{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T17:59:45Z","timestamp":1775066385056,"version":"3.50.1"},"reference-count":47,"publisher":"MDPI AG","issue":"14","license":[{"start":{"date-parts":[[2025,7,9]],"date-time":"2025-07-09T00:00:00Z","timestamp":1752019200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European funds provided to Portugal by the Recovery and Resilience Plan (RRP)","award":["n.\u00ba 02\/C05-i01.01\/2022.PC646908627-00000069"],"award-info":[{"award-number":["n.\u00ba 02\/C05-i01.01\/2022.PC646908627-00000069"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Cyber threat intelligence (CTI) has become critical in enhancing cybersecurity measures across various sectors. This systematic review aims to synthesize the current literature on the effectiveness of CTI strategies in mitigating cyber attacks, identify the most effective tools and methodologies for threat detection and prevention, and highlight the limitations of current approaches. An extensive search of academic databases was conducted following the PRISMA guidelines, including 43 relevant studies. This number reflects a rigorous selection process based on defined inclusion, exclusion, and quality criteria and is consistent with the scope of similar systematic reviews in the field of cyber threat intelligence. This review concludes that while CTI significantly improves the ability to predict and prevent cyber threats, challenges such as data standardization, privacy concerns, and trust between organizations persist. It also underscores the necessity of continuously improving CTI practices by leveraging the integration of advanced technologies and creating enhanced collaboration frameworks. These advancements are essential for developing a robust and adaptive cybersecurity posture capable of responding to an evolving threat landscape, ultimately contributing to a more secure digital environment for all sectors. Overall, the review provides practical reflections on the current state of CTI and suggests future research directions to strengthen and improve CTI\u2019s effectiveness.<\/jats:p>","DOI":"10.3390\/s25144272","type":"journal-article","created":{"date-parts":[[2025,7,11]],"date-time":"2025-07-11T10:26:53Z","timestamp":1752229613000},"page":"4272","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["A Systematic Review of Cyber Threat Intelligence: The Effectiveness of Technologies, Strategies, and Collaborations in Combating Modern Threats"],"prefix":"10.3390","volume":"25","author":[{"given":"Pedro","family":"Santos","sequence":"first","affiliation":[{"name":"Department of Engineering, School of Sciences and Technology, University of Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-3415-2773","authenticated-orcid":false,"given":"Rafael","family":"Abreu","sequence":"additional","affiliation":[{"name":"Department of Engineering, School of Sciences and Technology, University of Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8872-5721","authenticated-orcid":false,"given":"Manuel J. C. S.","family":"Reis","sequence":"additional","affiliation":[{"name":"Engineering Department, Institute of Electronics and Informatics Engineering of Aveiro (IEETA), University of Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4632-9664","authenticated-orcid":false,"given":"Carlos","family":"Ser\u00f4dio","sequence":"additional","affiliation":[{"name":"Department of Engineering, School of Sciences and Technology, University of Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"},{"name":"Algoritmi Center, University of Minho, 4710-057 Braga, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8434-4887","authenticated-orcid":false,"given":"Frederico","family":"Branco","sequence":"additional","affiliation":[{"name":"Department of Engineering, School of Sciences and Technology, University of Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"},{"name":"INESC TEC-Institute for Systems and Computer Engineering, Technology and Science, Rua Dr. Roberto Frias, 4200-465 Porto, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2025,7,9]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","article-title":"A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection","volume":"18","author":"Buczak","year":"2016","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"10127","DOI":"10.1109\/ACCESS.2018.2890507","article-title":"Blockchain for AI: Review and Open Research Challenges","volume":"7","author":"Salah","year":"2019","journal-title":"IEEE