AT4CTIRE: Adversarial Training for Cyber Threat Intelligence Relation Extraction

Cyber Threat Intelligence (CTI) plays a crucial role in cybersecurity. However, traditional information extraction has low accuracy due to the specialization of CTIs and the concealment of relations. To improve the performance of CTI relations extraction in the knowledge graph, we propose a relation extraction architecture called A dversarial T raining for C yber T hreat I ntelligence R elation E xtraction (AT4CTIRE). Besides, we developed a large-scale cybersecurity dataset for CTI analysis and evaluation, called C yber T hreat I ntelligence A nalysis (CTIA). Inspired by the Generative Adversarial Network, we integrate contextual semantics into this framework to refine our study. Firstly, we use some wrong triples with incorrect relations to train the generator and produce high-quality generated triples as adversarial samples. Secondly, the discriminator used actual and generated samples as training data. Integrating the discriminator and the context embedding module facilitates a deeper understanding of contextual CTI within threat triples. Finally, training a discriminator identified the relation between the threat entities. Experimentally, we set two CTI datasets and only one baseline that we could find to test the effect of the proposed method in the cybersecurity domain. We also set other knowledge graph completion comparisons that conclude three entity completion datasets and nine baselines, one relation completion dataset, and eight baselines. Experimental results demonstrate that AT4CTIRE outperforms existing methods with substantially improved extraction accuracy and a remarkable expedited training convergence rate.