Top

International Journal of Machine Learning and Cybernetics

Published in:

02-05-2020 | Original Article

Automatic extraction of named entities of cyber threats using a deep Bi-LSTM-CRF network

Authors: Gyeongmin Kim, Chanhee Lee, Jaechoon Jo, Heuiseok Lim

Published in: International Journal of Machine Learning and Cybernetics | Issue 10/2020

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Countless cyber threat intelligence (CTI) reports are used by companies around the world on a daily basis for security reasons. To secure critical cybersecurity information, analysts and individuals should accordingly analyze information on threats and vulnerabilities. However, analyzing such overwhelming volumes of reports requires considerable time and effort. In this study, we propose a novel approach that automatically extracts core information from CTI reports using a named entity recognition (NER) system. During the process of constructing our proposed NER system, we defined meaningful keywords in the security domain as entities, including malware, domain/URL, IP address, Hash, and Common Vulnerabilities and Exposures. Furthermore, we linked these keywords with the words extracted from the text data of the report. To achieve a higher performance, we utilized the character-level feature vector as an input to bidirectional long-short-term memory using a conditional random field network. We finally achieved an average F1-score of 75.05%. We release 498,000 tag datasets created during our research.

previous article Accelerated inexact matrix completion algorithm via closed-form q-thresholding operator

next article Multiplication fusion of sparse and collaborative-competitive representation for image classification

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

ATZelectronics worldwide

ATZlectronics worldwide is up-to-speed on new trends and developments in automotive electronics on a scientific level with a high depth of information.

Order your 30-days-trial for free and without any commitment.

inform now

ATZelektronik

Die Fachzeitschrift ATZelektronik bietet für Entwickler und Entscheider in der Automobil- und Zulieferindustrie qualitativ hochwertige und fundierte Informationen aus dem gesamten Spektrum der Pkw- und Nutzfahrzeug-Elektronik.

Lassen Sie sich jetzt unverbindlich 2 kostenlose Ausgabe zusenden.

inform now

Available only for authorised users

Details of these hyper-parameters are provided in "Appendix 4".

Alzaidy R, Caragea C, Giles CL (2019) Bi-LSTM-CRF sequence labeling for keyphrase extraction from scholarly documents. In: The World Wide Web conference. ACM, pp 2551–2557

Bengio Y, Simard P, Frasconi P et al (1994) Learning long-term dependencies with gradient descent is difficult. IEEE Trans Neural Netw 5(2):157–166CrossRef

Bridges RA, Jones CL, Iannacone MD, Testa KM, Goodall JR (2013) Automatic labeling for entity extraction in cyber security. arXiv preprint arXiv:1308.4941

Character-Level V (2018) End-to-end recurrent neural network models for Vietnamese named entity recognition: word-level. In: Computational linguistics: 15th international conference of the Pacific Association for computational linguistics, PACLING 2017, Yangon, Myanmar, 16–18 Aug 2017, Revised Selected Papers, vol 781. Springer, p 219

Chismon D, Ruks M (2015) Threat intelligence: collecting, analysing, evaluating. MWR InfoSecurity Ltd, London

Chiu JP, Nichols E (2016) Named entity recognition with bidirectional LSTM-CNNS. Trans Assoc Comput Linguist 4:357–370CrossRef

Conti M, Dargahi T, Dehghantanha A (2018) Cyber threat intelligence: challenges and opportunities. Springer, Berlin

Corbett P, Boyle J (2018) Chemlistem: chemical named entity recognition using recurrent neural networks. J Cheminform 10(1):59CrossRef

Elman JL (1990) Finding structure in time. Cogn Sci 14(2):179–211CrossRef

10.

Gasmi H, Bouras A, Laval J (2018) Lstm recurrent neural networks for cybersecurity named entity recognition. ICSEA 2018:11

11.

Gasmi H, Laval J, Bouras A (2019) Information extraction of cybersecurity concepts: an LSTM approach. Appl Sci 9(19):3945CrossRef

12.

Goldberg Y (2016) A primer on neural network models for natural language processing. J Artif Intell Res 57:345–420MathSciNetCrossRef

13.

Gordon MS (2018) Economic and national security effects of cyber attacks against small business communities. PhD thesis, Utica College

14.

Graves A (2012) Supervised sequence labelling. In: Supervised sequence labelling with recurrent neural networks. Springer, pp 5–13

15.

Graves A, Mohamed AR, Hinton G (2013) Speech recognition with deep recurrent neural networks. In: 2013 IEEE international conference on acoustics, speech and signal processing. IEEE, pp 6645–6649

16.

Graves A, Schmidhuber J (2005) Framewise phoneme classification with bidirectional lstm and other neural network architectures. Neural Netw 18(5–6):602–610CrossRef

17.

Habibi M, Weber L, Neves M, Wiegandt DL, Leser U (2017) Deep learning with word embeddings improves biomedical named entity recognition. Bioinformatics 33(14):i37–i48CrossRef

18.

Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780CrossRef

19.

Hu Z, Ma X, Liu Z, Hovy E, Xing E (2016) Harnessing deep neural networks with logic rules. arXiv preprint arXiv:1603.06318

20.

Huang Z, Xu W, Yu K (2015) Bidirectional lSTM-CRF models for sequence tagging. arXiv preprint arXiv:1508.01991

21.

Yang JL, Jayakumar A (2014) Target says up to 70 million more customers were hit by December data breach. Washington Post, 10 Jan 2014

22.

Joshi A, Lal R, Finin T, Joshi A (2013) Extracting cybersecurity related linked data from text. In: 2013 IEEE seventh international conference on semantic computing. IEEE, pp 252–259

23.

Kiss T, Strunk J (2006) Unsupervised multilingual sentence boundary detection. Comput Linguist 32(4):485–525CrossRef

24.

LeCun Y, Bengio Y, Hinton G (2015) Deep learning. Nature 521(7553):436

25.

Lee C, Kim YB, Lee D, Lim H (2018) Character-level feature extraction with densely connected networks. arXiv preprint arXiv:1806.09089

26.

McCallum A, Freitag D, Pereira FC (2000) Maximum entropy Markov models for information extraction and segmentation. In: ICML, vol 17, pp 591–598

27.

Mikolov T, Karafiát M, Burget L, Černockỳ J, Khudanpur S (2010) Recurrent neural network based language model. In: Eleventh annual conference of the international speech communication association

28.

More S, Matthews M, Joshi A, Finin T (2012) A knowledge-based approach to intrusion detection modeling. In: 2012 IEEE symposium on security and privacy workshops. IEEE, pp 75–81

29.

Mulwad V, Li W, Joshi A, Finin T, Viswanathan K (2011) Extracting information about security vulnerabilities from web text. In: Proceedings of the 2011 IEEE/WIC/ACM international conferences on web intelligence and intelligent agent technology, vol 03. IEEE Computer Society, pp 257–260

30.

Nunes E, Diab A, Gunn A, Marin E, Mishra V, Paliath V, Robertson J, Shakarian J, Thart A, Shakarian P (2016) Darknet and deepnet mining for proactive cybersecurity threat intelligence. In: 2016 IEEE conference on intelligence and security informatics (ISI). IEEE, pp 7–12

31.

Pennington J, Socher R, Manning C (2014) Glove: global vectors for word representation. In: Proceedings of the 2014 conference on empirical methods in natural language processing (EMNLP), pp 1532–1543

32.

Ratnaparkhi A (1996) A maximum entropy model for part-of-speech tagging. In: Conference on empirical methods in natural language processing

33.

Reimers N, Gurevych I (2017) Reporting score distributions makes a difference: performance study of lSTM-networks for sequence tagging. arXiv preprint arXiv:1707.09861

34.

Robertson J, Diab A, Marin E, Nunes E, Paliath V, Shakarian J, Shakarian P (2016) Darknet mining and game theory for enhanced cyber threat intelligence. Cyber Def Rev 1(2):95–122

35.

Schmidhuber J (2015) Deep learning in neural networks: an overview. Neural Netw 61:85–117CrossRef

36.

Wu F, Liu J, Wu C, Huang Y, Xie X (2019) Neural Chinese named entity recognition via CNN-LSTM-CRF and joint training with word segmentation. In: The World Wide Web conference. ACM, pp 3342–3348

37.

Yadav V, Bethard S (2019) A survey on recent advances in named entity recognition from deep learning models. arXiv preprint arXiv:1910.11470

38.

Zhou K, Zhang S, Meng X, Luo Q, Wang Y, Ding K, Feng Y, Chen M, Cohen K, Xia J (2018) CRF-LSTM text mining method unveiling the pharmacological mechanism of off-target side effect of anti-multiple Myeloma drugs. In: Proceedings of the BioNLP 2018 workshop, pp 166–171

Title: Automatic extraction of named entities of cyber threats using a deep Bi-LSTM-CRF network
Authors: Gyeongmin Kim
Chanhee Lee
Jaechoon Jo
Heuiseok Lim
Publication date: 02-05-2020
Publisher: Springer Berlin Heidelberg
Published in: International Journal of Machine Learning and Cybernetics / Issue 10/2020
Print ISSN: 1868-8071
Electronic ISSN: 1868-808X
DOI: https://doi.org/10.1007/s13042-020-01122-6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

ATZelectronics worldwide

ATZelektronik

Other articles of this Issue 10/2020

Discriminative low-rank projection for robust subspace learning

A novel-designed fuzzy logic control structure for control of distinct chaotic systems

Exploring of alternative representations of facial images for face recognition

Multiplication fusion of sparse and collaborative-competitive representation for image classification

Gain ratio weighted inverted specific-class distance measure for nominal attributes

ELM-MC: multi-label classification framework based on extreme learning machine