Access"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"212","DOI":"10.1016\/j.cose.2017.09.001","article-title":"A survey on technical threat intelligence in the age of sophisticated cyber attacks","volume":"72","author":"Tounsi","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Saeed, S., Suayyid, S.A., Al-Ghamdi, M.S., Al-Muhaisen, H., and Almuhaideb, A.M. (2023). A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience. Sensors, 23.","DOI":"10.3390\/s23167273"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Chatziamanetoglou, D., and Rantos, K. (2024). Cyber Threat Intelligence on Blockchain: A Systematic Literature Review. Computers, 13.","DOI":"10.3390\/computers13030060"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"103371","DOI":"10.1016\/j.cose.2023.103371","article-title":"A framework for threat intelligence extraction and fusion","volume":"132","author":"Guo","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Gao, P., Shao, F., Liu, X., Xiao, X., Qin, Z., Xu, F., Mittal, P., Kulkarni, S.R., and Song, D. (2021, January 19\u201322). Enabling Efficient Cyber Threat Hunting with Cyber Threat Intelligence. Proceedings of the 2021 IEEE 37th International Conference on Data Engineering (ICDE), Chania, Greece.","DOI":"10.1109\/ICDE51399.2021.00024"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"El Jaouhari, S., and Etiabi, Y. (2023, January 7\u201310). FedCTI: Federated Learning and Cyber Threat Intelligence on the Edge for secure IoT Networks. Proceedings of the International Conference on the Internet of Things, Nagoya, Japan.","DOI":"10.1145\/3627050.3627064"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"100823","DOI":"10.1109\/ACCESS.2023.3315121","article-title":"Exploiting TTP Co-Occurrence via GloVe-Based Embedding with MITRE ATT&CK Framework","volume":"11","author":"Shin","year":"2023","journal-title":"IEEE Access"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"110","DOI":"10.1016\/j.iotcps.2023.09.003","article-title":"Deep learning for cyber threat detection in IoT networks: A review","volume":"4","author":"Aldhaheri","year":"2024","journal-title":"Internet Things Cyber-Phys. Syst."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Alam, M.T., Bhusal, D., Park, Y., and Rastogi, N. (2023, January 16\u201318). Looking Beyond IoCs: Automatically Extracting Attack Patterns from External CTI. Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, Hong Kong, China.","DOI":"10.1145\/3607199.3607208"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"227","DOI":"10.1016\/j.future.2019.02.013","article-title":"A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise","volume":"96","author":"Noor","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"517","DOI":"10.1016\/j.future.2020.10.006","article-title":"Predictive methods in cyber defense: Current experience and research challenges","volume":"115","author":"Sokol","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"108261","DOI":"10.1016\/j.compeleceng.2022.108261","article-title":"Advanced Persistent Threat intelligent profiling technique: A survey","volume":"103","author":"Tang","year":"2022","journal-title":"Comput. Electr. Eng."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"103445","DOI":"10.1016\/j.cose.2023.103445","article-title":"A performance overview of machine learning-based defense strategies for advanced persistent threats in industrial control systems","volume":"134","author":"Imran","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"101804","DOI":"10.1016\/j.inffus.2023.101804","article-title":"Artificial intelligence for cybersecurity: Literature review and future research directions","volume":"97","author":"Kaur","year":"2023","journal-title":"Inf. Fusion"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Kante, M., Sharma, V., and Gupta, K. (2023, January 1\u20132). Mitigating Ransomware Attacks through Cyber Threat Intelligence and Machine Learning: Survey. Proceedings of the 2023 International Conference on Research Methodologies in Knowledge Management, Artificial Intelligence and Telecommunication Engineering (RMKMATE), Chennai, India.","DOI":"10.1109\/RMKMATE59243.2023.10369007"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1016\/j.future.2018.07.045","article-title":"Deep Dive into Ransomware Threat Hunting and Intelligence at Fog Layer","volume":"90","author":"Homayoun","year":"2018","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"84440","DOI":"10.1109\/ACCESS.2023.3299604","article-title":"Enhancing Cyber Threat Identification in Open-Source