信息安全研究第10卷第1期2024年1月JournalotinformationSecurityResearchVol.10No.1Jan.2024DOl:10.12379/j.issn.2096-1057.2024.01.08基于图挖掘的黑灰产运作模式可视分析尚思佳·2陈晓淇”林靖淞林睫菲李臻”刘延华31(中国科学院信息工程研究所物联网信息安全技术北京市重点实验室北京100093)2(中国科学院大学网络空间安全学院北京1000493(福州大学计算机与大数据学院福州4(国网信通亿力科技有限责任公司福州(ssj_jm@163.com)VisualAnalysisofOperationModeofBlackandGreyProductionBasedonGraphMiningShangSijial-2,ChenXiaoqi',LinJingsong",LinJiefei4,LiZhen',andLiuYanhua31(BeijingKeyLaboratoryofIOTInformationSecurityTechnology,InstituteofInformationEngineering,ChineseAcademyofSciences,Beijing100093)2(SchoolofCyberSecurity,UniversityofChineseAcademyofSciences,Beijing100049)3(CollegeofComputerandDataScience,FuzhouUniversity,Fuzhou350108)4(StateGridInfo-telecomGreatPowerScienceandTechnologyCo.,Ltd.,Fuzhou350003)AbstractToanalyzethenetworkassetscontrolledbyblackandgreyproductiongangsandtheirassociatedrelationshipsinthenetworkassetmappingdata,thispaperproposesagraphmining-basedvisualanalysismethodfortheblackandgreyproductionoperationmode.Firstly,itidentifiespotentialgangclueswithinthenetworkassetmappingdata.Secondly,itminesthenetworkassetsubgraphsheldbythesameblackandgreyproductiongangusingthesecluesandblackandgreyproductionbusinessrules,identifyingcoreassetsandkeylinkswithinthesesubgraphs.Finally,avisualanalysissystemisdevelopedbasedonthemarkedsubgraphs,featuringcoreassetsandkeylinksrelatedtoblackandgreyproduction.Itenablestheexplorationofnetworkassetsheldbyblackandgreyproductiongangsandtheirassociatedrelationships,assistinganalystsinformulatingstrategiestocombatblackandgreynetworkassets.Experimentalvalidationdemonstratestheeffectivenessandintuitivenessoftheproposedmethodinanalyzinganddiscoveringblackandgreyproductiongangsandtheirnetworkassetassociations,providingessentialtechnicalsupportformonitoringtheoperationsoftheblackandgreybusinessnetwork.Keywordsblackandgreyproduction;networkassets;subgraphmi...
