The evolution of cyber threats has necessitated the development of sophisticated approaches to cyber threat intelligence (CTI), emphasizing proactive detection, attribution, and mitigation strategies. This study presents a comprehensive exploration of contemporary CTI frameworks, integrating theoretical perspectives with applied methodologies to enhance organizational resilience against cybercrime. The research synthesizes diverse literature spanning threat intelligence collection, evaluation, and operational deployment across cloud computing, IoT, and critical infrastructure environments. Methodologically, the study examines multi-layered intelligence gathering, including the fusion of Indicators of Compromise (IoCs), attack patterns, and Tactics, Techniques, and Procedures (TTPs), highlighting the role of machine learning, federated learning, and predictive blacklisting in enhancing threat attribution. Findings indicate that real-time data integration, coupled with collaborative intelligence sharing, significantly improves detection accuracy and the anticipation of sophisticated attack vectors. Moreover, the research identifies critical gaps in cross-organizational intelligence interoperability, legal constraints, and the ethical implications of automated threat assessment systems. This paper contributes to the field by proposing a holistic framework for CTI that aligns technical, operational, and strategic perspectives, providing actionable insights for academia, industry, and policy-makers.

Cyber threat intelligence, attack attribution, machine learning, IoT security

Shackleford, D. (2015). "Threat Intelligence: Collecting, Analyzing, Evaluating". SANS Institute.

Husak, M., Cegan, J., & Komarkova, J. (2018). "Survey of Attack Attribution in Computer Networks". 2018 41st International Conference on Telecommunications and Signal Processing (TSP), 1-5.

Kumar, S., & Kumar, R. (2016). "A Review on Threat Intelligence", International Journal of Computer Applications", 975, 8887.

Kumar, R., & Tripathi, R. (2019). "A Survey on Security Threats in Cloud Computing Using the CIA Triad". International Journal of Computer Applications", 975, 8887.

Zhang, Y., Porras, P., & Ullrich, J. (2008). "Highly Predictive Blacklisting". USENIX Security Symposium, 107-122.

Dandurand, L., & Serrano, O. S. (2013). "Towards Improved Cyber Threat Intelligence Sharing". 2013.

Ernst & Young Global Limited. Cyber Threat Intelligence - How To Get Ahead Of Cybercrime. Insights on Governance, Risk and Compliance. 2014.

Watkins K-F. M-Trends 2017: A view from the front lines. Vol. 4, Premier Outlook. 2017.

Kaur Sahi Asst S. A Study of WannaCry Ransomware Attack. Int J Eng Res Comput Sci Eng. 2017;4(9):7–9.

Brown S, Gommers J, Serrano O. From Cyber Security Information Sharing to Threat Management. Proc 2nd ACM Work Inf Shar Collab Secur. 2015;43–9.

Fiona M Lacey, Jill Jesson LM. Doing Your Literature Review: Traditional and Systematic Techniques. 1st ed. SAGE Publications Ltd; 2011.

White TLP. An introduction to threat intelligence.

Scarfone K, Piper S. Threat Intelligence for Dummies. Norse Special Edition; 2015.

Robinson M, Jones K, Janicke H. Cyber warfare: Issues and challenges. Comput Secur. 2015;49:70–94.

Niculae Iancu; Andrei Fortuna; Cristian Barna; Teodor Mihaela. Countering hybrid threats : lessons learned from Ukraine. Amsterdam : IOS Press; 2016.

Shukla, O. Enhancing Threat Intelligence and Detection with Real-Time Data Integration.

Guo, Y.; Liu, Z.; Huang, C.; Wang, N.; Min, H.; Guo, W.; Liu, J. A framework for threat intelligence extraction and fusion. Comput. Secur. 2023, 132, 103371.

Gao, P.; Shao, F.; Liu, X.; Xiao, X.; Qin, Z.; Xu, F.; Mittal, P.; Kulkarni, S.R.; Song, D. Enabling Efficient Cyber Threat Hunting with Cyber Threat Intelligence. In Proceedings of the 2021 IEEE 37th International Conference on Data Engineering (ICDE), Chania, Greece, 19–22 April 2021; pp. 193–204.

El Jaouhari, S.; Etiabi, Y. FedCTI: Federated Learning and Cyber Threat Intelligence on the Edge for secure IoT Networks. In Proceedings of the International Conference on the Internet of Things, Nagoya, Japan, 7–10 November 2023; pp. 98–104.

Shin, C.; Lee, I.; Choi, C. Exploiting TTP Co-Occurrence via GloVe-Based Embedding with MITRE ATT&CK Framework. IEEE Access 2023, 11, 100823–100831.

Aldhaheri, A.; Alwahedi, F.; Ferrag, M.A.; Battah, A. Deep learning for cyber threat detection in IoT networks: A review. Internet Things Cyber-Phys. Syst. 2024, 4, 110–128.

Alam, M.T.; Bhusal, D.; Park, Y.; Rastogi, N. Looking Beyond IoCs: Automatically Extracting Attack Patterns from External CTI. In Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, Hong Kong, China, 16–18 October 2023; pp. 92–108.

Noor, U.; Anwar, Z.; Amjad, T.; Choo, K.-K.R. A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise. Future Gener. Comput. Syst. 2019, 96, 227–242.