APT Attack Inference and Multidimensional Visual Representation

With the continuous growth of threat intelligence data and the increasing complexity of attack chains, attributing Advanced Persistent Threat (APT) attacks to specific organizations and validating attack behaviors have become challenging due to the limited interpretability and credibility of prediction results. Although graph-based APT organization prediction methods are capable of modeling the relationships among attack entities, their outputs still require further verification and analysis in the context of real-world attack scenarios. To address this issue, this paper builds upon the AARGS model for APT organization prediction and introduces a large language model to perform semantic reasoning and high-level relationship completion on the predicted results. By automatically parsing and reasoning over attack behaviors described in real threat intelligence texts, a comprehensive semantic representation of the attack chain is constructed and systematically compared with the model’s prediction outcomes. Furthermore, three-dimensional reconstruction of attack chains, together with temporal evolution and geographic propagation visualizations, is employed to intuitively present and analyze the dynamic evolution of attack paths. Experimental results demonstrate that the proposed approach effectively enhances the interpretability and reliability of APT attribution results, providing strong support for APT traceability analysis and informed defense decision-making.