Intelligence Feeds Through an Improved Semi-Supervised Generative Adversarial Learning Approach with Contrastive Learning","volume":"11","author":"Cherqi","year":"2023","journal-title":"IEEE Access"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Pour, M.S., and Bou-Harb, E. (2018, January 20\u201324). Implications of Theoretic Derivations on Empirical Passive Measurements for Effective Cyber Threat Intelligence Generation. Proceedings of the 2018 IEEE International Conference on Communications (ICC), Kansas City, MO, USA.","DOI":"10.1109\/ICC.2018.8422720"},{"key":"ref_21","first-page":"53","article-title":"Malware Cyber Threat Intelligence System for Internet of Things (IoT) Using Machine Learning","volume":"13","author":"Xiao","year":"2023","journal-title":"J. Cyber Secur. Mobil."},{"key":"ref_22","first-page":"776","article-title":"Open Source Intelligence for Malicious Behavior Discovery and Interpretation","volume":"19","author":"Huang","year":"2021","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Chang, Y., Wang, G., Zhu, P., He, J., and Kong, L. (2023, January 13\u201315). Research on Unified Cyber Threat Intelligence Entity Recognition Method Based on Multiple Features. Proceedings of the 2023 4th International Conference on Computers and Artificial Intelligence Technology (CAIT), Macau, Macao.","DOI":"10.1109\/CAIT59945.2023.10469250"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Zhang, K., Chen, X., Jing, Y., Wang, S., and Tang, L. (2022, January 8\u201310). Survey of Research on Named Entity Recognition in Cyber Threat Intelligence. Proceedings of the 2022 IEEE 7th International Conference on Smart Cloud (SmartCloud), Shanghai, China.","DOI":"10.1109\/SmartCloud55982.2022.00017"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Park, Y., and You, W. (2023, January 6\u201310). A Pretrained Language Model for Cyber Threat Intelligence. Proceedings of the 2023 Conference on Empirical Methods in Natural Language Processing: Industry Track, Singapore.","DOI":"10.18653\/v1\/2023.emnlp-industry.12"},{"key":"ref_26","unstructured":"Trifonov, R., Nakov, O., Manolov, S., Tsochev, G., and Pavlova, G. (2025, January 01). New Approaches to the Investigations and Classification of Cyber Threats Challenged by the Application of Artificial Intelligence Methods. Available online: https:\/\/ceur-ws.org\/Vol-2656\/paper8.pdf."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Gao, P., Liu, X., Choi, E., Soman, B., Mishra, C., Farris, K., and Song, D. (2021, January 20\u201325). A System for Automated Open-Source Threat Intelligence Gathering and Management. Proceedings of the 2021 International Conference on Management of Data, Virtual Event, China.","DOI":"10.1145\/3448016.3452745"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Nguyen, K., Pal, S., Jadidi, Z., Dorri, A., and Jurdak, R. (2022, January 21\u201325). A Blockchain-Enabled Incentivised Framework for Cyber Threat Intelligence Sharing in ICS. Proceedings of the 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), Pisa, Italy.","DOI":"10.1109\/PerComWorkshops53856.2022.9767226"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Daou, A.K., Li, F., and Shiaeles, S. (August, January 31). A Cost-Efficient Threat Intelligence Platform Powered by Crowdsourced OSINT. Proceedings of the 2023 IEEE International Conference on Cyber Security and Resilience (CSR), Venice, Italy.","DOI":"10.1109\/CSR57506.2023.10225008"},{"key":"ref_30","first-page":"7760509","article-title":"A Reputation-Based Approach Using Consortium Blockchain for Cyber Threat Intelligence Sharing","volume":"2022","author":"Zhang","year":"2022","journal-title":"Sec. Commun. Netw."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"9634507","DOI":"10.1155\/2018\/9634507","article-title":"A Novel Trust Taxonomy for Shared Cyber Threat Intelligence","volume":"2018","author":"Wagner","year":"2018","journal-title":"Secur. Commun. Netw."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"439","DOI":"10.1109\/TBDATA.2017.2723398","article-title":"Big Data Sanitization and Cyber Situational Awareness: A Network Telescope Perspective","volume":"5","author":"Husak","year":"2019","journal-title":"IEEE Trans. Big Data"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Van Kranenburg, R., Bohara, R., Yahalom, R., and Ross, M. (August, January 31). Cyber Resilience, Societal Situational Awareness for SME. Proceedings of the 2023 IEEE International Conference on Cyber Security and Resilience (CSR), Venice, Italy.","DOI":"10.1109\/CSR57506.2023.10225011"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Bandara, E., Shetty, S., Mukkamala, R., Rahaman, A., and Liang, X. (2022, January 18\u201320). LUUNU\u2014Blockchain, MISP, Model Cards and Federated Learning Enabled Cyber Threat Intelligence Sharing Platform. Proceedings of the 2022 Annual Modeling and Simulation Conference (ANNSIM), San Diego, CA, USA.","DOI":"10.23919\/ANNSIM55834.2022.9859355"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Pahlevan, M., Voulkidis, A., and Velivassaki, T.