A Span-based Multivariate Information-aware Embedding Network for joint relational triplet extraction of threat intelligence

Abstract

The extraction of relational triplets in threat intelligence is a critical aspect of constructing a knowledge graph. However, the field encounters challenges like high semantic similarity among entities, limited relevance of entities, and a heavy reliance on experts, leading to low extraction efficiency. Currently, there is a lack of research on extracting threat intelligence relational triplets, which necessitates the development of an efficient extraction model. This study proposes a Span-based Multivariate Information-aware Embedding Network (SMIEN) for the joint extraction of threat intelligence relation triplets. SMIEN introduces aware embedding modules to capture fine-grained features of multivariate information, including semantic, temporal order, dependency, spans, span pairs, entity labels, and relational labels, and to enhance their interaction. Designed a Type-Aware Graph Convolutional Network (TA-GCN) to enhance the representation of key information between less relevant tokens in threat intelligence text sentences within the Dependency-Aware Embedding layer. The Entity-Aware Embedding module is designed to enhance fine-grained interaction between span information and other multivariate information, while the Relationship-Aware Embedding module is designed to determine correlations between span pairs and enhance interaction with relationship labels. Experimental results on the HACKER, RE-DNRTI, and RE-IVTI datasets demonstrate micro F1 scores of 44.73%, 81.74%, and 44.15%, respectively, highlighting the method’s effectiveness in extracting cyber threat intelligence and Internet of Vehicle (IoV) threat intelligence information. In addition, we have constructed a threat intelligence ontology (CVTIO) on which we have built a preliminary threat intelligence knowledge graph (CVTIKG) with 23,636 relational triplets. The CVTIKG can be found at https://github.com/wangxtz/CVTIKG.