An Enhanced Method with Part of Speech Tagging and Named Entity Recognition Techniques Towards Advanced Persistent Threat in Cyber Threat Intelligence: Work in Progress

This research enhances the development of natural language processing (NLP) by integrating part of speech (POS) tagging and named entity recognition (NER) techniques to annotate unstructured data from advanced persistent threat (APT) news. This paper uses combination of these two techniques with deep learning methods, specifically bidirectional long short-term memory (BiLSTM) and conditional random field (CRF) to automate data annotation. The objective is to automatically convert the unstructured APT data into structured threat information expression (STIX) format. The proposed approach can be further developed into cyber threat intelligence (CTI) system for information exchange and early warning against cybercrime. This research is currently in the preliminary stage with progress including data collection and preprocessing, and BiLSTM model building. The expected outcome is a model that capable of APT data labeling to enhance CTI systems.