Skip to main content
SpringerLink
Log in

A Review of Cyber Threat (Artificial) Intelligence in Security Management

  • Chapter
  • First Online:
Artificial Intelligence and Cybersecurity

  • 1532 Accesses

Abstract

Managing cybersecurity within organizations typically relies on careful consideration and management of its risks. By following an iterative—often sequential—risk management process, an organization’s exposure to risks can be assessed by weighing organizational digital asset values against the probability of being harmed by a threat [29]. However, this approach has been criticized for reflecting only a snapshot of the organization’s assets and threats. Furthermore, identifying threats and the ability to remain updated on current threats and vulnerabilities are often dependent on skilled and experienced experts, causing risks to be primarily determined based on subjective judgment [46]. Nevertheless, this also poses a challenge to organizations that cannot stay up-to-date with what assets are vulnerable or attain personnel with the necessary experience and know-how to obtain relevant information on cybersecurity threats towards those assets [8, 30, 37].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ahmad, A., Desouza, K.C., Maynard, S.B., Naseer, H., Baskerville, R.L.: How integration of cyber security management and incident response enables organizational learning. J. Assoc. Inf. Sci. Technol. 71(8), 939–953 (2020). https://doi.org/10.1002/asi.24311

    Article  Google Scholar 

  2. Agyepong, E., Cherdantseva, Y., Reinecke, P., Burnap, P.: Challenges and performance metrics for security operations center analysts: a systematic review. J. Cybersecur. Technol. 4(3), 125–152 (2020)

    Google Scholar 

  3. Alves, F., Ferreira, P.M., Bessani, A.: Design of a classification model for a twitter-based streaming threat monitor. In: 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 9–14. IEEE, Portland (2019). https://doi.org/10.1109/DSN-W.2019.00010

    Chapter  Google Scholar 

  4. Amthor, P., Fischer, D., Kühnhauser, W.E., Stelzer, D.: Automated cyber threat sensing and responding: integrating threat intelligence into security-policy-controlled systems. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–10. ACM, Canterbury (2019). https://doi.org/10.1145/3339252.3340509

    Chapter  Google Scholar 

  5. Armstrong, G.W., Lorch, A.C.: A(eye): a review of current applications of artificial intelligence and machine learning in ophthalmology. Int. Ophthalmol. Clin. 60(1), 57–71 (2020). https://doi.org/10.1097/IIO.0000000000000298

    Article  Google Scholar 

  6. Baskerville, R., Spagnoletti, P., Kim, J.: Incident-centered information security: managing a strategic balance between prevention and response. Inf. Manag. 51(1), 138–151 (2014). https://doi.org/10.1016/j.im.2013.11.004

    Article  Google Scholar 

  7. Bhatt, S., Manadhata, P.K., Zomlot, L.: The operational role of security information and event management systems. IEEE Secur. Priv. 12(5), 35–41 (2014)

    Article  Google Scholar 

  8. Bergström, E., Lundgren, M.: Stress amongst novice information security risk management practitioners. Int. J. Cyber Situat. Aware. 4(1), 128–154 (2019)

    Article  Google Scholar 

  9. Bergström, E., Lundgren, M., Ericson, Å.: Revisiting information security risk management challenges: a practice perspective. Inf. Comput. Secur. x(x), xx–xx (2019)

    Google Scholar 

  10. Bo, T., Chen, Y., Wang, C., Zhao, Y., Lam, K.Y., Chi, C.H., Tian, H.: Tom: a threat operating model for early warning of cyber security threats. In: International Conference on Advanced Data Mining and Applications, pp. 696–711. Springer, Cham (2019)

    Chapter  Google Scholar 

  11. Conti, M., Dargahi, T., Dehghantanha, A.: Cyber threat intelligence: challenges and opportunities. In: Dehghantanha, A., Conti, M., Dargahi, T. (eds.) Cyber Threat Intelligence, vol. 70, pp. 1–6. Springer International Publishing, Cham (2018). https://doi.org/10.1007/978-3-319-73951-9_1

    Chapter  Google Scholar 

  12. Cortex: How SOAR Is Transforming Threat Intelligence. Palo Alto Networks (2020)

    Google Scholar 

  13. CREST: What is cyber threat intelligence and how is it used? CREST, Level 2, The Porter Building, 1 Brunel Wy., Slough SL1 1FQ, United Kingdom (2019)

    Google Scholar 

  14. Deliu, I., Leichter, C., Franke, K.: Extracting cyber threat intelligence from hacker forums: support vector machines versus convolutional neural networks. In: 2017 IEEE International Conference on Big Data (Big Data), pp. 3648–3656. IEEE, Boston (2017). https://doi.org/10.1109/BigData.2017.8258359

