Author(s)

Hongyan Yin¹, Xiaokang Ren^2*, Jinyu Liu³, Shuo Zhang², Wenkun Liu⁴

¹School of Information Engineering, University of Shenyang, Shenyang, China.
²Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang, China.
³Shenyang Institute of Computing Technology Co. Ltd., CAS, Chinese Academy of Sciences, Shenyang, China.
⁴Turpan Electric Power Supply Company, State Grid Xinjiang Electric Power Company Limited, Turpan, China.

The power monitoring system is the most important production management system in the power industry. As an important part of the power monitoring system, the user station that lacks grid binding will become an important target of network attacks. In order to perceive the network attack events on the user station side in time, a method combining real-time detection and active defense of random domain names on the user station side was proposed. Capsule network (CapsNet) combined with long short-term memory network (LSTM) was used to classify the domain names extracted from the traffic data. When a random domain name is detected, it sent instructions to routers and switched to update their security policies through the remote terminal protocol (Telnet), or shut down the service interfaces of routers and switched to block network attacks. The experimental results showed that the use of CapsNet combined with LSTM classification algorithm can achieve 99.16% accuracy and 98% recall rate in random domain name detection. Through the Telnet protocol, routers and switches can be linked to make active defense without interrupting services.

User Station, Random Domain Name Detection, Capsule Network, Active Defense, Long Short Term Memory

Yin, H. , Ren, X. , Liu, J. , Zhang, S. and Liu, W. (2023) User Station Security Protection Method Based on Random Domain Name Detection and Active Defense. Journal of Information Security, 14, 39-51. doi: 10.4236/jis.2023.141004.