基于图挖掘的黑灰产运作模式可视分析

信息安全研究 ›› 2024, Vol. 10 ›› Issue (1): 48-.

基于图挖掘的黑灰产运作模式可视分析

尚思佳1,2陈晓淇3林靖淞3林睫菲4李臻3刘延华3

1(中国科学院信息工程研究所物联网信息安全技术北京市重点实验室北京100093)
2(中国科学院大学网络空间安全学院北京100049)
3(福州大学计算机与大数据学院福州350108)
4(国网信通亿力科技有限责任公司福州350003)

出版日期:2024-01-10 发布日期:2024-01-21
通讯作者: 刘延华博士，副教授，硕士生导师.主要研究方向为网络空间安全、网络数据分析、智能计算及应用. lyhwa@fzu.edu.cn
作者简介:尚思佳博士研究生.主要研究方向为网络空间安全. ssj_jm@163.com 陈晓淇主要研究方向为大数据、人工智能. 1609731728@qq.com 林靖淞主要研究方向为大数据、机器学习. linjingsong333@foxmail.com 林睫菲助理工程师.主要研究方向为计算机软件及计算机应用. linjiefei@sgitg.sgcc.com.cn 李臻主要研究方向为大数据、数据分析. 1355832141@qq.com 刘延华博士，副教授，硕士生导师.主要研究方向为网络空间安全、网络数据分析、智能计算及应用. lyhwa@fzu.edu.cn

Visual Analysis of Operation Mode of Black and Grey Production Based on Graph Mining

Shang Sijia1,2, Chen Xiaoqi3, Lin Jingsong3, Lin Jiefei4, Li Zhen3, and Liu Yanhua3#br#

#br#

1(Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093)
2(School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049)
3(College of Computer and Data Science, Fuzhou University, Fuzhou 350108)
4(State Grid Infotelecom Great Power Science and Technology Co., Ltd., Fuzhou 350003)

Online:2024-01-10 Published:2024-01-21

摘要/Abstract

摘要： 为分析黑灰产网络资产图谱数据中黑灰产团伙掌握的网络资产及其关联关系，提出一种基于图挖掘的黑灰产运作模式可视分析方法.首先，在网络资产图谱数据中锁定潜在团伙线索；其次，根据潜在线索、黑灰产业务规则挖掘由同一黑灰产团伙掌握的网络资产子图，并识别子图中的核心资产与关键链路；最后,基于标记核心资产和关键链路的黑灰产子图实现可视分析系统，从而直观发现黑灰产团伙掌握的网络资产及其关联关系，帮助分析人员制定黑灰产网络资产打击策略.经实验验证，该方法能有效、直观地分析和发现黑灰产团伙及其网络资产关联关系，为更好监测黑灰产网络运作态势提供必要的技术支持.

关键词: 黑灰产, 网络资产, 子图挖掘, 关键链路, 可视分析

Abstract: To analyze the network assets controlled by black and grey production gangs and their associated relationships in the network asset mapping data, this paper proposes a graph miningbased visual analysis method for the black and grey production operation mode. Firstly, it identifies potential gang clues within the network asset mapping data. Secondly, it mines the network asset subgraphs held by the same black and grey production gang using these clues and black and grey production business rules, identifying core assets and key links within these subgraphs. Finally, a visual analysis system is developed based on the marked subgraphs, featuring core assets and key links related to black and grey production. It enables the exploration of network assets held by black and grey production gangs and their associated relationships, assisting analysts in formulating strategies to combat black and grey network assets. Experimental validation demonstrates the effectiveness and intuitiveness of the proposed method in analyzing and discovering black and grey production gangs and their network asset associations, providing essential technical support for monitoring the operations of the black and grey business network.

Key words: black and grey production, network assets, subgraph mining, critical link, visual analysis

中图分类号:

TP309.2

尚思佳, 陈晓淇, 林靖淞, 林睫菲, 李臻, 刘延华, . 基于图挖掘的黑灰产运作模式可视分析[J]. 信息安全研究, 2024, 10(1): 48-.

参考文献

［1］李明鲁. 电信网络诈骗犯罪中网络服务提供者的不作为责任研究［J］. 信息安全研究, 2022, 8(2): 165171［2］Zhao Yao, Xie Yinglian, Yu Fang, et al. BotGraph: Large scale spamming botnet detection［C］ Proc of the 6th USENIX Symp on Networked Systems Design and Implementation. Berkeley, CA: USENIX Association, 2009: 321334［3］Beutel A, Xu Wanhong, Guruswami V, et al. CopyCatch: Stopping group attacks by spotting lockstep behavior in social networks［C］ Proc of the 22nd Int Conf on World Wide Web. New York: ACM, 2013: 119130［4］Jiang Meng, Cui Peng, Beutel A, et al. CatchSync: Catching synchronized behavior in large directed graphs［C］ Proc of the 20th ACM SIGKDD Int Conf on Knowledge Discovery and Data Mining. New York: ACM, 2014: 941950［5］Cao Qiang, Yang Xiaowei, Yu Jieqi,et al. Uncovering large groups of active malicious accounts in online social networks［C］ Proc of the 2014 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2014: 477488［6］Prakash B A, Sridharan A, Seshadri M, et al. EigenSpokes: Surprising patterns and scalable community chipping in large graphs［C］ Proc of the 14th PacificAsia Conf on Knowledge Discovery and Data Mining. Berlin: Springer, 2010: 435448［7］李翰超, 李邵梅, 陈鸿昶. 基于加权网络的暴恐团伙核心成员发现研究［J］. 信息工程大学学报, 2021, 22(3): 16711673［8］Yu Enyu, Chen Duanbing, Zhao Junyan. Identifying critical edges in complex networks［J］. Scientific Reports, 2018, 8(1): 18［9］田云飞, 彭玲艳, 程紫运,等.基于最短路径敏感度的光网络关键链路识别［J］. 光通信研究, 2020 (2): 1115［10］陈培培. 基于Fast Unfolding算法的学生社交网络分析［D］. 武汉: 华中师范大学, 2020［11］Bródka P, Skibicki K, Kazienko P, et al. A degree centrality in multilayered social network［C］ Proc of Int Conf on Computational Aspects of Social Networks. Piscataway, NJ: IEEE, 2011: 237242［12］Zhou Chuan, Zhang Peng, Zang Wenyu, et al. On the upper bounds of spread for greedy algorithms in social network influence maximization［J］. IEEE Trans on Knowledge and Data Engineering, 2015, 27(10): 27702783［13］Bergamini E, Borassi M, Crescenzi P, et al. Computing topk closeness centrality faster in unweighted graphs［J］. ACM Trans on Knowledge Discovery from Data, 2017, 13(5): 140［14］陈妤, 秦威. 基于排序学习的复杂网络节点接近中心性近似排序［J］. 计算机系统应用, 2022, 31(11): 387392

[1]	刘高, 郝龙, 赵东东. 基于“ATT&CK”战术框架的网络安全单兵侦测系统[J]. 信息安全研究, 2021, 7(E1): 41-.
[2]	李憧刘鹏蔡国庆. 基于流量感知的动态网络资产监测研究[J]. 信息安全研究, 2020, 6(6): 0-0.
[3]	解旭东. 工业互联网安全监测审计及态势感知技术研究[J]. 信息安全研究, 2020, 6(11): 0-0.