⚠ Official Notice: www.ijisrt.com is the official website of the International Journal of Innovative Science and Research Technology (IJISRT) Journal for research paper submission and publication. Please beware of fake or duplicate websites using the IJISRT name.



Integration of Cyber Threat Intelligence and machine Learning for Phishing Detection: A Review


Authors : Aishabanu Multani; Santosh Saha

Volume/Issue : Volume 11 - 2026, Issue 5 - May

Google Scholar : https://tinyurl.com/44p8cfru

Scribd : https://tinyurl.com/j8tz43yp

DOI : https://doi.org/10.38124/ijisrt/26May787

PlumX Metrics

Semantic Scholar

ResearchGate

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : The dynamic change in the nature of various cyber threats, especially the threat of phishing, has identified the limitations of traditional security solutions such as rule-based systems, signature-based systems, etc. Cyber Threat Intelligence has emerged as an effective security practice that provides contextual information on threat actors, techniques, etc., whereas Machine Learning has also emerged as an effective security practice that offers solutions to automated threat detection using data analysis patterns. Although both of these security practices have immense potential, the integration of both has not yet been explored, as seen in the existing literature on the integration of both security practices to offer effective security solutions, especially against the threat of phishing. This paper has been designed to offer an extensive review of the existing literature on the integration of Cyber Threat Intelligence, Machine Learning, and security solutions, especially against the threat of phishing, as seen in the literature from 2016 to 2025.On the other hand, the comparative analysis of the challenges identifies the need to address the issue of unstructured sources of intelligence, the problem of limited interoperability, the issue of scalability, the problem of lack of explainability, and the problem of insufficient validation of the solutions in the real world. Moreover, the current models of phishing detection, despite their high benchmark accuracy, have limitations related to their adaptability, multilinguality, and adversarial robustness. With the identified research gaps, this review highlights the importance of developing semantically enriched CTI solutions, knowledge graph-based solutions, Large Language Model-based solutions, and adaptive learning-based solutions to facilitate the development of explainable and real-time solutions to the problem of cybersecurity.

Keywords : Cyber Security, Cyber Threat Intelligence(CTI), Machine Learning, NLP/LLMs, Phishing detection, threat detection

References :

