A Trustworthy Dataset for APT Intelligence with an Auto-Annotation Framework

Abstract

Advanced Persistent Threats (APTs) pose significant cybersecurity challenges due to their multi-stage complexity. Knowledge graphs (KGs) effectively model APT attack processes through node-link architectures; however, the scarcity of high-quality, annotated datasets limits research progress. The primary challenge lies in balancing annotation cost and quality, particularly due to the lack of quality assessment methods for graph annotation data. This study addresses these issues by extending existing APT ontology definitions and developing a dynamic, trustworthy annotation framework for APT knowledge graphs. The framework introduces a self-verification mechanism utilizing large language model (LLM) annotation consistency and establishes a comprehensive graph data metric system for problem localization in annotated data. This metric system, based on structural properties, logical consistency, and APT attack chain characteristics, comprehensively evaluates annotation quality across representation, syntax semantics, and topological structure. Experimental results show that this framework significantly reduces annotation costs while maintaining quality. Using this framework, we constructed LAPTKG, a reliable dataset containing over 10,000 entities and relations. Baseline evaluations show substantial improvements in entity and relation extraction performance after metric correction, validating the framework’s effectiveness in reliable APT knowledge graph dataset construction.

1. Introduction

Network security defense has traditionally relied on analyzing direct structured data such as traffic and logs. These methods can directly identify behavioral characteristics and reveal the identities of attackers and the techniques used in attacks. However, such approaches typically target attacks that have already occurred or are currently in progress [1], lacking forward-looking and comprehensive information. This limitation is particularly evident in complex Advanced Persistent Threat (APT) scenarios.

With the rise of proactive defense concepts, analyzing indirect intelligence from unstructured textual sources can effectively reduce the information gap between attackers and defenders [2], enabling cybersecurity practitioners to conduct more proactive early warning and defense. In the current CTI (cyber threat intelligence) analysis domain, entity extraction and relation extraction methods based on deep learning are becoming increasingly active. The extracted entities and relations can be used to construct large-scale cyber threat intelligence knowledge graphs (semantic networks composed of multiple triplets <head entity, relation, tail entity>, which integrate heterogeneous threat intelligence data through type definitions of different entities and relations). Particularly in the APT domain, these knowledge graphs can intuitively show behavioral patterns and potential associations. This characteristic gives APT knowledge graphs unique advantages in threat attribution and profiling. Specifically, in threat attribution, we need to conduct a forensic analysis based on different entity–relation–entity triplet paths. In threat profiling, we utilize a group’s habitual attack paths and methods to further analyze their attack habits and characteristics. Furthermore, with the rapid development of large language models, high-quality knowledge graphs can effectively mitigate their hallucination problems and enhance their interpretability.

However, since current methods are primarily implemented through data-driven deep learning models, data quality issues become particularly critical. Comprehensive APT ontology definitions and high-quality entity relationship datasets are notably scarce, which limits research and development in this field. The high cost and quality control challenges of manual data annotation create the primary bottlenecks. This paper summarizes three key challenges facing current APT attack dataset construction: Q1: Current mainstream approaches still rely primarily on manual annotation with low automation levels. Manual annotation not only generates high labor costs but also introduces systematic cognitive biases among annotators. Q2: Current evaluation methods for annotated data rely on model training and lack intuitive and effective metrics. Q3: The entity–relationship ontologies defined in existing research inadequately describe the complex scenarios of APT attacks.

To address these challenges, this paper extends existing ontological definitions and breaks through fixed triplet constraints (head entity type, relation type, tail entity type) to more authentically reproduce APT attack scenarios. We develop an iterative trustworthy annotation framework that combines automated workflows with the complementary strengths of LLMs’ stable knowledge and human experts’ disambiguation capabilities. This framework incorporates quantitative metrics to achieve dynamic quality control over multi-source intelligence annotation.

The main contributions of this paper are as follows:

For Q1, we propose a dynamic trustworthy annotation framework for APT knowledge graphs that introduces LLMs through self-verification mechanisms to perform annotation, improving annotation efficiency while ensuring stable annotation quality. This framework effectively addresses the challenges of manual annotation (proposed in Section 3, validated in Section 4.3).

For Q2, we develop a quantitative measurement system that evaluates annotation data quality from three dimensions: structural, consistency, and APT characteristics. This quantitative approach effectively addresses the issues of limited evaluation methods and insufficient interpretability (proposed in Section 3.3, validated in Section 4.4).

For Q3, we develop an enhanced APT knowledge ontology that incorporates expanded attack entities and semantic relationships from existing research. We then apply the proposed annotation framework to construct the LAPTKG dataset, which contains over 10,000 entities and relations (proposed in Section 3.1.1, validated in Section 4.6).

The remaining sections are structured as follows. Section 2 introduces related work on threat intelligence. Section 3 presents the LLM-based dynamic trustworthy annotation framework for APT knowledge graphs. Section 4 conducts experimental validation. Section 5 summarizes the research methodology. Section 6 discusses future work.

2. Related Work

To thoroughly investigate the dataset construction process of current works, this paper reviews knowledge graph research in the CTI field in recent years. The analysis reveals that although current studies generally construct datasets independently, publicly available datasets are virtually nonexistent. Meanwhile, the ontology structures defined in current research fail comprehensively to describe APT attack processes. This is particularly evident in joint extraction models [3,4], where ontology structures are notably oversimplified. Some studies [5,6] define only a limited number of unique triplet types. Therefore, this paper extends existing APT ontology definitions.

