【打印本页】      【下载PDF全文】   View/Add Comment  Download reader   Close
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 6885次   下载 7185 本文二维码信息
码上扫一扫!
基于恶意代码传播日志的网络安全态势分析
王琴琴,周昊,严寒冰,梅瑞,韩志辉
分享到: 微信 更多
(中国科学院信息工程研究所第二研究室 北京 中国 100093;中国科学院大学网络空间安全学院 北京 中国 100049;国家计算机网络应急技术处理协调中心 北京 中国 100029;中国科学院信息工程研究所第二研究室 北京 中国 100093;国家计算机网络应急技术处理协调中心 北京 中国 100029)
摘要:
网络安全态势一直是网络安全从业人员的关注点。本文基于2018年10月至2019年3月的我国恶意代码的传播日志,利用恶意代码的静态特征、动态特征及其传播特征对网络态势进行分析。然后基于社区发现算法,对其中传播最广泛的Mirai家族程序构成的网络进行团伙发现,结果表明,社区发现算法能够将Mirai网络识别为多个社区,社区间的域名资源具有明显的差异性,社区内域名资源具有相似性。
关键词:  网络安全态势  恶意代码传播  Mirai  社区发现算法
DOI:10.19363/J.cnki.cn10-1380/tn.2019.09.02
Received:May 21, 2019Revised:August 13, 2019
基金项目:本课题得到国家自然科学基金重点项目(No.U1736218)和科技部重大专项(No.2018YFB0804704)资助。
Cyber Security Posture Analysis based on Spread Logs of Malware
WANG Qinqin,ZHOU Hao,YAN Hanbing,MEI Rui,HAN Zhihui
The 2nd Laboratory, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC), Beijing 100029, China;The 2nd Laboratory, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC), Beijing 100029, China
Abstract:
The cyber security posture has always been the focus of network security practitioners. This paper collects spread logs of malware in China from October 2018 to March 2019, and then analyzes cyber security posture from the static and dynamic characteristics of malicious files, as well as the propagation characteristics. Moreover, based on the community discovery algorithm, the paper makes a gang discovery on the network composed of the most widely spread Mirai family programs. The results show that the community discovery algorithm can identify the Mirai network as multiple communities. Domain names between communities have significant differences, and domain names within the same community have similarities.
Key words:  cyber security posture  spread logs of malware  Mirai  community discovery algorithm