Abstract
Countless cyber threat intelligence (CTI) reports are used by companies around the world on a daily basis for security reasons. To secure critical cybersecurity information, analysts and individuals should accordingly analyze information on threats and vulnerabilities. However, analyzing such overwhelming volumes of reports requires considerable time and effort. In this study, we propose a novel approach that automatically extracts core information from CTI reports using a named entity recognition (NER) system. During the process of constructing our proposed NER system, we defined meaningful keywords in the security domain as entities, including malware, domain/URL, IP address, Hash, and Common Vulnerabilities and Exposures. Furthermore, we linked these keywords with the words extracted from the text data of the report. To achieve a higher performance, we utilized the character-level feature vector as an input to bidirectional long-short-term memory using a conditional random field network. We finally achieved an average F1-score of 75.05%. We release 498,000 tag datasets created during our research.
| Original language | English |
|---|---|
| Pages (from-to) | 2341-2355 |
| Number of pages | 15 |
| Journal | International Journal of Machine Learning and Cybernetics |
| Volume | 11 |
| Issue number | 10 |
| DOIs | |
| Publication status | Published - 2020 |
Keywords
- Bidirectional long-short-term memory conditional random field
- Cyber threat intelligence
- Cybersecurity
- Named entity recognition
- Vulnerability
ASJC Scopus subject areas
- Software
- Computer Vision and Pattern Recognition
- Artificial Intelligence