A Comprehensive Survey of Threat Intelligence Research: A Measurement-Based Study

Multiple cyber-security-related sources, referred to as threat intelligence sources, are commonly used to counter sophisticated cyber attacks such as advanced persistent threat attacks and ransomware. In this article, in addition to describing various threat intelligence sources, we analyze research trends based on taxonomies for research purpose, research approach, and research datasets. We provide an extensive review of over 200 studies related to cyber threat intelligence published between 2001 and 2025 and examine the trends of representative research. The survey shows that there are issues related to datasets, such as the evaluation results depending on which vendors are included in the dataset. Therefore, we also conduct a measurement study to provide a detailed description of collected datasets. To the best of our knowledge, this is the first study to conduct a measurement study on a dataset to uncover insights for constructing a well-balanced dataset. We also identify open issues and challenges that need to be addressed in the future.