in SOCs","volume":"16","author":"Ismail","year":"2025","journal-title":"Information"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.3390\/s25061666"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/j.telpol.2025.102976"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/access.2025.3567195"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/s10462-025-11219-5"},{"key":"ref36","article-title":"Examining methodologies to explain autonomous cyber defence agents in critical networks","author":"Braun","year":"2024"},{"key":"ref37","article-title":"Leveraging LLMs for dynamic cyber-threat detection and training","author":"Marantos","year":"2024","journal-title":"IEEE Big Data"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-024-00529-x"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/access.2025.3554960"},{"key":"ref40","first-page":"1","article-title":"ForenSift: Gen-AI powered integrated digital forensics and incident response platform using LangChain framework","volume":"2024","author":"Patil","year":"2024","journal-title":"Digit. Forensics Secur. Appl."},{"issue":"24","key":"ref41","doi-asserted-by":"crossref","first-page":"4965","DOI":"10.3390\/electronics13244965","article-title":"A comprehensive survey on generative AI solutions in IoT security","volume":"13","author":"L\u00f3pez Delgado","year":"2024","journal-title":"Electronics"},{"issue":"9","key":"ref42","doi-asserted-by":"crossref","first-page":"2825","DOI":"10.3390\/s25092825","article-title":"Large language models for synthetic dataset generation of cybersecurity indicators of compromise","volume":"25","author":"Almorjan","year":"2025","journal-title":"Sensors"},{"key":"ref43","doi-asserted-by":"crossref","first-page":"109470","DOI":"10.1109\/ACCESS.2024.3439363","article-title":"Enhancing autonomous system security and resilience with generative AI: A comprehensive survey","volume":"12","author":"Andreoni","year":"2024","journal-title":"IEEE Access"},{"key":"ref44","article-title":"LLMs for Malware detection: Review, framework design, and countermeasure approaches","author":"Khan","year":"2025","journal-title":"SSRN"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.3390\/info16050366"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/icassp49357.2023.10095719"},{"key":"ref47","first-page":"1","article-title":"KnowPhish: LLMs meet multimodal knowledge graphs for phishing detection","volume-title":"Proc. USENIX Secur. Symp.","author":"Li"},{"key":"ref48","first-page":"1587","article-title":"CYGENT: A conversational GPT-based agent for log anomaly detection and cyber incident explanation","volume-title":"Proc. IEEE Int. Conf. Big Data","author":"Balasubramanian"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1007\/s10922-024-09831-x"},{"key":"ref50","article-title":"LLM agents for vulnerability identification and CVE verification","volume-title":"Proc. CEUR Workshop","volume":"3562","author":"ZeMicheal"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102723"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.3390\/app15063396"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510155"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/QRS57517.2022.00039"},{"key":"ref55","article-title":"Machine learning and port scans: A systematic review","author":"Pittman","year":"2023","journal-title":"arXiv:2301.13581"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1007\/s10489-025-06422-4"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.47392\/irjaeh.2024.0041"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/11141466.pdf?arnumber=11141466","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,2]],"date-time":"2025-09-02T05:02:15Z","timestamp":1756789335000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11141466\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":57,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3602681","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}