ResearchTrend.AI
5
0

MM-AttacKG: A Multimodal Approach to Attack Graph Construction with Large Language Models

Yongheng Zhang
Xinyun Zhao
Yunshan Ma
Haokai Ma
Yingxiao Guan
Guozheng Yang
Yuliang Lu
Xiang Wang
ArXiv (abs)PDFHTML
Main:16 Pages
12 Figures
8 Tables
Appendix:12 Pages
Abstract

Cyber Threat Intelligence (CTI) parsing aims to extract key threat information from massive data, transform it into actionable intelligence, enhance threat detection and defense efficiency, including attack graph construction, intelligence fusion and indicator extraction. Among these research topics, Attack Graph Construction (AGC) is essential for visualizing and understanding the potential attack paths of threat events from CTI reports. Existing approaches primarily construct the attack graphs purely from the textual data to reveal the logical threat relationships between entities within the attack behavioral sequence. However, they typically overlook the specific threat information inherent in visual modalities, which preserves the key threat details from inherently-multimodal CTI report. Therefore, we enhance the effectiveness of attack graph construction by analyzing visual information through Multimodal Large Language Models (MLLMs). Specifically, we propose a novel framework, MM-AttacKG, which can effectively extract key information from threat images and integrate it into attack graph construction, thereby enhancing the comprehensiveness and accuracy of attack graphs. It first employs a threat image parsing module to extract critical threat information from images and generate descriptions using MLLMs. Subsequently, it builds an iterative question-answering pipeline tailored for image parsing to refine the understanding of threat images. Finally, it achieves content-level integration between attack graphs and image-based answers through MLLMs, completing threat information enhancement. The experimental results demonstrate that MM-AttacKG can accurately identify key information in threat images and significantly improve the quality of multimodal attack graph construction, effectively addressing the shortcomings of existing methods in utilizing image-based threat information.

View on arXiv
@article{zhang2025_2506.16968,
  title={ MM-AttacKG: A Multimodal Approach to Attack Graph Construction with Large Language Models },
  author={ Yongheng Zhang and Xinyun Zhao and Yunshan Ma and Haokai Ma and Yingxiao Guan and Guozheng Yang and Yuliang Lu and Xiang Wang },
  journal={arXiv preprint arXiv:2506.16968},
  year={ 2025 }
}
Comments on this paper