Modern cyberattacks are increasingly complex, using sophisticated tactics, techniques and procedures (TTPs) to evade detection and compromise systems. Effective cyber defence relies on real-time and accurate Cyber Threat Intelligence (CTI), which is often challenged by data quality, completeness and accessibility. While traditional methods and manually maintained knowledge bases provide valuable insights, they struggle to adapt to the rapidly evolving threat landscape. To address these challenges, we propose an architecture that uses Large Language Models (LLMs) for automated annotation of CTI reports and construction of Cybersecurity Knowledge Graphs (CSKG) to build sophisticated attack chains. Building on our previous research, we extend the capabilities of Autonomous Cyber Defence (ACD) agents to improve situational awareness and defence mechanisms in dynamic environments. Experimental results demonstrate the effectiveness of our approach in improving CTI accessibility, accuracy, and integration into defence strategies. Our experimental results highlight the potential of combining LLM, knowledge graphs and automated planning to improve proactive cyber defence and attack simulation methodologies.
Loevenich et al. (Wed,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: