检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:刘仁婷 郑雅洪 张映敏 侯孟书[2] 孙朝晖 LIU Renting;ZHENG Yahong;ZHANG Yingmin;HOU Mengshu;SUN Chaohui(Information Center,University of Electronic Science and Technology of China,Chengdu 611730,China;Department of Computer Science and Engineering,University of Electronic Science and Technology of China,Chengdu 611730,China;Beijing Panabit Software Co.Ltd.,Beijing 100094,China)
机构地区:[1]电子科技大学信息中心,成都611730 [2]电子科技大学计算机科学与工程学院,成都611730 [3]北京派网软件有限公司,北京100094
出 处:《实验科学与技术》2024年第3期15-21,共7页Experiment Science and Technology
基 金:四川省重大科技专项课题(2019YFG0399)。
摘 要:为密织防范网络,清理挖矿木马病毒,有效治理校园网虚拟货币挖矿行为,提出了一种校园网恶意挖矿行为的检测与阻断模型。该模型采用基于签名的深度包检测技术,结合动态威胁情报,建立了挖矿协议的状态机模型,对报文进行深度包分析,以识别挖矿协议,在校园网出口实现挖矿流量的检测、识别与阻断。实践证明,该模型能够实时检测出虚拟货币相关流量,动态拦截受害矿机与矿池的通信流量,并实时定位受感染主机,有效地遏制校园网的恶意挖矿行为。To strengthen the network protection,clean up the mining Trojan virus,and effectively control the cryptomining behavior of the campus network,a detection and blocking model of mining behavior is proposed.The model adopts the signature-based deep packet inspection technology,which is combined with dynamic threat intelligence,establishes a state machine model of mining protocols,conducts in-depth packet analysis,identifies mining protocols,and realizes the detection,identification and blocking of mining traffic at the campus network egress.Practice has proved that the model can detect the cryptomining-related traffic in real time,dynamically intercept the communication traffic between the victim miner and the mining pool,and locate the infected host in real time,which effectively curbs the malicious cryptomining behavior of the campus network.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.145.125.13