摘要
针对基于DNS协议的中间人攻击检测准确率不高且特征选取不够充分、缺乏显著有效特征的问题,本文提出一种基于卷积神经网络的双向门控循环单元的检测方法CNN-BiGRU,用于检测DNS协议的中间人攻击。该方法首先通过引入关键特征资源记录,通过卷积神经网络提取特征获得中间人攻击流量时间序列信息,最终将组合特征输入双向门控循环单元实现对中间人攻击的检测。该方法在自建Jefe数据集中准确率达99.67%,精确率为99.68%,召回率为99.42%,F1-score为99.47%,能够有效地检测DNS中间人攻击。
In order to solve the problems of low detection accuracy,insufficient feature selection and lack of signifi-cant effective features of man-in-the-middle attacks based on the DNS protocol,this paper proposes a detection meth-od of bidirectional gated recurrent unit based on convolutional neural network,CNN-BiGRU,which is used to detect man-in-the-middle attacks of DNS protocal.Firstly,the key feature resource records are introduced,the time-series in-formation of man-in-the-middle attack traffic is obtained by extracting features through convolutional neural network,and finally the combined features are input into the bidirectional gated recurrent unit to realize the detection of man-in-the-middle attacks.This method has an accuracy rate of 99.67%,a precision rate of 99.68%,a recall rate of 99.42%,and an F1-score of 99.47%in the self-built Jefe dataset,which can effectively detect DNS man-in-the-mid-dle attacks.
作者
梁添鑫
郭晓军
杨明芬
Liang Tianxin;Guo Xiaojun;Yang Mingfen(School of Information Engineering,Xizang Minzu University,Xianyang 712082,China;Institute of Scientific and Technical Information of Xizang,Lhasa 850008,China;Xizang Cyberspace Governance Research Base,Xianyang 712082,China)
出处
《西藏科技》
2024年第5期47-54,共8页
Xizang Science And Technology
基金
西藏自治区自然科学基金项目(XZ2019ZRG-36(Z))
西藏民族大学“藏秦喜马拉雅人才发展支持计划-杰出青年学者”项目(324011810216)
西藏民族大学“涉藏网络信息内容与数据安全团队”项目(324042000709)。
关键词
中间人攻击
域名系统
深度学习
Man-in-the-middle attack
Domain name system
Deep learning
