Cyber threats targeting educational institutions have become increasingly sophisticated, requiring proactive detection and rapid response measures. This study presents an integrated framework that combines an AI-driven threat detection system with the Malware Information Sharing Platform (MISP) to enhance cyber defenses in school networks. Leveraging a Design Science Research methodology, the project unfolds across four phases: system design and architecture, prototype implementation, pilot testing, and evaluation.

In the system design phase, requirements were gathered to develop an end-to-end architecture on Amazon Web Services (AWS), encompassing real-time data ingestion through Amazon Kinesis and Amazon Simple Email Service, data storage on Amazon S3, and AI-based anomaly and phishing detection using AWS Lambda. The prototype stage featured the integration of Random Cut Forest (RCF) for unsupervised anomaly detection and DistilBERT for phishing classification, enabling near real-time analysis of network and email data streams. MISP was hosted on Amazon EC2 and integrated with external threat feeds via STIX/TAXII, creating a closed-loop system that continuously refines shared Indicators of Compromise (IoCs).

Pilot testing involved three schools in Camarines Norte, where simulated attack scenarios validated the system’s practical effectiveness. Results revealed high detection accuracy, with reduced false positives once IoCs were regularly enriched through MISP. The automated alerting workflow significantly shortened time-to-detection and time-to-response when compared to traditional security approaches.

Quantitative metrics confirmed improvements in detection speed, precision, and recall, while qualitative feedback highlighted the system’s ease of use, scalability, and cost efficiency. These findings underscore the potential of AI-enhanced solutions underpinned by threat intelligence sharing, illustrating a robust, sustainable approach to improving cybersecurity in the education sector.