CDTier:A Chinese Dataset of Threat Intelligence Entity Relationships

Cyber Threat Intelligence (CTI), which is knowledge of cyberspace threats gathered from security data, is critical in defending against cyberattacks.However, there is no open-source CTI dataset for security researchers to effectively apply enormous CTI information for security analysis in the field...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on sustainable computing 2023-10, Vol.8 (4), p.1-13
Main Authors: Zhou, Yinghai, Ren, Yitong, Yi, Ming, Xiao, Yanjun, Tan, Zhiyuan, Moustafa, Nour, Tian, Zhihong
Format: Article
Language:English
Subjects:
Behavioral sciences
Computer security
Cyber threat intelligence
Data mining
Datasets
entity relation extraction
information extraction
Intelligence gathering
Malware
Network security
NLP
Object recognition
Organizations
R&D
Research & development
Security
threat entity extraction
Threat evaluation
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cyber Threat Intelligence (CTI), which is knowledge of cyberspace threats gathered from security data, is critical in defending against cyberattacks.However, there is no open-source CTI dataset for security researchers to effectively apply enormous CTI information for security analysis in the field of threat intelligence, particularly in the field of Chinese threat intelligence. As a result, for network security research and development, this paper constructed a Chinese CTI entity relationship dataset-CDTier, which includes: 1) A threat entity extraction dataset composed of 100 CTI reports, 3744 threat sentences and 4259 threat knowledge objects; 2) A dataset for entity relation extraction including 100 CTI reports, 2598 threat sentences and 2562 knowledge object relations. CDTier is, as far as we know, the first CTI dataset. On the CDTier, we trained 4 models for threat entity extraction and relation extraction using well-established and widely used deep learning methods in the NLP. The results showed that the model trained on CDTier extracts knowledge objects and their relationships described in threat intelligence more accurately. This significantly minimizes threat intelligence analysts' work while assessing threat intelligence. The CDTier may be found at https://github.com/MuYu-z/CDTier .
ISSN:2377-3782
2377-3790
DOI:10.1109/TSUSC.2023.3240411