Furthermore, we investigate current approaches for data annotation and quality assessment, as shown in

Table 1. Annotation modes and quality assessment methods in related studies.

Literature	Ontology		Mode	Annotation Quality Evaluation
	EN	RE		Expert	Flow	Architecture	Baseline
[2,7,8]	√		manual				√
[9]	√		manual	√			√
[10]	√		manual	√	√
[11,12,13]	√		manual	√	√		√
[14]		√	auto	√	√		√
[6,15,16]	√	√	manual				√
[17,18,19]	√	√	manual	√			√
[20,21] (CS40K)	√	√	auto	√	√		√
[21] (CS3K) [22,23,24,25]	√	√	manual	√	√		√
OURs	√	√	auto	√	√	√	√

Note: A checkmark (√) indicates that the work supports the corresponding category, such as ontology entities or relations, expert evaluation of annotation quality, evaluation flow, metric architecture, and baseline model validation. A blank cell indicates no support.

. Current research primarily relies on manual annotation methods and lacks efficient quality assessment methods. This section discusses these issues from two perspectives: automated annotation patterns and data quality assessment.

2.1. Automated Annotation Methods

Although automated technologies have unique advantages in handling complex data structures [26], manual data annotation remains the most reliable strategy in current CTI graph-related research. However, to achieve a balance between cost reduction, efficiency improvement, and annotation quality, some studies have attempted to explore annotation patterns assisted by automated modules. Several studies employ different automated annotation methods tailored to specific tasks. For example, ref. [27] applies the spaCy library for Named Entity Recognition (NER) tasks, whereas [14] adopts distant supervision methods for RE. Other research utilizes automated tools to improve annotation efficiency, such as [20] using Knuth–Morris–Pratt (KMP, a fast string-matching algorithm [28]) and ref. [29] employing IBM Watson Natural Language Processing (NLP) services. Nevertheless, these studies commonly face the challenge of imbalanced efficiency and quality. This research leverages the advantages of large language models (LLMs) and combines them with a metric system to implement a trustworthy dynamic annotation process primarily driven by automated modules.

2.2. CTI Data Quality Assessment

Current discussions on CTI data quality primarily focus on quality judgment during CTI sharing. Shared CTI refers to intelligence transferred between organizations or institutions through established standards (such as STIX). Therefore, such assessment methods typically conduct subjective and objective quality evaluations around standard fields and intelligence content. For example, ref. [30] employs hierarchical subjective and objective measurements based on attribute–object–report structures. Ref. [31] designs a consensus framework for the subjective evaluation of CTI. Ref. [32] proposes a systematic methodology for developing CTI quality assessment metrics, including relevance metrics for unstructured CTI and weighted completeness metrics for structured CTI. Additionally, ref. [33] utilizes Jaccard similarity coefficients to validate the similarity between keywords extracted by models and those extracted by experts.

However, quality assessment methods for knowledge graph data remain insufficient. In particular, current evaluation methods rely predominantly on deep learning, which inherently limits their interpretability and transferability. These methods are mainly divided into baseline model evaluation and knowledge embedding representation evaluation [21,22]. The former suffers from the restricted learning capabilities of general baseline models, while the latter conducts quality evaluation by training knowledge embedding representations and completion models. This approach also suffers from dependency on dataset quality and lacks interpretability in final evaluation results.

3. Methodology

This section proposes an APT graph dynamic trustworthy annotation framework, as shown in Figure 1. The framework defines three stages: pre-annotation, ongoing annotation, and post-annotation. The pre-annotation stage involves data preparation, while the ongoing annotation stage includes pilot and formal annotation using an automated dynamic workflow with stage-specific objectives.

The pilot annotation evaluates small batches (e.g., 100 instances) using density and coverage metrics, dynamically adjusting ontology and prompt templates based on results. We conduct large-scale annotation in the formal phase (e.g., 500 instances per batch) using refined ontology and prompts from the pilot phase. The evaluation employs category balance, granularity consistency, and attack chain rationality metrics. Expert groups conduct error correction and adjustments to annotation data based on evaluation results. Finally, traditional baseline models provide supplementary validation.

3.1. Pre-Annotation Preparation

3.1.1. APT Dual-Layer Ontology

In defining the ontology, we designed a dual-layer structure (

Table 2. Dual-layer APT ontological structure definition.

Task	Type	SubType
Entity	Threat initiator	Threat-Actor, Malware, Tool, Attack-Pattern
	Asset	Vulnerability, Configuration, File, Infrastructure, Credential
	Implication	Location, Identity, Industry, Observed-Data
Relation	Base Relations	targets
	Operation	uses, exploits, interacts-with, requires
	Traceability	located-at, indicates, attributed-to, has
	Extension	variant-of, affects, related-to

) to express attack implementation processes and impacts. We observed that APT intelligence typically centers on attackers as the primary actors, targets as objects, and tools or methods as supplements. Therefore, we categorize entities into Threat initiator, Asset, and Implication. Threat initiators focus on attacker descriptions, while Asset and Implication primarily concern attack targets. For relationship definitions, we employ fundamental semantics as the top-level design, divided into Base Relations, Operation, Traceability, and Extension. We emphasize active and passive semantic expressions to strengthen relationship modeling.

