Threat intelligence named entity recognition techniques based on few-shot learning

IF 2.3 Q2 COMPUTER SCIENCE, THEORY & METHODS
Array Pub Date : 2024-09-01 DOI:10.1016/j.array.2024.100364
Haiyan Wang , Weimin Yang , Wenying Feng , Liyi Zeng , Zhaoquan Gu
{"title":"Threat intelligence named entity recognition techniques based on few-shot learning","authors":"Haiyan Wang ,&nbsp;Weimin Yang ,&nbsp;Wenying Feng ,&nbsp;Liyi Zeng ,&nbsp;Zhaoquan Gu","doi":"10.1016/j.array.2024.100364","DOIUrl":null,"url":null,"abstract":"<div><p>In today’s digital and internet era, threat intelligence analysis is of paramount importance to ensure network and information security. Named Entity Recognition (NER) is a fundamental task in natural language processing, aimed at identifying and extracting specific types of named entities from text, such as person names, locations, organization names, dates, times, currencies, and more. The quality of entities determines the effectiveness of upper-layer applications such as knowledge graphs. Recently, there has been a scarcity of training data in the threat intelligence field, and single models suffer from poor generalization ability. To address this, we propose a multi-view learning model, named the Few-shot Threat Intelligence Named Entity Recognition Model (FTM). We enhance the fusion method based on FTM, and further propose the FTM-GRU (Gate Recurrent Unit) model. The FTM model is based on the Tri-training algorithm to collaboratively train three few-shot NER models, leveraging the complementary nature of different model views to enable them to capture more threat intelligence domain knowledge at the coding level.FTM-GRU improves the fusion of multiple views. FTM-GRU uses the improved GRU model structure to control the memory and forgetting of view information, and introduces a relevance calculation unit to avoid redundancy of view information while highlighting important semantic features. We label and construct a few-shot Threat Intelligence Dataset (TID), and experiments on TID as well as the publicly available National Vulnerability Database (NVD) validate the effectiveness of our model for NER in the threat intelligence domain. Experimental results demonstrate that our proposed model achieves better recognition results in the task.</p></div>","PeriodicalId":8417,"journal":{"name":"Array","volume":"23 ","pages":"Article 100364"},"PeriodicalIF":2.3000,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2590005624000304/pdfft?md5=d191f5b484b3734ea988ad3ecd18a1f3&pid=1-s2.0-S2590005624000304-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Array","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2590005624000304","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0

Abstract

In today’s digital and internet era, threat intelligence analysis is of paramount importance to ensure network and information security. Named Entity Recognition (NER) is a fundamental task in natural language processing, aimed at identifying and extracting specific types of named entities from text, such as person names, locations, organization names, dates, times, currencies, and more. The quality of entities determines the effectiveness of upper-layer applications such as knowledge graphs. Recently, there has been a scarcity of training data in the threat intelligence field, and single models suffer from poor generalization ability. To address this, we propose a multi-view learning model, named the Few-shot Threat Intelligence Named Entity Recognition Model (FTM). We enhance the fusion method based on FTM, and further propose the FTM-GRU (Gate Recurrent Unit) model. The FTM model is based on the Tri-training algorithm to collaboratively train three few-shot NER models, leveraging the complementary nature of different model views to enable them to capture more threat intelligence domain knowledge at the coding level.FTM-GRU improves the fusion of multiple views. FTM-GRU uses the improved GRU model structure to control the memory and forgetting of view information, and introduces a relevance calculation unit to avoid redundancy of view information while highlighting important semantic features. We label and construct a few-shot Threat Intelligence Dataset (TID), and experiments on TID as well as the publicly available National Vulnerability Database (NVD) validate the effectiveness of our model for NER in the threat intelligence domain. Experimental results demonstrate that our proposed model achieves better recognition results in the task.

基于少量学习的威胁情报命名实体识别技术
在当今的数字和互联网时代,威胁情报分析对确保网络和信息安全至关重要。命名实体识别(NER)是自然语言处理中的一项基本任务,旨在从文本中识别和提取特定类型的命名实体,如人名、地点、组织名称、日期、时间、货币等。实体的质量决定了知识图谱等上层应用的有效性。最近,威胁情报领域缺乏训练数据,单一模型的泛化能力较差。针对这一问题,我们提出了一种多视角学习模型,命名为 "Few-shot Threat Intelligence Named Entity Recognition Model (FTM)"。我们改进了基于 FTM 的融合方法,并进一步提出了 FTM-GRU(门递归单元)模型。FTM 模型基于 Tri-training 算法,协同训练三个 few-shot NER 模型,利用不同模型视图的互补性,使它们能够在编码层面捕获更多的威胁情报领域知识。FTM-GRU 使用改进的 GRU 模型结构来控制视图信息的记忆和遗忘,并引入相关性计算单元来避免视图信息的冗余,同时突出重要的语义特征。我们标注并构建了一个少量的威胁情报数据集(TID),并在 TID 和公开的国家漏洞数据库(NVD)上进行了实验,验证了我们的模型在威胁情报领域的 NER 中的有效性。实验结果表明,我们提出的模型在任务中取得了更好的识别效果。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Array
Array Computer Science-General Computer Science
CiteScore
4.40
自引率
0.00%
发文量
93
审稿时长
45 days
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信