CSEDesc: CyberSecurity Event Detection with Event Description

Cybersecurity event detection enables security operators to clearly know the occurrence of network threats, thereby improving the efficiency of security analysis. However, previous approaches considered it as a trigger classification task, which has limitations in accurately locating triggers, especially for long phrases commonly used in the cybersecurity domain. Additionally, tagging triggers is often time-consuming and unnecessary. To address these issues, we propose CyberSecurity Event Detection with event Description (CSEDesc), which encodes sentence representations based on event description information to detect cybersecurity events without triggers. Our approach is divided into three modules. Firstly, we introduce context-dependent and independent word embeddings, as well as character-level word embeddings, to effectively represent domain words in the context encoding module. Additionally, we employ an attention mechanism to fuse sentences with event information and obtain description-aware embeddings. Secondly, in the syntactic graph convolutional networks module, we use GCNs to encode the sentence, which exploits sentence structure information and improves the robustness of sentence representation. Finally, we perform binary classification for each instance. Experiments on two cybersecurity event detection datasets, CASIE and CySecED, show that our method achieves new state-of-the-art F1-score of 88.2 and 58.3, respectively.