{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T04:57:19Z","timestamp":1775019439301,"version":"3.50.1"},"reference-count":64,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2025,3,18]],"date-time":"2025-03-18T00:00:00Z","timestamp":1742256000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,3,18]],"date-time":"2025-03-18T00:00:00Z","timestamp":1742256000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"the Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University"},{"DOI":"10.13039\/501100002744","name":"Bar-Ilan University","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100002744","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,4]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>This study proposes a human-AI collaboration to model the landscape of cyber threat intelligence (CTI) and use it to detect suspicious communication indicating impending cybersecurity incidents. We show how the collaboration between cybersecurity experts and AI-based text-classification methods develops an understanding of professional hackers and helps detect cybersecurity threats more accurately. The human-AI collaboration rests on a Reciprocal Human\u2013Machine Learning (RHML) model, in which a human expert and a machine interact repeatedly over time and simultaneously continually learn to detect professional hackers. Two cybersecurity experts employed qualitative data analysis and worked with RHML software assistance to classify 6651 messages from an online hackers\u2019 forum. We discovered an improvement, over time, of both the detection accuracy and the experts\u2019 understanding of the threat landscape as represented by their concept maps. In particular, the concept map refers to the hacker\u2019s capabilities, intent, and behaviour to define the threat landscape needed for professional detection, in contrast to amateur hackers. We believe this approach may ultimately lead to a more robust and proactive cybersecurity posture and translate into operational advantages in the field of CTI.<\/jats:p>","DOI":"10.1007\/s10207-025-01004-4","type":"journal-article","created":{"date-parts":[[2025,3,18]],"date-time":"2025-03-18T07:02:39Z","timestamp":1742281359000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["Human\u2013AI Enhancement of Cyber Threat Intelligence"],"prefix":"10.1007","volume":"24","author":[{"given":"Daniel","family":"Cohen","sequence":"first","affiliation":[]},{"given":"Dov","family":"Te\u2019eni","sequence":"additional","affiliation":[]},{"given":"Inbal","family":"Yahav","sequence":"additional","affiliation":[]},{"given":"Alexey","family":"Zagalsky","sequence":"additional","affiliation":[]},{"given":"David","family":"Schwartz","sequence":"additional","affiliation":[]},{"given":"Gahl","family":"Silverman","sequence":"additional","affiliation":[]},{"given":"Yossi","family":"Mann","sequence":"additional","affiliation":[]},{"given":"Amir","family":"Elalouf","sequence":"additional","affiliation":[]},{"given":"Jeremy","family":"Makowski","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,3,18]]},"reference":[{"issue":"11","key":"1004_CR1","doi-asserted-by":"publisher","first-page":"2021","DOI":"10.3390\/electronics13112021","volume":"13","author":"L Alevizos","year":"2024","unstructured":"Alevizos, L., Dekker, M.: Towards an AI-Enhanced cyber threat intelligence processing pipeline. Electronics 13(11), 2021 (2024). https:\/\/doi.org\/10.3390\/electronics13112021","journal-title":"Electronics"},{"key":"1004_CR2","doi-asserted-by":"crossref","first-page":"664","DOI":"10.1016\/j.futures.2007.12.002","volume":"40","author":"J Serra","year":"2008","unstructured":"Serra, J.: Proactive intelligence. Futures 40, 664\u2013673 (2008)","journal-title":"Futures"},{"issue":"4","key":"1004_CR3","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1609\/aimag.v35i4.2513","volume":"35","author":"S Amershi","year":"2014","unstructured":"Amershi, S., Cakmak, M., Knox, W.B., Kulesza, T.: Power to the people: The role of humans in interactive machine learning. AI Mag. 35(4), 105\u2013120 (2014). https:\/\/doi.org\/10.1609\/aimag.v35i4.2513","journal-title":"AI Mag."},{"key":"1004_CR4","doi-asserted-by":"publisher","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: 2010 IEEE symposium on security and privacy (pp. 305\u2013316). IEEE. https:\/\/doi.org\/10.1109\/SP.2010.25","DOI":"10.1109\/SP.2010.25"},{"key":"1004_CR5","doi-asserted-by":"publisher","unstructured":"Brundage, M., Avin, S., Clark, J. et al.: The malicious use of artificial intelligence: Forecasting, prevention, and mitigation. arXiv preprint arXiv:1802.07228, (2018). https:\/\/doi.org\/10.48550\/arXiv.1802.07228","DOI":"10.48550\/arXiv.1802.07228"},{"key":"1004_CR6","doi-asserted-by":"publisher","first-page":"172","DOI":"10.1080\/02684527.2012.661641","volume":"27","author":"D Strachan-Morris","year":"2012","unstructured":"Strachan-Morris, D.: Threat and risk: What is the difference and why does it matter? Intell. Nat. Secur. 27, 172\u2013186 (2012). https:\/\/doi.org\/10.1080\/02684527.2012.661641","journal-title":"Intell. Nat. Secur."},{"key":"1004_CR7","unstructured":"Samtani, S.: Developing proactive cyber threat intelligence from the online hacker community: A computational design science approach. ProQuest Diss Theses, (2018)"},{"key":"1004_CR8","doi-asserted-by":"publisher","first-page":"320","DOI":"10.4236\/jis.2024.153019","volume":"15","author":"M Roshanaei","year":"2024","unstructured":"Roshanaei, M., Khan, M., Sylvester, N.: Enhancing cybersecurity through AI and ML: Strategies, challenges, and future directions. J. Inf. Secur. 15, 320\u2013339 (2024). https:\/\/doi.org\/10.4236\/jis.2024.153019","journal-title":"J. Inf. Secur."},{"key":"1004_CR9","doi-asserted-by":"publisher","unstructured":"Nunes, E., Diab, A., Gunn, A. et al.: Darknet and deepnet mining for proactive cybersecurity threat intelligence. In: 2016 IEEE Conference on Intelligence and Security Informatics (ISI) (pp. 7\u201312). IEEE. https:\/\/doi.org\/10.48550\/arXiv.1607.08583","DOI":"10.48550\/arXiv.1607.08583"},{"key":"1004_CR10","unstructured":"Bromiley, M.: Threat Intelligence: What it is, and how to use it effectively. SANS Institute, (2016)"},{"key":"1004_CR11","doi-asserted-by":"publisher","unstructured":"Diab, A., Nunes, E., Marin, E. et al.: Moving to proactive cyber threat intelligence. Darkweb Cyber Threat Intelligence Mining. Cambridge: Cambridge University Press, 4\u201312 (2017). https:\/\/doi.org\/10.1017\/9781316888513.004","DOI":"10.1017\/9781316888513.004"},{"key":"1004_CR12","unstructured":"Bank of England. CBEST understanding cyber threat intelligence operations. Bank of England, (2016)"},{"key":"1004_CR13","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1016\/j.cose.2017.02.005","volume":"67","author":"S Qamar","year":"2017","unstructured":"Qamar, S., Anwar, Z., Rahman, M.A., et al.: Data-driven analytics for cyber-threat intelligence and information sharing. Comput. Secur. 67, 35\u201358 (2017). https:\/\/doi.org\/10.1016\/j.cose.2017.02.005","journal-title":"Comput. Secur."},{"key":"1004_CR14","doi-asserted-by":"crossref","unstructured":"Sch\u00e4fer, M., Fuchs, M., Strohmeier, M. et al. BlackWidow: Monitoring the dark web for cyber security information. 2019 11th International Conference on Cyber Conflict (CyCon).900, 1\u201321 (2019)","DOI":"10.23919\/CYCON.2019.8756845"},{"key":"1004_CR15","unstructured":"Shackleford, D.: SANS 2016 security analytics survey. SANS Institute, (2016)"},{"key":"1004_CR16","doi-asserted-by":"publisher","DOI":"10.1016\/j.chbr.2022.100167","volume":"5","author":"S Chng","year":"2022","unstructured":"Chng, S., Lu, H.Y., Kumar, A., et al.: Hacker types, motivations and strategies: A comprehensive framework. Comput. Hum. Behav. Rep. 5, 100167 (2022). https:\/\/doi.org\/10.1016\/j.chbr.2022.100167","journal-title":"Comput. Hum. Behav. Rep."},{"key":"1004_CR17","unstructured":"Knowles, S.: What is a threat actor? Nexor, (2020)"},{"key":"1004_CR18","unstructured":"Cybersecurity and Infrastructure Security Agency. Cyber threat source descriptions. Cybersecurity Infrastruct Secur Agency CISA"},{"key":"1004_CR19","doi-asserted-by":"publisher","first-page":"tyab005","DOI":"10.1093\/cybsec\/tyab005","volume":"7","author":"H Kavak","year":"2021","unstructured":"Kavak, H., Padilla, J.J., Vernon-Bido, D., et al.: Simulation for cybersecurity: State of the art and future directions. J Cybersecur. 7, tyab005 (2021). https:\/\/doi.org\/10.1093\/cybsec\/tyab005","journal-title":"J Cybersecur."},{"key":"1004_CR20","unstructured":"Canadian Centre for Cyber Security. An introduction to the cyber threat environment 2023\u20132024. Communications Security Establishment of Canada, (2022)"},{"key":"1004_CR21","doi-asserted-by":"publisher","first-page":"tyz013","DOI":"10.1093\/cybsec\/tyz013","volume":"5","author":"B Dupont","year":"2019","unstructured":"Dupont, B.: The cyber-resilience of financial institutions: Significance and applicability. J Cybersecur. 5, tyz013 (2019). https:\/\/doi.org\/10.1093\/cybsec\/tyz013","journal-title":"J Cybersecur."},{"key":"1004_CR22","doi-asserted-by":"publisher","first-page":"007","DOI":"10.1093\/cybsec\/tyac007","volume":"8","author":"JK Canfil","year":"2022","unstructured":"Canfil, J.K.: The illogic of plausible deniability: Why proxy conflict in cyberspace may no longer pay. J Cybersecur. 8, 007 (2022). https:\/\/doi.org\/10.1093\/cybsec\/tyac007","journal-title":"J Cybersecur."},{"key":"1004_CR23","doi-asserted-by":"publisher","unstructured":"Beden, S., Beckmann, A.: Towards an ontological framework for integrating domain expert knowledge with random forest classification. 2023 IEEE 17th Int Conf Semantic Comput ICSC Semantic Comput ICSC 2023 IEEE 17th Int Conf ICSC: 221\u20134 (2023) https:\/\/doi.org\/10.1109\/ICSC56153.2023.00043","DOI":"10.1109\/ICSC56153.2023.00043"},{"key":"1004_CR24","doi-asserted-by":"publisher","first-page":"1239","DOI":"10.1007\/s10796-015-9567-0","volume":"17","author":"X Zhang","year":"2015","unstructured":"Zhang, X., Tsang, A., Yue, W.T., et al.: The classification of hackers by knowledge exchange behaviors. Inf. Syst. Front. 17, 1239\u20131251 (2015). https:\/\/doi.org\/10.1007\/s10796-015-9567-0","journal-title":"Inf. Syst. Front."},{"key":"1004_CR25","first-page":"165","volume":"4","author":"R Sabillon","year":"2016","unstructured":"Sabillon, R., Cano, J., Cavaller, V., et al.: Cybercrime and cybercriminals: A comprehensive study. Int. J. Comput. Netw. Commun. Secur. 4, 165\u2013176 (2016)","journal-title":"Int. J. Comput. Netw. Commun. Secur."},{"key":"1004_CR26","first-page":"891","volume":"6","author":"TJ Holt","year":"2012","unstructured":"Holt, T.J., Strumsky, D., Smirnova, O., et al.: Examining the social networks of malware writers and hackers. Int. J. Cyber Criminol. 6, 891\u2013903 (2012)","journal-title":"Int. J. Cyber Criminol."},{"key":"1004_CR27","doi-asserted-by":"publisher","unstructured":"Benjamin, V., Chen, H.: Securing cyberspace: Identifying key actors in hacker communities. 24\u20139 (2012). https:\/\/doi.org\/10.1109\/ISI.2012.6283296","DOI":"10.1109\/ISI.2012.6283296"},{"key":"1004_CR28","first-page":"31","volume":"51","author":"Y Lu","year":"2010","unstructured":"Lu, Y., Luo, X., Polgar, M., et al.: Social network analysis of a criminal hacker community. J. Comput. Inf. Syst. 51, 31\u201341 (2010)","journal-title":"J. Comput. Inf. Syst."},{"key":"1004_CR29","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1016\/j.diin.2015.07.002","volume":"14","author":"R Seebruck","year":"2015","unstructured":"Seebruck, R.: A typology of hackers: Classifying cyber malfeasance using a weighted arc circumplex model. Digit. Investig. 14, 36\u201345 (2015). https:\/\/doi.org\/10.1016\/j.diin.2015.07.002","journal-title":"Digit. Investig."},{"key":"1004_CR30","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1080\/14786011003634415","volume":"23","author":"TJ Holt","year":"2010","unstructured":"Holt, T.J., Lampke, E.: Exploring stolen data markets online: products and market forces. Crim. Justice Stud. 23, 33\u201350 (2010). https:\/\/doi.org\/10.1080\/14786011003634415","journal-title":"Crim. Justice Stud."},{"key":"1004_CR31","doi-asserted-by":"crossref","unstructured":"Monsma, E., Buskens, V., Soudijn, M. et al.: Partners in crime: An online cybercrime forum evaluated from a social network perspective, (2013)","DOI":"10.5422\/fordham\/9780823244560.003.0008"},{"key":"1004_CR32","doi-asserted-by":"publisher","unstructured":"Herley, C., Flor\u00eancio, D.: Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In: Moore, T., Pym, D., Ioannidis, C. (eds). Economics of Information Security and Privacy. Boston, MA: Springer US, 33\u201353 (2010). https:\/\/doi.org\/10.1007\/978-1-4419-6967-5_3","DOI":"10.1007\/978-1-4419-6967-5_3"},{"key":"1004_CR33","doi-asserted-by":"publisher","first-page":"1219","DOI":"10.1177\/0002764217734263","volume":"61","author":"B Dupont","year":"2017","unstructured":"Dupont, B., C\u00f4t\u00e9, A.M., Boutin, J.I., et al.: Darkode: Recruitment patterns and transactional features of \u201cthe most dangerous cybercrime forum in the world.\u201d Am. Behav. Sci. 61, 1219\u20131243 (2017). https:\/\/doi.org\/10.1177\/0002764217734263","journal-title":"Am. Behav. Sci."},{"key":"1004_CR34","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1109\/JISIC.2014.18","volume":"2014","author":"A Abbasi","year":"2014","unstructured":"Abbasi, A., Li, W., Benjamin, V., et al.: Descriptive analytics: Examining expert hackers in web forums. IEEE Joint Intell. Secur. Inf. Conf. 2014, 56\u201363 (2014). https:\/\/doi.org\/10.1109\/JISIC.2014.18","journal-title":"IEEE Joint Intell. Secur. Inf. Conf."},{"key":"1004_CR35","doi-asserted-by":"publisher","first-page":"442","DOI":"10.1057\/sj.2013.39","volume":"29","author":"D D\u00e9cary-H\u00e9tu","year":"2016","unstructured":"D\u00e9cary-H\u00e9tu, D., Lepp\u00e4nen, A.: Criminals and signals: An assessment of criminal performance in the carding underworld. Secur. J. 29, 442\u2013460 (2016). https:\/\/doi.org\/10.1057\/sj.2013.39","journal-title":"Secur. J."},{"key":"1004_CR36","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1109\/ISI.2016.7745500","volume":"2016","author":"S Samtani","year":"2016","unstructured":"Samtani, S., Chen, H.: Using social network analysis to identify key hackers for keylogging tools in hacker forums. IEEE Conf. Intell. Secur. Inf. (ISI) 2016, 319\u2013321 (2016). https:\/\/doi.org\/10.1109\/ISI.2016.7745500","journal-title":"IEEE Conf. Intell. Secur. Inf. (ISI)"},{"issue":"CSCW2","key":"1004_CR37","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3479587","volume":"5","author":"A Zagalsky","year":"2021","unstructured":"Zagalsky, A., Te\u2019eni, D., Yahav, I., Schwartz, D.G., Silverman, G., Cohen, D., Mann, Y., Lewinsky, D.: The design of reciprocal learning between human and artificial intelligence. Proc. ACM Human-Comput. Interact. 5(CSCW2), 1\u201336 (2021). https:\/\/doi.org\/10.1145\/3479587","journal-title":"Proc. ACM Human-Comput. Interact."},{"key":"1004_CR38","unstructured":"Patton, MQ.: Qualitative evaluation and research methods: Integrating theory and practice. Sage Publications, (2014)"},{"key":"1004_CR39","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.2022.03518","author":"D Te\u2019eni","year":"2023","unstructured":"Te\u2019eni, D., Zagalsky, A., Yahav, I., et al.: Reciprocal human-machine learning: A theory and an instantiation for the case of message classification. Manag. Sci. (2023). https:\/\/doi.org\/10.1287\/mnsc.2022.03518","journal-title":"Manag. Sci."},{"issue":"CSCW1","key":"1004_CR40","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3512905","volume":"6","author":"JY Jung","year":"2022","unstructured":"Jung, J.Y., Steinberger, T., King, J.L., Ackerman, M.S.: How domain experts work with data: Situating data science in the practices and settings of craftwork. Proc. ACM Human Comput. Interac. 6(CSCW1), 1\u201329 (2022). https:\/\/doi.org\/10.1145\/3512905","journal-title":"Proc. ACM Human Comput. Interac."},{"key":"1004_CR41","doi-asserted-by":"publisher","unstructured":"Patton, D.U., Frey, W.R., McGregor, K.A. et al.: Contextual analysis of social media: The promise and challenge of eliciting context in social media posts with Natural Language Processing. Proceedings of the AAAI\/ACM Conference on AI, Ethics, and Society. New York, NY, USA: Association for Computing Machinery, 337\u201342 (2020) https:\/\/doi.org\/10.1145\/3375627.3375841","DOI":"10.1145\/3375627.3375841"},{"key":"1004_CR42","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1177\/0894439318788314","volume":"38","author":"WR Frey","year":"2020","unstructured":"Frey, W.R., Patton, D.U., Gaskell, M.B., et al.: Artificial Intelligence and inclusion: Formerly gang-involved youth as domain experts for analyzing unstructured Twitter data. Soc. Sci. Comput. Rev. 38, 42\u201356 (2020). https:\/\/doi.org\/10.1177\/0894439318788314","journal-title":"Soc. Sci. Comput. Rev."},{"key":"1004_CR43","doi-asserted-by":"publisher","first-page":"1307","DOI":"10.1080\/10447318.2021.2002040","volume":"38","author":"P Kumar","year":"2022","unstructured":"Kumar, P., Sharma, M.: Data, machine learning, and human domain experts: None is better than their collaboration. Int. J. Human Comput. Interact 38, 1307\u20131320 (2022). https:\/\/doi.org\/10.1080\/10447318.2021.2002040","journal-title":"Int. J. Human Comput. Interact"},{"key":"1004_CR44","doi-asserted-by":"publisher","unstructured":"Schreier, M.: Qualitative content analysis. In: Flick, U (ed). The SAGE Handbook of Qualitative Data Analysis. Los Angeles: SAGE, 170\u201383 (2014). https:\/\/doi.org\/10.4135\/9781446282243","DOI":"10.4135\/9781446282243"},{"key":"1004_CR45","doi-asserted-by":"publisher","unstructured":"Grbich, C.: Qualitative data analysis: An introduction. 2nd ed. London\u202f; Thousand Oaks, Calif: SAGE Publications. Kindle Edition, (2013). https:\/\/doi.org\/10.4135\/9781529799606","DOI":"10.4135\/9781529799606"},{"key":"1004_CR46","unstructured":"Digital Shadows Report: Competitions on English-Language Cybercriminal Forums. Security (2020)"},{"key":"1004_CR47","doi-asserted-by":"publisher","unstructured":"Silverman, G., Te\u2019eni, D., Schwartz, D.G. et al.: A hybrid mixed methods design of qualitative enhancement and reciprocal feedback loop for augmented text classification. Qual Quant (2025). https:\/\/doi.org\/10.1007\/s11135-025-02108-8","DOI":"10.1007\/s11135-025-02108-8"},{"key":"1004_CR48","doi-asserted-by":"publisher","unstructured":"Brodersen, K.H., Ong, C.S., Stephan, K.E., Buhmann, J.M. (2010). The balanced accuracy and its posterior distribution. In:\u00a02010 20th International Conference on pattern recognition, August 2010\u00a0(pp. 3121\u20133124). IEEE. https:\/\/doi.org\/10.1109\/ICPR.2010.764","DOI":"10.1109\/ICPR.2010.764"},{"issue":"4","key":"1004_CR49","doi-asserted-by":"publisher","first-page":"ar39","DOI":"10.1187\/cbe.15-06-0138","volume":"14","author":"JE Dowd","year":"2015","unstructured":"Dowd, J.E., Duncan, T., Reynolds, J.A.: Concept maps for improved science reasoning and writing: Complexity isn\u2019t everything. CBE\u2014Life Sci. Educ. 14(4), ar39 (2015). https:\/\/doi.org\/10.1187\/cbe.15-06-0138","journal-title":"CBE\u2014Life Sci. Educ."},{"key":"1004_CR50","unstructured":"Department of the Navy. Operations Security (OPSEC\u2014NTTP 3\u201313.3M, MCTP 3\u201332B., (2017)"},{"key":"1004_CR51","unstructured":"Garc\u00eda, S., Erquiaga, M.J., Shirokova, A.: Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error. VirusBulletin (2019)"},{"key":"1004_CR52","unstructured":"Wilhoit, K., Opacki, J.: Chapter 5: Operational Security (OPSEC). Operationalizing Threat Intelligence\u202f: A guide to developing and operationalizing cyber threat intelligence programs. (2022)"},{"key":"1004_CR53","first-page":"9","volume":"103","author":"Z Kronisch","year":"2019","unstructured":"Kronisch, Z.: Operational security erodes in social media age. Nat. Def. 103, 9 (2019)","journal-title":"Nat. Def."},{"key":"1004_CR54","doi-asserted-by":"publisher","first-page":"785","DOI":"10.1177\/0022002710393919","volume":"55","author":"S Helfstein","year":"2011","unstructured":"Helfstein, S., Wright, D.: Covert or convenient? Evolution of terror attack networks. J. Confl. Resolut. 55, 785\u2013813 (2011). https:\/\/doi.org\/10.1177\/0022002710393919","journal-title":"J. Confl. Resolut."},{"key":"1004_CR55","doi-asserted-by":"publisher","first-page":"667","DOI":"10.1080\/10304312.2021.1983251","volume":"35","author":"RW Gehl","year":"2021","unstructured":"Gehl, R.W.: Dark web advertising: The dark magic system on Tor hidden service search engines. Continuum 35, 667\u2013678 (2021). https:\/\/doi.org\/10.1080\/10304312.2021.1983251","journal-title":"Continuum"},{"key":"1004_CR56","doi-asserted-by":"publisher","first-page":"tyab003","DOI":"10.1093\/cybsec\/tyab003","volume":"7","author":"JK Haner","year":"2021","unstructured":"Haner, J.K., Knake, R.K.: Breaking botnets: A quantitative analysis of individual, technical, isolationist, and multilateral approaches to cybersecurity. J. Cybersecur. 7, tyab003 (2021). https:\/\/doi.org\/10.1093\/cybsec\/tyab003","journal-title":"J. Cybersecur."},{"key":"1004_CR57","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1108\/09685220310500117","volume":"11","author":"HL Armstrong","year":"2003","unstructured":"Armstrong, H.L., Forde, P.J.: Internet anonymity practices in computer crime. Inf. Manag. Comput. Secur. 11, 209\u2013215 (2003). https:\/\/doi.org\/10.1108\/09685220310500117","journal-title":"Inf. Manag. Comput. Secur."},{"key":"1004_CR58","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1093\/cybsec\/tyab001","volume":"7","author":"AF Brantly","year":"2021","unstructured":"Brantly, A.F.: Risk and uncertainty can be analyzed in cyberspace. J Cybersecur. 7, 1\u201312 (2021). https:\/\/doi.org\/10.1093\/cybsec\/tyab001","journal-title":"J Cybersecur."},{"key":"1004_CR59","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1177\/0163443719842074","volume":"41","author":"T Sard\u00e1","year":"2019","unstructured":"Sard\u00e1, T., Natale, S., Sotirakopoulos, N., et al.: Understanding online anonymity. Med. Cult. Soc. 41, 557\u2013564 (2019). https:\/\/doi.org\/10.1177\/0163443719842074","journal-title":"Med. Cult. Soc."},{"key":"1004_CR60","doi-asserted-by":"publisher","first-page":"019","DOI":"10.1093\/cybsec\/tyab019","volume":"7","author":"KLG Snider","year":"2021","unstructured":"Snider, K.L.G., Shandler, R., Zandani, S., et al.: Cyberattacks, cyber threats, and attitudes toward cybersecurity policies. J. Cybersecur. 7, 019 (2021). https:\/\/doi.org\/10.1093\/cybsec\/tyab019","journal-title":"J. Cybersecur."},{"key":"1004_CR61","unstructured":"Fruhlinger, J.: Opsec examples: 6 spectacular operational security failures. CSO Online (2021)"},{"key":"1004_CR62","unstructured":"Scroxton, A.: Incompetent cyber criminals leak data in opsec failure. Comput Wkly (2021)"},{"key":"1004_CR63","unstructured":"Bodeau, D.J., McCollum, C.D., Fox, DB.: Cyber Threat Modeling: Survey, assessment, and representative framework. Homeland Security Systems Engineering and Development Institute (HSSEDI). The MITRE Corporation, (2018)"},{"key":"1004_CR64","doi-asserted-by":"publisher","DOI":"10.21827\/5a86a843e5c9d","author":"ED Busser","year":"2014","unstructured":"Busser, E.D.: Open source data and criminal investigations: Anything you publish can and will be used against you. Groningen J. Int. Law (2014). https:\/\/doi.org\/10.21827\/5a86a843e5c9d","journal-title":"Groningen J. Int. Law"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01004-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01004-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01004-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T08:03:37Z","timestamp":1743321817000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01004-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3,18]]},"references-count":64,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,4]]}},"alternative-id":["1004"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01004-4","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,3,18]]},"assertion":[{"value":"22 February 2025","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 March 2025","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"All authors certify that they have no affiliations with or involvement in any organization or entity with any financial interest or non-financial interest in the subject matter or materials discussed in this manuscript.The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"99"}}