Threat Intelligence Entity Recognition Based on Large Language Model with Contrastive Learning

Threat Intelligence Entity Recognition Based on Large Language Model with Contrastive Learning

연구 분야: Safety

학회: International Conference on Neural Information Processing

CTI (Cyber Threat Intelligence) entity recognition is the task of accurately extracting threat entities from unstructured CTI. At present, it has the problem of inaccurate and incomplete entity extraction. Most of the current large models for threat entity recognition tasks are optimized based on the BERT model, but due to the mask independence assumption, they all have the problem of difficulty in capturing the dependencies between tokens. Large models try to migrate to specific fields, but there is no threat intelligence work for the time being. Based on the consideration that threat intelligence data needs to consider contextual associations, we propose an entity recognition method using the GLM model as the base. Compared with BERT, the results generated by its autoregressive fill-in-the-blank pattern can take into account the association between tokens, thereby extracting entities more accurately. In addition, directly fine-tuning the large model in the threat intelligence field has a serious hallucination problem. Based on this, this paper designs a large language model combined with a contrastive learning method, generates negative samples by using a preliminary model and adding character-level noise to generate negative samples, and adjusts the parameters of the hybrid loss function to effectively alleviate the hallucination problem. Experiments show that the performance of our model in named entity recognition on public threat intelligence datasets is 5.01% higher than the F1 score of the current best model.