TIRE: Advancing Threat Intelligence Relation Extraction with a Novel Data-Centric Framework
摘要
Relation extraction (RE) plays a critical role in uncovering hidden connections and assisting security analysts in identifying complex patterns within cyber threat intelligence (CTI) data. Despite its importance, RE faces significant challenges, such as overlapping relations, complex sentence structures with long-range dependencies, and ambiguous relation types. Existing solutions primarily rely on model-centric approaches based on entity-marked and entity-tagging representations. However, these methods require modifying the original text and model architecture, increasing complexity. Furthermore, they fail to provide adequate contextual and semantic information, leading to suboptimal performance, particularly in joint extraction settings. This research introduces TIRE, a data-centric framework that addresses these challenges through an innovative multi-sequence representation (MSR) for the RE. By incorporating key features such as Entity Mask and Entity Type, TIRE enhances contextual and semantic understanding, enabling precise classification of relationships between entities. Unlike complex model-centric approaches, TIRE achieves state-of-the-art performance with simplified architectures. Extensive evaluations on the curated DNRTI-AUG-STIX2-JE dataset demonstrate TIRE’s superior performance in both pipeline and joint extraction settings, consistently achieving an F1 score of \(99\%\) in RE tasks while maintaining computational efficiency. TIRE’s innovative design bridges the gap between NER and RE tasks for constructing high-quality cybersecurity knowledge graphs (CKGs) and shows adaptability to domains like finance, healthcare, and biomedical fields where structured information extraction is critical. This work underscores the potential of data-centric designs to advance relation extraction and support real-world applications.