|国家科技期刊平台
首页|期刊导航|实验科学与技术|基于深度流量分析的挖矿行为检测与实践

基于深度流量分析的挖矿行为检测与实践OA

Detection and Practice of Cryptomining Behavior Based on Deep Packet Inspection

中文摘要英文摘要

为密织防范网络,清理挖矿木马病毒,有效治理校园网虚拟货币挖矿行为,提出了一种校园网恶意挖矿行为的检测与阻断模型.该模型采用基于签名的深度包检测技术,结合动态威胁情报,建立了挖矿协议的状态机模型,对报文进行深度包分析,以识别挖矿协议,在校园网出口实现挖矿流量的检测、识别与阻断.实践证明,该模型能够实时检测出虚拟货币相关流量,动态拦截受害矿机与矿池的通信流量,并实时定位受感染主机,有效地遏制校园网的恶意挖矿行为.

To strengthen the network protection,clean up the mining Trojan virus,and effectively control the cryptomining behavior of the campus network,a detection and blocking model of mining behavior is proposed.The model adopts the signature-based deep packet inspection technology,which is combined with dynamic threat intelligence,establishes a state machine model of mining protocols,conducts in-depth packet analysis,identifies mining protocols,and realizes the detection,identification and blocking of mining traffic at the campus network egress.Practice has proved that the model can detect the cryptomining-related traffic in real time,dynamically intercept the communication traffic between the victim miner and the mining pool,and locate the infected host in real time,which effectively curbs the malicious cryptomining behavior of the campus network.

刘仁婷;郑雅洪;张映敏;侯孟书;孙朝晖

电子科技大学信息中心 成都 611730电子科技大学计算机科学与工程学院 成都 611730北京派网软件有限公司,北京 100094

计算机与自动化

加密货币挖矿检测挖矿木马深度包检测协议识别网络流量监测

cryptomining detectionmining trojansdeep packet inspectionprotocol identificationnetwork flow inspection

《实验科学与技术》 2024 (003)

15-21 / 7

四川省重大科技专项课题(2019YFG0399).

10.12179/1672-4550.20230414

评论