Compared to current research, our approach not only encompasses the main foundational entity types [18] but also extends entity types to capture APT attack details [10]. Regarding relationships, existing relation extraction studies [6,23] employ fixed triplet structures that, while improving recognition performance, create a significant gap with real-world application scenarios.

To further investigate overlapping entities and overlapping triplets, we allow Attack-Pattern entities to overlap with other entities and emphasize the continuity of APT attacks (i.e., overlapping triplets) in our relation annotation.

3.1.2. Trusted Data Collection

This paper extensively collects unstructured threat intelligence data. Among these sources, threat intelligence compiled on the ATT&CK official website is widely used due to its high-density attack activities. Additionally, to simulate real-time extraction of the latest threat technique reports, we crawled data from multiple renowned threat intelligence vendors such as Kaspersky. Beyond ensuring data source credibility, we also employ automated crawling scripts and models for efficient collection, as shown in Figure 2. During data crawling, we specifically addressed real-time page response handling and processing of different content types. For data cleaning, we utilized spaCy library pre-trained models for sentence segmentation and applied regular expressions to replace non-semantic information (such as file paths, MD5 hashes, etc.).

3.2. Dynamic Trustworthy Annotation Process

This paper improves efficiency through automated annotation processes during the ongoing annotation stage while ensuring data quality trustworthiness through quantitative metrics and dynamic annotation–evaluation–correction cycles. We introduce LLMs to reduce manual costs and leverage their knowledge bases for stable annotation quality.

We employ a triple verification mechanism: model self-verification evaluation, predefined validation matrices, and expert review discussions. Self-verification combines the rapid response of non-reasoning models with the deliberative advantages of reasoning models. Expert teams adopt a dynamic process involving individual review, peer review, group discussion, and team leader validation. This mechanism effectively reduces subtask error propagation caused by semantic understanding errors and specialized knowledge gaps.

After each annotation batch, we rapidly assess data quality through a quantitative metric system. Senior experts then promptly correct annotation issues or adjust annotation guidelines.

3.3. Annotation Quality Quantitative Indicator System

To intuitively evaluate the annotation data of APT graphs and mitigate existing issues, this paper develops a multi-level quantitative indicator system, as shown in Figure 3. The system comprises three levels: basic structural indicators, logical consistency indicators, and attack chain topological indicators. Each level of indicators provides comprehensive evaluation through multiple dimensions.

Among these, the basic structural indicators analyze the overall characteristics of individual batch datasets. Combined with logical consistency indicators, they jointly assess the quality of data application in deep learning models. Meanwhile, the attack chain topological indicators focus more specifically on evaluating the quality of APT attack characteristics.

3.3.1. Basic Structural Indicators

Structural indicators aim to highlight quality issues in datasets through relevant data characteristics, enabling annotators to make timely adjustments and corrections. The main indicators include category density and category distribution balance.

• Category Density Anomaly Index (CDA)

In automated entity–relation annotation, aside from filtered texts with zero entities or relations, we enhance attention to anomalous instances through the category density indicator. This indicator utilizes normal distribution characteristics, where approximately 95% of data fall within the interval [34]. The anomaly indicator formula is as follows:

$${CDA}^{\left(en/re\right)}=\left\{\begin{array}{c}1 if {\rho }_i \notin \left(\mu -2\sigma , \mu +2\sigma \right)\\ 0 otherwise \end{array}\right.,$$

(1)

where $\mu$ and $\sigma$ represent the mean and standard deviation of entity or relation density for the current batch of sentence sets, respectively. ${\rho }_i$ denotes the entity or relation density (count/length) of the current sentence.

B.

Category Distribution Balance Index (CDB)

To reflect the distribution balance issues of various categories in datasets, we utilize a comprehensive representation combining the Gini coefficient [35] and entropy [36]. This indicator can detect prominent issues (head concentration and long-tail problems) and pseudo-balance problems (as in Section 4.4.1). First, we define the number of entity and relation categories as $K^{\left(en/re\right)}$, the sample count for each category as $n_K$, and the sample proportion for each category as $p_i={\displaystyle \frac{n_i}{N}}$, where the total sample count is $N={\sum }_{i=1}^K{n}_i$. The main calculation formula is as follows:

$${CDB}^{\left(en/re\right)}={\displaystyle \frac{{{Norm}_H}^{\left(en/re\right)}}{1+G^{\left(en/re\right)}}}\left(0\le DBI\le 0.5\right)$$

(2)

where $G^{\left(en/re\right)}$ is the equivalent transformation of the original Gini coefficient, avoiding $O\left(N^2\right)$ complexity calculations:

$${\sum }_{i,j}|p_i-p_j|=2K{\sum }_{i=1}^K{p}_i\left(1-p_i\right)\Rightarrow G^{\left(en/re\right)}={\displaystyle \frac{2K\sum p_i\left(1-p_i\right)}{2N}}=1-\sum p_i^2,$$

(3)

and the normalized entropy is ${Norm}_H={\displaystyle \frac{-{\sum }_{i=1}^K{p}_{i}ln\left(p_i\right)}{ln\left(K\right)}}$.

