摘要
深暗网因其强隐匿性、接入简便性和交易便捷性,滋生了大量非法活动,如推广网络博彩、贩卖毒品等.随着网络社交方式的更新,加密即时通信工具Telegram中的群组成为不法分子推广黑灰产、买卖资源和工具的聚集地,大量不法分子利用Telegram的匿名功能在对内容无限制、消息短、文字难理解的群组中推动业务而逃避监管,严重威胁国家社会稳定和网络安全.如果能够基于对群组中大量低信息量内容的分析,挖掘大批量潜在威胁人物,将为监管、治理和打击部门提供更多有价值的线索.本文提出一种低开销的匿名通信群组威胁人物挖掘方法,通过调整文本中网络公害流行术语的重要程度优化内容分析质量,融合大语言模型的强大知识储备和生成能力,对群组内容进行无监督的高质量动态时序主题提取与可视化统计分析.实验结果表明,与传统分类做法相比,本文方法大大降低了人工标注成本,提升了威胁人物挖掘的数量和质量,加深了对网络公害生态的理解,具有现实意义.
The deep and dark web,due to its high anonymity,easy accessibility,and convenient transactions,has fostered a large number of illegal activities,including promoting online gambling and selling drugs.The development of online social interactions has led to the formation of groups on the encrypted instant messaging app Telegram,which act as gathering places for the promotion of cybercriminal activities and the exchange of resources and tools.Many criminals are exploiting Telegram's anonymity feature to conduct business in groups with unrestricted content,short messages,and difficult-to-understand text,thereby evading regulation and posing a serious threat to national social stability and cybersecurity.Analyzing a substantial volume of low-information content within groups has the potential to reveal numerous hidden threat actors,thereby providing regulatory,governance,and enforcement agencies with a wealth of valuable leads.This paper proposes a low-cost method for mining threat actors in anonymous communication groups,which adjusts the importance of network public hazard terminologies in the text to optimize the quality of content analysis.By the integration of large language models,this method conducts unsupervised and high-quality dynamic temporal topic extraction and visualized statistical analysis of group content.The experimental results demonstrate that the proposed method significantly reduces the cost of manual annotation,improves the quantity and quality of threat actor mining,and enhances understanding of the network public hazard ecosystem,and therefore has practical implications when compared to traditional classification methods.
作者
霍艺璇
赵佳鹏
时金桥
齐敏
孙岩炜
王学宾
杨燕燕
HUO Yi-Xuan;ZHAO Jia-Peng;SHI Jin-Qiao;QI Min;SUN Yan-Wei;WANG Xue-Bin;YANG Yan-Yan(School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Information Network Security,People’s Public Security University of China,Beijing 100038,China)
出处
《四川大学学报(自然科学版)》
CAS
CSCD
北大核心
2024年第4期37-46,共10页
Journal of Sichuan University(Natural Science Edition)
基金
国家重点研发计划“网络空间安全治理”专项(2023YFB3106600)。
