Background: On May 23-24, Tencent’s “Cloud + Future” Summit was held in Guangzhou with the theme of “Huanqi”. Leaders of government agencies at all levels in Guangdong Province, academic experts in the industry at home and abroad, partners and industry giants were present to discuss the new development of cloud computing and industry digitalization.
Tencent security platform department expert researcher Hu Yuhui, in the afternoon of the 24th security sub-forum, on cracking down on black industry and other business security, shared Tencent’s experience and results, and advocated joint prevention and control with industry partners, jointly promote the development of security field.
The following is the full text of Mr. Hu’s speech:
Good morning, everyone!
Hello everyone, I am Hu Yuhui from Tencent. I am very glad to share with you Tencent’s experience and ideas on business security. I hope we can exchange ideas and promote the development of this field together. In Tencent for nearly 9 years, I have been engaged in business security related work. Successively responsible for account security, anti-fraud and cloud business security related work.
In the process of Tencent’s business development, we found that in addition to DDOS, CC and other application security, there is another kind of security becoming more and more important. This kind of security problem is mainly caused by the imprecise product design and logic, and the black industry attacks these imprecise places to damage and profit. For example, we commonly hit the library, wool party, related to pornography, gambling, drugs/explosion, insurance fraud loan and so on. These are what we call business security issues.
With the development of mobile Internet, more and more people have access to the Internet, but at the same time, the competition has become more intense, which also happens to give the black industry more space and opportunities. In 2017, the number of people involved in black ash industry reached 1.5 million, resulting in direct losses of 100 billion yuan.
This is a recent case, Coca-Cola and Tencent video cooperation in an activity, by sweeping bottle caps to get video membership. By collecting bottle caps offline and writing special software to scan, exchange and sell them, hei made a profit of more than one million yuan in a week, with a profit of up to 600%.
Suffice it to say, where there is business there is business security, and whether you pay attention or not, it is there.
So, in the face of such rampant black production, how do we deal with it? The solution of the industry can be summed up in one word: ABS, A is AI, B is big data, S service is service.
The overall framework is shown in the figure:
First of all, data is the core, which mainly includes some environmental data, behavioral data, user production data, and external data. For example, browser environment information, device information, account information, and operation information in these environments, such as mouse track, keyboard press, etc. In addition, user generated information such as comments, reports, external intelligence information is also very important.
Based on these data, the computing platform and AI risk control engine are used to analyze and mine these data, find out the correlation between the data, and then make comprehensive risk control judgment.
In Tencent, we mine the correlation between different data such as account number, mobile phone number and fingerprint in the form of graph data relationship to form a large knowledge map for business use.
The service layer customizes specific policies and combines security solutions based on different industries and scenarios to provide services with a complete solution.
The system really helped us solve most of the problems in our use.
However, with the continuous upgrading of black production, we found that this program will face many challenges. Mainly for “lag”, and “passive defense” two aspects.
Let’s first look at the problem of “lag”. As mentioned above, the risk control model is based on data mining, which requires sufficient samples and feature latitude for the model to learn. As a result, when a new type of black product comes in, the model is initially difficult to identify, which can cause some malicious leaks.
Consider the question of “passive defense.” Because we can’t sense where the bad guys are going: when, with what means, and which businesses to attack, we don’t know when we have better ammunition and weapons.
How to solve these two problems?
Based on practical experience, we propose a better solution:
The most important part of the new approach is the addition of a “situational awareness” module. This is similar to the weather forecast of business security, through the data analysis of black production, mining the gang information behind black production, and then by tracking the movement of the gang, the perception of malicious trend. At the same time, this information is fed back to the risk control system and the business for defense and early warning. To solve the problem of lag and passive defense.
Let me share with you how we do situational awareness.
First, the core is data. In addition to environmental and behavioral data, we also introduced intelligence and public opinion data. Through some black production groups, user reports, dark net, forum crawling data, forming intelligence data. Form public opinion data according to hot topics analysis and news reports, and mark industry trends and hot trends.
Secondly, based on the above data and in combination with Tencent’s security data, through hand methods such as association diffusion, behavior analysis and hot spot analysis, the gangs behind are mined and marked, and groups of different nature are divided, such as fraud, wool party, tool gang and resource gang.
Then, the core nodes of these gangs are analyzed to perceive the trend of gangs.
Finally, based on the trend information, the blue Army conducts directional testing to find out the specific problems existing in the business and feedback them to the risk control system and the early warning information to the business.
In this way, through intelligence, data, and cooperation between the blue army, we can achieve sensible control of black production. Achieve a evil, the whole network control effect. And it can turn passivity into initiative, so that we can move with ease.
Share a practical example based on this system:
We found that account penalties increased, mainly because these accounts have abnormal behavior in reading, adding fans, pornography, gambling. Through analysis, it is found that these accounts are mainly from Vietnam and Myanmar in Southeast Asia. Since registration is the source of all malevolence, we focus our efforts here, hoping to control the malevolence by controlling the source.
Subsequently, through intelligence, we got the black product of the registration software tools, and then software characteristics analysis, combined with Tencent related team ability, dug out the registered gang. It was found that the gang, with Li and Wang as the core, registered, sold numbers and brushed orders through its four companies, with nearly 3,000 people in the upper and lower reaches.
After digging out the registered gang, considering the importance of mobile phone resources, we followed the trail and continued to dig out the card gang behind it. It was found that due to the non-standard operators in Southeast Asia, hei Hui bought pre-paid cards in large quantities from the local area, the price is less than 1 yuan, only to receive SMS, can be used for more than half a year.
Following this clue, we dug out other groups in the industry chain, such as agent IP and coding platform. So we dug up the whole chain. Then dig out the core gang analysis, found that registered gang and game gang, marketing brush quantity gang, card business gang and e-commerce wool party gang are interactive.
Based on these interactions, combined with the Intel from the undercover team. We have carried out prediction and prevention and control in advance for games, e-commerce and other platforms. This is a graph of our black industry warning index at the time. As a result, 66% went to games, 37% went to e-commerce, and 29% went to micro-marketing scenarios.
So how can we achieve this situational awareness? Thanks to Tencent’s rich data and product lines, and since 2005 we have faced various business security, so we have accumulated some experience here. At the same time, we have the most complete domestic mobile phone data, more than 1 billion monthly live, as well as 100 million overseas mobile phone data.
In terms of device fingerprint, it basically covers mobile and Web terminals, generating more than 2.5 billion data every day.
In terms of IP, the coverage of domestic C-end users is close to 100%.
At the same time, WE also thank our partners for their trust in us. We have cooperated with them in e-commerce, FMCG, travel, finance and other industries and achieved good results.
Safety is not a monopoly, but need to joint prevention and control, I hope we work together to fight against black production!
Tencent captcha service is available for a limited time free trial for users of growing enterprises. For details, you can follow the “Tencent Waterproof wall” public account:
That’s all for today. Thank you!