Named Entity Recognition(NER)for cyber security aims to identify and classify cyber security terms from a large number of heterogeneous multisource cyber security texts.In the field of machine learning,deep neural net...Named Entity Recognition(NER)for cyber security aims to identify and classify cyber security terms from a large number of heterogeneous multisource cyber security texts.In the field of machine learning,deep neural networks automatically learn text features from a large number of datasets,but this data-driven method usually lacks the ability to deal with rare entities.Gasmi et al.proposed a deep learning method for named entity recognition in the field of cyber security,and achieved good results,reaching an F1 value of 82.8%.But it is difficult to accurately identify rare entities and complex words in the text.To cope with this challenge,this paper proposes a new model that combines data-driven deep learning methods with knowledge-driven dictionary methods to build dictionary features to assist in rare entity recognition.In addition,based on the data-driven deep learning model,an attentionmechanism is adopted to enrich the local features of the text,better models the context,and improves the recognition effect of complex entities.Experimental results show that our method is better than the baseline model.Our model is more effective in identifying cyber security entities.The Precision,Recall and F1 value reached 90.19%,86.60%and 88.36%respectively.展开更多
With the rapid development of Internet technology and the advent of the era of big data,more and more cyber security texts are provided on the Internet.These texts include not only security concepts,incidents,tools,gu...With the rapid development of Internet technology and the advent of the era of big data,more and more cyber security texts are provided on the Internet.These texts include not only security concepts,incidents,tools,guidelines,and policies,but also risk management approaches,best practices,assurances,technologies,and more.Through the integration of large-scale,heterogeneous,unstructured cyber security information,the identification and classification of cyber security entities can help handle cyber security issues.Due to the complexity and diversity of texts in the cyber security domain,it is difficult to identify security entities in the cyber security domain using the traditional named entity recognition(NER)methods.This paper describes various approaches and techniques for NER in this domain,including the rule-based approach,dictionary-based approach,and machine learning based approach,and discusses the problems faced by NER research in this domain,such as conjunction and disjunction,non-standardized naming convention,abbreviation,and massive nesting.Three future directions of NER in cyber security are proposed:(1)application of unsupervised or semi-supervised technology;(2)development of a more comprehensive cyber security ontology;(3)development of a more comprehensive deep learning model.展开更多
基金the National Natural Science Foundation of China under Grant No.61862063,61502413,61262025the National Social Science Foundation of China under Grant No.18BJL104+2 种基金the Natural Science Foundation of Key Laboratory of Software Engineering of Yunnan Province under Grant No.2020SE301Yunnan Science and Technology Major Project under Grant No.202002AE090010,202002AD080002-5the Data Driven Software Engineering Innovative Research Team Funding of Yunnan Province under Grant No.2017HC012.
文摘Named Entity Recognition(NER)for cyber security aims to identify and classify cyber security terms from a large number of heterogeneous multisource cyber security texts.In the field of machine learning,deep neural networks automatically learn text features from a large number of datasets,but this data-driven method usually lacks the ability to deal with rare entities.Gasmi et al.proposed a deep learning method for named entity recognition in the field of cyber security,and achieved good results,reaching an F1 value of 82.8%.But it is difficult to accurately identify rare entities and complex words in the text.To cope with this challenge,this paper proposes a new model that combines data-driven deep learning methods with knowledge-driven dictionary methods to build dictionary features to assist in rare entity recognition.In addition,based on the data-driven deep learning model,an attentionmechanism is adopted to enrich the local features of the text,better models the context,and improves the recognition effect of complex entities.Experimental results show that our method is better than the baseline model.Our model is more effective in identifying cyber security entities.The Precision,Recall and F1 value reached 90.19%,86.60%and 88.36%respectively.
基金the National Natural Science Foundation of China(Nos.61862063,61502413,and 61262025)the National Social Science Foundation of China(No.18BJL104)+2 种基金the Natural Science Foundation of Key Laboratory of Software Engineering of Yunnan Province,China(No.2020SE301)the Yunnan Science and Technology Major Project(Nos.202002AE090010 and 202002AD080002-5)the Data Driven Software Engineering Innovative Research Team Funding of Yunnan Province,China(No.2017HC012)。
文摘With the rapid development of Internet technology and the advent of the era of big data,more and more cyber security texts are provided on the Internet.These texts include not only security concepts,incidents,tools,guidelines,and policies,but also risk management approaches,best practices,assurances,technologies,and more.Through the integration of large-scale,heterogeneous,unstructured cyber security information,the identification and classification of cyber security entities can help handle cyber security issues.Due to the complexity and diversity of texts in the cyber security domain,it is difficult to identify security entities in the cyber security domain using the traditional named entity recognition(NER)methods.This paper describes various approaches and techniques for NER in this domain,including the rule-based approach,dictionary-based approach,and machine learning based approach,and discusses the problems faced by NER research in this domain,such as conjunction and disjunction,non-standardized naming convention,abbreviation,and massive nesting.Three future directions of NER in cyber security are proposed:(1)application of unsupervised or semi-supervised technology;(2)development of a more comprehensive cyber security ontology;(3)development of a more comprehensive deep learning model.
