Home » Journal of Intelligent Communication

Hybrid‑Threat Intelligence: A Critical Review of Semantic Integration Challenges and the Role of the HIPSTer Ontological Framework

R. Andrew Paskauskas ORCID
Security Research Laboratory, Mykolas Romeris University, 08303 Vilnius, Lithuania
Evaldas Bružė ORCID
Lithuanian Cybercrime Center of Excellence for Training, Research and Education (L3CE), 08303 Vilnius, Lithuania
Giedrė Sabaliauskaitė ORCID
Faculty of Public Governance and Business, Mykolas Romeris University, 08303 Vilnius, Lithuania
Raminta Matulytė
Security Research Laboratory, Mykolas Romeris University, 08303 Vilnius, Lithuania
Tomas Lavišius ORCID
Security Research Laboratory, Mykolas Romeris University, 08303 Vilnius, Lithuania

Received: 30 December 2025; Revised: 18 March 2026; Accepted: 24 March 2026; Published: 9 May 2026

Abstract

Contemporary hybrid threats employ coordinated campaigns across information, cyber, and physical domains, maintaining plausible deniability while exploiting institutional vulnerabilities. This review conducts a scoping analysis following the PRISMA ScR framework (Preferred Reporting Items for Systematic Reviews and Meta-Analyses—Extension for Scoping Reviews) to evaluate Open Source Intelligence (OSINT), Social Media Intelligence (SOCMINT), and Natural Language Processing (NLP) capabilities relevant to hybrid threat detection. We systematically assess these technologies against a 12-point operational requirements framework derived from documented Russian and Chinese military OSINT methodologies and influence operation tradecraft. The analysis incorporates high-Technology Readiness Level (TRL) European initiatives to ground capability assessments in operational experience. While individual analytical disciplines are technically advanced, current defensive systems remain siloed and lack the cross-domain reasoning necessary to correlate technical cyber indicators with coordinated narrative manipulation. Requirements for cross-platform correlation and adversarial adaptation show only prototype stage coverage. Our findings reveal a persistent “semantic gap”: defensive systems collect extensive data but lack integrated semantic reasoning across domains and languages. To address this, we examine ontology-based approaches as architectural solutions, positioning the ‘Hybrid Information Psychological Societal Threats handling system’ (HIPSTer) framework as an illustrative case. HIPSTer specifically targets the multilingual nature of hybrid threats—particularly in Russian and Chinese contexts—achieving TRL-4 validation through high-efficiency semantic vectors and formal reasoning across diverse language benchmarks. Finally, the review analyzes how European regulations—including the General Data Protection Regulation (GDPR), AI Act, and Network and Information Systems Directive 2 (NIS2)—shape operational architectures through compliance by design imperatives. We conclude by outlining a prioritized research agenda to advance European hybrid threat detection toward operational maturity.

Keywords

References

×