KGAgent4CTI: unlocking the power of LLM in threat intelligence

Abstract Cyber threat intelligence (CTI) serves as the cognitive hub for cybersecurity defense, deeply integrating the domain knowledge of security experts with the characteristics of attack behaviors. Constructing attack knowledge graphs from CTI provides critical support for attack chain reconstruction and defensive decision-making. However, traditional knowledge graph construction methods exhibit significant limitations when facing the domain-specific challenges of CTI: ambiguous entity bound