Projects per year
Abstract
Cyberattacks have emerged as a critical component of modern hybrid warfare. To effectively counter these hybrid threats, societies require rapid detection and response capabilities. Cyber Threat Intelligence (CTI) provides means to capture ongoing attacks but suffers from the quality and massive volume of data. Furthermore, state-sponsored cyberattacks often evade detection and are challenging to attribute to the perpetrator due to their sophisticated techniques and technical obfuscation. To address these challenges systematically, we propose a framework of generic metrics for identifying typical features of hybrid operations from CTI. Additionally, we propose proof-of-concepts for scalable and automated measuring, prioritization, and sharing of CTI. Our implementations leverage Large Language Models (LLMs), Gaia-X data sharing architecture, as well as MITRE attack matrices and Cyber Operations Tracker as data sources.
| Original language | English |
|---|---|
| Pages (from-to) | 202467-202481 |
| Journal | IEEE Access |
| Volume | 13 |
| DOIs | |
| Publication status | Published - 24 Nov 2025 |
| MoE publication type | A1 Journal article-refereed |
Funding
This work was supported by the ALPHA project, funded by Business Finland.
Keywords
- Cyber threat intelligence
- Gaia-X
- generative AI
- hybrid threats
- machine learning
- metrics
- security
Access to Document
Other files and links
Fingerprint
Dive into the research topics of 'Cyber Threat Intelligence for Hybrid Attacks: Leveraging LLMs and Data Spaces'. Together they form a unique fingerprint.Projects
- 1 Finished
-
ALPHA: Situational Awareness in Digital Society
Julku, J. (Manager), Suomalainen, J. (Participant), Heikkinen, A. (Participant), Sailio, M. (Participant) & Ford, R. (Participant)
1/10/22 → 30/11/24
Project: Business Finland project