Table 2.
Thematic literature mapping Table.
| S.No. | Citation | Technologies & Techniques Employed | Key Finding | Performance Metrics | Dataset Description |
|---|---|---|---|---|---|
| (1) Existing CTI Frameworks | |||||
| Alazab et al. (2024)10 | ML + CTI framework | Integrated threat analytics pipeline | Accuracy: 89%, TDR: 90% | Public + private CTI feeds | |
| Venckauskas et al. (2024)3 | Self-learning CTI, scalable architecture | Real-time scalable CTI detection | 91.3% Accuracy | Simulated attack logs | |
| Elsedimy and AboHashish (2025)31 | Hybrid ML, Sperm Whale Algorithm | IoT intrusion detection system | Accuracy: 94%, F1: 92% | CICIDS2017 | |
| Afzal et al. (2024)5 | Context-aware BERT, multi-class classifiers | Detection of fake URLs on social media | Accuracy: 92%, F1: 90.5% | Social media URL dataset | |
| Gulbay and Demirci (2024)17 | Graph ML, Heterogeneous Networks | APT prediction via APT-Scope | Accuracy: 90% | Open-source APT data | |
| Yu et al. (2024)14 | ML/DL in Industry 4.0 | Cyber resilience in industrial systems | Accuracy: 91% | KDD Cup 1999 | |
| (2) NLP in Cybersecurity | |||||
| Salim, M. M et al.,(2024)16 | Federated learning–based CTI framework with NLP | Robust IOC extraction & secure CTI sharing | Precision: 94%, Recall: 92% | Multi-source CTI feeds | |
| Wang et al. (2024)37 | Few-shot learning, NER | NER-enhanced threat extraction | F1: 88%, Precision: 90% | Open-source CTI reports | |
| (3) Adaptive Machine Learning Approaches | |||||
| Adaptive Incremental ML (2021)9 | Incremental DL, concept drift, stream updates | Real-time adaptive malware/IDS detection | Accuracy: 94.7%, F1: 92% | CICIDS2017, NSL-KDD | |
| Villegas-Ch et al. (2024)13 | Adaptive IoT security with ML | Lightweight threat detection | TDR: 94%, Energy gain: 20% | UNSW-NB15 | |
| (4) Blockchain in CTI | |||||
| Nazir et al. (2024)26 | Blockchain + Ensemble ML | IoT threat detection via secure chain | Accuracy: 93% | CICIDS2017 | |
| Dunnett et al. (2024)15 | Privacy-preserving blockchain | CTI sharing | Transaction success: 98% | Simulated blockchain sharing | |
| Aguru and Erukala (2024)6 | Blockchain + IoT | OTI-IoT for multi-vector DDoS detection | Detection: 95%, FPR: 3% | Simulated IoT data | |
| Venckauskas et al. (2024a)3 | Incentive blockchain sharing | High-speed blockchain CTI exchange | < 2 s latency | Simulated CTI network |