Abstract
Managing cybersecurity within organizations typically relies on careful consideration and management of its risks. By following an iterative—often sequential—risk management process, an organization’s exposure to risks can be assessed by weighing organizational digital asset values against the probability of being harmed by a threat [29]. However, this approach has been criticized for reflecting only a snapshot of the organization’s assets and threats. Furthermore, identifying threats and the ability to remain updated on current threats and vulnerabilities are often dependent on skilled and experienced experts, causing risks to be primarily determined based on subjective judgment [46]. Nevertheless, this also poses a challenge to organizations that cannot stay up-to-date with what assets are vulnerable or attain personnel with the necessary experience and know-how to obtain relevant information on cybersecurity threats towards those assets [8, 30, 37].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahmad, A., Desouza, K.C., Maynard, S.B., Naseer, H., Baskerville, R.L.: How integration of cyber security management and incident response enables organizational learning. J. Assoc. Inf. Sci. Technol. 71(8), 939–953 (2020). https://doi.org/10.1002/asi.24311
Agyepong, E., Cherdantseva, Y., Reinecke, P., Burnap, P.: Challenges and performance metrics for security operations center analysts: a systematic review. J. Cybersecur. Technol. 4(3), 125–152 (2020)
Alves, F., Ferreira, P.M., Bessani, A.: Design of a classification model for a twitter-based streaming threat monitor. In: 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 9–14. IEEE, Portland (2019). https://doi.org/10.1109/DSN-W.2019.00010
Amthor, P., Fischer, D., Kühnhauser, W.E., Stelzer, D.: Automated cyber threat sensing and responding: integrating threat intelligence into security-policy-controlled systems. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–10. ACM, Canterbury (2019). https://doi.org/10.1145/3339252.3340509
Armstrong, G.W., Lorch, A.C.: A(eye): a review of current applications of artificial intelligence and machine learning in ophthalmology. Int. Ophthalmol. Clin. 60(1), 57–71 (2020). https://doi.org/10.1097/IIO.0000000000000298
Baskerville, R., Spagnoletti, P., Kim, J.: Incident-centered information security: managing a strategic balance between prevention and response. Inf. Manag. 51(1), 138–151 (2014). https://doi.org/10.1016/j.im.2013.11.004
Bhatt, S., Manadhata, P.K., Zomlot, L.: The operational role of security information and event management systems. IEEE Secur. Priv. 12(5), 35–41 (2014)
Bergström, E., Lundgren, M.: Stress amongst novice information security risk management practitioners. Int. J. Cyber Situat. Aware. 4(1), 128–154 (2019)
Bergström, E., Lundgren, M., Ericson, Å.: Revisiting information security risk management challenges: a practice perspective. Inf. Comput. Secur. x(x), xx–xx (2019)
Bo, T., Chen, Y., Wang, C., Zhao, Y., Lam, K.Y., Chi, C.H., Tian, H.: Tom: a threat operating model for early warning of cyber security threats. In: International Conference on Advanced Data Mining and Applications, pp. 696–711. Springer, Cham (2019)
Conti, M., Dargahi, T., Dehghantanha, A.: Cyber threat intelligence: challenges and opportunities. In: Dehghantanha, A., Conti, M., Dargahi, T. (eds.) Cyber Threat Intelligence, vol. 70, pp. 1–6. Springer International Publishing, Cham (2018). https://doi.org/10.1007/978-3-319-73951-9_1
Cortex: How SOAR Is Transforming Threat Intelligence. Palo Alto Networks (2020)
CREST: What is cyber threat intelligence and how is it used? CREST, Level 2, The Porter Building, 1 Brunel Wy., Slough SL1 1FQ, United Kingdom (2019)
Deliu, I., Leichter, C., Franke, K.: Extracting cyber threat intelligence from hacker forums: support vector machines versus convolutional neural networks. In: 2017 IEEE International Conference on Big Data (Big Data), pp. 3648–3656. IEEE, Boston (2017). https://doi.org/10.1109/BigData.2017.8258359
Ebrahimi, M., Nunamaker Jr., J.F., Chen, H.: Semi-supervised cyber threat identification in dark net markets: a transductive and deep learning approach. J. Manag. Inf. Syst. 37(3), 694–722 (2020)
Friedman, J., Bouchard, M.: Definitive Guide to Cyber Threat Intelligence: Using Knowledge About Adversaries to Win the War against Targeted Attacks. CyberEdge Group (2015)
Ghazi, Y., Anwar, Z., Mumtaz, R., Saleem, S., Tahir, A.: A supervised machine learning based approach for automatically extracting high-level threat intelligence from unstructured sources. In: 2018 International Conference on Frontiers of Information Technology (FIT), pp. 129–134. IEEE, Islamabad (2018). https://doi.org/10.1109/FIT.2018.00030