    Chapter  Google Scholar 

  15. Ebrahimi, M., Nunamaker Jr., J.F., Chen, H.: Semi-supervised cyber threat identification in dark net markets: a transductive and deep learning approach. J. Manag. Inf. Syst. 37(3), 694–722 (2020)

    Article  Google Scholar 

  16. Friedman, J., Bouchard, M.: Definitive Guide to Cyber Threat Intelligence: Using Knowledge About Adversaries to Win the War against Targeted Attacks. CyberEdge Group (2015)

    Google Scholar 

  17. Ghazi, Y., Anwar, Z., Mumtaz, R., Saleem, S., Tahir, A.: A supervised machine learning based approach for automatically extracting high-level threat intelligence from unstructured sources. In: 2018 International Conference on Frontiers of Information Technology (FIT), pp. 129–134. IEEE, Islamabad (2018). https://doi.org/10.1109/FIT.2018.00030

    Chapter  Google Scholar 

  18. Gschwandtner, M., Demetz, L., Gander, M., Maier, R.: Integrating threat intelligence to enhance an organization’s information security management. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, pp. 1–8. ACM, Hamburg (2018). https://doi.org/10.1145/3230833.3232797

    Chapter  Google Scholar 

  19. Handelman, G.S., Kok, H.K., Chandra, R.V., Razavi, A.H., Huang, S., Brooks, M., Lee, M.J., Asadi, H.: Peering into the black box of artificial intelligence: evaluation metrics of machine learning methods. Am. J. Roentgenol. 212(1), 38–43 (2019). https://doi.org/10.2214/AJR.18.20224

    Article  Google Scholar 

  20. Hindy, H., Atkinson, R., Tachtatzis, C., Colin, J.-N., Bayne, E., Bellekens, X.: Utilising deep learning techniques for effective zero-day attack detection. Electronics. 9, 1684 (2020). https://doi.org/10.3390/electronics9101684

    Article  Google Scholar 

  21. ISO/IEC, 27000: ISO/IEC 27000: information technology — Security techniques — Information security management systems - Overview and vocabulary, ISO (2014)

    Google Scholar 

  22. ISO/IEC 27001: SS-EN ISO/IEC 27001:2017: information technology-security techniques -information security management systems – requirements, ISO, (2017)

    Google Scholar 

  23. Kadoguchi, M., Hayashi, S., Hashimoto, M., Otsuka, A.: Exploring the dark web for cyber threat intelligence using machine leaning. In: 2019 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 200–202. IEEE (2019). https://doi.org/10.1109/ISI.2019.8823360

    Chapter  Google Scholar 

  24. Kadoguchi, M., Kobayashi, H., Hayashi, S., Otsuka, A., Hashimoto, M.: Deep self-supervised clustering of the dark web for cyber threat intelligence. Deep self-supervised clustering of the dark web for cyber threat intelligence. In: 2020 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 1–6. IEEE (2020). https://doi.org/10.1109/ISI49825.2020.9280485

    Chapter  Google Scholar 

  25. Kim, D., Kim, H.K.: Automated dataset generation system for collaborative research of cyber threat analysis. Secur. Commun. Netw. 2019, 1–10 (2019). https://doi.org/10.1155/2019/6268476

    Article  Google Scholar 

  26. Kumar, V., Sinha, D.: A robust intelligent zero-day cyber-attack detection technique. Complex & Intelligent Systems. (2021). https://doi.org/10.1007/s40747-021-00396-9

  27. Li, K., Wen, H., Li, H., Zhu, H., Sun, L.: Security OSIF: toward automatic discovery and analysis of event based cyber threat intelligence. In: 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), pp. 741–747. IEEE, Guangzhou (2018). https://doi.org/10.1109/SmartWorld.2018.00142

    Chapter  Google Scholar 

  28. Lundgren, M.: Making the dead alive: dynamic routines in risk management (2020)

    Google Scholar 

  29. Lundgren, M., Bergström, E.: Dynamic interplay in the information security risk management process. Int. J. Risk Assess. Manage. 22(2), 212 (2019a). https://doi.org/10.1504/IJRAM.2019.101287

    Article  Google Scholar 

  30. Lundgren, M., Bergström, E.: Security-related stress: a perspective on information security risk management. In: 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). IEEE, Oxford (2019b)

    Google Scholar 

  31. McMillan, R.: Definition: threat intelligence. Retrieved August 13, 2021, from https://www.gartner.com/doc/2487216/definition-threat-intelligence (2013)

