<p>The cybersecurity defense strategy of “proactive defense, traceability, and responsiveness” has gained increasing attention. This strategy relies on the collection and application of massive cybersecurity threat intelligence (CTI). However, in the named entity recognition task for threat intelligence processing, traditional models suffer from severe out-of-vocabulary (OOV) issues due to their over-reliance on explicit entity mention information. To address this technical bottleneck, this study designs a novel named entity recognition model–VIB-NER. The model leverages the variational information bottleneck to compress redundant features and strengthen key OOV characteristics, complemented by a mutual information dynamic balance loss. Experimental results show that this method achieves F1 score, recall, and precision of 79%, 77%, and 80% in entity extraction tasks for cybersecurity threat intelligence data, representing a 4–8% improvement over mainstream models such as E-NER. Meanwhile, in terms of training efficiency, the time consumption per training batch is reduced by 50% compared to existing models.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Vib-ner: a model for out-of-vocabulary recognition in cybersecurity threat intelligence based on variational bottleneck and mutual information

  • YueDong Wang,
  • Changzheng Liu,
  • Ronghua Zhang,
  • HaoRan Xu,
  • JunHao Zhao,
  • Yi Sun,
  • XuQing Wang

摘要

The cybersecurity defense strategy of “proactive defense, traceability, and responsiveness” has gained increasing attention. This strategy relies on the collection and application of massive cybersecurity threat intelligence (CTI). However, in the named entity recognition task for threat intelligence processing, traditional models suffer from severe out-of-vocabulary (OOV) issues due to their over-reliance on explicit entity mention information. To address this technical bottleneck, this study designs a novel named entity recognition model–VIB-NER. The model leverages the variational information bottleneck to compress redundant features and strengthen key OOV characteristics, complemented by a mutual information dynamic balance loss. Experimental results show that this method achieves F1 score, recall, and precision of 79%, 77%, and 80% in entity extraction tasks for cybersecurity threat intelligence data, representing a 4–8% improvement over mainstream models such as E-NER. Meanwhile, in terms of training efficiency, the time consumption per training batch is reduced by 50% compared to existing models.