Abstract
Although general-domain Named Entity Recognition (NER) has achieved substantial progress in the past decade, its application to cybersecurity NER is hindered by the lack of publicly available annotated datasets, primarily because of the sensitive and privacy-related nature of security data. Prior research has largely sought to improve performance by expanding annotation volumes, while overlooking the intrinsic characteristics of training data. In this study, we propose a cybersecurity Named Entity Recognition (NER) method based on hard and easy labeled training data discrimination. Firstly, a hybrid strategy that integrates a deep learning (DL)-based discriminator and a rule-based discriminator is employed to partition the original dataset into hard and easy samples. Secondly, the proportion of hard and easy data in the training set is adjusted to determine the optimal balance. Finally, a data augmentation algorithm is applied to the partitioned dataset to further improve model performance. The results demonstrate that, under a fixed total training data size, the ratio of hard to easy samples has a significant impact on NER performance, with the optimal strategy achieved at a 1:1 proportion. Moreover, the proposed method further improves the overall performance of cybersecurity NER.