Focal Interest
Focal Interest
AI Summary of Peer-Reviewed Research

This page presents an AI-generated summary of a published research paper. The original authors did not write or review this article. [See full disclosure ↓]

Publishing process signals: MODERATE — reflects the venue and review process. — venue and review process.

Ontology-guided LLMs extract cybersecurity knowledge graphs from logs

Computer Science research
Photo by Sharad Bhat on Unsplash · Unsplash License
Research area:Computer ScienceInformation and Cyber SecurityKnowledge graph

What the study found

OntoLogX, an autonomous AI agent, can transform raw cybersecurity logs into ontology-grounded knowledge graphs and link log evidence to MITRE ATT&CK tactics, a framework for classifying adversary tactics and techniques. The abstract says the system produced syntactically and semantically valid knowledge graphs and supported higher-level analysis of adversarial activity.

Why the authors say this matters

The authors say system logs are a valuable source of cyber threat intelligence but are often difficult to use because they are unstructured, inconsistent, and fragmented. The study suggests that OntoLogX can help turn noisy log data into interoperable representations and extract actionable cyber threat intelligence.

What the researchers tested

The researchers built OntoLogX using a lightweight log ontology, retrieval augmented generation, and iterative correction steps. They evaluated it on public and real-world honeypot datasets, and tested it across multiple large language model backends.

What worked and what didn't

The abstract reports robust knowledge graph generation across multiple language model backends. It also says the system accurately mapped adversarial activity to MITRE ATT&CK tactics and was effective at constructing ontology-compliant knowledge graphs. The abstract does not describe any specific failures or comparative weaknesses.

What to keep in mind

The available summary does not provide detailed limitations, quantitative performance values, or error analysis. The results are described at a high level in the abstract, so more specific scope and constraints are not available here.

Key points

  • OntoLogX turns raw cybersecurity logs into ontology-grounded knowledge graphs.
  • The system uses a lightweight log ontology, retrieval augmented generation, and iterative correction.
  • The abstract says the generated knowledge graphs were syntactically and semantically valid.
  • The system mapped adversarial activity to MITRE ATT&CK tactics across public and real-world honeypot datasets.
  • The abstract does not describe specific limitations or detailed performance metrics.

Disclosure

Research title:
Ontology-guided LLMs extract cybersecurity knowledge graphs from logs
Authors:
Luca Cotti, Idílio Drago, Anisa Rula, Devis Bianchini, Federico Cerutti
Institutions:
University of Brescia, Department of Medical Sciences, University of Turin, University of Southampton, Cardiff University
Publication date:
2026-04-23
DOI:
10.1002/aisy.202501381
OpenAlex record:
View
Image credit:
Photo by Sharad Bhat on Unsplash · Unsplash License
AI provenance: This post was generated by OpenAI. The original authors did not write or review this post.

More posts