Open-source cyber threat intelligence (OSCTI) has become essential for keeping up with the rapidly changing threat landscape. However, current OSCTI gathering and management solutions mainly focus on structured Indicators of Compromise (IOC) feeds, which are low-level and isolated, providing only a narrow view of potential threats. Meanwhile, the extensive and interconnected knowledge found in the unstructured text of numerous OSCTI reports (e.g., security articles, threat reports) available publicly is still largely underexplored. To bridge the gap, we propose ThreatKG, an automated system for OSCTI gathering and management. ThreatKG efficiently collects a large number of OSCTI reports from multiple sources, leverages specialized AI-based techniques to extract high-quality knowledge about various threat entities and their relationships, and constructs and continuously updates a threat knowledge graph by integrating new OSCTI data. ThreatKG features a modular and extensible design, allowing for the addition of components to accommodate diverse OSCTI report structures and knowledge types. Our extensive evaluations demonstrate ThreatKG's practical effectiveness in enhancing threat knowledge gathering and management.

翻译：开源网络威胁情报（OSCTI）对于应对快速变化的威胁态势已变得至关重要。然而，当前的OSCTI采集与管理解决方案主要关注结构化的失陷指标（IOC）数据流，这些数据粒度低且相互孤立，仅能提供潜在威胁的狭窄视图。与此同时，大量公开可用的非结构化OSCTI报告（如安全文章、威胁报告）文本中蕴含的广泛且相互关联的知识在很大程度上仍未得到充分挖掘。为弥补这一差距，我们提出了ThreatKG，一个用于OSCTI采集与管理的自动化系统。ThreatKG能够高效地从多个来源收集大量OSCTI报告，利用专门的基于人工智能的技术提取关于各类威胁实体及其关系的高质量知识，并通过整合新的OSCTI数据来构建并持续更新威胁知识图谱。ThreatKG采用模块化、可扩展的设计，允许添加组件以适应不同的OSCTI报告结构和知识类型。我们广泛的评估证明了ThreatKG在增强威胁知识采集与管理方面的实际有效性。