摘要: |
网络安全态势一直是网络安全从业人员的关注点。本文基于2018年10月至2019年3月的我国恶意代码的传播日志,利用恶意代码的静态特征、动态特征及其传播特征对网络态势进行分析。然后基于社区发现算法,对其中传播最广泛的Mirai家族程序构成的网络进行团伙发现,结果表明,社区发现算法能够将Mirai网络识别为多个社区,社区间的域名资源具有明显的差异性,社区内域名资源具有相似性。 |
关键词: 网络安全态势 恶意代码传播 Mirai 社区发现算法 |
DOI:10.19363/J.cnki.cn10-1380/tn.2019.09.02 |
Received:May 21, 2019Revised:August 13, 2019 |
基金项目:本课题得到国家自然科学基金重点项目(No.U1736218)和科技部重大专项(No.2018YFB0804704)资助。 |
|
Cyber Security Posture Analysis based on Spread Logs of Malware |
WANG Qinqin,ZHOU Hao,YAN Hanbing,MEI Rui,HAN Zhihui |
The 2nd Laboratory, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC), Beijing 100029, China;The 2nd Laboratory, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC), Beijing 100029, China |
Abstract: |
The cyber security posture has always been the focus of network security practitioners. This paper collects spread logs of malware in China from October 2018 to March 2019, and then analyzes cyber security posture from the static and dynamic characteristics of malicious files, as well as the propagation characteristics. Moreover, based on the community discovery algorithm, the paper makes a gang discovery on the network composed of the most widely spread Mirai family programs. The results show that the community discovery algorithm can identify the Mirai network as multiple communities. Domain names between communities have significant differences, and domain names within the same community have similarities. |
Key words: cyber security posture spread logs of malware Mirai community discovery algorithm |