Vib-ner: a model for out-of-vocabulary recognition in cybersecurity threat intelligence based on variational bottleneck and mutual information
摘要
The cybersecurity defense strategy of “proactive defense, traceability, and responsiveness” has gained increasing attention. This strategy relies on the collection and application of massive cybersecurity threat intelligence (CTI). However, in the named entity recognition task for threat intelligence processing, traditional models suffer from severe out-of-vocabulary (OOV) issues due to their over-reliance on explicit entity mention information. To address this technical bottleneck, this study designs a novel named entity recognition model–VIB-NER. The model leverages the variational information bottleneck to compress redundant features and strengthen key OOV characteristics, complemented by a mutual information dynamic balance loss. Experimental results show that this method achieves F1 score, recall, and precision of 79%, 77%, and 80% in entity extraction tasks for cybersecurity threat intelligence data, representing a 4–8% improvement over mainstream models such as E-NER. Meanwhile, in terms of training efficiency, the time consumption per training batch is reduced by 50% compared to existing models.