{"id":"https://openalex.org/W4375787811","doi":"https://doi.org/10.1109/comst.2023.3273282","title":"Cyber Threat Intelligence Mining for Proactive Cybersecurity Defense: A Survey and New Perspectives","display_name":"Cyber Threat Intelligence Mining for Proactive Cybersecurity Defense: A Survey and New Perspectives","publication_year":2023,"publication_date":"2023-01-01","ids":{"openalex":"https://openalex.org/W4375787811","doi":"https://doi.org/10.1109/comst.2023.3273282"},"language":"en","primary_location":{"id":"doi:10.1109/comst.2023.3273282","is_oa":true,"landing_page_url":"https://doi.org/10.1109/comst.2023.3273282","pdf_url":"https://ieeexplore.ieee.org/ielx7/9739/5451756/10117505.pdf","source":{"id":"https://openalex.org/S23688054","display_name":"IEEE Communications Surveys & Tutorials","issn_l":"1553-877X","issn":["1553-877X","2373-745X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Communications Surveys &amp; Tutorials","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://ieeexplore.ieee.org/ielx7/9739/5451756/10117505.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5070493833","display_name":"Nan Sun","orcid":"https://orcid.org/0000-0001-9123-9022"},"institutions":[{"id":"https://openalex.org/I1281592970","display_name":"Camden and Campbelltown Hospitals","ror":"https://ror.org/04c318s33","country_code":"AU","type":"healthcare","lineage":["https://openalex.org/I1281592970"]},{"id":"https://openalex.org/I188329596","display_name":"University of Canberra","ror":"https://ror.org/04s1nv328","country_code":"AU","type":"education","lineage":["https://openalex.org/I188329596"]},{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Nan Sun","raw_affiliation_strings":["School of Engineering and Information Technology, University of New South Wales, Canberra, ACT, Australia","School of Engineering and Information Technology, University of New South Wales, Campbell, ACT, Australia"],"raw_orcid":"https://orcid.org/0000-0001-9123-9022","affiliations":[{"raw_affiliation_string":"School of Engineering and Information Technology, University of New South Wales, Canberra, ACT, Australia","institution_ids":["https://openalex.org/I188329596","https://openalex.org/I31746571"]},{"raw_affiliation_string":"School of Engineering and Information Technology, University of New South Wales, Campbell, ACT, Australia","institution_ids":["https://openalex.org/I1281592970","https://openalex.org/I31746571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075722123","display_name":"Ming Ding","orcid":"https://orcid.org/0000-0002-3690-0321"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Ming Ding","raw_affiliation_strings":["Data 61, Commonwealth Scientific and Industrial Research Organisation, Sydney, NSW, Australia"],"raw_orcid":"https://orcid.org/0000-0002-3690-0321","affiliations":[{"raw_affiliation_string":"Data 61, Commonwealth Scientific and Industrial Research Organisation, Sydney, NSW, Australia","institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I42894916"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020474429","display_name":"Jiaojiao Jiang","orcid":"https://orcid.org/0000-0001-7307-8114"},"institutions":[{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Jiaojiao Jiang","raw_affiliation_strings":["School of Computer Science and Engineering, University of New South Wales, Kensington, NSW, Australia","School of Computer Science and Engineering, University of New South Wales, Kensingtion, NSW, Australia"],"raw_orcid":"https://orcid.org/0000-0001-7307-8114","affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, University of New South Wales, Kensington, NSW, Australia","institution_ids":["https://openalex.org/I31746571"]},{"raw_affiliation_string":"School of Computer Science and Engineering, University of New South Wales, Kensingtion, NSW, Australia","institution_ids":["https://openalex.org/I31746571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032122555","display_name":"Weikang Xu","orcid":"https://orcid.org/0000-0001-6351-3944"},"institutions":[{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Weikang Xu","raw_affiliation_strings":["School of Computer Science and Engineering, University of New South Wales, Kensington, NSW, Australia","School of Computer Science and Engineering, University of New South Wales, Kensingtion, NSW, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, University of New South Wales, Kensington, NSW, Australia","institution_ids":["https://openalex.org/I31746571"]},{"raw_affiliation_string":"School of Computer Science and Engineering, University of New South Wales, Kensingtion, NSW, Australia","institution_ids":["https://openalex.org/I31746571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103043698","display_name":"Xiaoxing Mo","orcid":"https://orcid.org/0000-0003-3083-7365"},"institutions":[{"id":"https://openalex.org/I149704539","display_name":"Deakin University","ror":"https://ror.org/02czsnj07","country_code":"AU","type":"education","lineage":["https://openalex.org/I149704539"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Xiaoxing Mo","raw_affiliation_strings":["Faculty of Science, Engineering and Built Environment, Deakin University, Waurn Ponds, VIC, Australia"],"raw_orcid":"https://orcid.org/0000-0003-3083-7365","affiliations":[{"raw_affiliation_string":"Faculty of Science, Engineering and Built Environment, Deakin University, Waurn Ponds, VIC, Australia","institution_ids":["https://openalex.org/I149704539"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049712745","display_name":"Yonghang Tai","orcid":"https://orcid.org/0000-0001-9186-475X"},"institutions":[{"id":"https://openalex.org/I120825670","display_name":"Yunnan Normal University","ror":"https://ror.org/00sc9n023","country_code":"CN","type":"education","lineage":["https://openalex.org/I120825670"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yonghang Tai","raw_affiliation_strings":["Yunnan Key Laboratory of Optoelectronic Information Technology, Yunnan Normal University, Kunming, China"],"raw_orcid":"https://orcid.org/0000-0001-9186-475X","affiliations":[{"raw_affiliation_string":"Yunnan Key Laboratory of Optoelectronic Information Technology, Yunnan Normal University, Kunming, China","institution_ids":["https://openalex.org/I120825670"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5044019139","display_name":"Jun Zhang","orcid":"https://orcid.org/0000-0002-2189-7801"},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Jun Zhang","raw_affiliation_strings":["School of Software and Electrical Engineering, Swinburne University of Technology, Melbourne, VIC, Australia"],"raw_orcid":"https://orcid.org/0000-0002-2189-7801","affiliations":[{"raw_affiliation_string":"School of Software and Electrical Engineering, Swinburne University of Technology, Melbourne, VIC, Australia","institution_ids":["https://openalex.org/I57093077"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":45.4514,"has_fulltext":true,"cited_by_count":246,"citation_normalized_percentile":{"value":0.99944286,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":"25","issue":"3","first_page":"1748","last_page":"1774"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6874428987503052},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.3976816236972809},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.39298638701438904},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.37236344814300537}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6874428987503052},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.3976816236972809},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.39298638701438904},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.37236344814300537}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/comst.2023.3273282","is_oa":true,"landing_page_url":"https://doi.org/10.1109/comst.2023.3273282","pdf_url":"https://ieeexplore.ieee.org/ielx7/9739/5451756/10117505.pdf","source":{"id":"https://openalex.org/S23688054","display_name":"IEEE Communications Surveys & Tutorials","issn_l":"1553-877X","issn":["1553-877X","2373-745X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Communications Surveys &amp; Tutorials","raw_type":"journal-article"},{"id":"pmh:oai:figshare.com:article/28319474","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Journal contribution"}],"best_oa_location":{"id":"doi:10.1109/comst.2023.3273282","is_oa":true,"landing_page_url":"https://doi.org/10.1109/comst.2023.3273282","pdf_url":"https://ieeexplore.ieee.org/ielx7/9739/5451756/10117505.pdf","source":{"id":"https://openalex.org/S23688054","display_name":"IEEE Communications Surveys & Tutorials","issn_l":"1553-877X","issn":["1553-877X","2373-745X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Communications Surveys &amp; Tutorials","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6299999952316284}],"awards":[{"id":"https://openalex.org/G1170151104","display_name":null,"funder_award_id":"PS66804","funder_id":"https://openalex.org/F4320320965","funder_display_name":"University of New South Wales"}],"funders":[{"id":"https://openalex.org/F4320320965","display_name":"University of New South Wales","ror":"https://ror.org/03r8z3t63"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4375787811.pdf","grobid_xml":"https://content.openalex.org/works/W4375787811.grobid-xml"},"referenced_works_count":101,"referenced_works":["https://openalex.org/W21699267","https://openalex.org/W1415990210","https://openalex.org/W1614298861","https://openalex.org/W1672113969","https://openalex.org/W1707806712","https://openalex.org/W2094061585","https://openalex.org/W2096765155","https://openalex.org/W2163598528","https://openalex.org/W2250539671","https://openalex.org/W2343978497","https://openalex.org/W2538057479","https://openalex.org/W2538865281","https://openalex.org/W2551868243","https://openalex.org/W2554200766","https://openalex.org/W2599027056","https://openalex.org/W2741608233","https://openalex.org/W2744049423","https://openalex.org/W2760313715","https://openalex.org/W2771963642","https://openalex.org/W2782101021","https://openalex.org/W2785478642","https://openalex.org/W2799224341","https://openalex.org/W2801940918","https://openalex.org/W2837911466","https://openalex.org/W2891432086","https://openalex.org/W2896457183","https://openalex.org/W2896612858","https://openalex.org/W2905097561","https://openalex.org/W2914403931","https://openalex.org/W2914662937","https://openalex.org/W2914789242","https://openalex.org/W2945014040","https://openalex.org/W2962703433","https://openalex.org/W2963508799","https://openalex.org/W2963980822","https://openalex.org/W2964370862","https://openalex.org/W2964522977","https://openalex.org/W2968538311","https://openalex.org/W2970763364","https://openalex.org/W2971952824","https://openalex.org/W2978269707","https://openalex.org/W2978864691","https://openalex.org/W2978956219","https://openalex.org/W2984582583","https://openalex.org/W2997634552","https://openalex.org/W2998286882","https://openalex.org/W3007432608","https://openalex.org/W3009066821","https://openalex.org/W3017733550","https://openalex.org/W3024317787","https://openalex.org/W3081936891","https://openalex.org/W3082048389","https://openalex.org/W3086302916","https://openalex.org/W3092184926","https://openalex.org/W3099203541","https://openalex.org/W3100335017","https://openalex.org/W3111875330","https://openalex.org/W3114867460","https://openalex.org/W3116216483","https://openalex.org/W3126651325","https://openalex.org/W3129220449","https://openalex.org/W3155613024","https://openalex.org/W3156273683","https://openalex.org/W3163378277","https://openalex.org/W3176367300","https://openalex.org/W3183268685","https://openalex.org/W3186154954","https://openalex.org/W3196581146","https://openalex.org/W3201894803","https://openalex.org/W3207194657","https://openalex.org/W3211888892","https://openalex.org/W3214329506","https://openalex.org/W4200442713","https://openalex.org/W4210404000","https://openalex.org/W4212831123","https://openalex.org/W4213009331","https://openalex.org/W4225658247","https://openalex.org/W4226216221","https://openalex.org/W4226312301","https://openalex.org/W4226388545","https://openalex.org/W4247220691","https://openalex.org/W4281383000","https://openalex.org/W4286587365","https://openalex.org/W4288072954","https://openalex.org/W4298872063","https://openalex.org/W4309557444","https://openalex.org/W4310632812","https://openalex.org/W4312626950","https://openalex.org/W4312876584","https://openalex.org/W6600880808","https://openalex.org/W6628371068","https://openalex.org/W6636510571","https://openalex.org/W6637554470","https://openalex.org/W6684327724","https://openalex.org/W6755207826","https://openalex.org/W6755267338","https://openalex.org/W6766215156","https://openalex.org/W6774357556","https://openalex.org/W6784322088","https://openalex.org/W6801193496","https://openalex.org/W6801448119"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Today\u2019s":[0],"cyber":[1,53,90,197],"attacks":[2,65],"have":[3],"become":[4],"more":[5],"severe":[6],"and":[7,32,41,50,56,85,113,119,122,176,195,201,211,214,231],"frequent,":[8],"which":[9,28,82],"calls":[10],"for":[11,63,236],"a":[12,74,156,178,219],"new":[13,135],"line":[14],"of":[15,25,130,145,159,204,207,222],"security":[16,36,152],"defenses":[17],"to":[18,44,48,141,149,180],"protect":[19],"against":[20],"them.":[21],"The":[22],"dynamic":[23],"nature":[24],"new-generation":[26],"threats,":[27,91],"are":[29],"evasive,":[30],"resilient,":[31],"complex,":[33],"makes":[34],"traditional":[35],"systems":[37,125],"based":[38,187],"on":[39,100,163,184,188],"heuristics":[40],"signatures":[42],"struggle":[43],"match.":[45],"Organizations":[46],"aim":[47],"gather":[49],"share":[51],"real-time":[52],"threat":[54,61,107,215],"information":[55,88],"then":[57],"turn":[58],"it":[59],"into":[60],"intelligence":[62,136],"preventing":[64],"or,":[66],"at":[67],"the":[68,131,143,182,189,223],"very":[69],"least,":[70],"responding":[71],"quickly":[72],"in":[73,170],"proactive":[75],"manner.":[76],"Cyber":[77],"Threat":[78],"Intelligence":[79],"(CTI)":[80],"mining,":[81],"uncovers,":[83],"processes,":[84],"analyzes":[86],"valuable":[87],"about":[89],"is":[92],"booming.":[93],"However,":[94],"most":[95,144],"organizations":[96],"today":[97],"mainly":[98],"focus":[99],"basic":[101],"use":[102],"cases,":[103],"such":[104,134],"as":[105,148],"integrating":[106],"data":[108,168],"feeds":[109],"with":[110,218],"existing":[111],"network":[112],"firewall":[114],"systems,":[115,118],"intrusion":[116],"prevention":[117],"Security":[120],"Information":[121],"Event":[123],"Management":[124],"(SIEMs),":[126],"without":[127],"taking":[128],"advantage":[129],"insights":[132],"that":[133],"can":[137],"deliver.":[138],"In":[139],"order":[140],"make":[142],"CTI":[146,164,185,237],"so":[147],"significantly":[150],"strengthen":[151],"postures,":[153],"we":[154,174,227],"present":[155],"comprehensive":[157,220],"review":[158,221],"recent":[160],"research":[161,229,234],"efforts":[162],"mining":[165,186],"from":[166],"multiple":[167],"sources":[169],"this":[171],"article.":[172],"Specifically,":[173],"provide":[175],"devise":[177],"taxonomy":[179],"summarize":[181],"studies":[183],"intended":[190],"purposes":[191],"(i.e.,":[192],"cybersecurity-related":[193],"entities":[194],"events,":[196],"attack":[198],"tactics,":[199],"techniques":[200],"procedures,":[202],"profiles":[203],"hackers,":[205],"indicators":[206],"compromise,":[208],"vulnerability":[209],"exploits":[210],"malware":[212],"implementation,":[213],"hunting),":[216],"along":[217],"current":[224],"state-of-the-art.":[225],"Lastly,":[226],"discuss":[228],"challenges":[230],"possible":[232],"future":[233],"directions":[235],"mining.":[238]},"counts_by_year":[{"year":2026,"cited_by_count":36},{"year":2025,"cited_by_count":94},{"year":2024,"cited_by_count":98},{"year":2023,"cited_by_count":18}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}