  1. A. Trivedi, R. Gupta, and K. Jangal, "Cyber Threat Intelligence Research Paper," Arabian Agricultural Services Company (ARASCO), Tech. Rep., Aug. 2024.
  2. A. Aljuhami, “Cyber Threat Intelligence in Risk Management: A Comprehensive Survey,” Computers & Security, vol. 105, pp. 1–12, 2021
  3. R. Samtani, R. Chinn, and H. Chen, “AZSecure Hacker Assets Portal: A Cyber Threat Intelligence and Malware Analysis Platform,” IEEE Intelligence and Security Informatics (ISI), pp. 1–6, 2016.
  4. R. Rastogi and R. Dutta, “MALOnt: An Ontology for Malware Threat Intelligence Representation,” Journal of Information Warfare, vol. 19, no. 4, pp. 45–58, 2020.
  5. M. Peng Gao, “Enabling Efficient Threat Hunting with CTI (THREATRAPTOR) Using NLP and TBQL Queries,” IEEE Access, vol. 9, pp. 108732–108745, 2021.
  6. D. Ejaz, S. Siddiqui, and F. Irshad, “Visualizing Interesting Patterns in Cyber Threat Intelligence Reports Using Machine Learning,” Procedia Computer Science, vol. 207, pp. 121–130, 2022.
  7. H. Li, T. Zhang, and X. Liu, “Automatic Construction of Technique Knowledge Graphs from Cyber Threat Intelligence Reports,” Expert Systems with Applications, vol. 204, 2022.
  8. N. Irshad and S. Siddiqui, “Attack2Vec: Threat Actor Profiling through NLP-Based CTI Analysis,” Future Generation Computer Systems, vol. 142, pp. 213–224, 2023.
  9. I. Connolly, “Dark Web Malware Marketplaces: A CTI-Based Web Scraping Study,” Journal of Digital Forensics, Security and Law, vol. 18, no. 4, pp. 45–60, 2023.
  10. M. Mavroeidis and S. Bromander, “Cyber Threat Intelligence Ontologies and Interoperability Standards: A Critical Evaluation,” Computers \& Security, vol. 132, 2023.
  11. M. Lawall and A. Beenken, “Threat-Led Approach to Mitigating Ransomware Using OSINT and SOCMINT,” Journal of Cybersecurity and Digital Trust, vol. 11, no. 1, pp. 23–36, 2024.
  12. H. Rosa, “An Integrated Framework for Monitoring Phishing Campaigns Using CTI and Machine Learning,” Computers \& Security, vol. 143, 2025.
  13. M. Naik and P. Deshpande, “Machine Learning-Based SQL Injection Detection Using XGBoost,” Journal of Information Security and Applications, vol. 71, 2022.
  14. A. Apruzzese, M. Andreolini, L. Ferretti, and M. Marchetti, “Machine Learning for Cybersecurity: A Review and Meta-Analysis,” Computers \& Security, vol. 121, 2022.
  15. E. Dunsina, J. Obafemi, and P. Ezimadu, “Reinforcement Learning for Post-Incident Malware Investigation,” Forensic Science International: Digital Investigation, vol. 48, pp. 1–10, 2025.
  16. S. Alshaikh, L. Alqahtani, and A. Watson, “Understanding the Communication and Adoption of Machine Learning in Cybersecurity,” Computers & Security, vol. 139, 2025.
  17. I. Qiqieh, “An intelligent cyber threat detection: A swarm-optimized machine learning approach,” Alexandria Engineering Journal, 2025.
  18. S.-A. Sadegh-Zadeh, “An unsupervised machine learning approach for cyber threat detection using geographic profiling and Domain Name System data,” Decision Analytics Journal, 2025.
  19. S. B. Shah, “Machine Learning for Cyber Threat Detection and Prevention in Critical Infrastructure,” Journal of Global Research in Electronics and Communication, 2025.
  20. K. I. Nnaka, “AI-powered threat detection: Opportunities and limitations in modern cyber defense,” World Journal of Advanced Research and Reviews, 2025.
  21. A. Dincy R. Arikkat and N. Joseph, “SECTIS: Secure Cyber Threat Intelligence Sharing Using Swarm Learning and Blockchain,” IEEE Transactions on Network and Service Management, vol. 19, no. 5, pp. 5232–5245, 2025.
  22. F. Fieblinger, M. Reichenbach, and A. R. Sadiq, “Integrating Knowledge Graphs and Large Language Models for Cyber Threat Intelligence Automation,” Applied Intelligence, vol. 54, no. 2, pp. 1120–1135, 2024.
  23. R. Rahman, T. Nasir, and H. Chowdhury, “Temporal Attack Pattern Mining Using LLMs and ML Classifiers,” IEEE Access, vol. 13, pp. 20125–20138, 2025.
  24. M. Arazzi, F. Moretti, and C. Piras, “NLP-Based Cyber Threat Intelligence and Relation Extraction Using BERT and GCN,” IEEE Access, vol. 13, pp. 47210–47225, 2025.
  25. M. Alsaedi, F. A. Ghaleb, F. Saeed, J. Ahmad, and M. Alasli, "Cyber Threat Intelligence-Based Malicious URL Detection Model Using Ensemble Learning," Sensors, vol. 22, no. 9, p. 3373, Apr. 2022, doi: 10.3390/s22093373.
  26. I. Naseer, "Machine Learning Applications in Cyber Threat Intelligence: A Comprehensive Review," Asian Bulletin of Big Data Management, vol. 3, no. 2, pp. 190–200, Jan. 2024, doi: 10.62019/abbdm.v3i2.85.
  27. A. Aslam, M. Khan, and N. Hussain, “AntiPhishStack: Phishing URL Detection Using LSTM and XGBoost,” International Journal of Information Security Science, vol. 12, no. 3, pp. 145–158, 2023.
  28. V. van Geest, T. de Koning, and M. van Vliet, “Hybrid Framework for Automated Phishing Detection Using Stacking Models,” Expert Systems with Applications, vol. 237, 2024.
  29. N. Malarvizhi, C. S. Krishna, J. K. Kumar, and P. V. S. Kumar, "Cyber Threat Detection in URLs using Machine Learning," Grenze International Journal of Engineering and Technology, June Issue.
  30. G. S. Nayak, B. Muniyal, and M. C. Belavagi, "Enhancing Phishing Detection: A Machine Learning Approach With Feature Selection and Deep Learning Models," IEEE Access, vol. 13, 2025, doi: 10.1109/ACCESS.2025.3543738.
  31. M. M. Rahman, K. Dhakal, N. Gony, M. K. Shuvra, and M. Rahman, "AI integration in cybersecurity software: Threat detection and response," International Journal of Innovative Research and Scientific Studies, vol. 8, no. 3, pp. 3907–3921, 2025.
  32. A. An, S. Alghamdi, and R. Aljohani, “Multilingual Email Phishing Detection Using Ensemble Machine.
  33. A. An, S. Alghamdi, and R. Aljohani, “Multilingual Email Phishing Detection Using Ensemble Machine Learning,” IEEE Access, vol. 13, pp. 67230–67242, 2025.
  34. K. Lim, A. Rajendran, and L. Tan, “EXPLICATE: Explainable AI for Phishing Detection Using TF-IDF, LIME, and LLM,” Information Sciences, vol. 657, pp. 212–224, 2025.
  35. P. Li, X. Zhang, and Y. Chen, “Reference-Based Phishing Detection for Enterprise Web Systems,” IEEE Transactions on Dependable and Secure Computing, vol. 22, 2025.
  36. D. Saxena, S. Degadwala, and M. Joshi, "Phishing URL Detection Using Machine Learning," International Journal of Scientific Research in Science and Technology, vol. 13, no. 1, pp. 19–25, Jan. 2026, doi: 10.32628/IJSRST2613101.