Gschwandtner, M., Demetz, L., Gander, M., Maier, R.: Integrating threat intelligence to enhance an organization’s information security management. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, pp. 1–8. ACM, Hamburg (2018). https://doi.org/10.1145/3230833.3232797
Handelman, G.S., Kok, H.K., Chandra, R.V., Razavi, A.H., Huang, S., Brooks, M., Lee, M.J., Asadi, H.: Peering into the black box of artificial intelligence: evaluation metrics of machine learning methods. Am. J. Roentgenol. 212(1), 38–43 (2019). https://doi.org/10.2214/AJR.18.20224
Hindy, H., Atkinson, R., Tachtatzis, C., Colin, J.-N., Bayne, E., Bellekens, X.: Utilising deep learning techniques for effective zero-day attack detection. Electronics. 9, 1684 (2020). https://doi.org/10.3390/electronics9101684
ISO/IEC, 27000: ISO/IEC 27000: information technology — Security techniques — Information security management systems - Overview and vocabulary, ISO (2014)
ISO/IEC 27001: SS-EN ISO/IEC 27001:2017: information technology-security techniques -information security management systems – requirements, ISO, (2017)
Kadoguchi, M., Hayashi, S., Hashimoto, M., Otsuka, A.: Exploring the dark web for cyber threat intelligence using machine leaning. In: 2019 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 200–202. IEEE (2019). https://doi.org/10.1109/ISI.2019.8823360
Kadoguchi, M., Kobayashi, H., Hayashi, S., Otsuka, A., Hashimoto, M.: Deep self-supervised clustering of the dark web for cyber threat intelligence. Deep self-supervised clustering of the dark web for cyber threat intelligence. In: 2020 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 1–6. IEEE (2020). https://doi.org/10.1109/ISI49825.2020.9280485
Kim, D., Kim, H.K.: Automated dataset generation system for collaborative research of cyber threat analysis. Secur. Commun. Netw. 2019, 1–10 (2019). https://doi.org/10.1155/2019/6268476
Kumar, V., Sinha, D.: A robust intelligent zero-day cyber-attack detection technique. Complex & Intelligent Systems. (2021). https://doi.org/10.1007/s40747-021-00396-9
Li, K., Wen, H., Li, H., Zhu, H., Sun, L.: Security OSIF: toward automatic discovery and analysis of event based cyber threat intelligence. In: 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), pp. 741–747. IEEE, Guangzhou (2018). https://doi.org/10.1109/SmartWorld.2018.00142
Lundgren, M.: Making the dead alive: dynamic routines in risk management (2020)
Lundgren, M., Bergström, E.: Dynamic interplay in the information security risk management process. Int. J. Risk Assess. Manage. 22(2), 212 (2019a). https://doi.org/10.1504/IJRAM.2019.101287
Lundgren, M., Bergström, E.: Security-related stress: a perspective on information security risk management. In: 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). IEEE, Oxford (2019b)
McMillan, R.: Definition: threat intelligence. Retrieved August 13, 2021, from https://www.gartner.com/doc/2487216/definition-threat-intelligence (2013)
Marcus, G.: Deep learning: a critical appraisal. arXiv preprint arXiv:1801.00631 (2018)
Mattern, T., Felker, J., Borum, R., Bamford, G.: Operational levels of cyber intelligence. Int. J. Intell. CounterIntell. 27(4), 702–719 (2014). https://doi.org/10.1080/08850607.2014.924811
MITRE: CVE - CVE and NVD Relationship. December 11 (2020). https://cve.mitre.org/about/cve_and_nvd_relationship.html. Accessed 31 July 2021
Mittal, S., Das, P.K., Mulwad, V., Joshi, A., Finin, T.: CyberTwitter: using twitter to generate alerts for cybersecurity threats and vulnerabilities. In: 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pp. 860–867. IEEE, San Francisco (2016). https://doi.org/10.1109/ASONAM.2016.7752338
Mittal, S., Joshi, A., Finin, T.: Cyber-all-Intel: An AI for security related threat intelligence. ArXiv:1905.02895 [Cs] (2019). http://arxiv.org/abs/1905.02895
Montasari, R., Carroll, F., Macdonald, S., Jahankhani, H., Hosseinian-Far, A., Daneshkhah, A.: Application of artificial intelligence and machine learning in producing actionable cyber threat intelligence. In: Montasari, R., Jahankhani, H., Hill, R., Parkinson, S. (eds.) Digital Forensic Investigation of Internet of Things (IoT) Devices, pp. 47–64. Springer International Publishing, Cham (2021). https://doi.org/10.1007/978-3-030-60425-7_3
Naseer, A., Naseer, H., Ahmad, A., Maynard, S.B., Masood Siddiqui, A.: Real-time analytics, incident response process agility and enterprise cybersecurity performance: a contingent resource-based analysis. Int. J. Inf. Manag. 59, 102334 (2021). https://doi.org/10.1016/j.ijinfomgt.2021.102334
NIST SP 800-39: Managing Information Security Risk: Organization, Mission, and Information System View," No. NIST SP 800-39. National Institute of Standards and Technology, Gaithersburg, MD (2011). https://doi.org/10.6028/NIST.SP.800-39
Noor, U., Anwar, Z., Amjad, T., Choo, K.K.R.: A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise. Futur. Gener. Comput. Syst. 96, 227–242 (2019)
