Conference paper Open Access

Named Entity Recognition in Cyber Threat Intelligence Using Transformer-based Models

Pavlos Evangelatos; Christos Iliou; Thanassis Mavropoulos; Konstantinos Apostolou; Theodora Tsikrika; Stefanos Vrochidis; Ioannis Kompatsiaris


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">Cyber Threat Intelligence</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">Named Entity Recognition</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">CTI</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">NER</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">DNRTI</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">BERT</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">XLNet</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">RoBERTa</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">ELECTRA</subfield>
  </datafield>
  <controlfield tag="005">20220309081634.0</controlfield>
  <datafield tag="500" ind1=" " ind2=" ">
    <subfield code="a">This is the accepted version of the paper. The final version of the paper can be found at https://ieeexplore.ieee.org/abstract/document/9527981</subfield>
  </datafield>
  <controlfield tag="001">6335724</controlfield>
  <datafield tag="711" ind1=" " ind2=" ">
    <subfield code="d">26-28 July 2021</subfield>
    <subfield code="g">CSR</subfield>
    <subfield code="a">2021 IEEE International Conference on Cyber Security and Resilience</subfield>
    <subfield code="c">Rhodes, Greece</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Information Technologies Institute, CERTH, Thessaloniki, Greece</subfield>
    <subfield code="a">Christos Iliou</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Information Technologies Institute, CERTH, Thessaloniki, Greece</subfield>
    <subfield code="a">Thanassis Mavropoulos</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Information Technologies Institute, CERTH, Thessaloniki, Greece</subfield>
    <subfield code="a">Konstantinos Apostolou</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Information Technologies Institute, CERTH, Thessaloniki, Greece</subfield>
    <subfield code="a">Theodora Tsikrika</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Information Technologies Institute, CERTH, Thessaloniki, Greece</subfield>
    <subfield code="a">Stefanos Vrochidis</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Information Technologies Institute, CERTH, Thessaloniki, Greece</subfield>
    <subfield code="a">Ioannis Kompatsiaris</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">314851</subfield>
    <subfield code="z">md5:b89851e7b5c3f91facf1bd8f694981b6</subfield>
    <subfield code="u">https://zenodo.org/record/6335724/files/2021_IEEE_ACTI_CSR_NER_in_CTI.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="y">Conference website</subfield>
    <subfield code="u">https://www.ieee-csr.org/</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2021-07-28</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="o">oai:zenodo.org:6335724</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">Information Technologies Institute, CERTH, Thessaloniki, Greece</subfield>
    <subfield code="a">Pavlos Evangelatos</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Named Entity Recognition in Cyber Threat Intelligence Using Transformer-based Models</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">833673</subfield>
    <subfield code="a">Advanced cyber-security simulation platform for preparedness training in Aviation, Naval and Power-grid environments</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">830943</subfield>
    <subfield code="a">European network of Cybersecurity centres and competence Hub for innovation and Operations</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://creativecommons.org/licenses/by/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;The continuous increase in sophistication of threat actors over the years has made the use of actionable threat intelligence a critical part of the defence against them. Such Cyber Threat Intelligence is published daily on several online sources, including vulnerability databases, CERT feeds, and social media, as well as on forums and web pages from the Surface and the Dark Web. Named Entity Recognition (NER) techniques can be used to extract the aforementioned information in an actionable form from such sources. In this paper we investigate how the latest advances in the NER domain, and in particular transformer-based models, can facilitate this process. To this end, the dataset for NER in Threat Intelligence (DNRTI) containing more than 300 pieces of threat intelligence reports from open source threat intelligence websites is used. Our experimental results demonstrate that transformer-based techniques are very effective in extracting cybersecurity-related named entities, by considerably outperforming the previous state- of-the-art approaches tested with DNRTI.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.1109/CSR51186.2021.9527981</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">conferencepaper</subfield>
  </datafield>
</record>
38
39
views
downloads
Views 38
Downloads 39
Data volume 12.3 MB
Unique views 29
Unique downloads 34

Share

Cite as