Cyber Threat Intelligence Mining for Proactive Cybersecurity Defense: A Survey and New Perspectives

Today's cyber attacks have become more severe and frequent, which calls for a new line of security defenses to protect against them. The dynamic nature of new-generation threats, which are evasive, resilient, and complex, makes traditional security systems based on heuristics and signatures str...

Full description

Saved in:
Bibliographic Details
Published in:IEEE Communications surveys and tutorials 2023-01, Vol.25 (3), p.1-1
Main Authors: Sun, Nan, Ding, Ming, Jiang, Jiaojiao, Xu, Weikang, Mo, Xiaoxing, Tai, Yonghang, Zhang, Jun
Format: Article
Language:English
Subjects:
cyber threat intelligence
Cybersecurity
Cybersecurity defense
data mining
Information management
Intelligence gathering
machine learning
Management systems
natural language processing
Organizations
Security systems
State-of-the-art reviews
Taxonomy
Threat evaluation
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Today's cyber attacks have become more severe and frequent, which calls for a new line of security defenses to protect against them. The dynamic nature of new-generation threats, which are evasive, resilient, and complex, makes traditional security systems based on heuristics and signatures struggle to match. Organizations aim to gather and share real-time cyber threat information and then turn it into threat intelligence for preventing attacks or, at the very least, responding quickly in a proactive manner. Cyber Threat Intelligence (CTI) mining, which uncovers, processes, and analyzes valuable information about cyber threats, is booming. However, most organizations today mainly focus on basic use cases, such as integrating threat data feeds with existing network and firewall systems, intrusion prevention systems, and Security Information and Event Management systems (SIEMs), without taking advantage of the insights that such new intelligence can deliver. In order to make the most of CTI so as to significantly strengthen security postures, we present a comprehensive review of recent research efforts on CTI mining from multiple data sources in this article. Specifically, we provide and devise a taxonomy to summarize the studies on CTI mining based on the intended purposes (i.e., cybersecurity-related entities and events, cyber attack tactics, techniques and procedures, profiles of hackers, indicators of compromise, vulnerability exploits and malware implementation, and threat hunting), along with a comprehensive review of the current state-of-the-art. Lastly, we discuss research challenges and possible future research directions for CTI mining.
ISSN:1553-877X
1553-877X
2373-745X
DOI:10.1109/COMST.2023.3273282