Advancing Cybersecurity through Intelligent Extraction Frameworks and Knowledge Graphs - PhD Dissertation Proposal by: Inoussa Mouiche

Cybersecurity operations face growing challenges due to the volume, complexity, and unstructured nature of cyber threat intelligence (CTI) reports. To enable proactive defense and informed decision-making, there is a critical need to transform these reports into structured, queryable knowledge representations, such as cybersecurity knowledge graphs (CKGs) or provenance graphs. This dissertation presents advanced model- and data-centric frameworks for the automatic extraction of actionable intelligence from CTI reports, improving both pipeline and joint extraction (PE and JE) paradigms. The research introduces novel architectures that integrate domain-specific language models (e.g., SecureBERT variants), hybrid sequence modelling techniques, expert-defined ontologies, and entity-centric features that embed analyst knowledge to boost the performance of named entity recognition (NER) and relation extraction (RE). By developing multiple robust frameworks, including TiKG, CTiKG, TIJERE, TIRE, and Ti-NERmerger, this work addresses key challenges such as error propagation, feature confusion, model scalability, and the scarcity of high-quality annotated data. Empirical evaluations across diverse CTI datasets, including DNRTI, STUCCO, and DNRTI-AUG-STIX2, demonstrate significant performance gains over state-of-the-art baselines. In addition, the dissertation explores use-case scenarios to assess the utility of the resulting CKGs in real-world threat analysis. Overall, the contributions lay the foundation for intelligent, context-aware systems that automate the extraction, structuring, and reasoning of cybersecurity data, ultimately enhancing the efficiency and effectiveness of security analysts.

Keywords: Cybersecurity Knowledge Graphs, Pipeline Extraction, Joint Extraction, Named Entity Recognition, Relation Extraction, Data-centric Approaches, Entity-Centric Features.