ARCHIVES

The rapid proliferation of sophisticated cyber threats has exposed critical limitations in conventional security architectures that rely on isolated, reactive tools. This paper presents ZeroGuardian-XDR, an intelligent and lightweight Extended Detection and Response (XDR) framework engineered to deliver real-time network threat detection, automated vulnerability assessment, and proactive incident alerting through a unified platform. The proposed system employs a trained autoencoder neural network for behavioral anomaly detection, enabling the identification of zero-day and previously unknown threats without reliance on static signature databases. ZeroGuardian-XDR integrates nine live global threat intelligence feeds including AlienVault OTX, Abuse.ch, Feodo Tracker, URLhaus, Blocklist.de, ThreatFox, NVD CVEs, MITRE ATT&CK, and EmergingThreats, collectively maintaining over 22,000 dynamic threat indicators automatically refreshed every six hours. The system maps all detections to the MITRE ATT&CK framework with 87% technique coverage across 8 tactical phases and 691 monitored techniques. A professional SOC-style web dashboard, multi-channel alert delivery via Telegram and email, automated PDF report generation, and an Nmap-powered CVE vulnerability scanner complete the integrated architecture. Experimental evaluation using five simulated zero-day attack scenarios demonstrated 100% detection accuracy with minimal false positive rates. The framework is deployed on Ubuntu Server 24.04 and made publicly available through open-source distribution with Windows and Linux installer packages. ZeroGuardian-XDR represents a scalable, cost-effective, and academically reproducible cybersecurity solution for modern network protection