CyNER: A Python Library for Cybersecurity Named Entity Recognition

TL;DR

CyNER is an open-source Python library that combines transformer models, heuristics, and existing NER models to extract cybersecurity entities and indicators from unstructured threat intelligence data.

Contribution

It introduces a versatile library that integrates multiple approaches for cybersecurity named entity recognition, facilitating easier extraction of threat information.

Findings

Provides pre-trained models on diverse cybersecurity corpus

Enables combining multiple extraction methods for improved accuracy

Publicly available for community use

Abstract

Open Cyber threat intelligence (OpenCTI) information is available in an unstructured format from heterogeneous sources on the Internet. We present CyNER, an open-source python library for cybersecurity named entity recognition (NER). CyNER combines transformer-based models for extracting cybersecurity-related entities, heuristics for extracting different indicators of compromise, and publicly available NER models for generic entity types. We provide models trained on a diverse corpus that users can readily use. Events are described as classes in previous research - MALOnt2.0 (Christian et al., 2021) and MALOnt (Rastogi et al., 2020) and together extract a wide range of malware attack details from a threat intelligence corpus. The user can combine predictions from multiple different approaches to suit their needs. The library is made publicly available.