Strategic cyber threat intelligence : Building the situational picture with emerging technologies

Abstract

In 2019, e-criminals adopted new tactics to demand enormous ransoms from large organizations by using ransomware, a phenomenon known as “big game hunting.” Big game hunting is an excellent example of a sophisticated and coordinated modern cyber-attack that has a significant impact on the target. Cyber threat intelligence (CTI) increases the possibilities to detect and prevent cyber-attacks and gives defenders more time to act. CTI is a combination of incident response and traditional intelligence. Intelligence modifies raw data into information for decision-making and action. CTI consists of strategic, operational, or tactical intelligence on cyber threats. Security event monitoring, event-based response, and anomaly and signature-based detection can create the basis of the situation in cyberspace. To achieve a uniform situational picture, long-term assessment is required. Strategic CTI informs broad or long-term issues and provides situation awareness as well as an analyzed overview of the threat landscape and early warning of cyber threats. This paper describes how the implementation of artificial intelligence (AI) and machine learning (ML) can be utilized in strategic CTI. The results were arrived at using the design science research methodology. We propose a solution that uses AI as a component of strategic CTI. Furthermore, the paper is a literature survey, integrating research literature on intelligence, cybersecurity, and AI. The paper presents the concept of CTI and its relation to the situational picture of cyberspace. It also addresses the possibilities of natural language understanding for large-scale content analysis and introduces a solution in which an existing enriched dataset provided valuable strategic-level information about an ongoing malicious cyber event. The paper is part of Ph.D. research concerning comprehensive CTI. Other articles in the dissertation discuss emerging technologies in operational and tactical CTI.