A Comparative Study of Deep Learning based Named Entity Recognition Algorithms for Cybersecurity

Author/Creator ORCID

Date

2020-12-10

Department

Program

Citation of Original Publication

S. Dasgupta, A. Piplai, A. Kotal and A. Joshi, "A Comparative Study of Deep Learning based Named Entity Recognition Algorithms for Cybersecurity," 2020 IEEE International Conference on Big Data (Big Data), 2020, pp. 2596-2604, doi: 10.1109/BigData50022.2020.9378482.

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2020 IEEE.  Personal use of this material is permitted.  Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Abstract

Named Entity Recognition (NER) is important in the cybersecurity domain. It helps researchers extract cyber threat information from unstructured text sources. The extracted cyber entities or key expressions can be used to model a cyber-attack described in an open-source text. A large number of general-purpose NER algorithms have been published that work well in text analysis. These algorithms do not perform well when applied to the cybersecurity domain. In the field of cybersecurity, the open-source text available varies greatly in complexity and underlying structure of the sentences. General-purpose NER algorithms can misrepresent domain-specific words, such as “malicious” and “javascript”. In this paper, we compare the recent deep learning-based NER algorithms on a cybersecurity dataset. We created a cybersecurity dataset collected from various sources, including “Microsoft Security Bulletin” and “Adobe Security Updates”. Some of these approaches proposed in the literature were not used for cybersecurity. Others are innovations proposed by us. This comparative study helps us identify the NER algorithms that are robust and can work well in sentences taken from a large number of cybersecurity sources. We tabulate their performance on the test set and identify the best NER algorithm for a cybersecurity corpus. We also discuss the different embedding strategies that aid in the process of NER for the chosen deep learning algorithms.