3.3.2. Logical Consistency Indicators

The logical consistency of annotation data directly affects model learning performance. This type of indicator can evaluate annotation consistency from a statistical perspective. During the pilot annotation phase, LAC and CCC indicators are preliminarily used to assess the feasibility of the model and ontology. In formal annotation, EAG and TAG indicators are utilized to evaluate and detect errors in document-level representation, syntax, and semantics.

• LLMs Annotation Consistency (LAC)

To intuitively evaluate the consistency between LLM annotation and human annotation, we adapted Cohen’s Kappa coefficient [37] to assess the existing consistency between large language models and human annotation:

$${LAC}^{\left(en/re\right)}={\displaystyle \frac{P_o^{\left(en/re\right)}-P_e^{\left(en/re\right)}}{1-P_e^{\left(en/re\right)}}}\in [\mathrm{-1},1],$$

(4)

where observed agreement ($P_o^{\left(en/re\right)}\in [0,1]$) and expected agreement ($P_e^{\left(en/re\right)}\in [0,1]$) are represented as follows:

$$P_o={\displaystyle \frac{A+D}{Total}},P_e=\left({\displaystyle \frac{A+B}{Total}}\cdot {\displaystyle \frac{A+C}{Total}}\right)+\left({\displaystyle \frac{B+D}{Total}}\cdot {\displaystyle \frac{C+D}{Total}}\right),$$

(5)

where $Total$ represents the total count of text positions (entities) or entity pairs (relations). A represents the count where both annotators label as “entity or relation exists,” B represents the count where annotator 1 labels as existing while annotator 2 labels as non-existing, C is the opposite of B, and D represents the count where both annotators label as “entity or relation does not exist.” In this context, annotator 1 and annotator 2 refer to two peer-level annotators working on the same samples, where annotator 1 represents model annotations under different prompts and annotator 2 represents manual annotations.

B.

Category Coverage Consistency (CCC)

To balance the consistency between annotation data distribution and expected distribution, we define expected weights based on the upper-level ontology for each category in the upper layer, with the lower layer setting minimum restrictions as supplements. The expected weights are shown in Section 4.4.1. The indicator formula is as follows:

$$S_{CCC}=W_a{Sim}^{en}+W_b{Sim}^{re}+W_c{P}_{Key}\in [0,1],$$

(6)

where the submodule weights sum to $\sum _{iϵ(a,b,c)}{W}_i=1$, $P_{Key}$ represents the proportion of lower-layer category restrictions that are satisfied, and ${Sim}^{\left(en/re\right)}$ is based on the Hellinger distance [38] to calculate the similarity between the distribution of the upper-layer ontology and the expected distribution in the data:

$${Sim}^{\left(en/re\right)}=H_w(P,Q)={\displaystyle \frac{1}{\sqrt{2}}}\sqrt{{\sum }_{i=1}^k{w}_i^{\prime }(\sqrt{p_i}-\sqrt{q_i}{)}^2}\in [0,1],$$

(7)

where $p_i$ represents the actual distribution proportion of the ith category and $q_i$ represents the ideal distribution proportion of the ith category. The indicator uses $w_i={\displaystyle \frac{1}{\sqrt{q_i}}}\left(1+{\displaystyle \frac{\left|p_i-q_i\right|}{p_i+q_i}}\right)$ to amplify difference sensitivity for weighting. Normalization is performed through $w_i^{\prime }={\displaystyle \frac{2\cdot w_i}{{\sum }_{j=1}^k{w}_j}}$ to ensure the weight $w_i^{\prime }\in [0,1]$.

C.

Entity Annotation Granularity (EAG)

EAG evaluates annotation consistency across entity categories by integrating representation granularity, contextual semantic similarity, and part-of-speech distribution. The overall formula is as follows:

$${EAG}_{dataset}={\displaystyle \frac{1}{M}}{\sum }_M(W_a{ERG}_{doc}+W_b{ESG}_{doc}){\omega }_{{POS}_{doc}}\in [0,1],$$

(8)

where $M$ represents the number of documents, submodule weights sum to $\sum _{iϵ(a,b)}{W}_i=1$, and ${ERG}_{doc}$, ${ESG}_{doc}$, and ${\omega }_{{POS}_{doc}}$ represent the document-level entity representation, semantic granularity evaluation, and part-of-speech coefficient, respectively.

a. Entity Representation Granularity (${ERG}_{doc}$)

$${ERG}_{doc}={\displaystyle \frac{1}{K^{\left(en\right)}}}{\sum }_k^{K^{\left(en\right)}}{\displaystyle \frac{\sum I\left({len}_{en}^k\in {Threshold}_{en}^k\right)}{N_{en}^k}},$$

(9)

where $K^{\left(en\right)}$ represents the number of entity categories, $I\left(\cdot \right)$ is an indicator function (1 if condition is met, 0 otherwise), and entity granularity ${len}_{en}^k$ for category $k$ falls within ${Threshold}_{en}^k\in {\overline{\mu }}_{en}^k\pm 2{\overline{\sigma }}_{en}^k$, where ${\overline{\mu }}_{en}^k$ and ${\overline{\sigma }}_{en}^k$ are based on the mean and standard deviation of entity granularity for each category across all evaluation data.

b. Entity Semantic Granularity (${ESG}_{doc}$)

$${ESG}_{doc}={\displaystyle \frac{1}{K^{\left(en\right)}}}{\sum }_k^{K^{\left(en\right)}}{\displaystyle \frac{{\sum }_{i\ne j}I({Sim}_{ij}>0.9)}{C\left(n,2\right)}},$$

