The
power monitoring system is the most important production management system in
the power industry. As an important part of the power monitoring system, the
user station that lacks grid binding will become an important target of network
attacks. In order to perceive the network attack events on the user station
side in time, a method combining real-time detection and active defense of
random domain names on the user station side was proposed. Capsule network (CapsNet)
combined with long short-term memory network (LSTM) was used to classify the
domain names extracted from the traffic data. When a random domain name is
detected, it sent instructions to routers and switched to update their security
policies through the remote terminal protocol (Telnet), or shut down the service interfaces of routers and
switched to block network attacks. The experimental results showed that the use of CapsNet
combined with LSTM classification algorithm can achieve 99.16% accuracy and 98%
recall rate in random domain name detection. Through the Telnet protocol,
routers and switches can be linked to make active defense without interrupting
services.
References
[1]
Zhang, L. (2020) Analysis of Network Security Threat Traceability Technology of Power Monitoring System. Telecom Power Technology, 37, 3.
[2]
Du, H.L., Kong, P.H., Jin, X.Q. and Huang, Y.Q. (2021) Traffic Anomaly Detection of Power Communication Networks Based on Deep Learning. Zhejiang Electric Power, 40, 117-123.
[3]
Liu, D., Jiang, Z.W., Zhu, Y.W., et al. (2022) Network Traffic Anomaly Detection of Power Monitoring System Based on LDSAD. Zhejiang Electric Power, 41, 87-92.
[4]
Yang, H., Liu, Y.S., Liu, G.H. and Zhou, F.Y. (2020) Safety Monitoring Technology of Power Grid Industrial Control System Based on Abnormal Detection of Network Traffic. Electronic Technology & Software Engineering, 22, 259-260.
[5]
Li, Y.C. (2019) Research on Anomaly Detection Technology of Power Industrial Control Network Traffic Based on Machine Learning. Thesis, Shanghai Jiao Tong University, Shanghai.
[6]
Liu, Y.L., Meng, L.Y. and Ding, Y.F. (2018) Application and Algorithm Improvement of Abnormal Traffic Detection in Smart Grid Industrial Control System. Computer Systems & Applications, 27, 173-178.
[7]
Liu, B., Li, L., Liu, J.N., et al. (2021) Analysis of Weak Links in Network Security of Power Monitoring System in New Energy Fields. Electric Engineering, 18, 78-80.
[8]
Jin, X.Q., Su, D., Mao, N.P., et al. (2019) Research on Active Monitoring and Early Warning Technology for New Energy Station. Zhejiang Electric Power, 38, 106-112.
[9]
Gunduz, M.Z. and Das, R. (2020) Cyber-Security on Smart Grid: Threats and Potential Solutions. Computer Networks, 169, Article ID: 107094. https://doi.org/10.1016/j.comnet.2019.107094
[10]
Yadav, S., Reddy, A.K.K. and Reddy, A.L.N. (2010) Detecting Algorithmically Generated Malicious Domain Names. Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, Melbourne, 1-30 November 2010, 48-61. https://doi.org/10.1145/1879141.1879148
[11]
Schiavoni, S., Maggi, F. and Cavallaro, L. (2014) Phoenix: DGA-Based Botnet Tracking and Intelligence. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, Cham, 192-211. https://doi.org/10.1007/978-3-319-08509-8_11
[12]
Zhang, W.W., Gong, J., Liu, Q., et al. (2016) Lightweight Domain Name Detection Algorithm Based on Morpheme Features. Journal of Software, 27, 2348-2364.
[13]
Truong, D.T. and Cheng, G. (2016) Detecting Domain-Flux Botnet Based on DNS Traffic Features in Managed Network. Security and Communication Networks, 9, 2338-2347. https://doi.org/10.1002/sec.1495
[14]
Guo, X.M., Liang, G.J. and Xia, L.L. (2021) Domain-Flux Malicious Domain Name Detection and Analysis Based on HMM. Netinfo Security, 21, 1-8.
[15]
Zhang, Y., Liu, T.W., Sha, H.Z. and Shi, J.Q. (2016) Malicious Domain Detection Based on Multiple-Dimensional Features. Journal of Computer Applications, 36, 941-944+984.
[16]
Yu, G.X., Zhang, Y., Cui, H.J., et al. (2020) Design and Implementation of A DGA Domain Name Detection System by Machine Learning. Journal of Cyber Security, 5, 35-47.
[17]
Liu, Y., Zhao, K., Ge, L.-S. and Liu, H. (2019) A Fast DGA Domain Detection Algorithm Based on Deep Learning. Journal of Shandong University (Natural Science), 54, 106-112.
[18]
Woodbridge, J., Anderson, H.S. and Ahuja, A. (2016) Predicting Domain Generation Algorithms with Long Short-Term Memory Networks.
[19]
Wu, J. (2021) Research on Detection Technology of Malicious Domain Name Based on Deep Learning. Thesis, People’s Public Security University of China, Beijing.
[20]
Chen, L.G., Zhang, Y.D., Geng, G.G. and Yan, Z.W. (2018) Detection of Random Generated Names Using Recurrent Neural Network with Gated Recurrent Unit. Computer Systems & Applications, 27, 198-202.
[21]
Chen, L.H., Cheng, H. and Fang, Y.Q. (2019) Detecting Domain Generation Algorithm Based on Attention Mechanism. Journal of East China University of Science and Technology, 45, 478-485.
[22]
Zhang, B. and Liao, R.J. (2021) Malicious Domain Name Detection Model Based on CNN and LSTM. Journal of Electronics & Information Technology, 43, 2944-2951.
[23]
Sabour, S., Frosst, N. and Hinton, G.E. (2017) Dynamic Routing between Capsules. Proceedings of the 31st International Conference on Neural Information Processing Systems, Long Beach, 4-9 December 2017, 3859-3869.
[24]
Yu, Z. (2016) The Study and Application of Text Embeddings with Deep Learning Technique. Thesis, East China Normal University, Shanghai.
[25]
Liu, L.S., Tong, M.L. and Wu, D.L. (2021) SA-CapsNet: Self-Attention Capsule Network. Application Research of Computers, 38, 3005-3008.
[26]
Deng, H.W. and Li, X.W. (2022) Abnormal Network Flow Identification and Detection Based on Deep Learning. Computer Systems & Applications.
[27]
Yang, Z.F., Chang, J., Xu, Y., et al. (2022) VPN Encrypted Traffic Identification for Joint Capsule and Bidirectional LSTM Networks. Computer Engineering and Applications.
