Security logs are inherently unstructured, semantically ambiguous, and ill-suited for deep reasoning. Method: We propose an ontology-driven, large language model (LLM)-augmented knowledge graph construction framework. It integrates a cybersecurity ontology—aligned with NIS 2 and EU classification standards—with semantic log parsing and LLM-enhanced entity-relation extraction to automate log-to-knowledge-graph mapping; ontology constraints improve LLM output accuracy and interpretability. Contribution/Results: This work establishes the first end-to-end semantic–knowledge co-analytical paradigm for security logs. Experiments demonstrate an 18.7% improvement in log structuring F1-score and significantly enhanced threat contextual reasoning. The framework enables cross-system data interoperability and provides a verifiable semantic foundation for intelligent threat detection and regulatory compliance auditing.

This survey investigates how ontologies, semantic log processing, and Large Language Models (LLMs) enhance cybersecurity. Ontologies structure domain knowledge, enabling interoperability, data integration, and advanced threat analysis. Security logs, though critical, are often unstructured and complex. To address this, automated construction of Knowledge Graphs (KGs) from raw logs is emerging as a key strategy for organizing and reasoning over security data. LLMs enrich this process by providing contextual understanding and extracting insights from unstructured content. This work aligns with European Union (EU) efforts such as NIS 2 and the Cybersecurity Taxonomy, highlighting challenges and opportunities in intelligent ontology-driven cyber defense.