一种基于突变流量的在野黑产应用采集方法

Underground Application Collection Method Based on Spiking Traffic Analysis

下载PDF

导出

摘要近年来,移动互联网的兴起使以诈骗、博彩和色情为主的网络黑产移动应用(APP)变得更加猖獗,亟待采取有效措施进行管控.目前,研究人员针对黑产应用的研究较少,其原因是由于执法部门持续对黑产应用的传统分发渠道进行打击,已有的通过基于搜索引擎和应用商店的采集方法效果不佳,缺乏大规模具有代表性的在野黑产应用数据集,已经成为开展深入研究的一大掣肘.为此,尝试解决在野黑产应用大规模采集的难题,为后续深入全面分析黑产应用及其生态提供数据支撑.提出了一种基于突变流量分析的黑产应用批量捕获方法,以黑产应用分发的关键途径为抓手,利用其具有的突变和伴随流量特点,批量快速发现正处于传播阶段的新兴在野黑产应用,为后续实时分析和追踪提供数据基础.在测试中,该方法成功获取了3439条应用下载链接和3303个不同的应用.捕获的移动应用中,不但有91.61%的样本被标记为恶意软件,更有98.14%的样本为首次采集发现的零天应用.上述结果证明了所提出的方法在黑产应用采集方面的有效性. In recent years,with the rise of the mobile Internet,underground mobile applications primarily involved in scams,gambling,and pornography have become more rampant,requiring effective control measures.Currently,there is a lack of research on underground applications by researchers.Due to the continuous crackdown by law enforcement agencies on traditional distribution channels for these applications,the existing collection methods based on search engines and app stores have proven to be ineffective.The lack of large-scale and representative datasets of real-world underground applications has become a major constraint for in-depth research.Therefore,this study aims to address the challenge of collection of large-scale real-world underground applications,providing data support for a comprehensive in-depth analysis of these applications and their ecosystem.A method is proposed to capture underground applications based on traffic analysis.By focusing on the key distribution channels of underground applications and leveraging their characteristics of mutation and accompanying traffic,underground applications can be discovered in the propagation stage.In the test,the proposed method successfully obtained 3439 application download links and 3303 distinct applications.Among these apps,91.61%of the samples were labeled as malware by antivirus engine,while 98.14%of the samples were zero-days.The results demonstrate the effectiveness of the proposed method in the collection of underground applications.

作者陈沛洪赓邬梦莹陈晋松段海新杨珉 CHEN Pei;HONG Geng;WU Meng-Ying;CHEN Jin-Song;DUAN Hai-Xin;YANG Min(School of Computer Science,Fudan University,Shanghai 201203,China;Institute for Network Sciences and Cyberspace,Tsinghua University,Beijing 100084,China;Zhongguancun Laboratory,Beijing 100081,China)

机构地区复旦大学计算机科学技术学院清华大学网络科学与网络空间研究院中关村实验室

出处《软件学报》 EI CSCD 北大核心 2024年第8期3684-3697,共14页 Journal of Software

基金国家自然科学基金(62302101)。

关键词网络黑产网络犯罪移动应用流量分析 underground ecosystem cybercrime mobile app traffic analysis

分类号 TP311 [自动化与计算机技术—计算机软件与理论]

引文网络
相关文献

参考文献1

1Yan-yan SONG,Ying LU.用于分类与预测的决策树分析（英文）[J].上海精神医学,2015,27(2):130-135. 被引量：37

二级参考文献30

1Hastie TJ, Tibshirani, R J, Friedman JH. The Elements of Statistical Learning: Data Mining, Inference and Prediction. Second Edition. Springer, 2009. ISBN 978-0-387-84857-0. 被引量：1
2Fallon B, Ma J, Allan K, Pillhofer M, Trocm~ N, Jud A. Opportunities for prevention and intervention with young children: lessons from the Canadian incidence study of reported child abuse and neglect. Child Adolesc Psychiatry Ment Health. 2013; 7:4. 被引量：1
3Patel N, Upadhyay S. Study of various decision tree pruning methods with their empirical comparison in WEKA. Int J Comp Appl; 60 (12): 20-25. 被引量：1
4Berry MJA, Linoff G. Mastering Data Mining: The Art and Science of Customer Relationship Management. New York: John Wiley & Sons, Inc., 1999. 被引量：1
5Hastie T, Tibshirani R, Friedman J. The Elements of Statistical Learning. Springer; 2001. pp: 269-272. 被引量：1
6Zibran MF. CHI-Squared Test of Independence. Department of Computer Science, University of Calgary, Alberta, Canada; 2012. 被引量：1
7Breiman L, Friedman JH, Olshen RA, Stone CJ. Classi)gcatT"on and Regression Trees. Belmont, California: Wadsworth, Inc.; 1984. 被引量：1
8O.uinlan RJ. C4.5: Programs .for Machine Learning. San Mateo, California: Morgan Kaufmann Publishers, Inc.; 1993. 被引量：1
9Kass, GV. An exploratory technique for investigating large quantities of categorical data. Appl star. 1980; 2.9:119-127. 被引量：1
10I Loh W, Shih Y. Split selection methods for classification treesI StatistT"ca Sinica. 1997; 7:815-840 I. 被引量：1

共引文献36

1宫文浩,兰天莹,莫清莲,杨燕,戴启刚,陈莎莎,唐子西,刘悠江,艾军.基于决策树和人工神经网络的小儿肺炎痰热闭肺证诊断模型研究[J].世界科学技术-中医药现代化,2020,22(7):2548-2555. 被引量：14
2李大伟,刘海英.关于石油工业软件工程化的思考[J].勘探家（石油与天然气）,2000,5(1):32-36. 被引量：7
3尚舒敏,陈家慰,胡锦帆,王志勇.基于Logistic回归的“拍照赚钱”APP定价方案设计[J].实验科学与技术,2019,17(1):6-11.
4Ching-Kan Lo,Hsing-Chung Chen,Pei-Yuan Lee,Ming-Chou Ku,Lidia Ogiela,Cheng-Hung Chuang.Smart Dynamic Resource Allocation Model for Patient-Driven Mobile Medical Information System Using C4.5 Algorithm[J].Journal of Electronic Science and Technology,2019,17(3):231-241.
5温赞扬.基于群智优化神经网络的音乐风格分类模型研究[J].现代电子技术,2019,42(21):82-85.
6周永称,崔忠芳,范少萍,安新颖.基于深度学习的生物医学文本分类研究[J].中华医学图书情报杂志,2019,28(11):1-10. 被引量：4
7张波,黄晓芳.基于TF-IDF的卷积神经网络新闻文本分类优化[J].西南科技大学学报,2020,35(1):64-69. 被引量：8
8刘子琦,郭炳晖,程臻,杨小博,殷子樵.基于熵值模糊层次分析法的科技战略评价[J].计算机科学,2020,47(S01):1-5. 被引量：13
9Michelle D.Guerrero,Leigh M.Vanderloo,Ryan E.Rhodes,Guy Faulkner,Sarah A.Moore,Mark S.Tremblay.Canadian children’s and youth’s adherence to the 24-h movement guidelines during the COVID-19 pandemic: A decision tree analysis[J].Journal of Sport and Health Science,2020,9(4):313-321. 被引量：5
10Zhao-Yang Wang,Bei-Hong Jin,Tingjian Ge,Tao-Feng Xue.Detecting Anomalous Bus-Driving Behaviors from Trajectories[J].Journal of Computer Science & Technology,2020,35(5):1047-1063.

1沈积慧.AI技术在都市类报纸记者新闻生产中的应用探索[J].中国传媒科技,2024(6):85-88. 被引量：1
2粥左罗.爆款文章怎么来[J].特别关注,2023(1):78-78.
3董淑薇.遏制短视频平台“新黄色新闻”泛滥对策研究[J].西部学刊,2024(14):59-62.
4刘凌,蒋震,李方盛,甘怡.5G+4K在电视购物上星频道的全媒体直播应用[J].电视工程,2023(4):51-53.
5牛天.2021年中国平台创作者数字化生存综述[J].中国新闻年鉴,2022(1):80-83.
6赵子坤.腾讯不肯再交“安卓税”了[J].财经天下,2024(13):40-45.
7赵子坤.腾讯不交“安卓税”[J].财经天下,2024(13):8-8.
8司君波,刘凯.技术赋能媒体内容风控管理的路径探析[J].全媒体探索,2024(7):123-124.
9张兆维,刘琳,刘慧,吴同,朱明蕾,潘甦.空间通信载波多普勒频偏捕获的两阶段稀疏算法[J].物联网学报,2024,8(2):36-45.
10满奕村,辜晓惠,林玲,童建江,冯强.两性健康互联网医院的建设探讨[J].中华男科学杂志,2024,30(5):463-468.

软件学报

2024年第8期

浏览历史

内容加载中请稍等...

一种基于突变流量的在野黑产应用采集方法

参考文献1

二级参考文献30

共引文献36

相关作者

相关机构

相关主题

浏览历史