| 引用本文: |
-
罗双春,黄诚,孙恩博.基于目标识别与主题引导对话的黑灰产威胁情报挖掘[J].信息安全学报,已采用 [点击复制]
- Luo Shuang Chun,Huang Chen,Sun En Bo.Threat Intelligence Mining Based on Target Recognition and Topic-Guided Dialogue in Underground Markets[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着网络技术的不断发展,在巨额利益的驱动下,黑灰产活动日益泛滥,黑灰产从业者利用互联网社交媒体和地下论坛进行业务推广,如何挖掘更多的黑灰产威胁情报信息成为监管者打破网络空间治理攻防僵局、推动网络空间有效治理的关键一环。然而,现有研究通过被动采集网络数据进行分析,难以获取全面、准确、实时的威胁情报信息。为此,本文提出一种基于目标识别与主题引导对话的主动式黑灰产威胁情报挖掘方法,能够从社交媒体群聊中自动识别黑灰产人员,并采用主动引导对话的方式与其一对一交流,挖掘威胁情报信息。首先,根据黑灰产人员在群聊中的发言文本进行分类,实现人员目标识别,同时,为使模型能有效理解黑灰产行话,微调黑灰产领域词向量进行文本语义表征;其次,构建对话系统与黑灰产人员主动对话,对话过程中通过识别其话语的意图,采用基于规则匹配、场景记忆、深度学习三种策略选择自定义话术模板进行回复提问,引导黑灰产人员暴露情报信息。实验结果表明,本文提出的方法人员目标识别准确率达到98.78%,对话意图识别的准确率达到97.10%,证明了方法的有效性。 |
| 关键词: 地下产业 威胁情报 人员识别 主题引导对话 |
| DOI: |
| 投稿时间:2023-06-05修订日期:2023-10-09 |
| 基金项目:国家重点基础研究发展计划(973计划) |
|
| Threat Intelligence Mining Based on Target Recognition and Topic-Guided Dialogue in Underground Markets |
|
Luo Shuang Chun1, Huang Chen1, Sun En Bo2
|
| (1.Sichuan University;2.The 30th Research Institute of China Electronics Technology Group Corporation) |
| Abstract: |
| With the continuous development of network technology and the driving force of immense profits, underground market cybercriminal activities have proliferated. Underground market practitioners exploit internet social media and under-ground forums for business promotion. How to extract more cybercrime threat intelligence has become a crucial factor for regulators to break the stalemate in cyberspace governance and promote effective cyberspace management. However, existing research that relies on passive collection and analysis of network data struggles to obtain comprehensive, accu-rate, and real-time threat intelligence information. To address this issue, the paper proposes an active threat intelligence mining method for cybercrime based on target recognition and topic-guided dialogue. This method can automatically identify the type of the underground market personnel from social media group chats and engage in one-on-one conver-sations with them through active guided dialogue to collect threat intelligence information. Firstly, the method categorizes the textual statements of underground market personnel in group chats to achieve target recognition. Additionally, a do-main-specific word embedding model is fine-tuned to enhance the model's understanding of underground market jargon for semantic representation of the text. Secondly, a dialogue system is constructed to interact with them. During the dia-logue, our system identifies the intentions behind their speech and utilizes three strategies: rule-based matching, contextual memory, and deep learning, to select customized conversation templates for responding and prompting them to expose more potential intelligence information. Experimental results demonstrate that the proposed method achieves an accura-cy rate of 98.78% in target recognition and 97.10% in dialogue intention recognition, validating the effectiveness of the approach. |
| Key words: underground market threat intelligence personnel identification topic-guided dialogue |
