Research into Mining New Types of Cybercriminal Tricks and Management Countermeasures

doi:10.12005/orms.2024.0321

Abstract

Abstract: New types of cybercrimes are more novel, sophisticated and professional, and have been growing in recent years. Research into mining and analyzing new types of cybercrimes, and countermeasures will help public security organizations actively prevent cybercrimes and implement precise strikes. However, this type of research is rare both at home and abroad.
To tackle the challenges of analyzing new cybercriminal tricks, we need to address five main tasks: 1)establish a research framework, as one is lack of mining these tricks in open-source intelligence data; 2)accurately classify cybercriminal tricks, as they evolve and complicate classification; 3)accurately extract representative cybercrime keywords, as traditional unsupervised keyword recognition model has low accuracy and is difficult to meet the business requirements for keyword extraction of cybercriminal tricks, meanwhile supervised learning models have the problem with sample imbalance; 4)accurately identify hot words, as we need to pay more attention to the hot words of cybercrime tactics with prominent changes, while the traditional hot word identification method based on word frequency statistics has poor results; 5)summarize new cybercriminal tricks, as new types of cybercriminal tricks are changing rapidly, which are difficult to directly define with classification categories, and need to be accurately expressed for management countermeasures.
In this paper, we propose a framework to mine new types of cybercriminal tricks by adopting an interdisciplinary method. We refer to the cybercriminal tricks published on the website of the Ministry of Public Security and defines the common cybercriminal tricks as a two-level classification system. For new cybercriminal tricks which are not covered by existing categories, we use keyword recognition technology to detect representative keywords and manually confirm whether these keywords are sufficient to represent the cybercriminal tricks. Based on the existing research process of hot word recognition, in this paper we propose a new type of cybercriminal trick extraction method based on the classification of cybercrime related content and the recognition of cybercrime keywords.
To provide a high accuracy of the cybercrime classification model and keyword extraction model, we innovatively design the BERT-JTFL joint training model. This model enables the cybercriminal trick classification model and cybercrime keyword extraction model to share knowledge and promote each other. To deal with the sample imbalance issue, we propose multiclass Focal Loss to balance weight of samples in keyword extraction loss.
To mine cybercrime hot words, we propose a hot word recognition model as follows: the model first relies on the classification of textual cybercrime techniques to filter the texts in the field of cybercrime; next, it identifies keywords for each text, ensuring the text is representative of cybercrime activity; finally, it calculates keyword popularity over time using a historical weighted average and applies Bayesian smoothing to determine the results for cybercrime hot words.
The new cybercriminal tricks usually did not appear in the past, and in this paper we propose a new cybercriminal trick mining model based on the hot words of cybercrime, which screens the new words in the hot words, and identifies and mines representative combinations of related keywords in sliding window as a new type of cybercriminal trick.
These models are trained based on preprocessed Internet public police notices and Weibo data in 2019 and 2020. The research results show that: 1)The BERT-JTFL joint training model designed in this paper outperforms the BERT and RoBERTa models in both text classification tasks and keyword recognition tasks. 2)The novel hot word model is able to pay attention to the recent changes in keywords with smooth processing, effectively captures hot cybercriminals with P@10 up to 83.3%. 3)The extraction results of new keywords and related keywords can effectively capture and identify new cybercriminal tricks and summarize their characteristics.
To achieve the goal of proactive prevention of cybercrimes, precisely predict and fight new types of cybercrimes, and fully utilize the open-source intelligence information on the existing Internet, we also propose how to prevent and fight cybercrimes from the perspective of management.

Key words: new cybercriminal tricks, BERT-JTFL, joint training, cybercrime management countermeasures, content classification, keyword, hot word

摘要： 近年来,新型网络犯罪数量持续增长,手法新颖精细,形势严峻复杂,而新型网络犯罪手法挖掘及管理方法目前在国内外还少有研究。在此形势下,针对新型网络犯罪手法难以挖掘分析的挑战,本文采用交叉学科方法,搭建新型网络犯罪手法挖掘框架,创新设计BERT-JTFL联合训练模型,使得网络犯罪手法分类与关键词识别任务分享知识并互相促进。本文进而创新设计网络犯罪热词识别模型,从开源情报数据中挖掘新型网络犯罪手法,并就挖掘结果进行管理对策分析和建议。研究结果表明:①本文所设计BERT-JTFL联合训练模型在文本分类任务和关键词识别任务均优于BERT和RoBERTa等已知模型;②本文设计的热词识别模型支持关注关键词近期异动并进行平滑处理,能有效捕捉热点网络犯罪手法,P@10达83.3%;③新词和关联关键词提取结果能概括表达新型网络犯罪手法,指出其发展迅速、手法多变的特点。基于研究结果,本文针对性的提出了管理对策建议工作。