(10)

where semantic similarity ${Sim}_{ij}$ is calculated based on secureBERT [39] embedding vector computation:

$${Sim}_{ij}={\displaystyle \frac{e_i\cdot e_j}{\parallel e_i\parallel \parallel e_j\parallel }},{\mathrm{e}}_{\mathrm{i}/\mathrm{j}}=\mathrm{S}\mathrm{e}\mathrm{c}\mathrm{u}\mathrm{r}\mathrm{e}\mathrm{B}\mathrm{E}\mathrm{R}\mathrm{T}({\mathrm{w}\mathrm{o}\mathrm{r}\mathrm{d}\mathrm{s}}_{\mathrm{i}/\mathrm{j}}),$$

(11)

c. Entity Part-of-Speech Granularity Coefficient (${\omega }_{{POS}_{doc}}$)

The part-of-speech granularity coefficient is jointly determined by the proportional coefficient of nouns (PCoN) and the coverage coefficient of gerunds (CCoG), using stanza [40] for part-of-speech tagging:

$${\omega }_{{POS}_{doc}}=PCoN\times CCoG,$$

(12)

where $PCoN=\left\{\begin{array}{cc}0.8,& nouns<70\%\\ 1,& otherwise\end{array}\right.,CCoG=\left\{\begin{array}{cc}0.9,& gerund<95\%\\ 1,& otherwise\end{array}\right.$.

D.

Triples Annotation Granularity (TAG)

Specifically, it evaluates entity spans in the representation component, semantic roles in the syntactic component, and triple phrases in the semantic component. Due to the sparsity of entities and relations in triples, natural language processing based on ontology definitions is required before evaluation. The overall formula is as follows:

$${TAG}_{dataset}={\displaystyle \frac{1}{M}}{\sum }_M(W_a·{TAS}_{doc}+W_b·{TSyG}_{doc}+W_c{·TSeG}_{doc}),$$

(13)

where M represents the number of documents in the dataset, submodule weights sum to $\sum _{iϵ(a,b,c)}{W}_i=1$, and ${TAS}_{doc}$, ${TSyG}_{doc}$, and ${TSeG}_{doc}$ represent document-level triple representation, syntactic granularity, and semantic granularity evaluation, respectively.

a. Triple Annotation Span (${TAS}_{doc}$)

$${TAS}_{doc}={\displaystyle \frac{1}{K^{\left(triple\right)}}}{\sum }_k^{K^{\left(triple\right)}}{\displaystyle \frac{\sum I\left({span}_{triple}^k\in {Threshold}_{span}^k\right)}{N_{span}^k}},$$

(14)

where the span granularity ${span}_{triple}^k$ for category k triples falls within ${Threshold}_{span}^k={\overline{\mu }}_{span}^k\pm \alpha \cdot 2{\overline{\sigma }}_{span}^k$, where $\mathsf{\alpha }$ represents the sentence complexity factor and ${\overline{\mu }}_{span}^k$ and ${\overline{\sigma }}_{span}^k$ are the mean and standard deviation of triple granularity for each category based on all evaluation data.

b. Triple Syntactic Granularity (${TSyG}_{doc}$)

Since naturalized triples should conform to basic sentence characteristics, they should contain three semantic roles: PRED, ARG0, and ARG1. To ensure consistent evaluation, we strictly define the number and types of semantic roles:

$${TSyG}_{doc}={\displaystyle \frac{1}{N_T}}{\sum }_{i=1}^{N_T}I\left(\left\{\begin{array}{c}\exists ! PRED\in {TS}_i\\ \exists ! ARG0\in {TS}_i\wedge ARG0\leftrightarrow PRED\\ \exists ! ARG1\in {TS}_i\wedge ARG1\leftrightarrow PRED\end{array}\right.\right),$$

(15)

where $N_T$ represents the number of triples, ${TS}_i$ represents the ith triple after natural language processing, $\exists !$ indicates existence and uniqueness, and $\leftrightarrow$ indicates direct association between semantic roles and predicates.

c. Triple Semantic Granularity (${TSeG}_{doc}$)

Triple semantic granularity performs overall evaluation of triple semantics based on the similarity calculation from Formula (11):

$${TSeG}_{doc}={\displaystyle \frac{1}{K^{\left(Triple\right)}}}{\sum }_k^{K^{\left(Triple\right)}}{\displaystyle \frac{{\sum }_{i\ne j}I({Sim}_{ij}>0.9)}{C\left(n,2\right)}},$$

(16)

3.3.3. Attack Chain Topological Indicator

Attack chain topological indicators evaluate the topological structure of document-level knowledge graphs for the multi-stage nature and chain structure of the APT domain. The main approach combines the attack chain depth and structural dispersion penalty for overall evaluation:

$$ACT={Score}_{acd}\times \left(1-R_{TP}\right),$$

(17)

• Attack Chain Depth Score (${Score}_{acd}$)

We traverse attack chains in the document-level annotation data, where the valid attack chain depth set is recorded as $d=\left\{d_1,d_2,\dots ,d_k\right\}$. We use the 25th percentile of attack chain depth to filter out excessively short chains as Q₂₅ = Percentile (P, 25%) and calculate the chain strength factor:

$${\beta }_{norm}=tanh\left({\displaystyle \frac{max\left(d_i\right)-Q_{25}}{Q_{25}}}\right)\in [0,1),$$

