Current approaches and future directions for Cyber Threat Intelligence sharing: A survey

Abstract

Cyber Threat Intelligence (CTI) is essential knowledge concerning cyber and physical threats aimed at mitigating potential cyber attacks. The rapid evolution of Information and Communications Technology (ICT), the Internet of Things (IoT), and Industry 5.0 has spawned a multitude of sources regarding current or potential cyber threats against organizations. Consequently, CTI sharing among organizations holds considerable promise for facilitating swift responses to attacks and enabling mutual benefits through active participation. However, exchanging CTI among different organizations poses significant challenges, including legal and regulatory obligations, interoperability standards, and data reliability. The current CTI sharing landscape remains inadequately explored, hindering a comprehensive examination of organizations’ critical needs and the challenges they encounter during CTI sharing. This paper presents a comprehensive survey on CTI sharing, beginning with an exploration of CTI fundamentals and its advancements in assessing cyber and physical threats and threat actors from various perspectives. For instance, we discuss the benefits of CTI, its applications, and diverse CTI sharing architectures. Additionally, we extensively discuss a list of CTI sharing challenges and evaluate how available CTI sharing proposals address these challenges. Finally, we provide an inventory of unique future research directions to offer insightful guidelines for CTI sharing.