As cyber threats continue to grow in complexity, traditional security mechanisms struggle to keep up. Large language models (LLMs) offer significant potential in cybersecurity due to their advanced capabilities in text processing and generation. This paper explores the use of LLMs with retrieval-augmented generation (RAG) to obtain threat intelligence by combining real-time information retrieval with domain-specific data. The proposed system, RAGRecon, uses a LLM with RAG to answer questions about cybersecurity threats. Moreover, it makes this form of Artificial Intelligence (AI) explainable by generating and visually presenting to the user a knowledge graph for every reply. This increases the transparency and interpretability of the reasoning of the model, allowing analysts to better understand the connections made by the system based on the context recovered by the RAG system. We evaluated RAGRecon experimentally with two datasets and seven different LLMs and the responses matched the reference responses more than 91% of the time for the best combinations.

翻译：随着网络威胁日益复杂化，传统安全机制难以有效应对。大语言模型（LLMs）凭借其在文本处理与生成方面的先进能力，在网络安全领域展现出巨大潜力。本文探讨了如何将检索增强生成（RAG）与大语言模型结合，通过融合实时信息检索与领域特定数据来获取威胁情报。所提出的RAGRecon系统采用基于RAG的LLM来回答有关网络安全威胁的问题。此外，该系统通过为每个回复生成并向用户可视化呈现知识图谱，使这种人工智能（AI）形式具备可解释性。这增强了模型推理过程的透明度与可解释性，使分析人员能更好地理解系统基于RAG恢复的上下文所建立的关联。我们使用两个数据集和七种不同LLM对RAGRecon进行了实验评估，最佳组合的响应与参考响应的匹配率超过91%。