摘要
网络安全态势一直是网络安全从业人员的关注点。本文基于2018年10月至2019年3月的我国恶意代码的传播日志,利用恶意代码的静态特征、动态特征及其传播特征对网络态势进行分析。然后基于社区发现算法,对其中传播最广泛的Mirai家族程序构成的网络进行团伙发现,结果表明,社区发现算法能够将Mirai网络识别为多个社区,社区间的域名资源具有明显的差异性,社区内域名资源具有相似性。
The cyber security posture has always been the focus of network security practitioners. This paper collects spread logs of malware in China from October 2018 to March 2019, and then analyzes cyber security posture from the static and dynamic characteristics of malicious files, as well as the propagation characteristics. Moreover, based on the community discovery algorithm, the paper makes a gang discovery on the network composed of the most widely spread Mirai family programs. The results show that the community discovery algorithm can identify the Mirai network as multiple communities. Domain names between communities have significant differences, and domain names within the same community have similarities.
作者
王琴琴
周昊
严寒冰
梅瑞
韩志辉
WANG Qinqin;ZHOU Hao;YAN Hanbing;MEI Rui;HAN Zhihui(The 2nd Laboratory,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC),Beijing 100029,China)
出处
《信息安全学报》
CSCD
2019年第5期14-24,共11页
Journal of Cyber Security
基金
国家自然科学基金重点项目(No.U1736218)
科技部重大专项(No.2018YFB0804704)资助
