AEKG4APT: An AI-Enhanced Knowledge Graph for Advanced Persistent Threats with Large Language Model Analysis

AEKG4APT: An AI-Enhanced Knowledge Graph for Advanced Persistent Threats with Large Language Model Analysis

연구 분야: Safety

학회: ACM Transactions on Intelligent Systems and Technology

This paper introduces AEKG4APT, an APT Knowledge Graph (KG) enhanced by Large Language Models (LLMs), as a way to deal with the cybersecurity problems caused by Advanced Persistent Threats (APTs). The core of AEKG4APT lies in the combined application of LLMs, Cyber Threat Intelligence (CTI), and KG. The first part of the paper goes into great detail about how the AEKG4APT was constructed, including its ontology schema, data sources, and dataset features. There are also statistics on the AEKG4APT’s nodes, relationships, and key attributes. Secondly, it was shown how to utilize LLMs and public sandboxes for the collection and analysis of CTI Additionally, tests that compare traditional deep learning models to LLM methods show that LLM is both more efficient and more accurate at extracting information. Subsequently, the Decision Making Trial and Evaluation Laboratory - Interpretive Structural Modeling (DEMATEL-ISM) analytical method was introduced to identify and analyse the factors and their interrelationships within the AEKG4APT data, thereby revealing the key dependencies and influence paths within the data structure. Experiments were designed to demonstrate its applications in modeling, computing, and obtaining interpretable computational results on AEKG4APT. In addition, this paper also explores the dynamic expansion capabilities of AEKG4APT, including data expansion, schema expansion, and permanent maintenance strategies, to address the evolving APT threats. Finally, this paper summarizes the competitiveness and application value of AEKG4APT by comparing it with other CTI KGs and platforms in academia and industry, demonstrating its extensive application potential in the field of cybersecurity.