  32. Marcus, G.: Deep learning: a critical appraisal. arXiv preprint arXiv:1801.00631 (2018)

    Google Scholar 

  33. Mattern, T., Felker, J., Borum, R., Bamford, G.: Operational levels of cyber intelligence. Int. J. Intell. CounterIntell. 27(4), 702–719 (2014). https://doi.org/10.1080/08850607.2014.924811

    Article  Google Scholar 

  34. MITRE: CVE - CVE and NVD Relationship. December 11 (2020). https://cve.mitre.org/about/cve_and_nvd_relationship.html. Accessed 31 July 2021

  35. Mittal, S., Das, P.K., Mulwad, V., Joshi, A., Finin, T.: CyberTwitter: using twitter to generate alerts for cybersecurity threats and vulnerabilities. In: 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pp. 860–867. IEEE, San Francisco (2016). https://doi.org/10.1109/ASONAM.2016.7752338

    Chapter  Google Scholar 

  36. Mittal, S., Joshi, A., Finin, T.: Cyber-all-Intel: An AI for security related threat intelligence. ArXiv:1905.02895 [Cs] (2019). http://arxiv.org/abs/1905.02895

  37. Montasari, R., Carroll, F., Macdonald, S., Jahankhani, H., Hosseinian-Far, A., Daneshkhah, A.: Application of artificial intelligence and machine learning in producing actionable cyber threat intelligence. In: Montasari, R., Jahankhani, H., Hill, R., Parkinson, S. (eds.) Digital Forensic Investigation of Internet of Things (IoT) Devices, pp. 47–64. Springer International Publishing, Cham (2021). https://doi.org/10.1007/978-3-030-60425-7_3

    Chapter  Google Scholar 

  38. Naseer, A., Naseer, H., Ahmad, A., Maynard, S.B., Masood Siddiqui, A.: Real-time analytics, incident response process agility and enterprise cybersecurity performance: a contingent resource-based analysis. Int. J. Inf. Manag. 59, 102334 (2021). https://doi.org/10.1016/j.ijinfomgt.2021.102334

    Article  Google Scholar 

  39. NIST SP 800-39: Managing Information Security Risk: Organization, Mission, and Information System View," No. NIST SP 800-39. National Institute of Standards and Technology, Gaithersburg, MD (2011). https://doi.org/10.6028/NIST.SP.800-39

    Book  Google Scholar 

  40. Noor, U., Anwar, Z., Amjad, T., Choo, K.K.R.: A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise. Futur. Gener. Comput. Syst. 96, 227–242 (2019)

    Article  Google Scholar 

  41. Nunes, E., Diab, A., Gunn, A., Marin, E., Mishra, V., Paliath, V., Robertson, J., Shakarian, J., Thart, A., Shakarian, P.: Darknet and Deepnet mining for proactive cybersecurity threat intelligence. In: 2016 IEEE Conference on Intelligence and Security Informatics (ISI), pp. 7–12. IEEE, Tucson (2016). https://doi.org/10.1109/ISI.2016.7745435

    Chapter  Google Scholar 

  42. Osliak, O., Saracino, A., Martinelli, F., Dimitrakos, T.: Towards collaborative cyber threat intelligence for security management. In: Proceedings of the 7th International Conference on Information Systems Security and Privacy, pp. 339–346. Online Streaming, --- Select a Country ---: SCITEPRESS - Science and Technology Publications (2021). https://doi.org/10.5220/0010191403390346

    Chapter  Google Scholar 

  43. Pace, C.: The threat intelligence handbook a practical guide for security teams to unlocking the power of intelligence (2018). Retrieved from https://go.recordedfuture.com/hubfs/ebooks/threat-intelligence-handbook.pdf

  44. Passi, S., Jackson, S.J.: Trust in data science: collaboration, translation, and accountability in corporate data science projects. In: Proceedings of the ACM on Human-Computer Interaction, 2(CSCW), pp. 1–28 (2018)

    Google Scholar 

  45. Ponemon Institute: The Value of Threat Intelligence: Annual Study of North American & United Kingdom Companies. Ponemon Institute LLC (2019)

    Google Scholar 

  46. Riesco, R., Villagrá, V.A.: Leveraging cyber threat intelligence for a dynamic risk framework: automation by using a semantic reasoner and a new combination of standards (STIX™, SWRL and OWL). Int. J. Inf. Secur. 18(6), 715–739 (2019). https://doi.org/10.1007/s10207-019-00433-2

