An End-to-end Entity and Relation Joint Extraction Model for Cyber Threat Intelligence

Abstract

Entity and relation extraction of Cyber Threat Intelligence (CTI) is the basis of building the threat intelligence knowledge graph. Considering the transmission errors in the traditional pipeline model and low accuracy in the extraction of overlapping relational entities, this paper proposes an end-to-end joint extraction model of CTI. First, entity and relation extraction are modeled as a sequential tagging task through a joint tagging strategy. Then, an end-to-end sequence tagging model based on BERT-att-BiLSTM-CRF is constructed to realize the joint extraction of entities and relations. Finally, we extract knowledge triples according to entity and relation matching rules. The experimental results show that compared with other methods, in the large-scale CTI dataset, the joint extraction model proposed in this paper outperforms other models in knowledge triple extraction. F1 score increased by 5.4%, which verifies the effectiveness of this model in information extraction for CTI.