{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,7]],"date-time":"2026-07-07T15:31:25Z","timestamp":1783438285581,"version":"3.54.6"},"reference-count":30,"publisher":"MDPI AG","issue":"5","license":[{"start":{"date-parts":[[2025,5,19]],"date-time":"2025-05-19T00:00:00Z","timestamp":1747612800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Sichuan Province Science and Technology Support Program","award":["2024ZYD0272"],"award-info":[{"award-number":["2024ZYD0272"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>Threat intelligence is crucial for the early detection of network security threats, and named entity recognition (NER) plays a critical role in this process. However, traditional NER models based on sequence tagging primarily focus on word-level information for single-token entities, which leads to the inefficient extraction of multi-token entities in intelligence texts. Moreover, traditional NER models provide only a single semantic representation of intelligence texts, meaning that polysemous entities in intelligence texts cannot be effectively classified. To address these problems, this paper proposes a novel model based on segment-level information extraction and similar semantic space construction (SSNER). First, SSNER retrains the traditional BERT model based on a threat intelligence corpus and modifies BERT\u2019s mask mechanism to extract the segment-level word embedding so that the ability of the SSNER to recognize multi-token entities is enhanced. Second, SSNER designs a similar semantic space construction method, which obtains compound semantic representations with symmetrical properties by filtering out the set of similar words and integrating them using self-attention to generate more accurate labels for the polysemous entities. The experimental results on two datasets, DNRTI and Bridges, indicate that SSNER outperforms both baseline and related models. In particular, SSNER achieves an F1-score of 96.02% on the Bridges dataset, exceeding the previous best model by approximately 1.46%.<\/jats:p>","DOI":"10.3390\/sym17050783","type":"journal-article","created":{"date-parts":[[2025,5,20]],"date-time":"2025-05-20T06:54:28Z","timestamp":1747724068000},"page":"783","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Threat Intelligence Named Entity Recognition Based on Segment-Level Information Extraction and Similar Semantic Space Construction"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-1846-5600","authenticated-orcid":false,"given":"Long","family":"Chen","sequence":"first","affiliation":[{"name":"School of Electronic Information Engineering, China West Normal University, Nanchong 637000, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hongli","family":"Deng","sequence":"additional","affiliation":[{"name":"Education Information Technology Center, China West Normal University, Nanchong 637000, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-9425-8348","authenticated-orcid":false,"given":"Jun","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science, China West Normal University, Nanchong 637000, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4495-8299","authenticated-orcid":false,"given":"Bochuan","family":"Zheng","sequence":"additional","affiliation":[{"name":"School of Computer Science, China West Normal University, Nanchong 637000, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Rui","family":"Jiang","sequence":"additional","affiliation":[{"name":"School of Computer Science, China West Normal University, Nanchong 637000, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2025,5,19]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"144150","DOI":"10.1109\/ACCESS.2024.3455410","article-title":"A Systematic Literature Review on the Methods and Challenges in Detecting Zero-Day Attacks: Insights from the Recent CrowdStrike Incident","volume":"12","author":"Por","year":"2024","journal-title":"IEEE Access"},{"key":"ref_2","unstructured":"Wilhoit, K., and Opacki, J. (2022). Operationalizing Threat Intelligence: A Guide to Developing and Operationalizing Cyber Threat Intelligence Programs, Packt Publishing Ltd."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Curran, J.R., and Clark, S. (2003, January 31). Language independent NER using a maximum entropy tagger. Proceedings of the Seventh Conference on Natural Language Learning at HLT-NAACL 2003, Edmonton, AB, Canada.","DOI":"10.3115\/1119176.1119200"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Arikkat, D.R., Vinod, P., KA, R.R., Nicolazzo, S., Nocera, A., and Conti, M. (2024, January 25\u201327). Relation Extraction Techniques in Cyber Threat Intelligence. Proceedings of the International Conference on Applications of Natural Language to Information Systems, Turin, Italy.","DOI":"10.1007\/978-3-031-70239-6_24"},{"key":"ref_5","unstructured":"Peng, W., Ding, J., Wang, W., Cui, L., Cai, W., Hao, Z., and Yun, X. (2024). CTISum: A New Benchmark Dataset For Cyber Threat Intelligence Summarization. arXiv."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Jones, C.L., Bridges, R.A., Huffer, K.M., and Goodall, J.R. (2015, January 7\u20139). Towards a relation extraction framework for cyber-security concepts. Proceedings of the 10th Annual Cyber and Information Security Research Conference, Oak Ridge, TN, USA.","DOI":"10.1145\/2746266.2746277"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"McNeil, N., Bridges, R.A., Iannacone, M.D., Czejdo, B., Perez, N., and Goodall, J.R. (2013, January 4\u20137). Pace: Pattern accurate computationally efficient bootstrapping for timely discovery of cyber-security concepts. Proceedings of the 2013 12th International Conference on Machine Learning and Applications, Miami, FL, USA.","DOI":"10.1109\/ICMLA.2013.106"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"More, S., Matthews, M., Joshi, A., and Finin, T. (2012, January 24\u201325). A knowledge-based approach to intrusion detection modeling. Proceedings of the 2012 IEEE Symposium on Security and Privacy Workshops, San Francisco, CA, USA.","DOI":"10.1109\/SPW.2012.26"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Perera, I., Hwang, J., Bayas, K., Dorr, B., and Wilks, Y. (2018, January 10\u201313). Cyberattack prediction through public text analysis and mini-theories. Proceedings of the 2018 IEEE International Conference on Big Data (Big Data), Seattle, WA, USA.","DOI":"10.1109\/BigData.2018.8622106"},{"key":"ref_10","unstructured":"Dong, Y., Guo, W., Chen, Y., Xing, X., Zhang, Y., and Wang, G. (2019, January 14\u201316). Towards the detection of inconsistencies in public security vulnerability reports. Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA."},{"key":"ref_11","unstructured":"Huang, L., and Xiao, X. (2025, January 7\u201310). CTIKG: LLM-Powered Knowledge Graph Construction from Cyber Threat Intelligence. Proceedings of the First Conference on Language Modeling, Montreal, QC, Canada."},{"key":"ref_12","first-page":"9875199","article-title":"CTI view: APT threat intelligence analysis system","volume":"2022","author":"Zhou","year":"2022","journal-title":"Secur. Commun. Netw."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Kristiansen, L.M., Agarwal, V., Franke, K., and Shah, R.S. (2020, January 10\u201313). Cti-twitter: Gathering cyber threat intelligence from twitter using integrated supervised and unsupervised learning. Proceedings of the 2020 IEEE International Conference on Big Data (Big Data), Atlanta, GA, USA.","DOI":"10.1109\/BigData50022.2020.9378393"},{"key":"ref_14","unstructured":"Huang, Z., Xu, W., and Yu, K. (2015). Bidirectional LSTM-CRF models for sequence tagging. arXiv."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Husari, G., Al-Shaer, E., Ahmed, M., Chu, B., and Niu, X. (2017, January 4\u20138). Ttpdrill: Automatic and accurate extraction of threat actions from unstructured text of cti sources. Proceedings of the 33rd Annual Computer Security Applications Conference, Orlando, FL, USA.","DOI":"10.1145\/3134600.3134646"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Kim, E., Kim, K., Shin, D., Jin, B., and Kim, H. (2018, January 20\u201322). CyTIME: Cyber Threat Intelligence ManagEment framework for automatically generating security rules. Proceedings of the 13th International Conference on Future Internet Technologies, Seoul, Republic of Korea.","DOI":"10.1145\/3226052.3226056"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"872","DOI":"10.1631\/FITEE.1800520","article-title":"A network security entity recognition method based on feature template and CNN-BiLSTM-CRF","volume":"20","author":"Qin","year":"2019","journal-title":"Front. Inf. Technol. Electron. Eng."