关键词: 新型网络犯罪, BERT-JTFL, 联合训练, 网络犯罪管理, 文本分类, 关键词, 热词

CLC Number:

C931.6

NI Peifeng, SHI Jiangfeng. Research into Mining New Types of Cybercriminal Tricks and Management Countermeasures[J]. Operations Research and Management Science, 2024, 33(10): 65-72.

倪培峰, 石江枫. 新型网络犯罪手法挖掘研究与管理对策[J]. 运筹与管理, 2024, 33(10): 65-72.

References

[1] 王智.网络犯罪的新特点及预防对策研究[D].北京:中央民族大学,2020:17-20.
[2] 马忠红.以电信诈骗为代表的新型网络犯罪侦查难点及对策研究—基于W省的调研情况[J].中国人民公安大学学报(社会科学版),2018,34(3):78-86.
[3] 白云,李白杨,王施运.面向新型跨境网络有组织犯罪的开源情报获取与利用方法[J].信息资源管理学报,2022,12(2):65-75.
[4] 黄燕玲.香港电信网络新型违法犯罪现状及趋势分析[J].法制与社会,2021(18):127-128.
[5] 庄华.电信网络诈骗犯罪的大数据预警[J].中国刑警学院学报,2022(1):5-13.
[6] 孔欣怡.疫情下电信网络诈骗新动向与防控对策研究[J].网络安全技术与应用,2022(5):156-157.
[7] BOJANOWSKI P, GRAVE E, JOULIN A, et al. Enriching word vectors with subword information[J]. Transactions of the Association for Computational Linguistics, 2017(5): 135-146.
[8] ZHANG T, YOU F. Research on short text classification based on textcnn[J]. Journal of Physics: Conference Series, 2021, 1757(1): 012092.
[9] JANG B, KIM M, HARERIMANA G, et al. Bi-LSTM model to increase accuracy in text classification: Combining word2vec CNN and attention mechanism[J]. Applied Sciences, 2020, 10(17): 5841.
[10] DEVLIN J, CHANG M W, LEE K, et al. Bert: Pre-training of deep bidirectional transformers for language understanding[J]. arXiv Preprint, 2018, arXiv:1810.04805.
[11] 汤英杰,刘媛华.基于预训练模型融合深层特征词向量的中文文本分类[J].上海理工大学学报,2023(2):189-197.
[12] LIU Y, OTT M, GOYAL N, et al. Roberta: A robustly optimized bert pretraining approach[J]. arXiv Preprint, 2019, arXiv:1907.11692.
[13] ZHANG W, YOSHIDA T, TANG X. A comparative study of tf*idf, lsi and multi-words for text classification[J]. Expert Systems with Applications, 2011, 38(3): 2758-2765.
[14] MIHALCEA R, TARAU P. Textrank: Bringing order into text[C]//LIN D, WU D. Proceedings of the 2004 Conference on Empirical Methods in Natural Language Processing. Barcelona, Spain: Association for Computational Linguistics, 2004: 404-411.
[15] 何传鹏,尹玲,黄勃,等.基于BERT和LightGBM的文本关键词提取方法[J].电子科技,2023(3):7-13.
[16] 郭冲.基于新闻标题的网络热词发现算法[J].计算机与现代化,2013(3):58-62+66.
[17] 郝晓玲,茅嘉惠,于秀艳.微博热词抽取及话题发现研究[J].情报杂志,2015,34(6):109-113+157.
[18] 段青玲,张璐,刘怡然,等.基于农业网络信息分类的热词自动提取方法[J].农业机械学报,2018,49(7):160-167.
[19] 李渝勤,孙丽华.面向互联网舆情的热词分析技术[J].中文信息学报,2011,25(1):48-53+59.
[20] 张天凡,王彪,袁琪,等.犯罪复杂网络:诈骗案件中的犯罪模式挖掘[J].警察技术,2022(2):22-25.
[21] 人民公安报.公安机关公布48种常见电信诈骗手法[Z/OL].( 2016-02-25)[2022-06-20]. https://www.mps.gov.cn/n2255079/n4876594/n4993396/n4993399/c5149008/content.html.