{"id":"https://openalex.org/W4411799896","doi":"https://doi.org/10.1109/icmcis64378.2025.11047951","title":"Automating Cyber Threat Intelligence and Attack Chain Generation using Cyber Security Knowledge Graphs and Large Language Models","display_name":"Automating Cyber Threat Intelligence and Attack Chain Generation using Cyber Security Knowledge Graphs and Large Language Models","publication_year":2025,"publication_date":"2025-05-13","ids":{"openalex":"https://openalex.org/W4411799896","doi":"https://doi.org/10.1109/icmcis64378.2025.11047951"},"language":"en","primary_location":{"id":"doi:10.1109/icmcis64378.2025.11047951","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icmcis64378.2025.11047951","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Military Communication and Information Systems (ICMCIS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5044449306","display_name":"Johannes F. Loevenich","orcid":"https://orcid.org/0000-0002-8149-1600"},"institutions":[{"id":"https://openalex.org/I4210123028","display_name":"Thales (Germany)","ror":"https://ror.org/031xjr712","country_code":"DE","type":"company","lineage":["https://openalex.org/I4210123028","https://openalex.org/I4210140930"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Johannes F. Loevenich","raw_affiliation_strings":["Thales Deutschland,Secure Communications & Information (SIX),Ditzingen,Germany"],"affiliations":[{"raw_affiliation_string":"Thales Deutschland,Secure Communications & Information (SIX),Ditzingen,Germany","institution_ids":["https://openalex.org/I4210123028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5099028189","display_name":"Erik Adler","orcid":null},"institutions":[{"id":"https://openalex.org/I4210123028","display_name":"Thales (Germany)","ror":"https://ror.org/031xjr712","country_code":"DE","type":"company","lineage":["https://openalex.org/I4210123028","https://openalex.org/I4210140930"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Erik Adler","raw_affiliation_strings":["Thales Deutschland,Secure Communications & Information (SIX),Ditzingen,Germany"],"affiliations":[{"raw_affiliation_string":"Thales Deutschland,Secure Communications & Information (SIX),Ditzingen,Germany","institution_ids":["https://openalex.org/I4210123028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001496560","display_name":"Tobias H\u00fcrten","orcid":"https://orcid.org/0009-0005-2121-0810"},"institutions":[{"id":"https://openalex.org/I4210123028","display_name":"Thales (Germany)","ror":"https://ror.org/031xjr712","country_code":"DE","type":"company","lineage":["https://openalex.org/I4210123028","https://openalex.org/I4210140930"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Tobias H\u00fcrten","raw_affiliation_strings":["Thales Deutschland,Secure Communications & Information (SIX),Ditzingen,Germany"],"affiliations":[{"raw_affiliation_string":"Thales Deutschland,Secure Communications & Information (SIX),Ditzingen,Germany","institution_ids":["https://openalex.org/I4210123028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032041847","display_name":"Florian Spelter","orcid":null},"institutions":[{"id":"https://openalex.org/I4210123028","display_name":"Thales (Germany)","ror":"https://ror.org/031xjr712","country_code":"DE","type":"company","lineage":["https://openalex.org/I4210123028","https://openalex.org/I4210140930"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Florian Spelter","raw_affiliation_strings":["Thales Deutschland,Secure Communications & Information (SIX),Ditzingen,Germany"],"affiliations":[{"raw_affiliation_string":"Thales Deutschland,Secure Communications & Information (SIX),Ditzingen,Germany","institution_ids":["https://openalex.org/I4210123028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118706860","display_name":"Damian Roncevic","orcid":null},"institutions":[{"id":"https://openalex.org/I4210123028","display_name":"Thales (Germany)","ror":"https://ror.org/031xjr712","country_code":"DE","type":"company","lineage":["https://openalex.org/I4210123028","https://openalex.org/I4210140930"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Damian Roncevic","raw_affiliation_strings":["Thales Deutschland,Secure Communications & Information (SIX),Ditzingen,Germany"],"affiliations":[{"raw_affiliation_string":"Thales Deutschland,Secure Communications & Information (SIX),Ditzingen,Germany","institution_ids":["https://openalex.org/I4210123028"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5091404899","display_name":"Roberto Rigolin F. Lopes","orcid":"https://orcid.org/0000-0002-0114-5610"},"institutions":[{"id":"https://openalex.org/I4210123028","display_name":"Thales (Germany)","ror":"https://ror.org/031xjr712","country_code":"DE","type":"company","lineage":["https://openalex.org/I4210123028","https://openalex.org/I4210140930"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Roberto Rigolin F. Lopes","raw_affiliation_strings":["Thales Deutschland,Secure Communications & Information (SIX),Ditzingen,Germany"],"affiliations":[{"raw_affiliation_string":"Thales Deutschland,Secure Communications & Information (SIX),Ditzingen,Germany","institution_ids":["https://openalex.org/I4210123028"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5044449306"],"corresponding_institution_ids":["https://openalex.org/I4210123028"],"apc_list":null,"apc_paid":null,"fwci":11.7157,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.98192361,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.9914000034332275,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9901000261306763,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7398457527160645},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6156650185585022},{"id":"https://openalex.org/keywords/cyber-threats","display_name":"Cyber threats","score":0.5089750289916992},{"id":"https://openalex.org/keywords/chain","display_name":"Chain (unit)","score":0.44866594672203064},{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.4418799877166748},{"id":"https://openalex.org/keywords/knowledge-graph","display_name":"Knowledge graph","score":0.43745923042297363},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.1577429473400116}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7398457527160645},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6156650185585022},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.5089750289916992},{"id":"https://openalex.org/C199185054","wikidata":"https://www.wikidata.org/wiki/Q552299","display_name":"Chain (unit)","level":2,"score":0.44866594672203064},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.4418799877166748},{"id":"https://openalex.org/C2987255567","wikidata":"https://www.wikidata.org/wiki/Q33002955","display_name":"Knowledge graph","level":2,"score":0.43745923042297363},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.1577429473400116},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C1276947","wikidata":"https://www.wikidata.org/wiki/Q333","display_name":"Astronomy","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icmcis64378.2025.11047951","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icmcis64378.2025.11047951","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Military Communication and Information Systems (ICMCIS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W1983551905","https://openalex.org/W2101105183","https://openalex.org/W2250342921","https://openalex.org/W2903086587","https://openalex.org/W3003593910","https://openalex.org/W3039697228","https://openalex.org/W3173648532","https://openalex.org/W3193361787","https://openalex.org/W4294343684","https://openalex.org/W4317928053","https://openalex.org/W4318619548","https://openalex.org/W4366850593","https://openalex.org/W4385572634","https://openalex.org/W4385848840","https://openalex.org/W4387298166","https://openalex.org/W4390189854","https://openalex.org/W4399372403","https://openalex.org/W4402671262","https://openalex.org/W4405103533","https://openalex.org/W4405103804","https://openalex.org/W4405103817","https://openalex.org/W4405104183","https://openalex.org/W4405104214","https://openalex.org/W4408165425","https://openalex.org/W6661564250","https://openalex.org/W6682631176","https://openalex.org/W6852062853","https://openalex.org/W6874982339"],"related_works":["https://openalex.org/W3110311961","https://openalex.org/W4396897946","https://openalex.org/W4401664841","https://openalex.org/W2921897907","https://openalex.org/W3215166534","https://openalex.org/W4242728933","https://openalex.org/W2493430149","https://openalex.org/W3040950835","https://openalex.org/W2767924451","https://openalex.org/W4306412489"],"abstract_inverted_index":{"Modern":[0],"cyberattacks":[1],"are":[2],"increasingly":[3],"complex,":[4],"using":[5],"sophisticated":[6,90],"tactics,":[7],"techniques":[8],"and":[9,15,24,38,43,81,112,131,147,155],"procedures":[10],"(TTPs)":[11],"to":[12,53,55,88,108,150],"evade":[13],"detection":[14],"compromise":[16],"systems.":[17],"Effective":[18],"cyber":[19,153],"defence":[20,113,134,154],"relies":[21],"on":[22,94],"real-time":[23],"accurate":[25],"Cyber":[26,104],"Threat":[27],"Intelligence":[28],"(CTI),":[29],"which":[30],"is":[31],"often":[32],"challenged":[33],"by":[34],"data":[35],"quality,":[36],"completeness":[37],"accessibility.":[39],"While":[40],"traditional":[41],"methods":[42],"manually":[44],"maintained":[45],"knowledge":[46,145],"bases":[47],"provide":[48],"valuable":[49],"insights,":[50],"they":[51],"struggle":[52],"adapt":[54],"the":[56,100,121,140],"rapidly":[57],"evolving":[58],"threat":[59],"landscape.":[60],"To":[61],"address":[62],"these":[63],"challenges,":[64],"we":[65,98],"propose":[66],"an":[67],"architecture":[68],"that":[69],"uses":[70],"Large":[71],"Language":[72],"Models":[73],"(LLMs)":[74],"for":[75],"automated":[76,148],"annotation":[77],"of":[78,83,102,123,142],"CTI":[79,128],"reports":[80],"construction":[82],"Cybersecurity":[84],"Knowledge":[85],"Graphs":[86],"(CSKG)":[87],"build":[89],"attack":[91,156],"chains.":[92],"Building":[93],"our":[95,124],"previous":[96],"research,":[97],"extend":[99],"capabilities":[101],"Autonomous":[103],"Defence":[105],"(ACD)":[106],"agents":[107],"improve":[109,151],"situational":[110],"awareness":[111],"mechanisms":[114],"in":[115,126],"dynamic":[116],"environments.":[117],"Experimental":[118],"results":[119,138],"demonstrate":[120],"effectiveness":[122],"approach":[125],"improving":[127],"accessibility,":[129],"accuracy,":[130],"integration":[132],"into":[133],"strategies.":[135],"Our":[136],"experimental":[137],"highlight":[139],"potential":[141],"combining":[143],"LLM,":[144],"graphs":[146],"planning":[149],"proactive":[152],"simulation":[157],"methodologies.":[158]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}