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"211691","DOI":"10.1109\/ACCESS.2020.3039234","article-title":"Creating cybersecurity knowledge graphs from malware after action reports","volume":"8","author":"Piplai","year":"2020","journal-title":"IEEE Access"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1186\/s42400-021-00072-y","article-title":"Data and knowledge-driven named entity recognition for cyber security","volume":"4","author":"Gao","year":"2021","journal-title":"Cybersecurity"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"101586","DOI":"10.1016\/j.is.2020.101586","article-title":"Processing tweets for cybersecurity threat awareness","volume":"95","author":"Alves","year":"2021","journal-title":"Inf. Syst."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Liu, P., Li, H., Wang, Z., Liu, J., Ren, Y., and Zhu, H. (2022, January 21\u201325). Multi features based semantic augmentation networks for named entity recognition in threat intelligence. Proceedings of the 2022 26th International Conference on Pattern Recognition (ICPR), Montreal, QC, Canada.","DOI":"10.1109\/ICPR56361.2022.9956373"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Zhou, S., Liu, J., Zhong, X., and Zhao, W. (2021, January 5\u20138). Named entity recognition using BERT with whole world masking in cybersecurity domain. Proceedings of the 2021 IEEE 6th International Conference on Big Data Analytics (ICBDA), Xiamen, China.","DOI":"10.1109\/ICBDA51983.2021.9403180"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Aghaei, E., Niu, X., Shadid, W., and Al-Shaer, E. (2022, January 17\u201319). Securebert: A domain-specific language model for cybersecurity. Proceedings of the International Conference on Security and Privacy in Communication Systems, Virtual.","DOI":"10.1007\/978-3-031-25538-0_3"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"7729456","DOI":"10.1155\/2022\/7729456","article-title":"A Threat Intelligence Analysis Method Based on Feature Weighting and BERT-BiGRU for Industrial Internet of Things","volume":"2022","author":"Yan","year":"2022","journal-title":"Secur. Commun. Netw."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"110114","DOI":"10.1016\/j.knosys.2022.110114","article-title":"A novel feature integration and entity boundary detection for named entity recognition in cybersecurity","volume":"260","author":"Wang","year":"2023","journal-title":"Knowl.-Based Syst."},{"key":"ref_26","unstructured":"Kingma, D.P., and Ba, J. (2014). Adam: A method for stochastic optimization. arXiv."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Lin, T.Y., Goyal, P., Girshick, R., He, K., and Doll\u00e1r, P. (2017, January 22\u201329). Focal loss for dense object detection. Proceedings of the IEEE International Conference on Computer Vision, Venice, Italy.","DOI":"10.1109\/ICCV.2017.324"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Wang, X., Liu, X., Ao, S., Li, N., and Zhang, X. (2020\u20131, January 29). Dnrti: A large-scale dataset for named entity recognition in threat intelligence. Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China.","DOI":"10.1109\/TrustCom50675.2020.00252"},{"key":"ref_29","unstructured":"Bridges, R.A., Jones, C.L., Iannacone, M.D., Testa, K.M., and Goodall, J.R. (2013). Automatic labeling for entity extraction in cyber security. arXiv."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Yu, B., and Wei, J. (2020, January 14\u201316). IDCNN-CRF-based domain named entity recognition method. Proceedings of the 2020 IEEE 2nd International Conference on Civil Aviation Safety and Information Technology (ICCASIT), Weihai, China.","DOI":"10.1109\/ICCASIT50869.2020.9368795"}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/17\/5\/783\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:35:01Z","timestamp":1760031301000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/17\/5\/783"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,19]]},"references-count":30,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2025,5]]}},"alternative-id":["sym17050783"],"URL":"https:\/\/doi.org\/10.3390\/sym17050783","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5,19]]}}}