

Constructing and Visualizing Cyber Asset Graphs of Cybercrime Gangs

  • 摘要: 黑灰产团伙的网络化运作严重破坏着网络生态和社会治安. 查封黑灰产团伙掌握的核心资产, 如重要IP地址和安全证书, 是目前打击黑灰产的主要手段之一. 文章提出了一个黑灰产网络资产图谱构建方法, 从多源异构数据中广泛获取黑灰产网络资产信息及关联关系, 并整合到点边双异质有向图; 提出了一组黑灰产网络资产图可视化方法, 基于资产图拓扑特性改进了经典力导引布局算法和社区检测算法, 帮助用户观察和理解资产间复杂关联, 并快速识别核心资产及其影响范围; 公布了一个大规模黑灰产网络资产图谱数据集, 梳理了数据集可支持的黑灰产治理需求, 展望了图谱分析面临的技术挑战, 旨在推动面向黑灰产治理的大数据分析技术的发展和创新.


    Abstract: The internet ecosystem is being severely disrupted by cybercrime gangs, such as online gambling and online drug trafficking. Deactivating and banning core cyber assets of cybercrime gangs are widely-used manners to fight against cybercrimes. In this paper, we propose a cyber asset graph construction method for mining and integrating the information of and associations between cyber assets of cybercrime gangs from heterogeneous online data sources. We also propose a set of visualization methods, including graph layout methods, core asset identification methods and community detection methods that present cyber asset graphs for asset association analysis, core asset and its sphere of influence identification. Furthermore, a large-scale cyber asset graph dataset is released to the public, aiming to promote the development and innovation of advanced data analysis technologies for cybercrime fighting.


