CTINEXUS: Automatic Cyber Threat Intelligence Knowledge Graph Construction Using Large Language Models

Paper accepted at EuroS&P 2025

CTINexus is a novel framework designed to enhance cybersecurity knowledge extraction and knowledge graph construction using optimized in-context learning (ICL) of large language models (LLMs).

---

Components

• Information Extraction (IE): Extracts triplets based on the applied ontology.
• Knowledge Graph Construction (KGC):
  • Entity Typing (ET): Tags entities with corresponding types.
  • Entity Merging (EM): Merges entities of the same type with high semantic similarity.
  • Link Prediction (LP): Links distantly related entities according to context.