Flexible and Enhanced Cyber Threat Intelligence: Research on Advanced Analysis Methods
Abstract
To minimize damage from cyberattacks, it is important to collect and analyze various types of threat information prior to inferring the attacker's intent.
The intensity and persistence of a cyberattack are often driven by attacker’s motive; understanding this motive enables a more efficient response, helps narrow down potential attackers, and supports proactive defense.
This study explores methods for classifying attack groups and inferring their intentions by measuring the similarity of Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) based on attackers’ characteristics, resources used, attack techniques, and socio-economic damage analysis.
This study identifies the strengths, weaknesses, and limitations of existing attack group classification methods, derives core elements for analyzing attack intent, and proposes a combined approach that integrates IoC and TTP similarity-based comparison with damage analysis methods. This approach enables the inference of attack intent even in the early stages of a cyberattack.
We present a method for inferring attackers and their intent by analyzing targets and observed attack damage during the early to middle stages of an attack.
The intensity and persistence of a cyberattack are often driven by attacker’s motive; understanding this motive enables a more efficient response, helps narrow down potential attackers, and supports proactive defense.
This study explores methods for classifying attack groups and inferring their intentions by measuring the similarity of Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) based on attackers’ characteristics, resources used, attack techniques, and socio-economic damage analysis.
This study identifies the strengths, weaknesses, and limitations of existing attack group classification methods, derives core elements for analyzing attack intent, and proposes a combined approach that integrates IoC and TTP similarity-based comparison with damage analysis methods. This approach enables the inference of attack intent even in the early stages of a cyberattack.
We present a method for inferring attackers and their intent by analyzing targets and observed attack damage during the early to middle stages of an attack.
Keywords
CTI, IoC, TTPs, Cyberattack groupings, Cyberattack intent
Citation Format:
Won-Chul Kim, Ki-Woong Park, "Flexible and Enhanced Cyber Threat Intelligence: Research on Advanced Analysis Methods," Journal of Internet Technology, vol. 26, no. 6 , pp. 819-829, Nov. 2025.
Won-Chul Kim, Ki-Woong Park, "Flexible and Enhanced Cyber Threat Intelligence: Research on Advanced Analysis Methods," Journal of Internet Technology, vol. 26, no. 6 , pp. 819-829, Nov. 2025.
Refbacks
- There are currently no refbacks.
Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Office of Library and Information Services, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd., Shoufeng, Hualien 974301, Taiwan, R.O.C.
Tel: +886-3-931-7314 E-mail: jit.editorial@gmail.com