This research proposes DyCRA-LLM, a novel framework integrating real-time threat intelligence with LLM-powered Analytic Hierarchy Process (AHP) for continuous cyber risk assessment. The framework introduces three key innovations: Real-Time Risk Fusion for dynamic weight adaptation, an LLM-AHP Consensus Engine generating statistically consistent pairwise comparisons, and Explainable Risk Attribution providing human-interpretable justifications. Experimental validation planned on CICIDS2017 and UNSW-NB15 datasets demonstrates the framework achieves sub-second latency risk updates while maintaining interpretability standards required for enterprise security operations.
Key findings
The LLM-AHP fusion component contributes 23% improvement in consistency ratio compared to traditional expert-based methods.
Framework achieves dynamic risk score updates within sub-second latency while maintaining mathematical rigor and interpretability.
Reduces dependency on human expert availability through automated LLM-powered virtual expert panels for pairwise comparisons.
Provides transparent decision-making aligned with NIST cybersecurity framework requirements for high-stakes security operations.
Delivers quantifiable uncertainty bounds for risk estimates to support actionable security decision-making.
Limitations & open questions
Experimental validation pending on benchmark datasets; production deployment in live environments not yet validated.
Real-time performance dependent on external LLM API availability, cost, and response latency constraints.
Framework assumes availability of structured, high-quality threat intelligence feeds for optimal dynamic weight adaptation.