基于图挖掘的黑灰产运作模式可视分析OACSTPCD
Visual Analysis of Operation Mode of Black and Grey Production Based on Graph Mining
为分析黑灰产网络资产图谱数据中黑灰产团伙掌握的网络资产及其关联关系,提出一种基于图挖掘的黑灰产运作模式可视分析方法.首先,在网络资产图谱数据中锁定潜在团伙线索;其次,根据潜在线索、黑灰产业务规则挖掘由同一黑灰产团伙掌握的网络资产子图,并识别子图中的核心资产与关键链路;最后,基于标记核心资产和关键链路的黑灰产子图实现可视分析系统,从而直观发现黑灰产团伙掌握的网络资产及其关联关系,帮助分析人员制定黑灰产网络资产打击策略.经实验验证,该方法能有效、直观地分析和发现黑灰产团伙及其网络资产关联关系,为更好监测黑灰产网络运作态势提供必要的技术支持.
To analyze the network assets controlled by black and grey production gangs and their associated relationships in the network asset mapping data,this paper proposes a graph mining-based visual analysis method for the black and grey production operation mode.Firstly,it identifies potential gang clues within the network asset mapping data.Secondly,it mines the network asset subgraphs held by the same black and grey production gang using these clues and black and grey production business rules,identifying core assets and key links within these subgraphs.Finally,a visual analysis system is developed based on the marked subgraphs,featuring core assets and key links related to black and grey production.It enables the exploration of network assets held by black and grey production gangs and their associated relationships,assisting analysts in formulating strategies to combat black and grey network assets.Experimental validation demonstrates the effectiveness and intuitiveness of the proposed method in analyzing and discovering black and grey production gangs and their network asset associations,providing essential technical support for monitoring the operations of the black and grey business network.
尚思佳;陈晓淇;林靖淞;林睫菲;李臻;刘延华
中国科学院信息工程研究所物联网信息安全技术北京市重点实验室 北京 100093||中国科学院大学网络空间安全学院 北京 100049福州大学计算机与大数据学院 福州 350108国网信通亿力科技有限责任公司 福州 350003
计算机与自动化
黑灰产网络资产子图挖掘关键链路可视分析
black and grey productionnetwork assetssubgraph miningcritical linkvisual analysis
《信息安全研究》 2024 (001)
48-54 / 7
国家自然科学基金项目(62072109,U1804263);福建省自然科学基金项目(2021J01625,2021J01616);福建省科技重大专项(科教联合)(2021HZ022007)
评论