Open Access
LEVERAGING CYBER THREAT INTELLIGENCE MINING FOR ENHANCED PROACTIVE CYBERSECURITY: A COMPREHENSIVE REVIEW AND FUTURE DIRECTIONS
4
Centre for Cyber Analytics and Threat Intelligence, University of Bristol, United Kingdom
Abstract
In the contemporary digital age, the sophistication and frequency of cyberattacks necessitate a paradigm shift from reactive defense to proactive cybersecurity measures. Cyber Threat Intelligence (CTI) has emerged as a cornerstone of this proactive strategy, enabling organizations to anticipate, detect, and respond to threats more effectively. This article provides a comprehensive survey of cyber threat intelligence mining, exploring its fundamental concepts, diverse sources, and the advanced techniques employed for extracting actionable insights from vast, often unstructured, data. We delve into various approaches, from the identification of Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) to the complex challenge of threat attribution. Furthermore, we highlight the significant challenges inherent in CTI mining, including data volume, veracity, semantic understanding, and the crucial aspect of translating intelligence into actionable defense. Finally, we propose new perspectives and promising research directions to advance the field of proactive cybersecurity through more effective CTI mining.
Keywords
cyber threat intelligence (CTI),
threat intelligence mining,
proactive cybersecurity,
cybersecurity analytics
References
“SolarWinds hackers linked to known Russian spying tools, investigators say.” 2022. Accessed: Oct. 10, 2022. [Online]. Available: https://cybernews.com/news/solarwinds-hackers-linked-to-known-russianspying-tools-investigators-say/
R. McMillan. “Definition: Threat intelligence.” Accessed: Nov. 10, 2022. [Online]. Available: https://gartner.com/
D. Shackleford, Who’s Using Cyberthreat Intelligence and How, SANS Inst., North Bethesda, MD, USA, 2015.
H. Dalziel, How to Define and Build an Effective Cyber Threat Intelligence Capability, Syngress, Waltham, MA, USA, 2014.
C. Fachkha and M. Debbabi, “Darknet as a source of cyber intelligence: Survey, taxonomy, and characterization,” IEEE Commun. Surveys Tuts., vol. 18, no. 2, pp. 1197–1227, 2nd Quart., 2015.
J. Robertson et al., Darkweb Cyber Threat Intelligence Mining. Cambridge, U.K.: Cambridge Univ. Press, 2017.
W. Tounsi and H. Rais, “A survey on technical threat intelligence in the age of sophisticated cyber attacks,” Comput. Security, vol. 72, pp. 212–233, Jan. 2018.
T. D. Wagner, K. Mahbub, E. Palomar, and A. E. Abdallah, “Cyber threat intelligence sharing: Survey and research directions,” Comput. Security, vol. 87, Nov. 2019, Art. no. 101589.
M. S. Abu, S. R. Selamat, A. Ariffin, and R. Yusof, “Cyber threat intelligence—Issue and challenges,” Ind. J. Elect. Eng. Comput. Sci., vol. 10, no. 1, pp. 371–379, 2018.
A. Ibrahim, D. Thiruvady, J.-G. Schneider, and M. Abdelrazek, “The challenges of leveraging threat intelligence to stop data breaches,” Front. Comput. Sci., vol. 2, p. 36, Aug. 2020.
M. R. Rahman, R. Mahdavi-Hezaveh, and L. Williams, “What are the attackers doing now? Automating cyber threat intelligence extraction from text on pace with the changing threat landscape: A survey,” 2021, arXiv:2109.06808.
M. R. Rahman, R. Mahdavi-Hezaveh, and L. Williams, “A literature review on mining cyberthreat intelligence from unstructured texts,” in Proc. Int. Conf. Data Min. Workshops (ICDMW), 2020, pp. 516–525.
R. Brown and P. Stirparo, SANS 2022 Cyber Threat Intelligence Survey, SANS Inst., North Bethesda, MD, USA, 2022.
A. Ramsdale, S. Shiaeles, and N. Kolokotronis, “A comparative analysis of cyber-threat intelligence sources, formats and languages,” Electronics, vol. 9, no. 5, p. 824, 2020.
