CTI-Thinker: an LLM-driven system for CTI knowledge graph construction and attack reasoning

Yang, Xiuzhang; Zhong, Ruijie; Chen, Yuling; Peng, Guojun; Yao, Di; Chen, Chaofan; Wang, Chenyang; Zhang, Dongni; Zhou, Yilin; Yang, Zixuan

doi:10.1186/s42400-025-00505-y

articleCybersecurityJan 16, 2026DIAMOND OA

CTI-Thinker: an LLM-driven system for CTI knowledge graph construction and attack reasoning

XYXiuzhang Yang RZRuijie Zhong YCYuling Chen GPGuojun Peng DYDi Yao

Guizhou University · Guizhou Academy of Sciences · +1 more institution

Indexed incrossrefdoaj

Abstract

Abstract With the increasing frequency of APT attacks, cyber defense urgently demands high-quality threat intelligence support. Cyber threat intelligence (CTI) knowledge graphs have demonstrated significant potential in aiding threat detection and behavioral reasoning. However, existing CTI data often suffer from unstructured formats, fragmented knowledge, a reliance on manual annotation, and limited semantic mapping to attack techniques. These limitations hinder the robustness and accuracy of downstream reasoning tasks (e.g., attack attribution and intent inference). Moreover, traditional information extraction methods struggle to generalize in scenarios involving cross-paragraph dependencies, emerging…

Citation impact

4

total citations

FWCI: 97.40
Percentile: 99%
References: 53

Too recent for citation history.

Authors

10

Topics & keywords

Topics

Keywords

Inference
Knowledge graph
Knowledge base
Scalability
Robustness (evolution)
Graph
Inference engine
Knowledge representation and reasoning

No related works found for this paper.