CyberEntRel: Joint extraction of cyber entities and relations using deep learning

Abstract

The cyber threat intelligence (CTI) knowledge graph is beneficial for making robust defense strategies for security professionals. These are built from cyber threat intelligence data based on relation triples where each relation triple contains two entities associated with one relation. The main problem is that the CTI data is increasing more rapidly than expected and existing techniques are becoming ineffective for extracting the CTI information. This work mainly focuses on the extraction of cyber relation triples in an effective way using the joint extraction technique, which resolves the issues in the classical pipeline technique. Firstly, the ‘BIEOS’ tagging scheme was applied to CTI data using the joint tagging technique and then the relation triples were jointly extracted. This study utilized the attention-based RoBERTa-BiGRU-CRF model for sequential tagging. Finally, the relation triples were extracted using the relation-matching technique after matching the best suitable relation for the two predicted entities. The experimental results showed that this technique outperformed the state-of-the-art models in knowledge triple extraction on CTI data. Furthermore, a 7% increase in the F1 score also proved the effectiveness of this technique for the information extraction task on CTI data.