Extracting cybersecurity related entities, terms and concepts from text

Securing computers, data, cyber-physical systems and networks is a growing problem as society's dependence on them increases while they remain vulnerable to attacks by both criminals and rival nation states. Creating 'situationally aware' computer systems that defend against new "zero day" software vulnerabilities requires them to automatically integrate and use new security-related data from a wide variety of sources. One important source is information found in text from security bulletins, vulnerability databases, news reports, cybersecurity blogs and Internet chat rooms.

We describe an information extraction framework to extract cybersecurity-relevant entities, terms and concepts from text. We use a Conditional Random Field based model trained on manually annotated data to identify and extract the relevant terms. These are then mapped to a previously developed OWL ontology and represented as RDF linked data. We evaluated the system's performance by comparing its results on test data from the National Vulnerability Database and security bulletins from Microsoft and Adobe.

Committee: Drs. Tim Finin (Advisor), Anupam Joshi, Tim Oates