{"title":"Joint relational triple extraction with enhanced representation and binary tagging framework in cybersecurity","authors":"","doi":"10.1016/j.cose.2024.104001","DOIUrl":null,"url":null,"abstract":"<div><p>The cyber threat intelligence (CTI) knowledge graph is a valuable tool for aiding security practitioners in the identification and analysis of cyberattacks. These graphs are constructed from CTI data, organized into relational triples, where each triple comprises two entities linked by a particular relation. However, as the volume of CTI data is expanding at a faster rate than predicted, existing technologies are unable to extract relational triples quickly and accurately. This work mainly focuses on the extraction of relational triples in CTI data, which is achieved by an <u>e</u>nhanced <u>r</u>epresentation and <u>b</u>inary <u>t</u>agging <u>f</u>ramework (ERBTF). Firstly, we introduce embedding representations for relations and concatenate these with word embeddings to obtain the initial hidden representation. Subsequently, we employ a novel dilated convolutional encoder that consists of a dilated convolution neural network, gate mechanism and residual connection to enhance the learned contextual representation. Afterwards, we adopt an attention module that includes multi-head self-attention and position-wise feed-forward neural network to allocate greater attention to words that significantly influence the specific relation. Additionally, we utilize the straightforward yet efficient binary entity tagger to identify subject and object entities under different relations for constructing relational triples. We conduct massive experiments on relational triple extraction from CTI data, the results show that ERBTF is superior to the existing relation extraction models, and achieves state-of-the-art performance.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-07-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003067","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
The cyber threat intelligence (CTI) knowledge graph is a valuable tool for aiding security practitioners in the identification and analysis of cyberattacks. These graphs are constructed from CTI data, organized into relational triples, where each triple comprises two entities linked by a particular relation. However, as the volume of CTI data is expanding at a faster rate than predicted, existing technologies are unable to extract relational triples quickly and accurately. This work mainly focuses on the extraction of relational triples in CTI data, which is achieved by an enhanced representation and binary tagging framework (ERBTF). Firstly, we introduce embedding representations for relations and concatenate these with word embeddings to obtain the initial hidden representation. Subsequently, we employ a novel dilated convolutional encoder that consists of a dilated convolution neural network, gate mechanism and residual connection to enhance the learned contextual representation. Afterwards, we adopt an attention module that includes multi-head self-attention and position-wise feed-forward neural network to allocate greater attention to words that significantly influence the specific relation. Additionally, we utilize the straightforward yet efficient binary entity tagger to identify subject and object entities under different relations for constructing relational triples. We conduct massive experiments on relational triple extraction from CTI data, the results show that ERBTF is superior to the existing relation extraction models, and achieves state-of-the-art performance.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.