Go to DBLP homepageJoint Extraction of Entities and Relationships from Cyber Threat Intelligence based on Task-specific Fourier Network
Abstract: The increasing complexity of cyber threats and the emergence of new attack technologies have brought huge challenges to attack incident analysis and source tracing. Using cyber threat intelligence to build a Cyber security Knowledge Graph (CKG) provides a new technical solution for attack attribution. Constructing a CKG requires numerous entity and relationship triples extracted from unstructured cyber threat intelligence texts. However, existing entity and relationship joint extraction methods in cyber threat intelligence face two problems. Firstly, they share the same word embeddings for both subtasks, ignoring the fine-grained semantic differences between the subtasks. Secondly, they rarely consider the interaction between the features of the two subtasks, which is vital for capturing the semantic dependencies between the tasks. To address these issues, we propose a joint entity and relationship extraction model specifically designed for network security concepts. We utilize two lightweight Fourier networks with independent weights to build a feature extraction module for encoding fine-grained features for entity recognition and relationship extraction tasks. Furthermore, we use a subtask feature interaction strategy assisted by a gated attention mechanism to enhance feature interaction between entity recognition and relationship extraction tasks. Use fine-grained entity recognition task information to guide relationship extraction to capture semantic dependencies between tasks. Experimental results on a cyber threat intelligence dataset demonstrate that our model outperforms existing baselines.
Loading