International Journal of

ADVANCED AND APPLIED SCIENCES

EISSN: 2313-3724, Print ISSN: 2313-626X

Frequency: 12

line decor
  
line decor

 Volume 12, Issue 11 (November 2025), Pages: 1-11

----------------------------------------------

 Original Research Paper

A cyber threat intelligence model using MISP and machine learning in a SOC environment

 Author(s): 

 Asia Othman Aljahdali *

 Affiliation(s):

 Cybersecurity Department, College of Computer Science and Engineering, University of Jeddah, Jeddah, Saudi Arabia

 Full text

    Full Text - PDF

 * Corresponding Author. 

   Corresponding author's ORCID profile:  https://orcid.org/0000-0002-9013-9465

 Digital Object Identifier (DOI)

  https://doi.org/10.21833/ijaas.2025.11.001

 Abstract

Information and communication technology (ICT) has become a major global driver, but it also exposes organizations to frequent cyber threats, making asset protection increasingly difficult. Cyber threat intelligence (CTI) is essential for improving cybersecurity, especially when integrated into a security operations center (SOC) for real-time threat monitoring and analysis. This study proposes a real-time CTI framework within a SOC environment, hosted on Linode, which integrates the Malware Information Sharing Platform (MISP) and a Security Information and Event Management (SIEM) system to collect indicators of compromise (IoCs). The framework uses machine learning to detect fraud in mobile money transactions such as cash-in, cash-out, debit, payment, and transfer. Fraudulent activity often involves the use of stolen identity information for unauthorized transactions. The system generates detailed alert reports and provides predictive insights into potential threats, helping organizations strengthen user trust and protect their reputation. Experimental results using financial datasets show high performance: logistic regression achieved 98.83% accuracy, while the random forest model reached a test accuracy of 95.86% and cross-validation accuracy of 95.76%. The F1-score was 0.9586, and the ROC-AUC score was 0.9923, indicating strong classification capability.

 © 2025 The Authors. Published by IASE.

 This is an open access article under the CC BY-NC-ND license ( http://creativecommons.org/licenses/by-nc-nd/4.0/).

 Keywords

 Cyber threat intelligence, Security operations center, Machine learning, Fraud detection, Mobile transactions

 Article history

 Received 5 April 2025, Received in revised form 11 September 2025, Accepted 7 October 2025

 Data availability

The datasets analyzed during the current study are available in Kaggle  https://www.kaggle.com/datasets/sriharshaeedala/financial-fraud-detection-dataset/data and  https://www.kaggle.com/datasets/ismetsemedov/transactions.

 Acknowledgment

No Acknowledgment. 

 Compliance with ethical standards

 Conflict of interest: The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

 Citation:

 Aljahdali AO (2025). A cyber threat intelligence model using MISP and machine learning in a SOC environment. International Journal of Advanced and Applied Sciences, 12(11): 1-11

  Permanent Link to this page

 Figures

  Fig. 1  Fig. 2  Fig. 3  Fig. 4  Fig. 5  Fig. 6  Fig. 7  Fig. 8 

 Tables

  Table 1  Table 2  Table 3  Table 4  Table 5

----------------------------------------------   

 References (26)

