Network security named entity and relation joint extraction method and device based on transfer learning

Abstract

The invention discloses a network security named entity and relation joint extraction method and device based on transfer learning, and the method comprises the steps: carrying out the network security named entity and relation joint labeling of network security threat intelligence, and constructing a network security threat intelligence corpus; pre-training a deep neural network based on a natural language corpus; combining the pre-trained deep neural network with a classifier to construct an initial joint extraction model; training the initial joint extraction model based on a network security threat intelligence corpus; and inputting target data into the trained joint extraction model to obtain a network security named entity and relation joint extraction result. According to the method, network security named entities and relationships can be marked at the same time, the error transmission problem existing in a serial extraction mode of firstly entities and secondly relationships is effectively avoided, the dependence of entity and relationship extraction in the network security field on expert experience is reduced, the portability of the model is enhanced, and the efficiency is improved. And the trouble of model training caused by few annotation data sets in the network security field is reduced.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a network security named entity and relation joint extraction method and device based on transfer learning. Background technique [0002] With the rapid development of information technology, the zero-day vulnerabilities, attack methods, and concealment methods that network attackers can use are showing a trend of diversification and diversification. New attack trends have brought serious attack consequences, such as the number of public reports related to Advanced Persistent Threat (APT, Advanced Persistent Threat) at home and abroad are increasing year by year. The new attack situation and serious attack consequences highlight the increasingly obvious disadvantages of traditional single-point defense, which cannot respond to emerging network security threats in a timely and accurate manner, and the asymmetry between attack and defense is becoming more and m...

AI Technical Summary

Problems solved by technology

[0004] According to the structural form, network security threat intelligence can be divided into structured network security threat intelligence and unstructured network security threat intelligence. Among them, structured network security threat intelligence is accurate and standardized, but due to the lack of a large Threat background information is not easy to correlate with other network security threat intelligence data; unstructured network security threat intelligence has rich network security threat background information, but most of them appear in the form of document reports. Before using machines for correlation analysis, it is necessary to Unstructured network security threat intelligence is transformed into machine-readable intelligence. The current process of transforming unstructured network security threat intelligence into machine-readable intelligence relies too much on expert extraction experience, which is poor in portability

In the field of general entity and relationship extraction, it is often used to extract entity information first, and then further extract relationships based on the extracted entity information. This serial extraction method has the problem of error transmission. For example, Chinese patent application CN113128227A discloses an entity extraction method and devices, the patent can only extract entity information, but cannot extract relational information; for example, Chinese patent application CN112926325A discloses a Chinese task relation extraction based on BERT neural network, which can only extract character relationship information, and cannot extract entity information Extraction; as Chinese patent application CN113158676A discloses a professional entity and relationship joint extraction method, system and electronics, Chinese patent application CN111798987A discloses a method and device for entity relationship extraction, both of which are to extract entity information first, and then based on entity There is a problem of error transmission when the information is extracted from the relationship;

Images