Cyber threat intelligence summarization plays a critical role in enhancing threat awareness and operational response in cybersecurity. However, existing summarization models often fail to capture essential threat elements due to the unstructured nature of cyber threat intelligence documents and the lack of domain-specific knowledge. This paper presents a knowledge-guided cyber threat intelligence summarization framework via term-oriented input construction, designed to improve summary fidelity, semantic relevance, and model robustness. The proposed approach consists of two key components: a hybrid term construction pipeline that combines unsupervised keyword extraction and supervised term generation with rule-based refinement, and a knowledge-injected input construction paradigm that explicitly incorporates structured terms into the model input. This strategy enhances the model’s understanding of critical threat semantics without altering its architecture. Extensive experiments conducted on cyber threat intelligence summarization benchmarks under both zero-shot and supervised settings demonstrate that the proposed method consistently improves summarization performance across different models, offering strong generalization and deployment flexibility.
Ding et al. (Sun,) studied this question.