  1. Ainslie S, Thompson D, Maynard S, and Ahmad A (2023). Cyber-threat intelligence for security decision-making: A review and research agenda for practice. Computers & Security, 132: 103352.  https://doi.org/10.1016/j.cose.2023.103352    [Google Scholar]
  2. Aljuhami AM and Bamasoud DM (2021). Cyber threat intelligence in risk management. International Journal of Advanced Computer Science and Applications, 12(10): 156-164.  https://doi.org/10.14569/IJACSA.2021.0121018    [Google Scholar]
  3. Angra S and Ahuja S (2017). Machine learning and its applications: A review. In the International Conference on Big Data Analytics and Computational Intelligence (ICBDAC), IEEE, Chirala, India: 57-60.  https://doi.org/10.1109/ICBDACI.2017.8070809    [Google Scholar]
  4. Bandara E, Liang X, Foytik P, and Shetty S (2021). Blockchain and self-sovereign identity empowered cyber threat information sharing platform. In the IEEE International Conference on Smart Computing (SMARTCOMP), IEEE, Irvine, USA: 258-263.  https://doi.org/10.1109/SMARTCOMP52413.2021.00057    [Google Scholar]
  5. Barik K, Misra S, and Fernandez-Sanz L (2024). Adversarial attack detection framework based on optimized weighted conditional stepwise adversarial network. International Journal of Information Security, 23: 2353-2376.  https://doi.org/10.1007/s10207-024-00844-w    [Google Scholar]
  6. Barik K, Misra S, Konar K, Fernandez-Sanz L, and Koyuncu M (2022). Cybersecurity deep: Approaches, attacks dataset, and comparative study. Applied Artificial Intelligence, 36(1): 2055399.  https://doi.org/10.1080/08839514.2022.2055399    [Google Scholar]
  7. Chen CM, Syu GH, and Cai ZX (2020). Analyzing system log based on machine learning model. International Journal of Network Security, 22(6): 925-933.    [Google Scholar]
  8. Conti M, Dargahi T, and Dehghantanha A (2018). Cyber threat intelligence: Challenges and opportunities. In: Dehghantanha A, Conti M, and Dargahi T (Eds.), Cyber threat intelligence. Advances in information security, 70: 1-6. Springer, Cham, Switzerland.  https://doi.org/10.1007/978-3-319-73951-9_1    [Google Scholar]
  9. Czekster RM, Metere R, and Morisset C (2022). cyberaCTIve: A STIX-based tool for cyber threat intelligence in complex models. Arxiv Preprint Arxiv:2204.03676.  https://doi.org/10.48550/arXiv.2204.03676    [Google Scholar]
  10. Dekker M and Alevizos L (2024). A threat‐intelligence driven methodology to incorporate uncertainty in cyber risk analysis and enhance decision‐making. Security and Privacy, 7(1): e333.  https://doi.org/10.1002/spy2.333    [Google Scholar]
  11. Gao Y, Li X, Peng H, Fang B, and Yu PS (2020). HinCTI: A cyber threat intelligence modeling and identification system based on heterogeneous information network. IEEE Transactions on Knowledge and Data Engineering, 34(2): 708-722.  https://doi.org/10.1109/TKDE.2020.2987019    [Google Scholar]
  12. Ghazi Y, Anwar Z, Mumtaz R, Saleem S, and Tahir A (2018). A supervised machine learning based approach for automatically extracting high-level threat intelligence from unstructured sources. In the International Conference on Frontiers of Information Technology (FIT), IEEE, Islamabad, Pakistan: 129-134.  https://doi.org/10.1109/FIT.2018.00030    [Google Scholar]
  13. Karatisoglou M (2022). CTI sharing optimizations and automating threat detection based on actionable intelligence. M.Sc. Thesis, University of Piraeus, University of Piraeus Institutional Repository, Piraeus, Greece.    [Google Scholar]
  14. Koloveas P, Chantzios T, Alevizopoulou S, Skiadopoulos S, and Tryfonopoulos C (2021). INTIME: A machine learning-based framework for gathering and leveraging web data to cyber-threat intelligence. Electronics, 10(7): 818.  https://doi.org/10.3390/electronics10070818    [Google Scholar]
  15. Krishnapriya S and Singh S (2024). A comprehensive survey on advanced persistent threat (APT) detection techniques. Computers, Materials and Continua, 80(2): 2675-2719.  https://doi.org/10.32604/cmc.2024.052447    [Google Scholar]
  16. Mittal S, Joshi A, and Finin T (2019). Cyber-all-intel: An AI for security related threat intelligence. Arxiv Preprint Arxiv:1905.02895.  https://doi.org/10.48550/arXiv.1905.02895   [Google Scholar]
  17. Möller DPF (2020). Threat intelligence. In: Möller DPF (Ed.), Cybersecurity in digital transformation: Scope and applications: 29-45. Springer, Cham, Switzerland.  https://doi.org/10.1007/978-3-030-60570-4_3    [Google Scholar]
  18. Papanikolaou A, Alevizopoulos A, Ilioudis C, Demertzis K, and Rantos K (2023). A cyber threat intelligence management platform for industrial environments. ArXiv Preprint ArXiv:2301.03445.  https://doi.org/10.48550/arXiv.2301.03445    [Google Scholar]
  19. Preuveneers D, Joosen W, Bernal Bernabe J, and Skarmeta A (2020). Distributed security framework for reliable threat intelligence sharing. Security and Communication Networks, 2020: 8833765.  https://doi.org/10.1155/2020/8833765    [Google Scholar]
  20. Ramsdale A, Shiaeles S, and Kolokotronis N (2020). A comparative analysis of cyber-threat intelligence sources, formats and languages. Electronics, 9(5): 824.  https://doi.org/10.3390/electronics9050824    [Google Scholar]
  21. Riesco R, Larriva-Novo X, and Villagrá VA (2020). Cybersecurity threat intelligence knowledge exchange based on blockchain: Proposal of a new incentive model based on blockchain and Smart contracts to foster the cyber threat and risk intelligence exchange of information. Telecommunication Systems, 73: 259-288.  https://doi.org/10.1007/s11235-019-00613-4    [Google Scholar]
  22. Samtani S, Kantarcioglu M, and Chen H (2020). Trailblazing the artificial intelligence for cybersecurity discipline: A multi-disciplinary research roadmap. ACM Transactions on Management Information Systems, 11(4): 17. https://doi.org/10.1145/3430360    [Google Scholar]
  23. Schlette D, Caselli M, and Pernul G (2021). A comparative study on cyber threat intelligence: The security incident response perspective. IEEE Communications Surveys & Tutorials, 23(4): 2525-2556.  https://doi.org/10.1109/COMST.2021.3117338    [Google Scholar]
  24. Shaukat K, Luo S, Varadharajan V, Hameed IA, Chen S, Liu D, and Li J (2020). Performance comparison and current challenges of using machine learning techniques in cybersecurity. Energies, 13(10): 2509.  https://doi.org/10.3390/en13102509    [Google Scholar]
  25. Stojkovski B, Lenzini G, Koenig V, and Rivas S (2021). What’s in a cyber threat intelligence sharing platform? A mixed-methods user experience investigation of MISP. In the Proceedings of the 37th Annual Computer Security Applications Conference, ACM, New York, USA: 35-46.  https://doi.org/10.1145/3485832.3488030    [Google Scholar]
  26. Varatharaj A, Rupasinghe PL, and Liyanapathirana C (2021). Development of cyber threat intelligence system in a SOC environment for real time environment. In the International Conference on Advanced Research in Computing (ICARC-2021), Sabaragamuwa University of Sri Lanka, Belihul Oya, Sri Lanka: 70-75.    [Google Scholar]