The dynamic change in the nature of various cyber threats, especially the threat of phishing, has identified the limitations of traditional security solutions such as rule-based systems, signature-based systems, etc. Cyber Threat Intelligence has emerged as an effective security practice that provides contextual information on threat actors, techniques, etc., whereas Machine Learning has also emerged as an effective security practice that offers solutions to automated threat detection using data analysis patterns. Although both of these security practices have immense potential, the integration of both has not yet been explored, as seen in the existing literature on the integration of both security practices to offer effective security solutions, especially against the threat of phishing. This paper has been designed to offer an extensive review of the existing literature on the integration of Cyber Threat Intelligence, Machine Learning, and security solutions, especially against the threat of phishing, as seen in the literature from 2016 to 2025.On the other hand, the comparative analysis of the challenges identifies the need to address the issue of unstructured sources of intelligence, the problem of limited interoperability, the issue of scalability, the problem of lack of explainability, and the problem of insufficient validation of the solutions in the real world. Moreover, the current models of phishing detection, despite their high benchmark accuracy, have limitations related to their adaptability, multilinguality, and adversarial robustness. With the identified research gaps, this review highlights the importance of developing semantically enriched CTI solutions, knowledge graph-based solutions, Large Language Model-based solutions, and adaptive learning-based solutions to facilitate the development of explainable and real-time solutions to the problem of cybersecurity.

Keywords : Cyber Security, Cyber Threat Intelligence(CTI), Machine Learning, NLP/LLMs, Phishing detection, threat detection

Paper Submission Last Date
30 - June - 2026

SUBMIT YOUR PAPER CALL FOR PAPERS
Video Explanation for Published paper

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe