Searching for Diamonds - Cross-Domain Opportunities in Cyber Threat Intelligence
At a Glance
Section titled âAt a Glanceâ| Metadata | Details |
|---|---|
| Publication Date | 2025-01-01 |
| Journal | IEEE Access |
| Authors | Sidnei Barbieri, FlĂĄvio LuĂs dos Santos de Souza, MĂĄrcio Andrey Teixeira, CĂ©sar Marcondes, Lourenço Alves Pereira |
| Institutions | Instituto TecnolĂłgico de AeronĂĄutica, Federal Institute of SĂŁo Paulo |
Abstract
Section titled âAbstractâNatural Language Processing (NLP) and Large Language Models (LLMs) are increasingly used in cybersecurity to enable automated, auditable, and intelligent systems. However, this convergence remains conceptually and methodologically underdeveloped in Cyber Threat Intelligence (CTI), a domain centered on processing large volumes of information. This paper presents a cross-domain review that synthesizes the state-of-the-art literature and outlines strategic opportunities, risks, and open challenges related to the application of LLMs in CTI. Guided by the conceptual lens of “searching for diamonds,” the study identifies cross-cutting aspects—such as explainability, semantic reasoning, federated collaboration, model security, and machine unlearning—as essential to building normatively aligned autonomous CTI agents capable of efficiently processing the high-volume, dynamic data characteristic of CTI environments. It also highlights gaps in validation, trust, and regulatory compliance, emphasizing the need for co-evolutionary defenses and formal verifiability mechanisms. Grounded in multidisciplinary insights and aligned with international frameworks such as the Tallinn Manual and NIST/ISO standards, this work provides a strategic roadmap for future research and deployment of LLM-driven CTI architectures.