Few-shot relation extraction approach for threat intelligence based on multi-level attention mechanism and hybrid prototypical network
With the increasing complexity of cyberattacks, the frequency and severity of cybersecurity incidents have escalated dramatically. Cyber Threat Intelligence (CTI) relation extraction plays a critical role in cybersecurity event analysis by identifying semantic relationships between security-related...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2025-07-01
|
| Series: | Array |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2590005625000323 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849689490980864000 |
|---|---|
| author | Yushun Xie Junchi Bao Rui Zong Zhaoquan Gu Haiyan Wang |
| author_facet | Yushun Xie Junchi Bao Rui Zong Zhaoquan Gu Haiyan Wang |
| author_sort | Yushun Xie |
| collection | DOAJ |
| description | With the increasing complexity of cyberattacks, the frequency and severity of cybersecurity incidents have escalated dramatically. Cyber Threat Intelligence (CTI) relation extraction plays a critical role in cybersecurity event analysis by identifying semantic relationships between security-related entities, thereby converting unstructured information into structured data formats. Nevertheless, within the domain of CTI, labeled datasets are limited, and the process of manual labeling incurs substantial costs, rendering it impractical on a large scale. To address these challenges, we propose a novel few-shot relation extraction method for small-scale threat intelligence data, termed RETI-MA-HP, which is based on a multi-level attention mechanism and a hybrid prototypical network. By integrating these advanced techniques, the RETI-MA-HP model is capable of learning from limited data and rapidly generalize to new relation classification tasks. To enhance the representational capacity of feature vectors, RETI-MA-HP incorporates a self-training module to refine the BERT-based encoder. Meanwhile, to mitigate misclassification arising from syntactically similar sentences, RETI-MA-HP employ contrastive learning to strengthen the hybrid prototypical network. Furthermore, we constructed a dedicated CTI dataset. Extensive experiments demonstrate that RETI-MA-HP achieves excellent performance across multiple tasks, attaining a maximum relation extraction accuracy of 75.44%, which constitutes a 15.5% improvement over compared models. These results prove that the effectiveness of RETI-MA-HP for relation extraction within the CTI domain. |
| format | Article |
| id | doaj-art-62c202e023cf42e0a566ca38cd01d0d2 |
| institution | DOAJ |
| issn | 2590-0056 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Elsevier |
| record_format | Article |
| series | Array |
| spelling | doaj-art-62c202e023cf42e0a566ca38cd01d0d22025-08-20T03:21:38ZengElsevierArray2590-00562025-07-012610040510.1016/j.array.2025.100405Few-shot relation extraction approach for threat intelligence based on multi-level attention mechanism and hybrid prototypical networkYushun Xie0Junchi Bao1Rui Zong2Zhaoquan Gu3Haiyan Wang4University of Electronic Science and Technology of China, Chengdu 611731, ChinaH3C Technologies Co., Ltd, Hangzhou, 310000, ChinaPengcheng Laboratory, Shenzhen 518000, ChinaPengcheng Laboratory, Shenzhen 518000, China; School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen 518055, ChinaPengcheng Laboratory, Shenzhen 518000, China; Corresponding author.With the increasing complexity of cyberattacks, the frequency and severity of cybersecurity incidents have escalated dramatically. Cyber Threat Intelligence (CTI) relation extraction plays a critical role in cybersecurity event analysis by identifying semantic relationships between security-related entities, thereby converting unstructured information into structured data formats. Nevertheless, within the domain of CTI, labeled datasets are limited, and the process of manual labeling incurs substantial costs, rendering it impractical on a large scale. To address these challenges, we propose a novel few-shot relation extraction method for small-scale threat intelligence data, termed RETI-MA-HP, which is based on a multi-level attention mechanism and a hybrid prototypical network. By integrating these advanced techniques, the RETI-MA-HP model is capable of learning from limited data and rapidly generalize to new relation classification tasks. To enhance the representational capacity of feature vectors, RETI-MA-HP incorporates a self-training module to refine the BERT-based encoder. Meanwhile, to mitigate misclassification arising from syntactically similar sentences, RETI-MA-HP employ contrastive learning to strengthen the hybrid prototypical network. Furthermore, we constructed a dedicated CTI dataset. Extensive experiments demonstrate that RETI-MA-HP achieves excellent performance across multiple tasks, attaining a maximum relation extraction accuracy of 75.44%, which constitutes a 15.5% improvement over compared models. These results prove that the effectiveness of RETI-MA-HP for relation extraction within the CTI domain.http://www.sciencedirect.com/science/article/pii/S2590005625000323Relation extractionFew-shot learningCyber Threat IntelligenceMulti-level attention mechanismHybrid prototypical networkMeta-learning |
| spellingShingle | Yushun Xie Junchi Bao Rui Zong Zhaoquan Gu Haiyan Wang Few-shot relation extraction approach for threat intelligence based on multi-level attention mechanism and hybrid prototypical network Array Relation extraction Few-shot learning Cyber Threat Intelligence Multi-level attention mechanism Hybrid prototypical network Meta-learning |
| title | Few-shot relation extraction approach for threat intelligence based on multi-level attention mechanism and hybrid prototypical network |
| title_full | Few-shot relation extraction approach for threat intelligence based on multi-level attention mechanism and hybrid prototypical network |
| title_fullStr | Few-shot relation extraction approach for threat intelligence based on multi-level attention mechanism and hybrid prototypical network |
| title_full_unstemmed | Few-shot relation extraction approach for threat intelligence based on multi-level attention mechanism and hybrid prototypical network |
| title_short | Few-shot relation extraction approach for threat intelligence based on multi-level attention mechanism and hybrid prototypical network |
| title_sort | few shot relation extraction approach for threat intelligence based on multi level attention mechanism and hybrid prototypical network |
| topic | Relation extraction Few-shot learning Cyber Threat Intelligence Multi-level attention mechanism Hybrid prototypical network Meta-learning |
| url | http://www.sciencedirect.com/science/article/pii/S2590005625000323 |
| work_keys_str_mv | AT yushunxie fewshotrelationextractionapproachforthreatintelligencebasedonmultilevelattentionmechanismandhybridprototypicalnetwork AT junchibao fewshotrelationextractionapproachforthreatintelligencebasedonmultilevelattentionmechanismandhybridprototypicalnetwork AT ruizong fewshotrelationextractionapproachforthreatintelligencebasedonmultilevelattentionmechanismandhybridprototypicalnetwork AT zhaoquangu fewshotrelationextractionapproachforthreatintelligencebasedonmultilevelattentionmechanismandhybridprototypicalnetwork AT haiyanwang fewshotrelationextractionapproachforthreatintelligencebasedonmultilevelattentionmechanismandhybridprototypicalnetwork |