A survey on AI/ML-Driven Cyber Threat Intelligence for Proactive Detection and Mitigation

Cybersecurity attacks are growing in sophistication, rendering conventional signature-based defenses inadequate against contemporary adversarial methods. This paper presents Stage I of an ongoing research programme aimed at developing an AI/ML-powered Cyber Threat Intelligence (CTI) framework—the ADCTI-AR (AI-Driven Cyber Threat Intelligence and Adaptive Response)—capable of proactively identifying and mitigating advanced cyber threats in real time. Stage I encompasses a systematic review of AI/ML applications in cybersecurity across five thematic domains, formalization of research objectives and key research questions, and development of the conceptual framework. Critical research gaps are identified: low adaptability to emerging attack vectors, high false positive rates, inadequate explainability of deep learning models, and the absence of robust continuous learning frameworks. The proposed methodology integrates deep neural networks, unsupervised anomaly detection, and reinforcement learning into an end-to-end adaptive CTI pipeline, providing the conceptual and empirical foundation for subsequent experimental stages.