Сyber threat information intelligence integration models

Authors

  • Ihor Yakoviv Institute of special communication and information protection at the National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv, Ukraine https://orcid.org/0000-0001-7432-898X
  • Dmytro Sharadkin Institute of special communication and information protection at the National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv, Ukraine https://orcid.org/0000-0001-6407-8040
  • Vasyl Kulikov Institute of special communication and information protection at the National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv, Ukraine https://orcid.org/0000-0002-1015-5802

DOI:

https://doi.org/10.20535/2411-1031.2025.13.2.344710

Keywords:

cyber threat intelligence, cyber defense infrastructure, information and functional structure, nature of information, information processes, information integration, intelligence product, synthesis of concepts, artificial intelligence, automation

Abstract

In the context of the constant growth of information on attacks on information systems, the task of increasing the effectiveness of cyber threat intelligence processes is relevant. As a rule, all information accompanying these processes is called cyber threat intelligence information, without dividing it by the essence of a specific process. On the other hand, the description of the structure of the complex of all processes is very general. All this leads to a high level of uncertainty in the description of cyber threat intelligence, which significantly complicates the implementation of classical automation technologies, assessing their necessity and effectiveness. The lack of specificity in understanding information processes also hinders the implementation of artificial intelligence tools: it is difficult to determine the place of application and the fundamental possibility of training a neural network on cyber threat intelligence data. One of the directions of overcoming this problem can be the use of formalized constructions that describe the relationship between the main components of the process of formation and application of an intelligence product. As part of the research based on the paradigm of the attributive-transfer approach to the nature of information, means of system and semantic analysis, a method of structural analysis of information processes and a method of semantic synthesis of basic concepts were developed. The use of these methods allowed to form: a basic set of agreed concepts of cyber threat intelligence; a model of the role (function) of threat intelligence in the process of cyber defense; a model of cyber threat intelligence processes. The research results allow us to present cyber threat intelligence as a set (information-functional structure) of coordinated information processes. For each of these processes, the semantics of information and the essence of its transformations are defined. In order to refine to the required level of specification, each of the processes can also be represented by an information-functional structure. The proposed models allow us to classify threat intelligence information and form structures for its integration within the framework of the introduction of classical automated processing technologies. The procedure for analyzing the possibility of using artificial intelligence technologies is significantly simplified. Based on the research results, a computer system was developed to support the processes of managing cyber threat risks in a corporate information system.

Author Biographies

Ihor Yakoviv, Institute of special communication and information protection at the National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv

candidate of technical sciences, associate professor, associate professor at the computer science and artificial intelligence technologies in the field of cybersecurity academic department

Dmytro Sharadkin, Institute of special communication and information protection at the National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv

candidate of technical sciences, associate professor, associate professor at the computer science and artificial intelligence technologies in the field of cybersecurity academic department

Vasyl Kulikov, Institute of special communication and information protection at the National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv

candidate of technical sciences, associate professor, associate professor at the computer science and artificial intelligence technologies in the field of cybersecurity academic department

References

G. Johansen, Digital Forensics and Incident Response. An intelligent way to respond to attacks. Birmingham, UK, 2017.

W. Tounsi, “What is Cyber Threat Intelligence and How is it Evolving?” in Cyber‐Vigilance and Digital Trust: Cyber Security in the Era of Cloud Computing and IoT, W. Tounsi, Ed, Wiley Online Library, 2019, pp. 1-49. doi: https://doi.org/10.1002/9781119618393.

“What is threat intelligence?”, IBM, 2023. [Online]. Available: https://www.ibm.com/topics/threat-intelligence. Accessed on: June 01, 2023.

“What is Threat Intelligence?”, Broadcom, 2023. [Online]. Available: https://www.vmware.com/topics/glossary/content/threat-intelligence.html. Accessed on: June 20, 2023.

C. Johnson, L. Badger, D. Waltermire, J., Snyder, and C. Skorupka, NIST Special Publication 800-150, Guide to Cyber Threat Information Sharing. USA: NIST, 2016. doi: http://dx.doi.org/10.6028/NIST.SP.800-150.

P. Santos, R. Abreu, M.J.C.S. Reis, C. Serôdio, and F. Branco, “A Systematic Review of Cyber Threat Intelligence: The Effectiveness of Technologies, Strategies, and Collaborations in Combating Modern Threats”, Sensors, vol. 25 (14), art. 4272, 28 p., 2025. doi: https://doi.org/10.3390/s25144272.

Y. Guo, Z. Liu, C. Huang, N. Wang, H. Min, W. Guo, and Liu, J., “A framework for threat intelligence extraction and fusion”, Comput. Secur, vol. 132, art. 103371, 2023. doi: https://doi.org/10.1016/j.cose.2023.103371.

P. Gao, F. Shao, X. Liu, X. Xiao, Z. Qin, F. Xu, P. Mittal, S.R. Kulkarni, and D. Song, “Enabling Efficient Cyber Threat Hunting with Cyber Threat Intelligence”, in Proc. IEEE 37th Int. Conf. on Data Engineering (ICDE), Chania, Greece, 2021, pp. 193-204. doi: https://doi.org/10.48550/arXiv.2010.13637.

S. El Jaouhari, Y.I: Etiabi, Federated Learning and Cyber Threat Intelligence on the Edge for secure IoT Networks, in Proc. Int. Conf. Internet of Things (IoT 2023), Nagoya, Japan, 2023, pp. 98-104. doi: https://doi.org/10.1145/3627050.3627064.

L.F. Sikos, “Cybersecurity knowledge graphs”, Knowledge and Information Systems, vol. 65, pp. 3511-3531, 2023. doi: https://doi.org/10.1007/s10115-023-01860-3.

J. Trivedi, M. Tahir, and J. Isoaho, “AI-Enhanced Threat Intelligence in Remote Patient Monitoring Systems: A Survey on Recent Advances, Challenges and Future Research Directions”, IEEE Access, vol. 13, art. 20540, pp. 106465-106488. doi: https://doi.org/10.1109/ACCESS.2025.3572626.

I. Yakoviv, “Information, signs, knowledge and intelligence”, Information Technology and Security, vol. 8, iss. 2 (15), pp. 191-215, 2020. doi: https://doi.org/10.20535/2411-1031.2020.8.2.222605.

A.B. Kachynsky, Security, Threats and Risks: Scientific Concepts and Mathematical Methods. Kyiv, Ukraine: NA SSU, 2004.

I. Yakoviv, “Information and telecommunications system, conceptual model of cyberspace and cybersecurity”, Information Technology and Security, vol. 5, iss. 2, pp. 134-144, 2017. doi: https://doi.org/10.20535/2411-1031.2017.5.2.136981.

Framework for Improving Critical Infrastructure Cybersecurity. ver. 1.0. USA: NIST, 2014. [Online]. Available: https://www.nist.gov/system/files/documents/cyberframework/cybersecurity-framework-021214.pdf. Accessed on: Sep. 25, 2025.

Administration of the State Service for Special Communications. (2021, Oct. 06). Order no. 601, On approval of Methodological recommendations for increasing the level of cyber protection of critical information infrastructure. [Online]. Available: https://cip.gov.ua/ua/news/nakaz-ad-2021-10-06-601.

E.M. Hutchins, M.J. Clopperty, and R.M. Amin, “Intelligence-Driven Computer Network Defense. Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”, Lockheed Martin Co., 14 p., 2014. [Online]. Available: https://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf. Accessed on: Sep. 29, 2025.

B.E. Strom, A. Applebaum, D.P. Miller, K.C. Nickels, A.G. Pennington, and C.B. Thomas, MITRE ATT&CK: Design and Philosophy. The MITRE Corporation, 2020

I. Yakoviv, “A Model of Four Information Environments of Cyberattacks”, Information Technology and Security, vol. 11, iss. 2 (21), pp. 176-192, 2023. doi: https://doi.org/10.20535/2411-1031.2023.11.2.293768.

Downloads

Published

2025-11-27

How to Cite

Yakoviv, I., Sharadkin, D., & Kulikov, V. (2025). Сyber threat information intelligence integration models. Collection "Information Technology and Security", 13(2), 236–252. https://doi.org/10.20535/2411-1031.2025.13.2.344710

Issue

Vol. 13 No. 2 (2025)

Section

MATHEMATICAL AND COMPUTER MODELING

License

Copyright (c) 2025 Collection "Information Technology and Security"

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors that are published in this collection, agree to the following terms:

  1. The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
     
  2. The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
     
  3. Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).