首页 | 本学科首页   官方微博 | 高级检索  
     

一种基于突变流量的在野黑产应用采集方法
引用本文:陈沛,洪赓,邬梦莹,陈晋松,段海新,杨珉. 一种基于突变流量的在野黑产应用采集方法[J]. 软件学报, 2024, 35(8)
作者姓名:陈沛  洪赓  邬梦莹  陈晋松  段海新  杨珉
作者单位:复旦大学 计算机科学技术学院, 上海 201203;清华大学 网络科学与网络空间研究院, 北京 100084;中关村实验室, 北京 100081
基金项目:国家自然科学基金(62302101)
摘    要:随着经济社会的快速发展,互联网黑色产业(也称互联网地下产业,以下简称网络黑产)对人民群众的生产生活带来的影响也在快速扩大.近年来,移动互联网的兴起使以诈骗、博彩和色情为主的网络黑产移动应用(APP)变得更加猖獗,亟待采取有效措施进行管控.目前研究人员针对黑产应用的研究较少,其原因是由于执法部门持续对传统黑产应用分发渠道的打击,已有的通过基于搜索引擎和应用商店的采集方法的效果不佳,缺乏大规模具有代表性的在野黑产应用数据集已经成为开展深入研究的一大掣肘.为此,本文尝试解决在野黑产应用大规模采集的难题,为后续深入全面分析黑产应用及其生态提供数据支撑.本文提出了一种基于突变流量分析的黑产应用批量捕获方法,以黑产应用分发的关键途径为抓手,利用其具有的突变和伴随流量特点,批量快速发现正处于传播阶段的新兴在野黑产应用,为后续实时分析和追踪提供数据基础.在测试中,本方法成功获取了3,439条应用下载链接和3,303个不同的应用.捕获的移动应用中,不但有91.61%的样本被标记为恶意软件,更有98.14%的样本为首次采集发现的零天应用.上述结果证明了本文提出的方法在黑产应用采集方面的有效性.

关 键 词:互联网地下产业  网络黑产  移动应用  流量分析
收稿时间:2023-09-11
修稿时间:2023-10-30

An underground industry application collection method based on flow analysis
CHEN Pei,HONG Geng,WU Meng-Ying,CHEN Jin-Song,DUAN Hai-Xin,YANG Min. An underground industry application collection method based on flow analysis[J]. Journal of Software, 2024, 35(8)
Authors:CHEN Pei  HONG Geng  WU Meng-Ying  CHEN Jin-Song  DUAN Hai-Xin  YANG Min
Affiliation:School of Computer Science, Fudan University, Shanghai 201203, China;Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China;Zhongguancun Lab, Beijing 100081, China
Abstract:In recent years, with the rise of the mobile Internet, underground mobile applications primarily involved in scams, gambling, and pornography have become more rampant, requiring effective control measures. Currently, there is a lack of research on underground applications by researchers. Due to the continuous crackdown by law enforcement agencies on traditional distribution channels for these applications, the existing collection methods based on search engines and app stores have proven to be ineffective. The lack of large-scale and representative datasets of real-world underground applications has become a major constraint for in-depth research. Therefore, our paper aims to address the challenge of collection of large-scale real-world underground applications, providing data support for a comprehensive in-depth analysis of these applications and their ecosystem. We propose a method to capture underground applications based on traffic analysis. By focusing on the key distribution channels of underground applications and leveraging their characteristics of mutation and accompanying traffic, we can discover in-the-wild underground applications in the propagation stage. In the test, this method successfully obtained 3,439 application download links and 3,303 distinct applications. Among the apps, 91.61% of the samples were labeled as malware by antivirus engine, while 98.14% of the samples were zero-days. The results demonstrate the effectiveness of our proposed method in the collection of underground applications.
Keywords:underground ecosystem  underground app market  mobile apps  traffic analysis
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号