AI-Based Holistic Framework for Cyber Threat Intelligence Management
Cyber Threat Intelligence (CTI) is an important asset for organisations to facilitate the safeguarding of their systems against new and emerging cyber threats. CTI continuously provides up-to-date information which enables the design and implementation of better security measures and mitigation stra...
Saved in:
| Main Authors: | , , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10851288/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1825206996913094656 |
|---|---|
| author | Arnolnt Spyros Ilias Koritsas Angelos Papoutsis Panos Panagiotou Despoina Chatzakou Dimitrios Kavallieros Theodora Tsikrika Stefanos Vrochidis Ioannis Kompatsiaris |
| author_facet | Arnolnt Spyros Ilias Koritsas Angelos Papoutsis Panos Panagiotou Despoina Chatzakou Dimitrios Kavallieros Theodora Tsikrika Stefanos Vrochidis Ioannis Kompatsiaris |
| author_sort | Arnolnt Spyros |
| collection | DOAJ |
| description | Cyber Threat Intelligence (CTI) is an important asset for organisations to facilitate the safeguarding of their systems against new and emerging cyber threats. CTI continuously provides up-to-date information which enables the design and implementation of better security measures and mitigation strategies. Organisations gather data from different sources either internal or external to the organisation, which are analysed, resulting in CTI. Nevertheless, the gathered data usually contain a large amount of content that is irrelevant to CTI or even to cybersecurity. Furthermore, most approaches concerning CTI management (e.g., gathering, analysis) involve simply gathering and storing the information without any enrichment such as classification or correlation. However, in order to obtain optimal results, organisations should be able to utilise all capabilities of CTI. Therefore, in this work, we propose ThreatWise AI, a novel framework that enables the gathering, analysis, enrichment, storage, and sharing of CTI in an efficient and secure manner. In particular, we have developed a novel pipeline in ThreatWise AI which incorporates different advanced tools, with distinct capabilities that interact with each other to provide a complete set of functionalities for the administration of the overall CTI lifecycle. The developed tools integrate various Python scripts and provide gathering and analysis functionalities of CTI. Furthermore, the proposed framework leverages the MISP platform for storing, enriching and sharing while also integrating Artificial Intelligence (AI) and Machine Learning (ML) algorithms for advanced data enrichment. |
| format | Article |
| id | doaj-art-06fbaa3d79384dafa8d89e2f83d92d69 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-06fbaa3d79384dafa8d89e2f83d92d692025-02-07T00:01:50ZengIEEEIEEE Access2169-35362025-01-0113208202084610.1109/ACCESS.2025.353308410851288AI-Based Holistic Framework for Cyber Threat Intelligence ManagementArnolnt Spyros0https://orcid.org/0000-0002-4681-104XIlias Koritsas1Angelos Papoutsis2Panos Panagiotou3Despoina Chatzakou4https://orcid.org/0000-0002-9564-7100Dimitrios Kavallieros5Theodora Tsikrika6https://orcid.org/0000-0003-4148-9028Stefanos Vrochidis7https://orcid.org/0000-0002-2505-9178Ioannis Kompatsiaris8https://orcid.org/0000-0001-6447-9020Centre for Research and Technology Hellas, Information Technologies Institute, Thessaloniki, GreeceCentre for Research and Technology Hellas, Information Technologies Institute, Thessaloniki, GreeceCentre for Research and Technology Hellas, Information Technologies Institute, Thessaloniki, GreeceCentre for Research and Technology Hellas, Information Technologies Institute, Thessaloniki, GreeceCentre for Research and Technology Hellas, Information Technologies Institute, Thessaloniki, GreeceCentre for Research and Technology Hellas, Information Technologies Institute, Thessaloniki, GreeceCentre for Research and Technology Hellas, Information Technologies Institute, Thessaloniki, GreeceCentre for Research and Technology Hellas, Information Technologies Institute, Thessaloniki, GreeceCentre for Research and Technology Hellas, Information Technologies Institute, Thessaloniki, GreeceCyber Threat Intelligence (CTI) is an important asset for organisations to facilitate the safeguarding of their systems against new and emerging cyber threats. CTI continuously provides up-to-date information which enables the design and implementation of better security measures and mitigation strategies. Organisations gather data from different sources either internal or external to the organisation, which are analysed, resulting in CTI. Nevertheless, the gathered data usually contain a large amount of content that is irrelevant to CTI or even to cybersecurity. Furthermore, most approaches concerning CTI management (e.g., gathering, analysis) involve simply gathering and storing the information without any enrichment such as classification or correlation. However, in order to obtain optimal results, organisations should be able to utilise all capabilities of CTI. Therefore, in this work, we propose ThreatWise AI, a novel framework that enables the gathering, analysis, enrichment, storage, and sharing of CTI in an efficient and secure manner. In particular, we have developed a novel pipeline in ThreatWise AI which incorporates different advanced tools, with distinct capabilities that interact with each other to provide a complete set of functionalities for the administration of the overall CTI lifecycle. The developed tools integrate various Python scripts and provide gathering and analysis functionalities of CTI. Furthermore, the proposed framework leverages the MISP platform for storing, enriching and sharing while also integrating Artificial Intelligence (AI) and Machine Learning (ML) algorithms for advanced data enrichment.https://ieeexplore.ieee.org/document/10851288/Artificial intelligencecyber threat intelligencedata classificationdata correlationhoneypotsmachine learning |
| spellingShingle | Arnolnt Spyros Ilias Koritsas Angelos Papoutsis Panos Panagiotou Despoina Chatzakou Dimitrios Kavallieros Theodora Tsikrika Stefanos Vrochidis Ioannis Kompatsiaris AI-Based Holistic Framework for Cyber Threat Intelligence Management IEEE Access Artificial intelligence cyber threat intelligence data classification data correlation honeypots machine learning |
| title | AI-Based Holistic Framework for Cyber Threat Intelligence Management |
| title_full | AI-Based Holistic Framework for Cyber Threat Intelligence Management |
| title_fullStr | AI-Based Holistic Framework for Cyber Threat Intelligence Management |
| title_full_unstemmed | AI-Based Holistic Framework for Cyber Threat Intelligence Management |
| title_short | AI-Based Holistic Framework for Cyber Threat Intelligence Management |
| title_sort | ai based holistic framework for cyber threat intelligence management |
| topic | Artificial intelligence cyber threat intelligence data classification data correlation honeypots machine learning |
| url | https://ieeexplore.ieee.org/document/10851288/ |
| work_keys_str_mv | AT arnolntspyros aibasedholisticframeworkforcyberthreatintelligencemanagement AT iliaskoritsas aibasedholisticframeworkforcyberthreatintelligencemanagement AT angelospapoutsis aibasedholisticframeworkforcyberthreatintelligencemanagement AT panospanagiotou aibasedholisticframeworkforcyberthreatintelligencemanagement AT despoinachatzakou aibasedholisticframeworkforcyberthreatintelligencemanagement AT dimitrioskavallieros aibasedholisticframeworkforcyberthreatintelligencemanagement AT theodoratsikrika aibasedholisticframeworkforcyberthreatintelligencemanagement AT stefanosvrochidis aibasedholisticframeworkforcyberthreatintelligencemanagement AT ioanniskompatsiaris aibasedholisticframeworkforcyberthreatintelligencemanagement |