摘要
为了实现Docker容器中恶意加密挖矿检测,研究提出了基于硬件性能计数器时间序列的检测方法,首先对容器运行进行分析,并与容器内恶意软件识别;然后采集时间序列特征数据,通过随机森林算法确定数据中的恶意加密挖矿行为特征,最后结合卷积神经网络识别恶意加密挖矿行为。结果显示,恶意检测方法的应用对各个测试项目的评分均产生一定的影响,但影响程度各不相同,但整体影响较小。研究方法的内存以及CPU使用成本分别为0.42%、1.8%。传统恶意检测方法数据收集时内存以及CPU使用成本分别为0.61%、2.2%,可见研究方法采用HPC时间序列进行恶意检测成本较低,效率更高,能够为网络安全提供更加坚实的保障。
In order to achieve malicious encryption mining detection in Docker containers,a detection method based on hardware performance counter time series is proposed.Firstly,the container operation is analyzed and identified with malicious software inside the container;Then collect time-series feature data,determine the malicious encryption mining behavior characteristics in the data through random forest algorithm,and finally combine convolutional neural network to identify malicious encryption mining behavior.The results show that the application of malicious detection methods has a certain impact on the ratings of various testing items,but the degree of impact varies,but the overall impact is relatively small.The memory and CPU usage costs of the research method are 0.42%and 1.8%,respectively.The traditional malicious detection methods have memory and CPU usage costs of 0.61%and 2.2%respectively during data collection.It can be seen that the research method using HPC time series for malicious detection has lower costs and higher efficiency,and can provide more solid guarantees for network security.
作者
宋志伟
SONG Zhiwei(Guangzhou Vocational and Technical University of Science and Technology,Guangzhou 510555,China)
出处
《自动化与仪器仪表》
2025年第8期88-91,96,共5页
Automation & Instrumentation
基金
2021年度广东省普通高校青年创新人才类项目《基于云计算的智能工程系统设计与开发》(2021KQNCX146)。
