Document Type
Article
Publication Date
Winter 12-17-2025
Abstract
The rapid expansion and variety of cyber-threat information put enormous pressure on security operations centers (SOCs) that must convert unstructured data into understandable signals and make decisions upon it. This paper develops a Cyber-Threat-Intelligence (CTI) framework that integrates vulnerability information, product inventories, and weakness taxonomies into a domain-specific knowledge graph via automatic fusing. The proposed solution covers 284,296 CVEs, 101,644 CPE identifiers, and 965 CWE weaknesses, generating more than 800,000 typed edges linking threats, assets, tactics, and mitigations in an integrated CTI Knowledge graph. The graph was cross validated against four external standard datasets achieves full coverage of ATT&CK CAPEC, STIX, and CVE-CAPEC mappings, 98.83 % node recall for CWE references, and edge-level full coverage for CAUSES_WEAKNESS and 99.83 % for AFFECTS; EXPLOITED_BY relations reach 74.58 % precision and recall. These results confirm that the integrated graph preserves structural integrity while substantially consolidating fragmented CTI sources, by consolidating fragmented CTI sources into a semantic model of high fidelity that could reduce analyst workload but also enables SOC workflows to be more efficient, thereby laying the groundwork for more proactive and intelligent cyber-defense capabilities.
Recommended Citation
Hassan, Moaz Usama Mr; Nagaty, Khaled ,; and ElMaghawry, Noura, "Construction of a Unified Knowledge Graph for Cyber Threat Intelligence" (2025). Computer Networks. 9.
https://buescholar.bue.edu.eg/comp_net/9