Textual adversarial attacks in cybersecurity named entity recognition

Abstract

In the cybersecurity domain, Cyber Threat Intelligence (CTI) includes procedures that lead to textual reports and different types of pieces of information and evidence on cyber threats. To better understand the behaviors of attackers and construct attack graphs, identifying attack-relevant entities in diverse CTI texts precisely and efficiently becomes more important, and Named Entity Recognition (NER) models can help extract entities automatically. However, such fine-tuned models are usually vulnerable to adversarial attacks. In this paper, we first construct an attack framework that can explore textual adversarial attacks in the cybersecurity NER task by generating adversarial CTI texts. Then, we analyze the most important parts of speech (POSs) from the perspective of grammar, and propose a word-substitution-based attack method. To confront adversarial attacks, we also introduce a method to detect potential adversarial examples. Experimental results show that cybersecurity NER models are also vulnerable to adversarial attacks. Among all attack methods, our method can generate adversarial texts that keep a balanced performance in several aspects. Furthermore, adversarial examples generated by all attack methods perform well in the study of transferability, and they can help improve the robustness of NER models through adversarial training. On the defense side, our detection method is simple but effective against multiple types of textual adversarial attacks.