(18)

We reference the existing attack chain models [41] and our previous three-stage definition [42]. Base weights are set for different depths and continuously adjusted through regression functions:

$$W_{acd}=\left\{\begin{array}{cc}0.5\times \left(1+\beta \right),& Q_{75}\le 2\\ 0.7\times \left(1+\beta \right),& Q_{75}=3\\ 0.8\times \left(1+\beta \right),& Q_{75}=4\\ 1.0\times \left(1+\beta \right),& Q_{75}\ge 5\end{array}\right. \Rightarrow \left[0.5+0.5\sigma \left(2\left(Q_{75}-3\right)\right)\right]\times \left(1+{\beta }_{norm}\right),$$

(19)

For convenient calculation and comparison, $W_{acd}$ is normalized through piecewise linear stretching:

$${Score}_{acd}={\displaystyle \frac{1-e^{-{\lambda }_0{W}_{acd}} -L}{U-L}}\in [0,1],$$

(20)

where ${\lambda }_0$ is the normalization coefficient and $L$ and $U$ are the original upper and lower limit parameters, respectively.

B.

Attack Chain Total Penalty Ratio ($R_{TP}$)

Additionally, except for certain entity types that act as head nodes (such as threat organizations), the in-degree and out-degree of chain structures should be relatively balanced. Therefore, we use the in-degree and out-degree Gini coefficient to evaluate the dispersion of chain structures, calculating the penalty value:

$$P_{divergence}=min(max\left(G_{out},G_{in}\right)\times min\left(1,{\displaystyle \frac{{Num}_{relation}}{{Num}_{entity}}}\right),0.6),$$

(21)

$$G_{in/out}={\displaystyle \frac{{\sum }_{i=1}^n{\sum }_{j=1}^n|{Ne}_{in/out,i}-{Ne}_{in/out,j}|}{2n^2\overline{{Ne}_{in/out}}}},$$

(22)

where ${Ne}_{in/out,i}$ represents the number of times entity i acts as a relation tail or head and ${Num}_{relation}$ and ${Num}_{entity}$ represent the number of relations or entities in the document, respectively. Additionally, this indicator systematically accounts for isolated nodes and illegal loop situations by incorporating them into the penalty score $P_{error}$, thus calculating the total penalty ratio:

$$R_{TP}=min\left(0.3, 0.15\times {\displaystyle \frac{P_{error}}{{\lambda }_1}}+0.15\times {\displaystyle \frac{P_{divergence}}{{\lambda }_2}}\right),$$

(23)

where ${\lambda }_1$ and ${\lambda }_2$ are the normalization coefficients for $P_{error}$ and $P_{divergence}$, respectively.

3.4. Post-Annotation Evaluation

After the overall data annotation is completed, we need to evaluate the annotated dataset as a whole to validate the framework’s effectiveness. The performance of baseline model training on the data provides valuable reference. Therefore, this part employs typical evaluation metrics, specifically including precision, recall, and F1-score for assessment.

4. Experiments

This section validates our dataset construction method and quality from three perspectives. First, we verify the efficiency of the annotation framework. Second, we validate various quantitative indicators. Finally, we provide supplementary validation of the annotation data’s training effectiveness through baseline models.

4.1. Data Collection

We extensively collected open-source report data. Using automated scripts, we extracted a total of 756 reports from ATT&CK and several cybersecurity vendor reports, collecting over 100,000 raw instances. Based on the proposed annotation framework, we annotated 1500 instances each from ATT&CK reports and technical detail reports to validate the framework and construct the foundational dataset.

4.2. Experimental Setup

4.2.1. Model Selection

• Large Model Selection

This study initially tested four prominent LLMs (Llama3, GPT-4O, KIMI, and Deepseek). We ultimately selected the Deepseek model for automated annotation framework validation based on cost and quality considerations. In our method, Deepseek-V3 performs basic annotation while the Deepseek-R1 model conducts annotation self-verification. Additionally, we designed three prompt templates: joint prompts, pipeline-based key information prompts, and pipeline-based boundary analysis prompts. The boundary analysis prompt template was selected based on experimental results from Section 4.4.1.

B.

Baseline Models

We selected mainstream modules with validated effectiveness to constitute the baseline models for this study. For entity extraction, we employ four architectures: BERT, BERT-BiLSTM-Biaffine, BERT-CRF, and BERT-BiLSTM-CRF. For relation extraction, we use the BERT, BERT-BiLSTM, and BERT-BiLSTM-Biaffine architectures based on the preprocessed dataset.

4.2.2. Parameter Configuration

The experimental objective is to demonstrate the correlation between indicators and various dimensions. Therefore, we perform uniform allocation of sub-dimension weights $W_i$ within each indicator $\sum _{iϵ(a,b,c,\dots )}{W}_i=1$.

4.2.3. Experimental Environment

Our evaluation system requires no model training but needs basic model calls. Specifically, the framework employs the Spacy model for sentence segmentation and Stanza for part-of-speech tagging and semantic role labeling. The framework employs SecureBERT for entity and triplet embedding to compute semantic similarity. Additionally, a basic network environment is required for accessing large model APIs. In the baseline model configuration, the BERT model outputs 768-dimensional vectors, while the single-layer LSTM in BiLSTM outputs 128-dimensional vectors. Note that due to space limitations, this paper only presents indicator and baseline experimental results on ATT&CK Groups.

4.3. Annotation Framework Efficiency Validation

To validate the annotation framework’s efficiency, our team was divided into two groups with balanced knowledge levels and tested the cost consumption of two annotation modes on identical data during the pilot annotation phase, as shown in Figure 4. ATT&CK Groups present more complex scenarios than Attack Reports, making annotation more challenging.

In manual annotation, considerable time was wasted filtering low-density samples. Additionally, corrections required re-annotating all data for adjustments, consuming substantial time.

Manual annotation required considerable time to filter low-density samples. Additionally, corrections required re-annotating all data for adjustments, consuming substantial time.

Our annotation framework filtered out 89 instances using the CDA indicator. Due to the sequential nature of framework tasks, model annotation time is negligible. Moreover, manual corrections can be targeted based on document-level indicators, significantly improving validation efficiency. Experiments demonstrate that our proposed annotation framework is more efficient, with only minimal economic costs (approximately 3.8 Chinese yuan per 50 instances).

4.4. Evaluation Indicator Validation

During the ongoing annotation phase, pilot annotation and formal annotation serve different purposes; therefore, the experiment is divided into two parts.

4.4.1. Pilot Annotation Phase Indicator Validation

In the pilot annotation phase, our primary objective is to ensure that the automated models in the framework align with the designed ontological structure as expected. Therefore, we use the LAC indicator to compare the annotation effects of different prompt templates, while CCC and CDB indicators evaluate the degree to which annotation data types conform to expectations.

A.

LAC Indicator Experiment

During the annotation process, we compared the effects of three prompt types across 5 batches of 100 instances each, based on Deepseek-V3. The experimental results are shown in Figure 5.

Experiments demonstrate that LLMs show substantial agreement with human annotators regarding character-level entity identification. However, differences in relation extraction are more pronounced. Joint prompting performs significantly worse than the other two approaches due to length constraints and task complexity. Boundary analysis for confusable types proves more effective than KeyInfo prompts. Additionally, the overall declining trend in relation to extraction performance may result from bias in the initial prompt design, though this does not affect prompt validation.

B.

CCC Indicator Experiment

CCC evaluates the discrepancy between ontological design expectations and actual annotation data; therefore, the experiment compares single-batch and cumulative data. The initial ontological expectations derive from expert experience, as shown in Figure 6a. The CCC indicator experiment, shown in Figure 6b, intuitively reflects the consistency between data proportions in different intervals and expected proportions. As data accumulates, although single-batch data distributions may not conform to expectations, the overall dataset increasingly converges toward expectations.

C.

CDB Indicator Experiment

CDB evaluates the balance of dataset classification across different types, addressing the limitations of the CCC indicator. This section visualizes the indicator through category frequencies for entities and relations (Figure 7). We comprehensively assess dataset category balance by examining category equilibrium and head monopolization. This experiment demonstrates a pseudo-balance scenario, where head categories (top three) do not completely monopolize cumulative data, while categories with similar data volumes are relatively averaged. Additionally, this indicator is more sensitive to extremely imbalanced scenarios such as long-tail distributions.

4.4.2. Formal Annotation Phase Indicator Validation

In the formal annotation phase, Entity Annotation Granularity (EAG), Triplet Annotation Granularity (TAG), and Attack Chain Integrity (ACT) indicators are all document-level indicators. They aim to rapidly lock annotation quality issues to specific documents. We use scatter plots to experimentally validate the inter-dimensional correlations of these indicators (as shown in Figure 8). In EAG and TAG indicators, overall characteristics and trends are most pronounced, as shown in Figure 8a,b. However, in sub-dimensions, semantics are constrained by the embedding space limitations of pre-trained models for vertical domains. Additionally, entity granularity exhibits greater discriminability than triplet granularity, indicating more stable annotation characteristics among triplets of the same type.

In the ACT indicator shown in Figure 8c, we use chain tail strength (${\beta }_{norm}$) as the horizontal axis to observe the correlation between ACT and its sub-dimensions. Here, stronger ${\beta }_{norm}$ leads to decreased ACD, indicating overall chain length bias in this portion of documents. The relationship between entropy and chain tail strength shows inverse symmetry, suggesting that when ${\beta }_{norm}$ is stronger, structural changes are more complex, entropy is higher, and overall scores are lower. This indicator comprehensively reflects the structural and phase characteristics of attack chains.

Additionally, we found that evaluating semantic consistency between similar texts through similarity calculations using SecureBERT word embeddings results in consistently high scores. This leads to poor discrimination in the semantic consistency scoring component. The analysis suggests this may be due to the similar nature of word embedding vectors in vertical domains.

4.4.3. Generalizability Experiments of Evaluation System

We evaluated publicly available datasets using our proposed evaluation framework. However, due to the inherent limitation that open-source datasets often do not contain original data, it was challenging to apply all indicators in our evaluation system comprehensively. For instance, some datasets only support entities or relations, lack pre-processing information, such as document boundaries, or provide only extracted data without annotation data. Additionally, due to the absence of original contextual information, such as full articles, we calculated overall scores by averaging the applicable evaluation indicators supported by the entire dataset.

Table 3. Generalizability experiments of the evaluation system based on open-source datasets.