    Article  Google Scholar 

  47. Sahrom Abu, M., Rahayu Selamat, S., Ariffin, A., Yusof, R.: Cyber threat intelligence – issue and challenges. Indones. J. Electr. Eng. Comput. Sci. 10(1), 371 (2018). https://doi.org/10.11591/ijeecs.v10.i1.pp371-379

    Article  Google Scholar 

  48. Sameera, N., Shashi, M.: Deep transductive transfer learning framework for zero-day attack detection. ICT Express. 6(4), 361–367 (2020). https://doi.org/10.1016/j.icte.2020.03.003

    Article  Google Scholar 

  49. Samtani, S., Abate, M., Benjamin, V., Li, W.: Cybersecurity as an industry: a cyber threat intelligence perspective. In: Holt, T.J., Bossler, A.M. (eds.) The Palgrave Handbook of International Cybercrime and Cyberdeviance, pp. 135–154. Springer International Publishing, Cham (2020). https://doi.org/10.1007/978-3-319-78440-3_8

    Chapter  Google Scholar 

  50. Sanguino, L.A.B., Uetz, R.: Software vulnerability analysis using CPE and CVE. ArXiv:1705.05347 [Cs]. http://arxiv.org/abs/1705.05347 (2017)

  51. Sari, A.: Turkish national cyber-firewall to mitigate countrywide cyber-attacks. Comput. Electr. Eng. 73, 128–144 (2019)

    Article  Google Scholar 

  52. Sauerwein, C., Sillaber, C., Mussmann, A., Breu, R.: Threat intelligence sharing platforms: an exploratory study of software vendors and research perspectives. Wirtschaftsinformatik Und Angewandte Informatik (2017)

    Google Scholar 

  53. Schäfer, M., Fuchs, M., Strohmeier, M., Engel, M., Liechti, M., Lenders, V.: BlackWidow: monitoring the dark web for cyber security information. In: 2019 11th International Conference on Cyber Conflict (CyCon), vol. 900, pp. 1–21. IEEE (2019)

    Google Scholar 

  54. Shackleford, D.: Who’s Using Cyberthreat Intelligence and How? SANS Institute (2015)

    Google Scholar 

  55. Sun, T., Yang, P., Li, M., Liao, S.: An automatic generation approach of the cyber threat intelligence records based on multi-source information fusion. Future Internet. 13(2), 40 (2021). https://doi.org/10.3390/fi13020040

    Article  Google Scholar 

  56. Voutilainen, J., Kari, M.: Strategic cyber threat intelligence: building the situational picture with emerging technologies. In: Proceedings of the 19th European Conference on Cyber Warfare. Presented at the The 19th European Conference on Cyber Warfare. ACPI (2020). https://doi.org/10.34190/EWS.20.030

    Chapter  Google Scholar 

  57. Wagner, T.D., Mahbub, K., Palomar, E., Abdallah, A.E.: Cyber threat intelligence sharing: survey and research directions. Comput. Secur. 87, 101589 (2019). https://doi.org/10.1016/j.cose.2019.101589

    Article  Google Scholar 

  58. Webster, J., Watson, R.T.: Analyzing the past to prepare for the future: writing a literature review. MIS Q. 26(2), 13–23 (2002)

    Google Scholar 

  59. Whitman, M.E., Mattord, H.J.: Management of Information Security, Fourth edn. Cengage Learning, Stamford (2014)

    Google Scholar 

  60. Zhong, C., Yen, J., Liu, P., Erbacher, R.F.: Learning from experts’ experience: toward automated cyber security data triage. IEEE Syst. J. 13(1), 603–614 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Electrical and Space Engineering, Luleå University of Technology, Luleå, Sweden

    Martin Lundgren

  2. School of Informatics, University of Skövde, Skövde, Sweden

    Ali Padyab

Authors
  1. Martin Lundgren
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ali Padyab
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Lundgren .

Editor information

Editors and Affiliations

  1. JAMK University of Applied Sciences, Jyväskylä, Finland

    Tuomo Sipola

  2. JAMK University of Applied Sciences, Jyväskylä, Finland

    Tero Kokkonen

  3. JAMK University of Applied Sciences, Jyväskylä, Finland

    Mika Karjalainen

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Lundgren, M., Padyab, A. (2023). A Review of Cyber Threat (Artificial) Intelligence in Security Management. In: Sipola, T., Kokkonen, T., Karjalainen, M. (eds) Artificial Intelligence and Cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-031-15030-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15030-2_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15029-6

  • Online ISBN: 978-3-031-15030-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation