{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T14:24:29Z","timestamp":1780410269099,"version":"3.54.1"},"reference-count":34,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/501100000780","name":"European Commission","doi-asserted-by":"publisher","award":["101190388"],"award-info":[{"award-number":["101190388"]}],"id":[{"id":"10.13039\/501100000780","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100004152","name":"Spine Education and Research Institute","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100004152","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100007352","name":"Swiss State Secretariat for Education Research and Innovation","doi-asserted-by":"publisher","award":["101120684"],"award-info":[{"award-number":["101120684"]}],"id":[{"id":"10.13039\/501100007352","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100007352","name":"Swiss State Secretariat for Education Research and Innovation","doi-asserted-by":"publisher","award":["101120853"],"award-info":[{"award-number":["101120853"]}],"id":[{"id":"10.13039\/501100007352","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100018693","name":"Horizon Europe","doi-asserted-by":"publisher","award":["101120853"],"award-info":[{"award-number":["101120853"]}],"id":[{"id":"10.13039\/100018693","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Future Generation Computer Systems"],"published-print":{"date-parts":[[2026,10]]},"DOI":"10.1016\/j.future.2026.108514","type":"journal-article","created":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T04:59:13Z","timestamp":1776142753000},"page":"108514","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":1,"special_numbering":"C","title":["Enhanced-LLM extraction of CTI from unstructured threat reports. A tough nut to crack or a walk in the park?"],"prefix":"10.1016","volume":"183","author":[{"given":"Konstantina","family":"Psarrou","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8155-1784","authenticated-orcid":false,"given":"Panagiotis","family":"Bountakas","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dimitris","family":"Eleutheriou","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Rafail A.","family":"Ellinitakis","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Konstantinos","family":"Fysarakis","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Alexios","family":"Lekidis","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"George","family":"Spanoudakis","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.future.2026.108514_b1","series-title":"Threat intelligence market size, share & industry analysis","author":"Insights","year":"2025"},{"key":"10.1016\/j.future.2026.108514_b2","series-title":"2022 14th International Conference on Communications","first-page":"1","article-title":"BRIDGE: BRIDGing the gap between CTI production and consumption","author":"Karatisoglou","year":"2022"},{"key":"10.1016\/j.future.2026.108514_b3","series-title":"Identifying the Problems With the Data Analysis Stage of Cyber Threat Intelligence (CTI) Process and Possible Solutions","author":"Bassog","year":"2024"},{"key":"10.1016\/j.future.2026.108514_b4","article-title":"MAD-CTI: Cyber threat intelligence analysis of the dark web using a multi-agent framework","author":"Shah","year":"2025","journal-title":"IEEE Access"},{"key":"10.1016\/j.future.2026.108514_b5","series-title":"Time for action: Automated analysis of cyber threat intelligence in the wild","author":"Siracusano","year":"2023"},{"key":"10.1016\/j.future.2026.108514_b6","series-title":"Artificial intelligence and cybersecurity research","author":"ENISA","year":"2023"},{"key":"10.1016\/j.future.2026.108514_b7","series-title":"IntelEX: A LLM-driven attack-level threat intelligence extraction framework","author":"Xu","year":"2024"},{"key":"10.1016\/j.future.2026.108514_b8","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103999","article-title":"Llm-tikg: Threat intelligence knowledge graph construction utilizing large language model","volume":"145","author":"Hu","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.future.2026.108514_b9","series-title":"2025 IEEE 10th European Symposium on Security and Privacy","first-page":"923","article-title":"CTINexus: Automatic cyber threat intelligence knowledge graph construction using large language models","author":"Cheng","year":"2025"},{"key":"10.1016\/j.future.2026.108514_b10","series-title":"Ctibench: A benchmark for evaluating llms in cyber threat intelligence","author":"Alam","year":"2024"},{"key":"10.1016\/j.future.2026.108514_b11","series-title":"The use of large language models (LLM) for cyber threat intelligence (CTI) in cybercrime forums","author":"Clairoux-Trepanier","year":"2024"},{"key":"10.1016\/j.future.2026.108514_b12","series-title":"Proceedings of the 18th International Conference on Availability, Reliability and Security","article-title":"STIXnet: A novel and modular solution for extracting all STIX objects in CTI reports","author":"Marchiori","year":"2023"},{"key":"10.1016\/j.future.2026.108514_b13","series-title":"2025 IEEE International Conference on Cyber Security and Resilience","first-page":"334","article-title":"CTI-GEN: A framework for generating STIX 2.1 compliant CTI using generative AI","author":"Papoutsis","year":"2025"},{"key":"10.1016\/j.future.2026.108514_b14","series-title":"2024 IEEE International Conference on Cyber Security and Resilience","first-page":"1","article-title":"Uncovering hidden threats: Automated, machine learning-based discovery & extraction of cyber threat intelligence from online sources","author":"Ellinitakis","year":"2024"},{"key":"10.1016\/j.future.2026.108514_b15","first-page":"1","article-title":"Standardizing cyber threat intelligence information with the structured threat information expression (stix)","volume":"11","author":"Barnum","year":"2012","journal-title":"Mitre Corp."},{"key":"10.1016\/j.future.2026.108514_b16","series-title":"Retrieval-augmented generation for large language models: A survey","author":"Gao","year":"2023"},{"key":"10.1016\/j.future.2026.108514_b17","series-title":"gpt-oss-120b & gpt-oss-20b model card","author":"Agarwal","year":"2025"},{"key":"10.1016\/j.future.2026.108514_b18","series-title":"Computer Science On-line Conference","first-page":"15","article-title":"A review of evaluation metrics in machine learning algorithms","author":"Naidu","year":"2023"},{"key":"10.1016\/j.future.2026.108514_b19","article-title":"A cognitive platform for collecting cyber threat intelligence and real-time detection using cloud computing","volume":"14","author":"Balasubramanian","year":"2025","journal-title":"Decis. Anal. J."},{"key":"10.1016\/j.future.2026.108514_b20","series-title":"2024 IEEE European Symposium on Security and Privacy Workshops","first-page":"100","article-title":"Actionable cyber threat intelligence using knowledge graphs and large language models","author":"Fieblinger","year":"2024"},{"key":"10.1016\/j.future.2026.108514_b21","series-title":"2023 IEEE Applied Imagery Pattern Recognition Workshop","first-page":"1","article-title":"Towards a domain-agnostic knowledge graph-as-a-service infrastructure for active cyber defense with intelligent agents","author":"Calyam","year":"2023"},{"key":"10.1016\/j.future.2026.108514_b22","series-title":"ThreatModeling-LLM: Automating threat modeling using large language models for banking system","author":"Yang","year":"2024"},{"key":"10.1016\/j.future.2026.108514_b23","series-title":"Smartbook: Ai-assisted situation report generation for intelligence analysts","author":"Reddy","year":"2023"},{"key":"10.1016\/j.future.2026.108514_b24","doi-asserted-by":"crossref","unstructured":"C.-W. Chiang, Z. Lu, Z. Li, M. Yin, Enhancing AI-Assisted Group Decision Making through LLM-Powered Devil\u2019s Advocate, in: Proceedings of the 29th International Conference on Intelligent User Interfaces, 2024, pp. 103\u2013119.","DOI":"10.1145\/3640543.3645199"},{"key":"10.1016\/j.future.2026.108514_b25","series-title":"AI-driven threat intelligence system (AIDTIS): Leveraging large language models for automated threat research and detection development","author":"Joshua","year":"2025"},{"key":"10.1016\/j.future.2026.108514_b26","series-title":"AI for continuous compliance and policy enforcement in DevOps security frameworks","author":"Bishop","year":"2024"},{"issue":"12","key":"10.1016\/j.future.2026.108514_b27","first-page":"25","article-title":"AI-driven threat detection and response: A paradigm shift in cybersecurity","volume":"7","author":"Yaseen","year":"2023","journal-title":"Int. J. Inf. Cybersecur."},{"issue":"4","key":"10.1016\/j.future.2026.108514_b28","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3696427","article-title":"TTPXHunter: Actionable threat intelligence extraction as TTPs from finished cyber threat reports","volume":"5","author":"Rani","year":"2024","journal-title":"Digit. Threat.: Res. Pr."},{"issue":"1","key":"10.1016\/j.future.2026.108514_b29","first-page":"177","article-title":"Open-source intelligence (OSINT). The way ahead","volume":"12","author":"Ungureanu","year":"2021","journal-title":"J. D\u00e9f. Resour. Manag. (JoDRM)"},{"key":"10.1016\/j.future.2026.108514_b30","series-title":"Industrial IoT: Challenges, Design Principles, Applications, and Security","first-page":"3","article-title":"Industrial networks and iIoT: Now and future trends","author":"Sari","year":"2020"},{"issue":"5","key":"10.1016\/j.future.2026.108514_b31","doi-asserted-by":"crossref","first-page":"3849","DOI":"10.1007\/s10462-020-09942-2","article-title":"Artificial intelligence, cyber-threats and industry 4.0: Challenges and opportunities","volume":"54","author":"B\u00e9cue","year":"2021","journal-title":"Artif. Intell. Rev."},{"key":"10.1016\/j.future.2026.108514_b32","article-title":"NodeXP: Node. js server-side JavaScript injection vulnerability detection and exploitation","volume":"58","author":"Ntantogian","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.future.2026.108514_b33","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2022.103545","article-title":"Helphed: Hybrid ensemble learning phishing email detection","volume":"210","author":"Bountakas","year":"2023","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.future.2026.108514_b34","series-title":"Proceedings of the 19th International Conference on Availability, Reliability and Security","article-title":"SYNAPSE-an integrated cyber security risk & resilience management platform","author":"Bountakas","year":"2024"}],"container-title":["Future Generation Computer Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167739X26001482?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167739X26001482?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T13:45:25Z","timestamp":1780407925000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167739X26001482"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,10]]},"references-count":34,"alternative-id":["S0167739X26001482"],"URL":"https:\/\/doi.org\/10.1016\/j.future.2026.108514","relation":{},"ISSN":["0167-739X"],"issn-type":[{"value":"0167-739X","type":"print"}],"subject":[],"published":{"date-parts":[[2026,10]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Enhanced-LLM extraction of CTI from unstructured threat reports. A tough nut to crack or a walk in the park?","name":"articletitle","label":"Article Title"},{"value":"Future Generation Computer Systems","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.future.2026.108514","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier B.V. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"108514"}}