Saved in:
Bibliographic Details
Main Authors: Ech-Chammakhy, Yasir, Motii, Anas, Rabii, Anass, Azrara, Oussama, Chbili, Jaafar
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2510.26499
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866918179202138112
author Ech-Chammakhy, Yasir
Motii, Anas
Rabii, Anass
Azrara, Oussama
Chbili, Jaafar
author_facet Ech-Chammakhy, Yasir
Motii, Anas
Rabii, Anass
Azrara, Oussama
Chbili, Jaafar
contents Extracting structured intelligence via Named Entity Recognition (NER) is critical for cybersecurity, but the proliferation of datasets with incompatible annotation schemas hinders the development of comprehensive models. While combining these resources is desirable, we empirically demonstrate that naively concatenating them results in a noisy label space that severely degrades model performance. To overcome this critical limitation, we introduce CyberNER, a large-scale, unified corpus created by systematically harmonizing four prominent datasets (CyNER, DNRTI, APTNER, and Attacker) onto the STIX 2.1 standard. Our principled methodology resolves semantic ambiguities and consolidates over 50 disparate source tags into 21 coherent entity types. Our experiments show that models trained on CyberNER achieve a substantial performance gain, with a relative F1-score improvement of approximately 30% over the naive concatenation baseline. By publicly releasing the CyberNER corpus, we provide a crucial, standardized benchmark that enables the creation and rigorous comparison of more robust and generalizable entity extraction models for the cybersecurity domain.
format Preprint
id arxiv_https___arxiv_org_abs_2510_26499
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle CyberNER: A Harmonized STIX Corpus for Cybersecurity Named Entity Recognition
Ech-Chammakhy, Yasir
Motii, Anas
Rabii, Anass
Azrara, Oussama
Chbili, Jaafar
Cryptography and Security
Extracting structured intelligence via Named Entity Recognition (NER) is critical for cybersecurity, but the proliferation of datasets with incompatible annotation schemas hinders the development of comprehensive models. While combining these resources is desirable, we empirically demonstrate that naively concatenating them results in a noisy label space that severely degrades model performance. To overcome this critical limitation, we introduce CyberNER, a large-scale, unified corpus created by systematically harmonizing four prominent datasets (CyNER, DNRTI, APTNER, and Attacker) onto the STIX 2.1 standard. Our principled methodology resolves semantic ambiguities and consolidates over 50 disparate source tags into 21 coherent entity types. Our experiments show that models trained on CyberNER achieve a substantial performance gain, with a relative F1-score improvement of approximately 30% over the naive concatenation baseline. By publicly releasing the CyberNER corpus, we provide a crucial, standardized benchmark that enables the creation and rigorous comparison of more robust and generalizable entity extraction models for the cybersecurity domain.
title CyberNER: A Harmonized STIX Corpus for Cybersecurity Named Entity Recognition
topic Cryptography and Security
url https://arxiv.org/abs/2510.26499