Gat-Ti: Extracting Entities From Cyber Threat Intelligence Texts

Gat-Ti: Extracting Entities From Cyber Threat Intelligence Texts

연구 분야: Safety

학회: 2025 IEEE 6th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT)

In Cyber Threat Intelligence (CTI) analysis, existing named entity recognition (NER) models often suffered a decline in performance due to their inability to adapt to the specialized terminology and complex contexts of the cybersecurity domain. To address these challenges, we introduced a novel NER model-GAT-TI-specifically optimized for CTI. By integrating a Graph Attention Network (GAT) and a Hybrid Context Vector into the deep learning framework, GAT-TI significantly improved both recognition accuracy and threat entity extraction efficiency. The model utilized a pre-trained BERT model to capture semantic information and built a Dependency Parse Tree (DPT) to enhance its understanding of sentence structures, enabling more accurate entity identification. The GAT layer further refined the analysis by capturing complex dependencies among entities. Additionally, the Hybrid Context Vector merged global and local contextual features, strengthening the model's comprehension. In experiments, GAT-TI achieved an F1 score of 93.67, demonstrating its superior performance in extracting threat entities from CTI reports. In summary, GAT-TI effectively supports automated extraction and analysis of cybersecurity threat information.