Dual-Tower TTP Semantic Matching Method Based on Soft–Hard Label Supervision and Gated Binary Interaction

Existing methods for identifying Tactics, Techniques, and Procedures (TTPs) from complex cyber-attack descriptions face three core challenges: (1) severe semantic asymmetry between unstructured attack narratives and standardized TTP definitions; (2) continuously distributed semantic relations that cannot be fully captured by hard-label supervision; and (3) an open, long-tailed TTP taxonomy that impairs model generalization. To address these limitations, we introduce DTGBI-TM, a lightweight dual-tower semantic matching framework that integrates soft-label supervision, hierarchical hard-negative sampling, and gated binary interaction modeling. The model separately encodes attack descriptions and TTP definitions and employs a gated interaction module to adaptively fuse shared and divergent semantics, enabling fine-grained asymmetric alignment. A confidence-guided soft–hard collaborative supervision mechanism unifies weighted classification, semantic regression, and contrastive consistency into a multi-objective loss, dynamically rebalancing gradients to mitigate long-tail effects. Leveraging ATT & CK hierarchical priors, the model further performs in-tactic and cross-tactic hard-negative sampling to enhance semantic discrimination. Experiments on a real-world corpus demonstrate that DTGBI-TM achieves 98.53% F1 in semantic modeling and 79.77% Top-1 accuracy in open-set TTP prediction, while maintaining high inference efficiency and scalability in deployment.