Conference paper Open Access

Named Entity Recognition in Cyber Threat Intelligence Using Transformer-based Models

Pavlos Evangelatos; Christos Iliou; Thanassis Mavropoulos; Konstantinos Apostolou; Theodora Tsikrika; Stefanos Vrochidis; Ioannis Kompatsiaris


DataCite XML Export

<?xml version='1.0' encoding='utf-8'?>
<resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://datacite.org/schema/kernel-4" xsi:schemaLocation="http://datacite.org/schema/kernel-4 http://schema.datacite.org/meta/kernel-4.1/metadata.xsd">
  <identifier identifierType="URL">https://zenodo.org/record/6335724</identifier>
  <creators>
    <creator>
      <creatorName>Pavlos Evangelatos</creatorName>
      <affiliation>Information Technologies Institute, CERTH, Thessaloniki, Greece</affiliation>
    </creator>
    <creator>
      <creatorName>Christos Iliou</creatorName>
      <affiliation>Information Technologies Institute, CERTH, Thessaloniki, Greece</affiliation>
    </creator>
    <creator>
      <creatorName>Thanassis Mavropoulos</creatorName>
      <affiliation>Information Technologies Institute, CERTH, Thessaloniki, Greece</affiliation>
    </creator>
    <creator>
      <creatorName>Konstantinos Apostolou</creatorName>
      <affiliation>Information Technologies Institute, CERTH, Thessaloniki, Greece</affiliation>
    </creator>
    <creator>
      <creatorName>Theodora Tsikrika</creatorName>
      <affiliation>Information Technologies Institute, CERTH, Thessaloniki, Greece</affiliation>
    </creator>
    <creator>
      <creatorName>Stefanos Vrochidis</creatorName>
      <affiliation>Information Technologies Institute, CERTH, Thessaloniki, Greece</affiliation>
    </creator>
    <creator>
      <creatorName>Ioannis Kompatsiaris</creatorName>
      <affiliation>Information Technologies Institute, CERTH, Thessaloniki, Greece</affiliation>
    </creator>
  </creators>
  <titles>
    <title>Named Entity Recognition in Cyber Threat Intelligence Using Transformer-based Models</title>
  </titles>
  <publisher>Zenodo</publisher>
  <publicationYear>2021</publicationYear>
  <subjects>
    <subject>Cyber Threat Intelligence</subject>
    <subject>Named Entity Recognition</subject>
    <subject>CTI</subject>
    <subject>NER</subject>
    <subject>DNRTI</subject>
    <subject>BERT</subject>
    <subject>XLNet</subject>
    <subject>RoBERTa</subject>
    <subject>ELECTRA</subject>
  </subjects>
  <dates>
    <date dateType="Issued">2021-07-28</date>
  </dates>
  <resourceType resourceTypeGeneral="ConferencePaper"/>
  <alternateIdentifiers>
    <alternateIdentifier alternateIdentifierType="url">https://zenodo.org/record/6335724</alternateIdentifier>
  </alternateIdentifiers>
  <relatedIdentifiers>
    <relatedIdentifier relatedIdentifierType="DOI" relationType="IsIdenticalTo">10.1109/CSR51186.2021.9527981</relatedIdentifier>
  </relatedIdentifiers>
  <rightsList>
    <rights rightsURI="https://creativecommons.org/licenses/by/4.0/legalcode">Creative Commons Attribution 4.0 International</rights>
    <rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
  </rightsList>
  <descriptions>
    <description descriptionType="Abstract">&lt;p&gt;The continuous increase in sophistication of threat actors over the years has made the use of actionable threat intelligence a critical part of the defence against them. Such Cyber Threat Intelligence is published daily on several online sources, including vulnerability databases, CERT feeds, and social media, as well as on forums and web pages from the Surface and the Dark Web. Named Entity Recognition (NER) techniques can be used to extract the aforementioned information in an actionable form from such sources. In this paper we investigate how the latest advances in the NER domain, and in particular transformer-based models, can facilitate this process. To this end, the dataset for NER in Threat Intelligence (DNRTI) containing more than 300 pieces of threat intelligence reports from open source threat intelligence websites is used. Our experimental results demonstrate that transformer-based techniques are very effective in extracting cybersecurity-related named entities, by considerably outperforming the previous state- of-the-art approaches tested with DNRTI.&lt;/p&gt;</description>
    <description descriptionType="Other">This is the accepted version of the paper. The final version of the paper can be found at https://ieeexplore.ieee.org/abstract/document/9527981</description>
  </descriptions>
  <fundingReferences>
    <fundingReference>
      <funderName>European Commission</funderName>
      <funderIdentifier funderIdentifierType="Crossref Funder ID">10.13039/100010661</funderIdentifier>
      <awardNumber awardURI="info:eu-repo/grantAgreement/EC/H2020/833673/">833673</awardNumber>
      <awardTitle>Advanced cyber-security simulation platform for preparedness training in Aviation, Naval and Power-grid environments</awardTitle>
    </fundingReference>
    <fundingReference>
      <funderName>European Commission</funderName>
      <funderIdentifier funderIdentifierType="Crossref Funder ID">10.13039/100010661</funderIdentifier>
      <awardNumber awardURI="info:eu-repo/grantAgreement/EC/H2020/830943/">830943</awardNumber>
      <awardTitle>European network of Cybersecurity centres and competence Hub for innovation and Operations</awardTitle>
    </fundingReference>
  </fundingReferences>
</resource>
37
36
views
downloads
Views 37
Downloads 36
Data volume 11.3 MB
Unique views 28
Unique downloads 31

Share

Cite as