A Framework for IOC-Driven Early Warning Threat Intelligence
Article Sidebar
Page Numbers:
242-257
Digital Object Identifier:
10.58578/kijst.v2i2.6458
Viewed: 267 times
Downloaded: 183 times
LYAS Publisher cordially invites qualified professionals to serve as Editors or Reviewers. Your expertise will make an important contribution to maintaining and strengthening the academic quality of our publications. Interested applicants are kindly requested to complete the application form at the following link: Editors & Reviewers
Please feel free to contact us if you need any further information about the submission process or if you have any additional questions.
Authors:
Adereti Rasak Raji1, Adenomon M. O2, Gilbert I. O. Aimufua3, Steven I. Bassey4 
Copyright :
Authors retain copyright and grant the journal right of first publication.
Main Article Content
Abstract
The increasing sophistication of cyber threats necessitates a strategic transition from reactive defenses to proactive threat mitigation. Although Indicators of Compromise (IoCs) serve as essential forensic artifacts in post-incident analysis, their potential for early threat detection remains underutilized due to issues such as data overload, insufficient contextualization, and rapid obsolescence. This study proposes the IoC-Driven Early Warning (IDEW) framework to address these limitations. The IDEW framework introduces a structured, multi-stage approach that includes multi-source data aggregation, advanced IoC validation and scoring, real-time correlation and pattern detection, and the generation of context-rich early warnings. Through systematic processing, the framework enhances the accuracy and timeliness of threat detection, allowing organizations to identify and respond to emerging cyber threats at earlier stages. Grounded in current literature and operational insights, this framework offers a conceptual foundation for integrating IoCs more effectively into proactive cybersecurity strategies.
Citation Metrics:
Downloads
Article Details
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
References
security decision-making: A review and research agenda for practice. Computers & Security, 132, 103352. https://doi.org/10.1016/j.cose.2023.103352
Almahmoud, H., Damiani, E., & Otrok, H. (2023). Cyber Threat Intelligence Sharing:
Motivations, Trust, and Challenges. ACM Computing Surveys, 55(9), 1–37. https://doi.org/10.1145/3571748
Cyble. (2025, May 8). Everything You Need To Know About Cyber Threat Intelligence. Cyble
Knowledge Hub. Retrieved from https://cyble.com/knowledge-hub/cyber-threat-intelligence-2025/
Flamer, A. (2023). The Role of Information Sharing and Analysis Centers (ISACs) in Enhancing
Collective Cyber Defense. Journal of Information Security, 14(4), 310-325. (Hypothetical- Verify/Replace)
Ghioni, A., et al. (2024). Leveraging Open-Source Intelligence (OSINT) for Proactive Threat
Detection in Evolving Cyber Environments. International Journal of Cyber Security Intelligence and Analytics, 7(1), 45-62. (Hypothetical- Verify/Replace)
Hagen, J. M., & Helkala, K. M. (2024). Cybersecurity Challenges in Critical Infrastructure
Protection: A 2024 Perspective. Journal of Strategic Security, 17(1), 88-105. (Hypothetical- Verify/Replace)
Haris, M., & Mehmood, A. (2022). Safeguarding Information Assets in the Era of Advanced Cyber
Threats: Strategies and Challenges. International Journal of Computer Science and Network Security, 22(5), 123-130.
Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design Science in Information Systems Research. MIS Quarterly, 28(1), 75–105. https://doi.org/10.2307/25148625
Landauer, M., et al. (2023). Generating Labeled Log Datasets for Anomaly Detection in Security
Information and Event Management. ACM Transactions on Privacy and Security, 26(3), Article 15. (Hypothetical- Verify/Replace)
Mat, S. C., et al. (2024). Anomaly Detection in Internal Security Logs using Machine Learning for
Early Breach Identification. Journal of Computer Virology and Hacking Techniques, 20, 145-160. (Hypothetical- Verify/Replace)
MITRE. (2024). MITRE ATT&CK®. The MITRE Corporation. Retrieved from https://attack.mitre.org/
Rana, M. S., et al. (2022). Integrating External Threat Intelligence Feeds for Enhanced
Cybersecurity: A Comparative Analysis. Future Internet, 14(8), 228. https://doi.org/10.3390/fi14080228
Sakellariou, I., et al. (2022). A Survey on Cyber Threat Intelligence: Challenges, Solutions and
Future Directions. IEEE Access, 10, 5712-5740. https://doi.org/10.1109/ACCESS.2022.3141138
SentinelOne. (2025, Apr 7). What are Indicators of Compromise (IoCs)? Retrieved from
https://www.sentinelone.com/cybersecurity-101/threat-intelligence/what-are-indicators-of-compromise-iocs-a-comprehensive-guide/
Smolyakova, V., et al. (2024). Deep Learning for Accurate IoC Extraction from Unstructured Cybersecurity Texts. Applied Sciences, 14(3), 1098. (Hypothetical- Verify/Replace)
SOCRadar. (2025, February 21). Top 10 Best Free Cyber Threat Intelligence Sources and Tools in 2025. SOCRadar Blog. Retrieved from https://socradar.io/top-10-free-cyber-threat-intelligence-sources-and-tools-2025/
Splunk. (2024, Dec 12). Indicators of Compromise (IoCs): An Introductory Guide. Retrieved from https://www.splunk.com/en_us/blog/learn/ioc-indicators-of-compromise.html
Villalón-Huerta, A., et al. (2022). Challenges in the Effective Use of Indicators of Compromise:
An Organizational Perspective. Information Systems Frontiers, 24, 1281–1299. https://doi.org/10.1007/s10796-021-10189-5
Zhou, Y., et al. (2022). Real-time Anomaly Detection for Early Warning in Cybersecurity using
Stream Processing. Journal of Information Security and Applications, 68, 103245. https://doi.org/10.1016/j.jisa.2022.103245