Actions
  • shareshare
  • link
  • cite
  • add
add
auto_awesome_motion View all 3 versions
Publication . Conference object . 2021

Named Entity Recognition in Cyber Threat Intelligence Using Transformer-based Models

Pavlos Evangelatos; Christos Iliou; Thanassis Mavropoulos; Konstantinos Apostolou; Theodora Tsikrika; Stefanos Vrochidis; Ioannis Kompatsiaris;
Open Access
Published: 26 Jul 2021
Publisher: Zenodo
Abstract
The continuous increase in sophistication of threat actors over the years has made the use of actionable threat intelligence a critical part of the defence against them. Such Cyber Threat Intelligence is published daily on several online sources, including vulnerability databases, CERT feeds, and social media, as well as on forums and web pages from the Surface and the Dark Web. Named Entity Recognition (NER) techniques can be used to extract the aforementioned information in an actionable form from such sources. In this paper we investigate how the latest advances in the NER domain, and in particular transformer-based models, can facilitate this process. To this end, the dataset for NER in Threat Intelligence (DNRTI) containing more than 300 pieces of threat intelligence reports from open source threat intelligence websites is used. Our experimental results demonstrate that transformer-based techniques are very effective in extracting cybersecurity-related named entities, by considerably outperforming the previous state- of-the-art approaches tested with DNRTI.
Subjects by Vocabulary

Microsoft Academic Graph classification: Process (engineering) Web page Computer science Named-entity recognition computer.software_genre computer Vulnerability (computing) Data science Social media Sophistication media_common.quotation_subject media_common Deep learning Transformer (machine learning model) Artificial intelligence business.industry business

Subjects

Cyber Threat Intelligence, Named Entity Recognition, CTI, NER, DNRTI, BERT, XLNet, RoBERTa, ELECTRA

Funded by
EC| ECHO
Project
ECHO
European network of Cybersecurity centres and competence Hub for innovation and Operations
  • Funder: European Commission (EC)
  • Project Code: 830943
  • Funding stream: H2020 | RIA
Validated by funder
Download fromView all 2 sources
lock_open
moresidebar