PROACTIVE CYBERSECURITY THROUGH THREAT INTELLIGENCE MINING: A SURVEY OF TECHNIQUES AND TRENDS

Abstract

Cyberattacks have increased in frequency and severity in recent years, necessitating the development of new security measures to fend them off. Traditional security solutions that rely on heuristics and signatures are unable to keep up with the dynamic nature of new-generation threats, which are elusive, resilient, and complicated. In order to avoid attacks or, at the at least, to react swiftly and pro-actively, organisations seek to collect, disseminate, and transform real-time cyber threat information into threat intelligence. The field of cyber threat intelligence (CTI) mining, which finds, gathers, and evaluates important data regarding cyberthreats, is expanding rapidly. But instead of utilising the insights that such new intelligence can provide, the majority of organisations today primarily concentrate on simple use cases, like integrating threat data feeds with already-existing network and firewall systems, intrusion prevention systems, and Security Information and Event Management systems (SIEMs). In this paper, we provide a thorough analysis of current research efforts on CTI mining from various data sources in order to maximise CTI's potential to greatly improve security postures. To be more precise, we offer and develop a taxonomy to categorise the research on CTI mining according to the intended uses (i.e., entities and events related to cybersecurity, cyberattack tactics, techniques, and procedures, hacker profiles, indicators of compromise, vulnerability exploits and malware implementation, and threat hunting), as well as a thorough analysis of the state-of-the-art. Finally, we go over research issues and potential avenues for CTI mining research in the future.