Constructing Knowledge Graph from Cyber Threat Intelligence Using Large Language Model

Cyber Threat Intelligence (CTI) reports are valuable resources in various applications but manually extracting information from them is time-consuming. Existing approaches for automating extraction require specialized models trained on a substantial corpus. In this paper, we present an efficient methodology for constructing knowledge graphs from CTI by leveraging the Large Language Model (LLM), using ChatGPT for instance. Our approach automatically extracts attack-related entities and their relationships, organizing them within a CTI knowledge graph. We evaluate our approach on 13 CTIs, demonstrating better performance compared to AttacKG and REBEL while requiring less manual intervention and computational resources. This proves the feasibility and suitability of our method in low-resource scenarios, specifically within the domain of cyber threat intelligence.