A Novel Approach for Cyber Threat Analysis Systems Using BERT Model from Cyber Threat Intelligence Data

Demirol D., Das R., HANBAY D.

Symmetry, cilt.17, sa.4, 2025 (SCI-Expanded) identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 17 Sayı: 4
  • Basım Tarihi: 2025
  • Doi Numarası: 10.3390/sym17040587
  • Dergi Adı: Symmetry
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Academic Search Premier, Aerospace Database, Communication Abstracts, INSPEC, Metadex, zbMATH, Directory of Open Access Journals, Civil Engineering Abstracts
  • Anahtar Kelimeler: cyber threat intelligence, knowledge graphs, named entity recognition, pre-trained language model
  • İnönü Üniversitesi Adresli: Evet

Özet

As today’s cybersecurity environment is becoming increasingly complex, it is crucial to analyse threats quickly and effectively. A delayed response or lack of foresight can lead to data loss, reputational damage, and operational disruptions. Therefore, developing methods that can rapidly extract valuable threat intelligence is a critical need to strengthen defence strategies and minimise potential damage. This paper presents an innovative approach that integrates knowledge graphs and a fine-tuned BERT-based model to analyse cyber threat intelligence (CTI) data. The proposed system extracts cyber entities such as threat actors, malware, campaigns, and targets from unstructured threat reports and establishes their relationships using an ontology-driven framework. A named entity recognition dataset was created and a BERT-based model was trained. To address the class imbalance, oversampling and a focal loss function were applied, achieving an F1 score of 96%. The extracted entities and relationships were visualised and analysed using knowledge graphs, enabling the advanced threat analysis and prediction of potential attack targets. This approach enhances cyber-attack prediction and prevention through knowledge graphs.