Fuentes, Daniel Alexandre LopesFrazão, Luís Alexandre LopesCorreia, Luís Filipe JesusCosta, Nuno Alexandre Ribeiro daPereira, António Manuel de JesusVieira, Gabriel Madeira2025-11-262025-11-262025-10-31http://hdl.handle.net/10400.8/14727Cybersecurity infrastructures face constant challenges, including increasingly sophisticated threats, the rising costs of Security Operations Centres (SOCs), and a growing shortage of skilled professionals. To address these issues, this dissertation proposes an AI-based architectural framework designed to automate network security and enhance threat mitigation. The proposed framework integrates Software-Defined Networking (SDN) and Security Information and Event Management (SIEM) with AI-driven Intrusion Detection and Prevention Systems (IDS/IPS). It incorporates a lightweight Large Language Model (LLM) under 4GB, trained on MikroTik documentation to translate user intent into network commands. In addition, several machine learning models are trained and evaluated for real-time threat detection, supported by a digital twin and a sandbox for configuration testing. Three specialised datasets from scraped documentation and available APIs—pretraining, QA, and reasoning—were developed, totalling 74,482 records. A web interface and REST APIs provide accessibility. Experimental results show that the AI models achieve a 74% LLM generated command execution success rate, substantially surpassing the 8% untrained baseline, and the selected machine learning classifier attains a 94.84% F1-score for threat detection, thereby supporting the validity of the proposed approach. This proposed architecture demonstrates how AI-driven automation can offer organisations a scalable, cost-effective, and practical alternative to traditional SOCs, which are often resource-intensive and require specialized personnel, strengthening resilience against contemporary cybersecurity threats and enabling multi-vendor support through adaptable data sources.porCybersecurityAI-driven securityNetwork automationLarge language modelsIntrusion detectionSoftware-defined networkingmaster thesis204057582