项目以非结构化数据中海量威胁情报信息抽取为出发点，将威胁情报知识图谱构建方法作为主要方向，研究其中威胁本体构建、实体识别与关系抽取中尚未解决的关键理论问题，首先以不同类型数据中威胁本体表现形式分析与抽象方法为目标，研究支持可扩展知识库的威胁本体构建方法，解决威胁本体构建过程中跨知识库的差异性特征分析与融合问题；然后研究威胁实体类型分析与识别方法，在结合威胁情报领域知识、威胁实体类型特征、通用领域实体识别的理论知识上，提出基于细粒度实体类型特征的威胁实体识别方法，解决通用领域实体识别方法在威胁情报领域的适应性与优化问题；最后针对已有威胁实体类型提取方法存在关系涵盖不全、准确率低等问题，研究威胁实体间复杂关系的产生机理与抽取方法，提出基于图神经网络的威胁实体间关系抽取方法，从而构建完善的威胁实体间关系抽取模型。项目研究成果可以为情报挖掘、攻击溯源、团队画像等提供更有效的理论知识和技术支持。

Aiming at extracting massive threat intelligence from unstructured data, the work studies the method of constructing threat intelligence knowledge graph as the main research direction, and solves the key issues in threat ontology construction, entity recognition and relation extraction. Firstly, representation analysis and abstract method are proposed for threat ontology in different types of data. The threat ontology construction method supporting the scalable knowledge base is studied, and the differential feature analysis and fusion problem of the cross-knowledge database in the threat ontology construction process is solved. Secondly, the threat entity type is investigated. The work proposes a threat entity recognition method based on fine-grained entity type features to solve threat entity recognition problem in the field of threat intelligence, considering the features of knowledge of threat intelligence, the characteristics of threat entity types, and the knowledge of general filed recognition theory. Finally, in order to solve the incomplete coverage and low accuracy of existing threat entity type extraction methods, the work studies the mechanism and extraction method of threat entity relations, and demonstrates a threat entity relation extraction model based on graph neural network algorithm. The research can provide more effective theoretical knowledge and support for threat intelligence mining, attack investigation, threat actor profiling.