Three major challenges currently hinder threat intelligence: the diversity of intelligence sources leads to inconsistent formats, open-source intelligence often lacks completeness, and establishing relationships between intelligence entities remains difficult. In response, this session presents an innovative solution that integrates Large Language Models (LLMs) with Knowledge Graph technology to construct a comprehensive threat intelligence analysis framework. This approach features three key advantages: (1) leveraging LLMs to automatically construct knowledge graphs, enabling the standardization of heterogeneous intelligence data; (2) utilizing knowledge graph-enhanced Retrieval-Augmented Generation (RAG) to uncover hidden intelligence patterns and provide explainable relationships; and (3) automating the enrichment of missing intelligence, improving data completeness.

Beyond extracting entities from threat intelligence, this method also identifies latent relationships between entities, constructing a holistic view of the threat landscape through the knowledge graph. More importantly, the entire system is built on open-source models and frameworks, ensuring accessibility and flexibility. This talk will explore how to apply this innovative approach to intelligence collection and analysis in real-world scenarios.