User Station Security Protection Method Based on Random Domain Name Detection and Active Defense ()
Affiliation(s)
1School of Information Engineering, University of Shenyang, Shenyang, China.
2Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang, China.
3Shenyang Institute of Computing Technology Co. Ltd., CAS, Chinese Academy of Sciences, Shenyang, China.
4Turpan Electric Power Supply Company, State Grid Xinjiang Electric Power Company Limited, Turpan, China.
ABSTRACT
The
power monitoring system is the most important production management system in
the power industry. As an important part of the power monitoring system, the
user station that lacks grid binding will become an important target of network
attacks. In order to perceive the network attack events on the user station
side in time, a method combining real-time detection and active defense of
random domain names on the user station side was proposed. Capsule network (CapsNet)
combined with long short-term memory network (LSTM) was used to classify the
domain names extracted from the traffic data. When a random domain name is
detected, it sent instructions to routers and switched to update their security
policies through the remote terminal protocol (Telnet), or shut down the service interfaces of routers and
switched to block network attacks. The experimental results showed that the use of CapsNet
combined with LSTM classification algorithm can achieve 99.16% accuracy and 98%
recall rate in random domain name detection. Through the Telnet protocol,
routers and switches can be linked to make active defense without interrupting
services.
Share and Cite:
Yin, H. , Ren, X. , Liu, J. , Zhang, S. and Liu, W. (2023) User Station Security Protection Method Based on Random Domain Name Detection and Active Defense.
Journal of Information Security,
14, 39-51. doi:
10.4236/jis.2023.141004.
Cited by
No relevant information.