Method and device for extracting entity relationship from network threat intelligence document

Abstract

This application provides a method and device for extracting entity relations of network threat intelligence documents, which can obtain target documents and target entity sets; perform sentence splitting on target documents to obtain sentence sequences corresponding to target documents; Consecutive sentences are constructed into a sentence set corresponding to every N consecutive sentences; based on the target entity set, each target entity corresponding to each sentence set is determined; for each sentence set, each target entity corresponding to the sentence set is combined in pairs , generate at least one entity combination; for each entity combination, use the pre-built entity relationship extraction model to process the entity combination and the sentence set corresponding to the entity combination, and obtain the entity relationship result corresponding to the entity combination, realizing the network threat The entity relationship extraction at the intelligence document level solves the problem that the threat intelligence text is too long to effectively extract key relationships, and improves the blockchain network threat analysis capability.

Description

technical field [0001] The present application relates to the field of network security, and in particular to a method and device for extracting entity relations of network threat intelligence documents. Background technique [0002] At present, blockchain-oriented network attacks are becoming more and more complex and concealed, making it increasingly difficult to analyze and defend against blockchain attacks. A cyber threat intelligence document is evidence-based knowledge, including scenarios, mechanisms, indicators, implications, and actionable recommendations, that is intelligence information relevant to the threat being faced. By extracting entity relationships in known network threat intelligence documents, it is possible to detect unknown network threat intelligence documents based on the extracted network threat intelligence entity relationships, and the accurate detection of network threat intelligence is crucial for analyzing and defending against blockchain attac...

AI Technical Summary

Problems solved by technology

[0004] During the research process, the inventor found that in network threat intelligence documents, entity relationships often appear in N consecutive sentences. By extracting entity relationships between N consecutive sentences, entity relationships at the network threat intelligence document level can be realized Extraction, based on this, this application provides a method and device for extracting entity relationships in cyber threat intelligence documents, the purpose of which is to solve the problem that existing entity relationship extraction methods cannot achieve entity relationship extraction based on network threat intelligence document levels, resulting in the inability to effectively extract semantics features, so that it is impossible to accurately detect network threat intelligence based on the extracted network threat intelligence entity relationship

Images