A low-cost method for mining threat actor in anonymous communication groups
The deep and dark web,due to its high anonymity,easy accessibility,and convenient transac-tions,has fostered a large number of illegal activities,including promoting online gambling and selling drugs.The development of online social interactions has led to the formation of groups on the encrypted instant mes-saging app Telegram,which act as gathering places for the promotion of cybercriminal activities and the ex-change of resources and tools.Many criminals are exploiting Telegram's anonymity feature to conduct busi-ness in groups with unrestricted content,short messages,and difficult-to-understand text,thereby evading regulation and posing a serious threat to national social stability and cybersecurity.Analyzing a substantial vol-ume of low-information content within groups has the potential to reveal numerous hidden threat actors,thereby providing regulatory,governance,and enforcement agencies with a wealth of valuable leads.This pa-per proposes a low-cost method for mining threat actors in anonymous communication groups,which adjusts the importance of network public hazard terminologies in the text to optimize the quality of content analysis.By the integration of large language models,this method conducts unsupervised and high-quality dynamic temporal topic extraction and visualized statistical analysis of group content.The experimental results demon-strate that the proposed method significantly reduces the cost of manual annotation,improves the quantity and quality of threat actor mining,and enhances understanding of the network public hazard ecosystem,and there-fore has practical implications when compared to traditional classification methods.
Network public hazardText miningTelegram groupsTopic modeling
国家科技期刊平台
NSTL
万方数据
