| 摘要: |
| 随着网络技术的不断发展,在巨额利益的驱动下,黑灰产活动日益泛滥,黑灰产从业者利用互联网社交媒体和地下论坛进行业务推广,如何挖掘更多的黑灰产威胁情报信息成为监管者打破网络空间治理攻防僵局、推动网络空间有效治理的关键一环。然而,现有研究通过开发爬虫工具或利用开源数据进行被动式的数据分析,难以获取全面、准确、实时的威胁情报信息。为此,本文提出一种基于目标识别与主题引导对话的主动式黑灰产威胁情报挖掘方法,能够从社交媒体群聊中自动识别黑灰产人员,并采用主动引导对话的方式与其一对一交流,挖掘威胁情报信息。首先,根据黑灰产人员在群聊中的发言文本进行分类,实现人员目标识别,同时,为使模型能有效理解黑灰产行话,微调黑灰产领域词向量进行文本语义表征;其次,构建对话系统与黑灰产人员主动对话,对话过程中通过识别其话语的意图,引入基于规则匹配、场景记忆和深度学习三种策略自动化构建问答内容,引导黑灰产人员暴露情报信息。实验结果表明,本文提出的方法人员目标识别准确率达到98.78%,对话意图识别的准确率达到90.80%,并在真实场景下验证了方法的有效性。 |
| 关键词: 地下产业 威胁情报 人员识别 主题引导对话 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2025.05.03 |
| 投稿时间:2023-06-05修订日期:2023-10-09 |
| 基金项目:本课题得到国家重点研发项目(No. 2021YFB3100500), 四川省科技厅重点研发项目(No. 2023YFG0162)资助。 |
|
| Threat Intelligence Mining Based on Target Recognition and Topic-Guided Dialogue in Underground Markets |
| LUO Shuangchun,HUANG Cheng,SUN Enbo |
| School of Cyber Science and Engineering, Sichuan University, Chengdu 610207, China;The 30th Research Institute of China Electronics Technology Group Corporation, Chengdu 610093, China |
| Abstract: |
| With network technology's continuous development, driven by substantial profits, underground market activities are becoming increasingly widespread, and the practitioners in this clandestine realm employ various Internet platforms, including social media and underground forums, to promote their illicit ventures. Consequently, unearthing a plethora of underground-market threat intelligence has emerged as a crucial imperative for regulatory bodies to break the deadlock between cyberattacks and cybersecurity within cyberspace governance, ultimately promoting more effective cyber governance practices. However, the existing research uses crawler tools or open source data through passive collection, making obtaining comprehensive, accurate, real-time threat intelligence information difficult. To this end, we propose an active underground-market threat intelligence mining method based on target identification and topic-guided dialog, which can automatically identify underground market personnel from social media group chats and communicate with them one-on-one in an active-guided dialog to mine threat intelligence information. Firstly, classify the text according to the speeches of the underground market personnel in the group chat to realize the personnel target identification, and at the same time, in order to make the model understand the underground market jargon effectively, fine-tune the underground market domain word vector for text semantic characterization; Secondly, construct a dialogue system to have an active dialogue with the underground market personnel, and in the course of the dialogue, by identifying the intent of their words, introduce three strategies based on rule matching, scene memory, and deep learning automatically construct the Q&A content to guide the underground market producers to expose much more intelligence information that concerned by the regulators. The experimental results unequivocally demonstrate the effectiveness of this method. The accuracy rate of personnel target recognition attains an impressive 98.78%, while the accuracy rate of dialogue intent recognition stands at 90.80%. The real-world deployment of the underground-market target recognition module and the intelligent dialogue module further substantiates the method’s efficacy when applied in practical scenarios. |
| Key words: underground market threat intelligence personnel identification topic-guided dialogue |
