Recognizing and Extracting Cybersecurtity-relevant Entities from Text
This work addresses the need for community-accessible datasets to train AI-based cybersecurity pipelines, though it appears incremental as it builds on existing NLP tools like spaCy.
The authors tackled the problem of extracting cybersecurity entities from unstructured Cyber Threat Intelligence (CTI) text by creating an initial corpus from open sources and training models using the spaCy framework, with results including exploration of self-learning methods and domain entity linking with Wikidata.
Cyber Threat Intelligence (CTI) is information describing threat vectors, vulnerabilities, and attacks and is often used as training data for AI-based cyber defense systems such as Cybersecurity Knowledge Graphs (CKG). There is a strong need to develop community-accessible datasets to train existing AI-based cybersecurity pipelines to efficiently and accurately extract meaningful insights from CTI. We have created an initial unstructured CTI corpus from a variety of open sources that we are using to train and test cybersecurity entity models using the spaCy framework and exploring self-learning methods to automatically recognize cybersecurity entities. We also describe methods to apply cybersecurity domain entity linking with existing world knowledge from Wikidata. Our future work will survey and test spaCy NLP tools and create methods for continuous integration of new information extracted from text.