Threat intelligence knowledge graph construction method and device based on mail data

The invention discloses a threat intelligence knowledge graph construction method and device based on email data. The method comprises the steps: acquiring email data and security threat type information corresponding to the email data; carrying out entity identification on the e-mail data, and extracting each entity in the e-mail data and an entity relationship among the entities; and taking security threat type information as security threat information of each entity, and then generating a visual information schematic diagram according to each entity, an entity relationship among the entities and the security threat information of each entity, so as to obtain a threat intelligence knowledge graph. By implementing the embodiment of the invention, the universality of the constructed threat intelligence knowledge graph can be improved. 本发明公开了一种基于邮件数据的威胁情报知识图谱构建方法及装置，所述方法获取电子邮件数据以及所述电子邮件数据对应的安全威胁类型信息；对所述电子邮件数据进行实体识别，提取所述电子邮件数据中的各个实体以及各所述实体间的实体关系；将所述安全威胁类型信息作为各所述实体的安全威胁信息，继而根据各所述实体、各所述实体间的实体关系以及各所述实体安全威胁信息，生成可视