Abstract
This study proposes a human-AI collaboration to model the landscape of cyber threat intelligence (CTI) and use it to detect suspicious communication indicating impending cybersecurity incidents. We show how the collaboration between cybersecurity experts and AI-based text-classification methods develops an understanding of professional hackers and helps detect cybersecurity threats more accurately. The human-AI collaboration rests on a Reciprocal Human–Machine Learning (RHML) model, in which a human expert and a machine interact repeatedly over time and simultaneously continually learn to detect professional hackers. Two cybersecurity experts employed qualitative data analysis and worked with RHML software assistance to classify 6651 messages from an online hackers’ forum. We discovered an improvement, over time, of both the detection accuracy and the experts’ understanding of the threat landscape as represented by their concept maps. In particular, the concept map refers to the hacker’s capabilities, intent, and behaviour to define the threat landscape needed for professional detection, in contrast to amateur hackers. We believe this approach may ultimately lead to a more robust and proactive cybersecurity posture and translate into operational advantages in the field of CTI.
| Original language | English |
|---|---|
| Article number | 99 |
| Journal | International Journal of Information Security |
| Volume | 24 |
| Issue number | 2 |
| DOIs | |
| State | Published - Apr 2025 |
Keywords
- Artificial intelligence (AI)
- Cyber threat intelligence (CTI)
- Machine learning (ML)
- Reciprocal human machine learning (RHML)
- Threat actors reciprocal learning
All Science Journal Classification (ASJC) codes
- Software
- Information Systems
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications