SecureBERT: A Domain-Specific Language Model for Cybersecurity

Ehsan Aghaei; Xi Niu; Waseem Shadid; Ehab Al-Shaer

doi:10.1007/978-3-031-25538-0_3

SecureBERT: A Domain-Specific Language Model for Cybersecurity

Ehsan Aghaei^*, Xi Niu, Waseem Shadid, Ehab Al-Shaer

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

89 Scopus citations

Abstract

Natural Language Processing (NLP) has recently gained wide attention in cybersecurity, particularly in Cyber Threat Intelligence (CTI) and cyber automation. Increased connection and automation have revolutionized the world’s economic and cultural infrastructures, while they have introduced risks in terms of cyber attacks. CTI is information that helps cybersecurity analysts make intelligent security decisions, that is often delivered in the form of natural language text, which must be transformed to machine readable format through an automated procedure before it can be used for automated security measures. This paper proposes SecureBERT, a cybersecurity language model capable of capturing text connotations in cybersecurity text (e.g., CTI) and therefore successful in automation for many critical cybersecurity tasks that would otherwise rely on human expertise and time-consuming manual efforts. SecureBERT has been trained using a large corpus of cybersecurity text. To make SecureBERT effective not just in retaining general English understanding, but also when applied to text with cybersecurity implications, we developed a customized tokenizer as well as a method to alter pre-trained weights. The SecureBERT is evaluated using the standard Masked Language Model (MLM) test as well as two additional standard NLP tasks. Our evaluation studies show that SecureBERT outperforms existing similar models, confirming its capability for solving crucial NLP tasks in cybersecurity.

Original language	English
Title of host publication	Security and Privacy in Communication Networks - 18th EAI International Conference, SecureComm 2022, Proceedings
Editors	Fengjun Li, Kaitai Liang, Zhiqiang Lin, Sokratis K. Katsikas
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	39-56
Number of pages	18
ISBN (Print)	9783031255373
DOIs	https://doi.org/10.1007/978-3-031-25538-0_3
State	Published - 2023
Externally published	Yes
Event	18th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2022 - Virtual, Online Duration: 17 Oct 2022 → 19 Oct 2022

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	462 LNICST
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Conference	18th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2022
City	Virtual, Online
Period	17/10/22 → 19/10/22

Bibliographical note

Publisher Copyright:
© 2023, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.

Keywords

Cyber automation
Cyber threat intelligence
Language model

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1007/978-3-031-25538-0_3

Cite this

Aghaei, E., Niu, X., Shadid, W., & Al-Shaer, E. (2023). SecureBERT: A Domain-Specific Language Model for Cybersecurity. In F. Li, K. Liang, Z. Lin, & S. K. Katsikas (Eds.), Security and Privacy in Communication Networks - 18th EAI International Conference, SecureComm 2022, Proceedings (pp. 39-56). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 462 LNICST). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-25538-0_3

Aghaei, Ehsan ; Niu, Xi ; Shadid, Waseem et al. / SecureBERT : A Domain-Specific Language Model for Cybersecurity. Security and Privacy in Communication Networks - 18th EAI International Conference, SecureComm 2022, Proceedings. editor / Fengjun Li ; Kaitai Liang ; Zhiqiang Lin ; Sokratis K. Katsikas. Springer Science and Business Media Deutschland GmbH, 2023. pp. 39-56 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{1a3e2a1ca6f94c7589c870bc0b3e1e31,

title = "SecureBERT: A Domain-Specific Language Model for Cybersecurity",

abstract = "Natural Language Processing (NLP) has recently gained wide attention in cybersecurity, particularly in Cyber Threat Intelligence (CTI) and cyber automation. Increased connection and automation have revolutionized the world{\textquoteright}s economic and cultural infrastructures, while they have introduced risks in terms of cyber attacks. CTI is information that helps cybersecurity analysts make intelligent security decisions, that is often delivered in the form of natural language text, which must be transformed to machine readable format through an automated procedure before it can be used for automated security measures. This paper proposes SecureBERT, a cybersecurity language model capable of capturing text connotations in cybersecurity text (e.g., CTI) and therefore successful in automation for many critical cybersecurity tasks that would otherwise rely on human expertise and time-consuming manual efforts. SecureBERT has been trained using a large corpus of cybersecurity text. To make SecureBERT effective not just in retaining general English understanding, but also when applied to text with cybersecurity implications, we developed a customized tokenizer as well as a method to alter pre-trained weights. The SecureBERT is evaluated using the standard Masked Language Model (MLM) test as well as two additional standard NLP tasks. Our evaluation studies show that SecureBERT outperforms existing similar models, confirming its capability for solving crucial NLP tasks in cybersecurity.",

keywords = "Cyber automation, Cyber threat intelligence, Language model",

author = "Ehsan Aghaei and Xi Niu and Waseem Shadid and Ehab Al-Shaer",

note = "Publisher Copyright: {\textcopyright} 2023, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.; 18th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2022 ; Conference date: 17-10-2022 Through 19-10-2022",

year = "2023",

doi = "10.1007/978-3-031-25538-0_3",

language = "English",

isbn = "9783031255373",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "39--56",

editor = "Fengjun Li and Kaitai Liang and Zhiqiang Lin and Katsikas, {Sokratis K.}",

booktitle = "Security and Privacy in Communication Networks - 18th EAI International Conference, SecureComm 2022, Proceedings",

address = "Germany",

}

Aghaei, E, Niu, X, Shadid, W & Al-Shaer, E 2023, SecureBERT: A Domain-Specific Language Model for Cybersecurity. in F Li, K Liang, Z Lin & SK Katsikas (eds), Security and Privacy in Communication Networks - 18th EAI International Conference, SecureComm 2022, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 462 LNICST, Springer Science and Business Media Deutschland GmbH, pp. 39-56, 18th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2022, Virtual, Online, 17/10/22. https://doi.org/10.1007/978-3-031-25538-0_3

SecureBERT: A Domain-Specific Language Model for Cybersecurity. / Aghaei, Ehsan; Niu, Xi; Shadid, Waseem et al.
Security and Privacy in Communication Networks - 18th EAI International Conference, SecureComm 2022, Proceedings. ed. / Fengjun Li; Kaitai Liang; Zhiqiang Lin; Sokratis K. Katsikas. Springer Science and Business Media Deutschland GmbH, 2023. p. 39-56 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 462 LNICST).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - SecureBERT

T2 - 18th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2022

AU - Aghaei, Ehsan

AU - Niu, Xi

AU - Shadid, Waseem

AU - Al-Shaer, Ehab

PY - 2023

Y1 - 2023

N2 - Natural Language Processing (NLP) has recently gained wide attention in cybersecurity, particularly in Cyber Threat Intelligence (CTI) and cyber automation. Increased connection and automation have revolutionized the world’s economic and cultural infrastructures, while they have introduced risks in terms of cyber attacks. CTI is information that helps cybersecurity analysts make intelligent security decisions, that is often delivered in the form of natural language text, which must be transformed to machine readable format through an automated procedure before it can be used for automated security measures. This paper proposes SecureBERT, a cybersecurity language model capable of capturing text connotations in cybersecurity text (e.g., CTI) and therefore successful in automation for many critical cybersecurity tasks that would otherwise rely on human expertise and time-consuming manual efforts. SecureBERT has been trained using a large corpus of cybersecurity text. To make SecureBERT effective not just in retaining general English understanding, but also when applied to text with cybersecurity implications, we developed a customized tokenizer as well as a method to alter pre-trained weights. The SecureBERT is evaluated using the standard Masked Language Model (MLM) test as well as two additional standard NLP tasks. Our evaluation studies show that SecureBERT outperforms existing similar models, confirming its capability for solving crucial NLP tasks in cybersecurity.

AB - Natural Language Processing (NLP) has recently gained wide attention in cybersecurity, particularly in Cyber Threat Intelligence (CTI) and cyber automation. Increased connection and automation have revolutionized the world’s economic and cultural infrastructures, while they have introduced risks in terms of cyber attacks. CTI is information that helps cybersecurity analysts make intelligent security decisions, that is often delivered in the form of natural language text, which must be transformed to machine readable format through an automated procedure before it can be used for automated security measures. This paper proposes SecureBERT, a cybersecurity language model capable of capturing text connotations in cybersecurity text (e.g., CTI) and therefore successful in automation for many critical cybersecurity tasks that would otherwise rely on human expertise and time-consuming manual efforts. SecureBERT has been trained using a large corpus of cybersecurity text. To make SecureBERT effective not just in retaining general English understanding, but also when applied to text with cybersecurity implications, we developed a customized tokenizer as well as a method to alter pre-trained weights. The SecureBERT is evaluated using the standard Masked Language Model (MLM) test as well as two additional standard NLP tasks. Our evaluation studies show that SecureBERT outperforms existing similar models, confirming its capability for solving crucial NLP tasks in cybersecurity.

KW - Cyber automation

KW - Cyber threat intelligence

KW - Language model

UR - http://www.scopus.com/inward/record.url?scp=85148041183&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-25538-0_3

DO - 10.1007/978-3-031-25538-0_3

M3 - Conference contribution

AN - SCOPUS:85148041183

SN - 9783031255373

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 39

EP - 56

BT - Security and Privacy in Communication Networks - 18th EAI International Conference, SecureComm 2022, Proceedings

A2 - Li, Fengjun

A2 - Liang, Kaitai

A2 - Lin, Zhiqiang

A2 - Katsikas, Sokratis K.

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 17 October 2022 through 19 October 2022

ER -

Aghaei E, Niu X, Shadid W, Al-Shaer E. SecureBERT: A Domain-Specific Language Model for Cybersecurity. In Li F, Liang K, Lin Z, Katsikas SK, editors, Security and Privacy in Communication Networks - 18th EAI International Conference, SecureComm 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 39-56. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-031-25538-0_3