-H. (2021, January 17\u201320). Secure exchange of cyber threat intelligence using TAXII and distributed ledger technologies\u2014Application for electrical power and energy system. Proceedings of the 16th International Conference on Availability, Reliability and Security, Vienna, Austria.","DOI":"10.1145\/3465481.3470476"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"140","DOI":"10.3390\/jcp1010008","article-title":"Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence","volume":"1","author":"Preuveneers","year":"2021","journal-title":"J. Cybersecur. Priv."},{"key":"ref_37","first-page":"473","article-title":"A Novel Approach to Cyber Hazard Management Intelligence System","volume":"7","year":"2018","journal-title":"Int. J. Eng. Technol."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"3187205","DOI":"10.1155\/2021\/3187205","article-title":"Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era","volume":"2021","author":"Iakovakis","year":"2021","journal-title":"Secur. Commun. Netw."},{"key":"ref_39","first-page":"1","article-title":"Cyber Threat Hunting Case Study using MISP","volume":"13","author":"Ammi","year":"2023","journal-title":"J. Internet Serv. Inf. Secur."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"2775249","DOI":"10.1155\/2022\/2775249","article-title":"Healthcare Security Incident Response Strategy\u2014A Proactive Incident Response (IR) Procedure","volume":"2022","author":"He","year":"2022","journal-title":"Secur. Commun. Netw."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1016\/j.jpdc.2018.10.006","article-title":"Towards augmented proactive cyberthreat intelligence","volume":"124","author":"Khan","year":"2019","journal-title":"J. Parallel Distrib. Comput."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Wang, J., Yan, T., An, D., Liang, Z., Guo, C., Hu, H., Luo, Q., Li, H., Wang, H., and Zeng, S. (2021, January 22\u201326). A comprehensive security operation center based on big data analytics and threat intelligence. Proceedings of the International Symposium on Grids & Clouds 2021\u2014PoS(ISGC2021), Taipei, Taiwan. Available online: https:\/\/pos.sissa.it\/378\/028\/pdf.","DOI":"10.22323\/1.378.0028"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"279","DOI":"10.1007\/978-3-030-33846-6_32","article-title":"Hacker Forum Exploit and Classification for Proactive Cyber Threat Intelligence","volume":"Volume 98","author":"Smys","year":"2020","journal-title":"Inventive Computation Technologies"},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"92","DOI":"10.1007\/978-3-030-66504-3_6","article-title":"Risk Assessment of Sharing Cyber Threat Intelligence","volume":"Volume 12580","author":"Boureanu","year":"2020","journal-title":"Computer Security"},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"e05969","DOI":"10.1016\/j.heliyon.2021.e05969","article-title":"A review of threat modelling approaches for APT-style attacks","volume":"7","author":"Tatam","year":"2021","journal-title":"Heliyon"},{"key":"ref_46","first-page":"1302999","article-title":"Threats from the Dark: A Review over Dark Web Investigation Research for Cyber Threat Intelligence","volume":"2021","author":"Basheer","year":"2021","journal-title":"J. Comput. Netw. Commun."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"122697","DOI":"10.1016\/j.eswa.2023.122697","article-title":"Cybersecurity threats in FinTech: A systematic review","volume":"241","author":"Javaheri","year":"2024","journal-title":"Expert Syst. Appl."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/25\/14\/4272\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:07:14Z","timestamp":1760033234000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/25\/14\/4272"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,9]]},"references-count":47,"journal-issue":{"issue":"14","published-online":{"date-parts":[[2025,7]]}},"alternative-id":["s25144272"],"URL":"https:\/\/doi.org\/10.3390\/s25144272","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,7,9]]}}}