实验科学与技术2024,Vol.22Issue(3):15-21,7.DOI:10.12179/1672-4550.20230414
基于深度流量分析的挖矿行为检测与实践
Detection and Practice of Cryptomining Behavior Based on Deep Packet Inspection
摘要
Abstract
To strengthen the network protection,clean up the mining Trojan virus,and effectively control the cryptomining behavior of the campus network,a detection and blocking model of mining behavior is proposed.The model adopts the signature-based deep packet inspection technology,which is combined with dynamic threat intelligence,establishes a state machine model of mining protocols,conducts in-depth packet analysis,identifies mining protocols,and realizes the detection,identification and blocking of mining traffic at the campus network egress.Practice has proved that the model can detect the cryptomining-related traffic in real time,dynamically intercept the communication traffic between the victim miner and the mining pool,and locate the infected host in real time,which effectively curbs the malicious cryptomining behavior of the campus network.关键词
加密货币挖矿检测/挖矿木马/深度包检测/协议识别/网络流量监测Key words
cryptomining detection/mining trojans/deep packet inspection/protocol identification/network flow inspection分类
信息技术与安全科学引用本文复制引用
刘仁婷,郑雅洪,张映敏,侯孟书,孙朝晖..基于深度流量分析的挖矿行为检测与实践[J].实验科学与技术,2024,22(3):15-21,7.基金项目
四川省重大科技专项课题(2019YFG0399). (2019YFG0399)