Literature	Basic Structural Indicators		Logical Consistency Indicators				ACT	Score
	CDA	CDB	LAC	CCC	EAG	TAG
DNRTI [11]								78.89
APTNER [12]								65.67
HACKER [14]								61.14
CVTIKG [17]								57.44
Ours (LAPTKG)								83.65

Note: indicates that the indicator was not evaluated at all, indicates that the indicator was partially evaluated, and indicates that the indicator was fully evaluated according to the design.

presents the types of indicators supported by each dataset and their corresponding scores.

Overall, our dataset achieved the highest score due to its superior balance across all dimensions. Among the other datasets, entity-focused datasets scored higher (DNRTI and APTNER), while APTNER received a lower score due to its inclusion of non-semantic entities and relatively imbalanced structure. Furthermore, the evaluation of HACKER and CVTIKG was limited by incomplete annotation data. CVTIKG, in particular, scored lowest as it only provided inferred extracted triplet data rather than original annotation data.

4.5. External Consistency Experiment

External consistency and internal consistency constitute key dimensions of knowledge graph evaluation. This study employs semantic similarity-based clustering to evaluate consistency between APT knowledge graphs and external knowledge bases, specifically MITRE ATT&CK, from which the original data were sourced. Results are presented in Figure 9, where thresholds represent similarity boundaries between semantic clusters. Higher thresholds generate more clusters, yielding elevated similarity scores for individual triplets and correspondingly higher consistency ratings.

However, the overall external consistency scores approach 1, consistent with our observations during internal consistency metric construction (Section 4.4.2). Two factors may explain this phenomenon: overlap between annotated data and knowledge base sources, and similar embedding vectors generated by domain-specific word embedding models trained on similar corpora for APT-related terms. This suggests that relying solely on semantic similarity when using natural language knowledge bases such as MITRE ATT&CK or CAPEC is insufficient for adequately evaluating the external consistency of knowledge graphs.

Based on these findings, future work will investigate knowledge graph alignment-based techniques for external consistency evaluation. Our annotated dataset will help address the current scarcity of open-source, high-quality APT knowledge graph data, enabling further investigation of inter-graph external consistency evaluation approaches.

4.6. Dataset Information

The overall dataset information for our final annotations is shown in

Table 4. Entity dataset scale.

Entity			Relation
Type	ATT&CK	Report	Type	ATT&CK	Report
Threat-Actor	1490	493	uses	1250	801
Attack-Pattern	1472	859	requires	1095	487
Infrastructure	726	650	interacts-with	827	571
Tool	635	474	targets	497	540
Malware	562	748	attributed-to	446	205
Configuration	416	378	related-to	367	877
Identity	396	635	exploits	336	79
File	393	293	has	321	391
Observed-Data	382	458	affects	301	212
Credential	206	79	located-at	295	216
Location	141	449	indicates	98	157
Industry	117	306	variant-of	74	147
Vulnerability	117	72	-	-	-
Total	7053	5895	Total	5907	4687

with both entity and relation counts exceeding ten thousand. In the annotated data, the number of unique relation triplet types exceeds 400. However, most triplet types have relatively small quantities; therefore, we plan to fine-tune large models based on existing data to further expand the dataset scale and promote further research in this field.

4.7. Baseline Model Experiments

To supplement the validation of data training effects before and after correction, we further verified using baseline pipeline models on the ATT&CK Group dataset, as shown in Figure 10a,b. The experiments demonstrate that our method can effectively improve recognition performance after indicator validation. In the entity recognition task, the two CRF-based recognition models achieved slightly lower scores on the corrected data compared to the other two non-CRF model types. This is possibly because CRF-based sequence labeling models can only assign one label per token, introducing ambiguity in overlapping entity annotation. The fluctuations observed in relation recognition may result from pipeline models training entity pair relationships by duplicating sentences, thereby introducing noise in overlapping relation identification.

5. Conclusions

This study addresses three critical problems in APT entity relation extraction datasets: insufficient ontological structure completeness (Q3), low annotation efficiency (Q1), and insufficient quality assessment systems (Q2). We propose a dynamic trustworthy annotation framework based on knowledge graph data to simultaneously improve the efficiency and quality of APT knowledge graph construction.

The framework systematically extends existing ontological definitions from attack technical and semantic perspectives, targeting complex APT scenarios. We design a quantitative indicator system based on continuous annotation objectives, providing objective standards for data quality assessment. By integrating LLM technology, we construct a process-oriented framework that automates and intelligentizes the annotation process.

To validate effectiveness, we constructed a large-scale dataset with over ten thousand entity relations. Experimental results demonstrate that our annotation framework significantly reduces costs, the quantitative indicator system accurately identifies quality differences and effectively accelerates data correction. Comparative experiments before and after correction further validate the system’s practicality and effectiveness.

6. Future Work

In subsequent research, we will focus on addressing the current low discriminative power of external consistency evaluation. Building upon the high-quality dataset established in this work, we will concentrate on developing more effective external consistency assessment methods. Inspired by recent advances in network structure analysis for BGP community recognition [43], we plan to investigate the application of graph-level classification in knowledge graph annotation quality assessment. In future large-scale dataset expansion efforts, we plan to replace prompt templates with fine-tuning methods during the model annotation phase. This approach will not only enhance automated annotation quality and reduce manual costs, but also further validate the generalizability of our evaluation methods across different data annotation pipelines.