RelExt: Relation Extraction using Deep Learning approaches for Cybersecurity Knowledge Graph Improvement
This work addresses the need for structured threat intelligence for security analysts, but it is incremental as it applies existing deep learning methods to the cybersecurity domain.
The authors tackled the problem of extracting semantic triples from cybersecurity text to improve knowledge graphs, using deep learning for relation extraction and demonstrating its application in aiding security analysts' threat detection.
Security Analysts that work in a `Security Operations Center' (SoC) play a major role in ensuring the security of the organization. The amount of background knowledge they have about the evolving and new attacks makes a significant difference in their ability to detect attacks. Open source threat intelligence sources, like text descriptions about cyber-attacks, can be stored in a structured fashion in a cybersecurity knowledge graph. A cybersecurity knowledge graph can be paramount in aiding a security analyst to detect cyber threats because it stores a vast range of cyber threat information in the form of semantic triples which can be queried. A semantic triple contains two cybersecurity entities with a relationship between them. In this work, we propose a system to create semantic triples over cybersecurity text, using deep learning approaches to extract possible relationships. We use the set of semantic triples generated through our system to assert in a cybersecurity knowledge graph. Security Analysts can retrieve this data from the knowledge graph, and use this information to form a decision about a cyber-attack.