###
计算机系统应用英文版:2023,32(3):316-321
本文二维码信息
码上扫一扫!
基于随机域名检测和主动防御的用户站安全防护
(1.中国科学院 沈阳计算技术研究所, 沈阳 110168;2.中国科学院大学, 北京 101408;3.哈尔滨工业大学 电气工程及自动化学院, 哈尔滨 150001)
Security Protection of User Station Based on Random Domain Name Detection and Active Defense
(1.Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang 110168 , China;2.University of Chinese Academy of Sciences, Beijing 101408, China;3.School of Electrical Engineering and Automation, Harbin Institute of Technology, Harbin 150001, China)
摘要
图/表
参考文献
相似文献
本文已被:浏览 516次   下载 1400
Received:July 29, 2022    Revised:September 07, 2022
中文摘要: 电力监控系统是电力行业最重要的生产管理系统. 作为电力监控系统的重要组成部分, 缺少电网约束力的用户站将会成为网络攻击的重要目标. 为及时感知用户站侧网络攻击事件, 提出了一种结合用户站侧随机域名实时检测和主动防御的方法. 使用胶囊网络(CapsNet)结合长短期记忆网络(LSTM)对流量数据中提取的域名进行二分类, 当检测到随机域名时, 通过远程终端协议(Telnet)对路由器和交换机下发指令更新其安全策略或关闭路由器和交换机的业务接口以阻断网络攻击. 实验结果表明, 使用CapsNet结合LSTM分类算法在随机域名检测中准确率达到99.16%, 召回率达到98%, 通过Telnet协议可以联动路由器和交换机在不中断业务的情况下做出主动防御.
Abstract:The power monitoring system is the most important production management system in the power industry. As an important part of the power monitoring system, the user station will become the main target of network attacks if it lacks grid binding. In order to perceive the network attack events on the subscriber station side in time, a method combining real-time detection and active defense of random domain names on the subscriber station side is proposed. A capsule network (CapsNet) combined with a long short-term memory (LSTM) network is used to classify the domain names extracted from the traffic data. When a random domain name is detected, instructions are sent to routers and switches to update their security policies or shut down the service interfaces of routers and switches to block network attacks through the remote terminal protocol (Telnet). The experimental results show that the use of the CapsNet combined with the LSTM classification algorithm can achieve an accuracy of 99.16% and a recall of 98% in random domain name detection. Through the Telnet, routers and switches can be linked to make active defense without interrupting services.
文章编号:     中图分类号:    文献标志码:
基金项目:
引用文本:
任小康,向勇,李中伟,常星,常昱.基于随机域名检测和主动防御的用户站安全防护.计算机系统应用,2023,32(3):316-321
REN Xiao-Kang,XIANG Yong,LI Zhong-Wei,CHANG Xing,CHANG Yu.Security Protection of User Station Based on Random Domain Name Detection and Active Defense.COMPUTER SYSTEMS APPLICATIONS,2023,32(3):316-321