Nunes, E., Diab, A., Gunn, A., Marin, E., Mishra, V., Paliath, V., Robertson, J., Shakarian, J., Thart, A., Shakarian, P.: Darknet and Deepnet mining for proactive cybersecurity threat intelligence. In: 2016 IEEE Conference on Intelligence and Security Informatics (ISI), pp. 7–12. IEEE, Tucson (2016). https://doi.org/10.1109/ISI.2016.7745435
Osliak, O., Saracino, A., Martinelli, F., Dimitrakos, T.: Towards collaborative cyber threat intelligence for security management. In: Proceedings of the 7th International Conference on Information Systems Security and Privacy, pp. 339–346. Online Streaming, --- Select a Country ---: SCITEPRESS - Science and Technology Publications (2021). https://doi.org/10.5220/0010191403390346
Pace, C.: The threat intelligence handbook a practical guide for security teams to unlocking the power of intelligence (2018). Retrieved from https://go.recordedfuture.com/hubfs/ebooks/threat-intelligence-handbook.pdf
Passi, S., Jackson, S.J.: Trust in data science: collaboration, translation, and accountability in corporate data science projects. In: Proceedings of the ACM on Human-Computer Interaction, 2(CSCW), pp. 1–28 (2018)
Ponemon Institute: The Value of Threat Intelligence: Annual Study of North American & United Kingdom Companies. Ponemon Institute LLC (2019)
Riesco, R., Villagrá, V.A.: Leveraging cyber threat intelligence for a dynamic risk framework: automation by using a semantic reasoner and a new combination of standards (STIX™, SWRL and OWL). Int. J. Inf. Secur. 18(6), 715–739 (2019). https://doi.org/10.1007/s10207-019-00433-2
Sahrom Abu, M., Rahayu Selamat, S., Ariffin, A., Yusof, R.: Cyber threat intelligence – issue and challenges. Indones. J. Electr. Eng. Comput. Sci. 10(1), 371 (2018). https://doi.org/10.11591/ijeecs.v10.i1.pp371-379
Sameera, N., Shashi, M.: Deep transductive transfer learning framework for zero-day attack detection. ICT Express. 6(4), 361–367 (2020). https://doi.org/10.1016/j.icte.2020.03.003
Samtani, S., Abate, M., Benjamin, V., Li, W.: Cybersecurity as an industry: a cyber threat intelligence perspective. In: Holt, T.J., Bossler, A.M. (eds.) The Palgrave Handbook of International Cybercrime and Cyberdeviance, pp. 135–154. Springer International Publishing, Cham (2020). https://doi.org/10.1007/978-3-319-78440-3_8
Sanguino, L.A.B., Uetz, R.: Software vulnerability analysis using CPE and CVE. ArXiv:1705.05347 [Cs]. http://arxiv.org/abs/1705.05347 (2017)
Sari, A.: Turkish national cyber-firewall to mitigate countrywide cyber-attacks. Comput. Electr. Eng. 73, 128–144 (2019)
Sauerwein, C., Sillaber, C., Mussmann, A., Breu, R.: Threat intelligence sharing platforms: an exploratory study of software vendors and research perspectives. Wirtschaftsinformatik Und Angewandte Informatik (2017)
Schäfer, M., Fuchs, M., Strohmeier, M., Engel, M., Liechti, M., Lenders, V.: BlackWidow: monitoring the dark web for cyber security information. In: 2019 11th International Conference on Cyber Conflict (CyCon), vol. 900, pp. 1–21. IEEE (2019)
Shackleford, D.: Who’s Using Cyberthreat Intelligence and How? SANS Institute (2015)
Sun, T., Yang, P., Li, M., Liao, S.: An automatic generation approach of the cyber threat intelligence records based on multi-source information fusion. Future Internet. 13(2), 40 (2021). https://doi.org/10.3390/fi13020040
Voutilainen, J., Kari, M.: Strategic cyber threat intelligence: building the situational picture with emerging technologies. In: Proceedings of the 19th European Conference on Cyber Warfare. Presented at the The 19th European Conference on Cyber Warfare. ACPI (2020). https://doi.org/10.34190/EWS.20.030
Wagner, T.D., Mahbub, K., Palomar, E., Abdallah, A.E.: Cyber threat intelligence sharing: survey and research directions. Comput. Secur. 87, 101589 (2019). https://doi.org/10.1016/j.cose.2019.101589
Webster, J., Watson, R.T.: Analyzing the past to prepare for the future: writing a literature review. MIS Q. 26(2), 13–23 (2002)
Whitman, M.E., Mattord, H.J.: Management of Information Security, Fourth edn. Cengage Learning, Stamford (2014)
Zhong, C., Yen, J., Liu, P., Erbacher, R.F.: Learning from experts’ experience: toward automated cyber security data triage. IEEE Syst. J. 13(1), 603–614 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Lundgren, M., Padyab, A. (2023). A Review of Cyber Threat (Artificial) Intelligence in Security Management. In: Sipola, T., Kokkonen, T., Karjalainen, M. (eds) Artificial Intelligence and Cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-031-15030-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-15030-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15029-6
Online ISBN: 978-3-031-15030-2
eBook Packages: Computer ScienceComputer Science (R0)