“What is cyber threat intelligence? 2022 threat intelligence report.” 2022. Accessed: Feb. 13, 2023. [Online]. Available: https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/
N. Sun, C.-T. Li, H. Chan, M. Z. Islam, M. R. Islam, andW. Armstrong, “How do organizations seek cyber assurance? Investigations on the adoption of the common criteria and beyond,” IEEE Access, vol. 10, pp. 71749–71763, 2022.
N. Sun, J. Zhang, S. Gao, L. Y. Zhang, S. Camtepe, and Y. Xiang, “Data analytics of crowdsourced resources for cybersecurity intelligence,” in Proc. 14th Int. Conf. Netw. Syst. Security (NSS), Melbourne, VIC, Austraila, Nov. 2020, pp. 3–21.
“AlienVault open threat intelligence.” 2022. Accessed: Oct. 10, 2022. [Online]. Available: https://otx.alienvault.com/
“A community OpenIOC resource.” Accessed: Oct. 10, 2022. [Online]. Available: https://openiocdb.com/
“IOCbucket.” Accessed: Oct. 10, 2022. [Online]. Available: https://www.iocbucket.com/
Similar Articles
- Dr. Thomas Becker, Kevin Brooks, STRENGTHENING CYBER RESILIENCE: A COMPREHENSIVE EVALUATION OF SOCIAL ENGINEERING AWARENESS PROGRAMS , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 1 No. 01 (2024): Volume 01 Issue 01
- Dr. Elena Petrova, Dr. Hassan Al-Mansoori, EVALUATING AND ENHANCING CYBERSECURITY AND RESILIENCE IN HEALTHCARE: A UNIFIED RISK AND COMPLIANCE FRAMEWORK , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 05 (2025): Volume 02 Issue 05
- Dr. Dmitry V. Sokolov, Synergizing Generative AI and Explainable Machine Learning in Security Operations Centers: Mitigating Alert Fatigue and Enhancing Analyst Performance , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 10 (2025): Volume 02 Issue 10
- Dr. Amara Ndlovu, Dr. Faisal Khan, CYBERSECURITY IN VIRTUAL GATHERINGS: RISKS AND REMEDIAL STRATEGIES FOR VIDEO CONFERENCING SOFTWARE , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 04 (2025): Volume 02 Issue 04
- Dr. Jakob R. Neumann, Prof. Leila F. Mahmoud, Securing the Virtual Meeting Space: An Analysis of Cybersecurity Risks and Mitigation Strategies for Video Conferencing Platforms , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 09 (2025): Volume 02 Issue 09
- Prof. Hans-Peter Vogel, Dr. Farah Al-Dabbagh, UNINTENDED CONSEQUENCES AND SPILLOVER EFFECTS IN OFFENSIVE CYBER OPERATIONS: A SYSTEMATIC LITERATURE REVIEW , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 1 No. 01 (2024): Volume 01 Issue 01
- Dr. Tanvi Das, James D. Walker, A FEDERATED MULTI-MODAL SYSTEM FOR INSIDER THREAT DETECTION IN ENERGY INFRASTRUCTURE USING BIOMETRIC AND CYBER DATA , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 01 (2025): Volume 02 Issue 01
- Dr. Wei-Lin Cheng, COLLATERAL EFFECTS AND UNINTENDED REPERCUSSIONS IN OFFENSIVE CYBER OPERATIONS: A SYSTEMATIC LITERATURE REVIEW , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 03 (2025): Volume 02 Issue 03
- Farah Al-Mansouri, THE IMPLICIT LANGUAGE OF CYBERSECURITY: EDUCATIONAL CHALLENGES AND IMPLICATIONS , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 07 (2025): Volume 02 Issue 07
- Dr. Alistair Finch, Navigating the Digital Battlefield: A Systematic Review of Collateral Effects in Offensive Cyber Operations , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 08 (2025): Volume 02 Issue 08
You may also start an advanced similarity search for this article.