{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T17:15:59Z","timestamp":1771953359488,"version":"3.50.1"},"reference-count":42,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2025,6,27]],"date-time":"2025-06-27T00:00:00Z","timestamp":1750982400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Gansu Province Higher Education Institution\u2019s Industrial Support Program","award":["2020C-29"],"award-info":[{"award-number":["2020C-29"]}]},{"name":"Gansu Province Higher Education Institution\u2019s Industrial Support Program","award":["61562002"],"award-info":[{"award-number":["61562002"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["2020C-29"],"award-info":[{"award-number":["2020C-29"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61562002"],"award-info":[{"award-number":["61562002"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>As Advanced Persistent Threats (APTs) continue to evolve, constructing a dynamic cybersecurity knowledge graph requires precise extraction of entity\u2013relationship triples from unstructured threat intelligence. Existing approaches, however, face significant challenges in modeling low-frequency threat associations, extracting multi-relational entities, and resolving overlapping entity scenarios. To overcome these limitations, we propose the Symmetry-Aware Prototype Contrastive Learning (SAPCL) framework for joint entity and relation extraction. By explicitly modeling syntactic symmetry in attack-chain dependency structures and its interaction with asymmetric adversarial semantics, SAPCL integrates dependency relation types with contextual features using a type-enhanced Graph Attention Network. This symmetry\u2013asymmetry fusion facilitates a more effective extraction of multi-relational triples. Furthermore, we introduce a triple prototype contrastive learning mechanism that enhances the robustness of low-frequency relations through hierarchical semantic alignment and adaptive prototype updates. A non-autoregressive decoding architecture is also employed to globally generate multi-relational triples while mitigating semantic ambiguities. SAPCL was evaluated on three publicly available CTI datasets: HACKER, ACTI, and LADDER. It achieved F1-scores of 56.63%, 60.21%, and 53.65%, respectively. Notably, SAPCL demonstrated a substantial improvement of 14.5 percentage points on the HACKER dataset, validating its effectiveness in real-world cyber threat extraction scenarios. By synergizing syntactic\u2013semantic multi-feature fusion with symmetry-driven dynamic representation learning, SAPCL establishes a symmetry\u2013asymmetry adaptive paradigm for cybersecurity knowledge graph construction, thus enhancing APT attack tracing, threat hunting, and proactive cyber defense.<\/jats:p>","DOI":"10.3390\/sym17071013","type":"journal-article","created":{"date-parts":[[2025,6,30]],"date-time":"2025-06-30T03:54:28Z","timestamp":1751255668000},"page":"1013","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Syntax-Aware Graph Network with Contrastive Learning for Threat Intelligence Triple Extraction"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-8441-9534","authenticated-orcid":false,"given":"Zhenxiang","family":"He","sequence":"first","affiliation":[{"name":"School of Cyberspace Security, Gansu University of Political Science and Law, No. 6 Anning West Road, Lanzhou 730070, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-6068-4499","authenticated-orcid":false,"given":"Ziqi","family":"Zhao","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Gansu University of Political Science and Law, No. 6 Anning West Road, Lanzhou 730070, China"}]},{"given":"Zhihao","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Gansu University of Political Science and Law, No. 6 Anning West Road, Lanzhou 730070, China"}]}],"member":"1968","published-online":{"date-parts":[[2025,6,27]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"103824","DOI":"10.1016\/j.cose.2024.103824","article-title":"KnowCTI: Knowledge-based cyber threat intelligence entity and relation extraction","volume":"141","author":"Wang","year":"2024","journal-title":"Comput. Secur."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"111410","DOI":"10.1016\/j.knosys.2024.111410","article-title":"Temporal relation extraction with contrastive prototypical sampling","volume":"286","author":"Yuan","year":"2024","journal-title":"Knowl.-Based Syst."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"103524","DOI":"10.1016\/j.cose.2023.103524","article-title":"A survey on cybersecurity knowledge graph construction","volume":"136","author":"Zhao","year":"2024","journal-title":"Comput. Secur."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3674501","article-title":"A comprehensive survey on relation extraction: Recent advances and new frontiers","volume":"56","author":"Zhao","year":"2024","journal-title":"ACM Comput. Surv."},{"key":"ref_5","first-page":"5695","article-title":"CSKG4APT: A cybersecurity knowledge graph for advanced persistent threat organization attribution","volume":"35","author":"Ren","year":"2022","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"ref_6","unstructured":"Li, Z., Zeng, J., Chen, Y., and Liang, Z. AttacKG: Constructing technique knowledge graph from cyber threat intelligence reports. Proceedings of the European Symposium on Research in Computer Security."