{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T09:06:06Z","timestamp":1776243966465,"version":"3.50.1"},"reference-count":25,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T00:00:00Z","timestamp":1776211200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"STATE GRID QINGHAI ELECTRIC POWER COMPANY","award":["52280725000B"],"award-info":[{"award-number":["52280725000B"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"Cybersecurity defense strategy generation transforms threat intelligence into actionable defense measures against sophisticated multi-stage cyberattacks. Existing approaches lack multi-dimensional coordination of technical, tactical, and threat actor expertise, with limited benchmarks for evaluating defense strategy quality. To address these gaps, we introduce MACD (Multi-Agent Collaborative Defense), a novel framework that orchestrates specialized AI agents to generate ATT&CK-aligned defense strategies. MACD deploys three expert agents for technical defense, kill chain phase analysis, and APT profiling, coordinated through a synthesizing agent, while leveraging retrieval-augmented generation to mitigate hallucination risks in threat mapping. Additionally, we construct CyberDefBench, a comprehensive benchmark combining real-world APT cases and synthetic scenarios with dual-layer annotations for reactive and proactive defenses. Experimental results demonstrate that MACD achieves 84.6% technique mapping accuracy and 72.3% defense coverage, significantly outperforming baseline methods and validating the effectiveness of multi-agent collaboration for cybersecurity defense.<\/jats:p>","DOI":"10.3390\/info17040370","type":"journal-article","created":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T08:11:18Z","timestamp":1776240678000},"page":"370","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["MACD: Multi-Agent Collaborative Approach for Cybersecurity Defense Strategy Generation"],"prefix":"10.3390","volume":"17","author":[{"given":"Nanfang","family":"Li","sequence":"first","affiliation":[{"name":"State Grid Qinghai Electric Power Company, Electric Power Research Institute, Xining 810001, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiang","family":"Li","sequence":"additional","affiliation":[{"name":"State Grid Qinghai Electric Power Company, Electric Power Research Institute, Xining 810001, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zongrong","family":"Li","sequence":"additional","affiliation":[{"name":"State Grid Qinghai Electric Power Company, Electric Power Research Institute, Xining 810001, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Denghui","family":"Ma","sequence":"additional","affiliation":[{"name":"State Grid Qinghai Electric Power Company, Electric Power Research Institute, Xining 810001, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lijun","family":"Yan","sequence":"additional","affiliation":[{"name":"State Grid Qinghai Electric Power Company, Electric Power Research Institute, Xining 810001, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haishan","family":"Cao","sequence":"additional","affiliation":[{"name":"State Grid Qinghai Electric Power Company, Electric Power Research Institute, Xining 810001, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wenqian","family":"Zhang","sequence":"additional","affiliation":[{"name":"State Grid Qinghai Electric Power Company, Electric Power Research Institute, Xining 810001, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xu","family":"Wang","sequence":"additional","affiliation":[{"name":"State Grid Qinghai Electric Power Company, Electric Power Research Institute, Xining 810001, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yu","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Information Management, Central China Normal University, Wuhan 430079, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2026,4,15]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"tyad023","DOI":"10.1093\/cybsec\/tyad023","article-title":"A systematic literature review on advanced persistent threat behaviors and its detection strategy","volume":"10","author":"Jamil","year":"2024","journal-title":"J. Cybersecur."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"100668","DOI":"10.1016\/j.chbr.2025.100668","article-title":"A survey of social cybersecurity: Techniques for attack detection, evaluations, challenges, and future prospects","volume":"18","author":"Mulahuwaish","year":"2025","journal-title":"Comput. Hum. Behav. Rep."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Malik, V., Khanna, A., Sharma, N., and Nalluri, S. (2024). Advanced Persistent Threats (APTs): Detection Techniques and Mitigation Strategies. Int. J. Glob. Innov. Solut.","DOI":"10.21428\/e90189c8.91e89a3e"},{"key":"ref_4","unstructured":"Cobos, E.V., Cakir, S., Straub, S., Qiang, C.Z., and Torgusson, C. (2024). A Review of the Economic Costs of Cyber Incidents, World Bank."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"2272358","DOI":"10.1080\/23311916.2023.2272358","article-title":"Current trends in AI and ML for cybersecurity: A state-of-the-art survey","volume":"10","author":"Mohamed","year":"2023","journal-title":"Cogent Eng."