International Journal of Science, Engineering and TechnologyAuthors: Saman Wickramasinghe
Abstract: The global cybersecurity landscape is currently undergoing a seismic shift as threat actors transition from broad-based attacks to highly targeted, automated, and persistent campaigns. Traditional Cyber Threat Intelligence (CTI) has historically functioned as a reactive discipline, focusing on the collection and dissemination of Indicators of Compromise (IoCs) after a breach has already occurred. However, the sheer velocity of modern exploits necessitates a transition toward a proactive, predictive paradigm. This review examines the integration of Predictive Analytics—powered by Machine Learning (ML) and Deep Learning (DL)—into the CTI lifecycle. By leveraging historical breach data, dark web telemetry, and real-time network traffic, predictive models can now forecast the "what," "where," and "who" of impending cyber threats. This article categorizes current ML methodologies, including the use of Natural Language Processing (NLP) for automated open-source intelligence (OSINT) harvesting and Recurrent Neural Networks (RNNs) for modeling adversary behavior sequences. We explore how predictive scoring allows security operations centers (SOCs) to prioritize vulnerabilities based on the likelihood of exploitation rather than static severity scores. Furthermore, the review addresses the critical challenges of data quality, model drift, and the emergence of adversarial machine learning, where attackers attempt to "poison" the very intelligence meant to stop them. By synthesizing recent breakthroughs in transformer architectures and graph-based relational learning, this paper provides a strategic roadmap for building "forecasting" engines in cybersecurity. The findings suggest that predictive analytics significantly shrinks the window of exposure, enabling organizations to move from a defensive crouch to a preemptive strike posture.
DOI: https://doi.org/10.5281/zenodo.19417325