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1007\/s40747-024-01661-3","article-title":"Quality assessment of cyber threat intelligence knowledge graph based on adaptive joining of embedding model","volume":"11","author":"Chen","year":"2025","journal-title":"Complex Intell. Syst."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Li, Z.X., Li, Y.J., Liu, Y.W., Liu, C., and Zhou, N.X. (2023). K-CTIAA: Automatic analysis of cyber threat intelligence based on a knowledge graph. Symmetry, 15.","DOI":"10.3390\/sym15020337"},{"key":"ref_9","first-page":"299","article-title":"Chinese Cyber Threat Intelligence Named Entity Recognition via RoBERTa-wwm-RDCNN-CRF","volume":"77","author":"Zhen","year":"2023","journal-title":"Comput. Mater. Contin."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"12784","DOI":"10.1109\/TNNLS.2023.3264735","article-title":"Joint entity and relation extraction with set prediction networks","volume":"35","author":"Sui","year":"2023","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"111829","DOI":"10.1016\/j.knosys.2024.111829","article-title":"A Span-based Multivariate Information-aware Embedding Network for joint relational triplet extraction of threat intelligence","volume":"295","author":"Shang","year":"2024","journal-title":"Knowl.-Based Syst."},{"key":"ref_12","unstructured":"Ding, N., Wang, X., Fu, Y., Xu, G., Wang, R., Xie, P., Shen, Y., Huang, F., Zheng, H.T., and Zhang, R. (2021). Prototypical Representation Learning for Relation Extraction. arXiv."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"107172","DOI":"10.1016\/j.neunet.2025.107172","article-title":"SQGE: Support-query prototype guidance and enhancement for few-shot relational triple extraction","volume":"185","author":"Gao","year":"2025","journal-title":"Neural Netw."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1007\/s10489-024-05864-6","article-title":"A prototype evolution network for relation extraction","volume":"55","author":"Wang","year":"2025","journal-title":"Appl. Intell."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Wang, C., Li, A., Tu, H., Wang, Y., Li, C., and Zhao, X. (2020, January 27\u201330). An advanced bert-based decomposition method for joint extraction of entities and relations. Proceedings of the 2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC), Hong Kong, China.","DOI":"10.1109\/DSC50466.2020.00021"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"104120","DOI":"10.1016\/j.cose.2024.104120","article-title":"Entity and relation extractions for threat intelligence knowledge graphs","volume":"148","author":"Mouiche","year":"2025","journal-title":"Comput. Secur."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"103352","DOI":"10.1016\/j.cose.2023.103352","article-title":"Cyber-threat intelligence for security decision-making: A review and research agenda for practice","volume":"132","author":"Ainslie","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"110114","DOI":"10.1016\/j.knosys.2022.110114","article-title":"A novel feature integration and entity boundary detection for named entity recognition in cybersecurity","volume":"260","author":"Wang","year":"2023","journal-title":"Knowl.-Based Syst."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"102763","DOI":"10.1016\/j.cose.2022.102763","article-title":"Vulcan: Automatic extraction and analysis of cyber threat intelligence from unstructured text","volume":"120","author":"Jo","year":"2022","journal-title":"Comput. Secur."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"103579","DOI":"10.1016\/j.cose.2023.103579","article-title":"CyberEntRel: Joint extraction of cyber entities and relations using deep learning","volume":"136","author":"Ahmed","year":"2024","journal-title":"Comput. Secur."},{"key":"ref_21","unstructured":"Eberts, M., and Ulges, A. (September, January 29). Span-based joint entity and relation extraction with transformer pre-training. Proceedings of the ECAI 2020, Santiago de Compostela, Spain."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"108826","DOI":"10.1016\/j.asoc.2022.108826","article-title":"Threat intelligence ATT&CK extraction based on the attention transformer hierarchical recurrent neural network","volume":"122","author":"Liu","year":"2022","journal-title":"Appl. Soft Comput."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Lv, H., Han, X., Cui, H., Wang, P., Zuo, W., and Zhou, Y. (July, January 30). Joint Extraction of Entities and Relationships from Cyber Threat Intelligence based on Task-specific Fourier Network. Proceedings of the 2024 International Joint Conference on Neural Networks (IJCNN), Yokohama, Japan.","DOI":"10.1109\/IJCNN60899.2024.10650942"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"108981","DOI":"10.1016\/j.compeleceng.2023.108981","article-title":"STIOCS: Active learning-based semi-supervised training framework for IOC extraction","volume":"112","author":"Tang","year":"2023","journal-title":"Comput. Electr. Eng."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Zuo, J., Gao, Y., Li, X., and Yuan, J. (2022, January 4\u20136). An end-to-end entity and relation joint extraction model for cyber threat intelligence. Proceedings of the 2022 7th International Conference on Big Data Analytics (ICBDA), Guangzhou, China.","DOI":"10.1109\/ICBDA55095.2022.9760342"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Liu, Y., Han, X., Zuo, W., Lv, H., and Guo, J. (2024, January 8\u201310). CTI-JE: A Joint Extraction Framework of Entities and Relations in Unstructured Cyber Threat Intelligence. Proceedings of the 2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD), Tianjin, China.","DOI":"10.1109\/CSCWD61410.2024.10580210"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Wang, X., Xiong, M., Luo, Y., Li, N., Jiang, Z., and Xiong, Z. (2020\u20131, January 29). Joint learning for document-level threat intelligence relation extraction and coreference resolution based on gcn. Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China.","DOI":"10.1109\/TrustCom50675.2020.00083"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"103960","DOI":"10.1016\/j.cose.2024.103960","article-title":"APT-MMF: An advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion","volume":"144","author":"Xiao","year":"2024","journal-title":"Comput. Secur."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"563","DOI":"10.1007\/s11227-025-07051-x","article-title":"Research on APT group classification method based on graph attention networks","volume":"81","author":"Du","year":"2025","journal-title":"J. Supercomput."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"5215","DOI":"10.1007\/s10115-025-02387-5","article-title":"GC-PTransE: Multi-step attack inference method based on graph convolutional neural network and translation embedding","volume":"67","author":"Ren","year":"2025","journal-title":"Knowl. Inf. Syst."},{"key":"ref_31","first-page":"14257","article-title":"Contrastive triple extraction with generative transformer","volume":"35","author":"Ye","year":"2021","journal-title":"Proc. Proc. Aaai Conf. Artif. Intell."},{"key":"ref_32","first-page":"1761","article-title":"Learning relation prototype from unlabeled texts for long-tail relation extraction","volume":"35","author":"Cao","year":"2021","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"2521","DOI":"10.1007\/s11280-023-01143-5","article-title":"Few-shot named entity recognition with hybrid multi-prototype learning","volume":"26","author":"Liao","year":"2023","journal-title":"World Wide Web"},{"key":"ref_34","unstructured":"Hu, C., Yang, D., Jin, H., Chen, Z., and Xiao, Y. (2022, January 12\u201317). Improving Continual Relation Extraction through Prototypical Contrastive Learning. Proceedings of the 29th International Conference on Computational Linguistics, Gyeongju, Republic of Korea."},{"key":"ref_35","first-page":"1719","article-title":"The Entity Relationship Extraction Method Using Improved RoBERTa and Multi-Task Learning","volume":"77","author":"Fan","year":"2023","journal-title":"Comput. Mater. Contin."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Sun, L., Li, Z., Xie, L., Ye, M., and Chen, B. (2022, January 22\u201324). APTKG: Constructing Threat Intelligence Knowledge Graph from Open-Source APT Reports Based on Deep Learning. Proceedings of the 2022 5th International Conference on Data Science and Information Technology (DSIT), Shanghai, China.","DOI":"10.1109\/DSIT55514.2022.9943933"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"You, Y., Jiang, Z., Zhang, K., Feng, H., Jiang, J., and Yang, P. (2024, January 8\u201310). TiGNet: Joint entity and relation triplets extraction for APT campaign threat intelligence. Proceedings of the 2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD), Tianjin, China.","DOI":"10.1109\/CSCWD61410.2024.10580395"},{"key":"ref_38","unstructured":"Luo, Y., Ao, S., Luo, N., Su, C., Yang, P., and Jiang, Z. (2021, January 1\u20132). Extracting threat intelligence relations using distant supervision and neural networks. Proceedings of the Advances In Digital Forensics XVII: 17th IFIP WG 11.9 International Conference, Virtual Event. Revised Selected Papers 17."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"366","DOI":"10.1038\/s41597-025-04439-5","article-title":"A dataset for cyber threat intelligence modeling of connected autonomous vehicles","volume":"12","author":"Wang","year":"2025","journal-title":"Sci. Data"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Alam, M.T., Bhusal, D., Park, Y., and Rastogi, N. (2023, January 16\u201318). Looking beyond IoCs: Automatically extracting attack patterns from external CTI. Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, Hong Kong, China.","DOI":"10.1145\/3607199.3607208"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Zheng, H., Wen, R., Chen, X., Yang, Y., Zhang, Y., Zhang, Z., Zhang, N., Qin, B., Ming, X., and Zheng, Y. (2021, January 1\u20136). PRGC: Potential Relation and Global Correspondence Based Joint Relational Triple Extraction. Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long Papers), Online.","DOI":"10.18653\/v1\/2021.acl-long.486"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"106888","DOI":"10.1016\/j.knosys.2021.106888","article-title":"Representation iterative fusion based on heterogeneous graph neural network for joint entity and relation extraction","volume":"219","author":"Zhao","year":"2021","journal-title":"Knowl.-Based Syst."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/17\/7\/1013\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:00:07Z","timestamp":1760032807000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/17\/7\/1013"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,27]]},"references-count":42,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2025,7]]}},"alternative-id":["sym17071013"],"URL":"https:\/\/doi.org\/10.3390\/sym17071013","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,27]]}}}