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Ferrag, M.A., Alwahedi, F., Battah, A., Cherif, B., Mechri, A., and Tihanyi, N. (2024). Generative AI and large language models for cyber security: All insights you need. arXiv.","DOI":"10.2139\/ssrn.4853709"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Brand\u00e3o, P., and Silva, C. (2025). Unveiling the Shadows\u2014A Framework for APT\u2019s Defense AI and Game Theory Strategy. Algorithms, 18.","DOI":"10.3390\/a18070404"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"101110","DOI":"10.1016\/j.iot.2024.101110","article-title":"Multi-aspect rule-based AI: Methods, taxonomy, challenges and directions towards automation, intelligence and transparent cybersecurity modeling for critical infrastructures","volume":"25","author":"Sarker","year":"2024","journal-title":"Internet Things"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"27931","DOI":"10.1007\/s00521-025-11604-9","article-title":"Cybersecurity challenges and opportunities of machine learning-based artificial intelligence","volume":"37","author":"Czaja","year":"2025","journal-title":"Neural Comput. Appl."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Tong, Y., Liang, H., Ma, H., Zhang, S., and Yang, X. (2025). A Survey on Reinforcement Learning-Driven Adversarial Sample Generation for PE Malware. Electronics, 14.","DOI":"10.3390\/electronics14122422"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Jaffal, N.O., Alkhanafseh, M., and Mohaisen, D. (2025). Large language models in cybersecurity: A survey of applications, vulnerabilities, and defense techniques. AI, 6.","DOI":"10.3390\/ai6090216"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Motlagh, F.N., Hajizadeh, M., Majd, M., Najafi, P., Cheng, F., and Meinel, C. (2024). Large language models in cybersecurity: State-of-the-art. arXiv.","DOI":"10.5220\/0013377600003899"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Wu, Y., Lang, R., Yang, H., and Li, X. (2024, January 15\u201317). An automated security policy generation method based on rule-matching and machine-learning models. Proceedings of the 2024 International Conference on Advanced Control Systems and Automation Technologies (ACSAT), Nanjing, China.","DOI":"10.1109\/ACSAT63853.2024.10824042"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Noor, K., Imoize, A.L., Li, C.-T., and Weng, C.-Y. (2025). A review of machine learning and transfer learning strategies for intrusion detection systems in 5G and beyond. Mathematics, 13.","DOI":"10.3390\/math13071088"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Zhang, S., Li, S., Chen, P., Wang, S., and Zhao, C. (2022, January 15\u201317). Generating network security defense strategy based on cyber threat intelligence knowledge graph. Proceedings of the International Conference on Emerging Networking Architecture and Technologies, Shenzhen, China.","DOI":"10.1007\/978-981-19-9697-9_41"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Singh, A.V., Rathbun, E., Graham, E., Oakley, L., Boboila, S., Oprea, A., and Chin, P. (2024). Hierarchical Multi-agent Reinforcement Learning for Cyber Network Defense. arXiv.","DOI":"10.65109\/HXDA6728"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Xu, T., Wen, Z., Zhao, X., Wang, J., Li, Y., and Liu, C. (2025). L2M-AID: Autonomous Cyber-Physical Defense by Fusing Semantic Reasoning of Large Language Models with Multi-Agent Reinforcement Learning (Preprint). arXiv.","DOI":"10.1109\/Trustcom66490.2025.00256"},{"key":"ref_18","unstructured":"Tang, L., Meng, Y., Patra, A., Ma, W., Ye, M., and Xi, Z. (2025). POLAR: Automating Cyber Threat Prioritization through LLM-Powered Assessment. arXiv."},{"key":"ref_19","unstructured":"Mukherjee, S., Chatterjee, S., Purvine, E., Fujimoto, T., and Emerson, T. (2025). Large Language Model-Based Reward Design for Deep Reinforcement Learning-Driven Autonomous Cyber Defense. arXiv."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Wang, L., Ma, C., Feng, X., Zhang, Z., Yang, H., Zhang, J., Chen, Z., Tang, J., Chen, X., and Lin, Y. (2024). A survey on large language model based autonomous agents. Front. Comput. Sci., 18.","DOI":"10.1007\/s11704-024-40231-1"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Chowa, S.S., Alvi, R., Rahman, S.S., Rahman, M.A., Raiaan, M.A.K., Islam, M.R., Hussain, M., and Azam, S. (2025). From language to action: A review of large language models as autonomous agents and tool users. arXiv.","DOI":"10.1007\/s10462-025-11471-9"},{"key":"ref_22","unstructured":"Yao, S., Zhao, J., Yu, D., Du, N., Shafran, I., Narasimhan, K.R., and Cao, Y. (2022, January 25\u201329). ReAct: Synergizing reasoning and acting in language models. Proceedings of the Eleventh International Conference on Learning Representations, Virtual."},{"key":"ref_23","unstructured":"Zhao, H., Ma, C., Wang, G., Su, J., Kong, L., Xu, J., Deng, Z.-H., and Yang, H. (2024). Empowering Large Language Model Agents through Action Learning. arXiv."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Xiong, W., Song, Y., Zhao, X., Wu, W., Wang, X., Wang, K., Li, C., Peng, W., and Li, S. (2024). Watch every step! LLM agent learning via iterative step-level process refinement. arXiv.","DOI":"10.18653\/v1\/2024.emnlp-main.93"},{"key":"ref_25","first-page":"273","article-title":"Multi-Agent AI Systems in Healthcare: A Systematic Review Enhancing Clinical Decision-Making","volume":"8","author":"Nweke","year":"2025","journal-title":"Asian J. Med Princ. Clin. Pract."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/17\/4\/370\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T08:25:15Z","timestamp":1776241515000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/17\/4\/370"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,15]]},"references-count":25,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2026,4]]}},"alternative-id":["info17040370"],"URL":"https:\/\/doi.org\/10.3390\/info17040370","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,4,15]]}}}