工业互联网中抗APT窃密的主动式零信任模型

冯景瑜; 李嘉伦; 张宝军; 韩刚; 张文波

doi:10.19665/j.issn1001-2400.2023.04.008

您当前的位置：

首页 >

文章列表页 >

工业互联网中抗APT窃密的主动式零信任模型

网络空间安全专栏 | 更新时间：2023-10-18

- 工业互联网中抗APT窃密的主动式零信任模型
- 暂无标题
- 西安电子科技大学学报 2023年50卷第4期页码：76-88
- 作者机构：
  
  1. 西安邮电大学无线网络安全技术国家工程实验室,陕西西安 710121
  2. 国网甘肃省电力有限公司陇南供电公司指挥中心,甘肃陇南 746000
- 作者简介：
  
  [ "冯景瑜(1984—),男,副教授,E-mail:[email protected];" ]
  [ "李嘉伦(1999—),男,西安邮电大学硕士研究生,E-mail:[email protected];" ]
  [ "张宝军(1974—),男,国网甘肃省电力有限公司陇南供电公司指挥中心主任,E-mail:[email protected];" ]
  [ "韩刚(1990—),男,副教授,E-mail:[email protected];" ]
  [ "张文波(1983—),男,讲师,E-mail:[email protected]" ]
- 基金信息：
  
  国家自然科学基金(62102312);陕西省自然科学基础研究计划(2023-JC-YB-561)
- DOI：10.19665/j.issn1001-2400.2023.04.008
  中图分类号：
扫描看全文
冯景瑜, 李嘉伦, 张宝军, 等. 工业互联网中抗APT窃密的主动式零信任模型[J]. 西安电子科技大学学报, 2023,50(4):76-88.
冯景瑜, 李嘉伦, 张宝军, 等. 工业互联网中抗APT窃密的主动式零信任模型[J]. 西安电子科技大学学报, 2023,50(4):76-88. DOI： 10.19665/j.issn1001-2400.2023.04.008.

DOI：

摘要

新一代信息技术与工业系统的全方位深度融合,诱发高级持续性威胁(APT)窃密成为工业互联网环境下泄露敏感数据的杀手级内部威胁。工业互联网环境下的关键基础设施产生和维护着大量具有“所有权”特征的敏感数据,一旦泄露会给企业带来不可估量的经济损失。针对当前工业互联网中敏感数据保护的滞后性,提出了一种抗APT窃密的主动式零信任模型。引入长短期记忆神经网络,利用其在处理时序性数据的优势构建特征提取器,从行为数据中训练得到抽象序列特征,提取出规则化信任因素。分别对工业互联网终端进行区块生成,设计前向按序冗余区块消除算法,演化出伸缩式区块链(ZTE_chain),实现防篡改和低负载的信任因素安全存储。为及时反映失陷终端的行为变化,引入卷积神经网络预测突变因子,用于动态调节信任值,给出快速识别失陷终端的认证算法,从而主动阻断失陷终端的APT窃密威胁。实验结果表明,提出的模型具有较好的失陷终端识别效果,有助于抗击工业互联网环境下失陷终端产生的APT窃密威胁。

Abstract

The comprehensive and deep integration of the new generation of information technology and industrial systems that induces the advanced persistent threat (APT) theft has become a killer-level insider threat that leaks sensitive data in the industrial internet environment.The critical infrastructure in the industrial internet environment generates and maintains a large number of sensitive data with "ownership" characteristics,which will bring immeasurable economic losses to enterprises once they are leaked.Aiming at the lag of sensitive data protection in the current industrial internet,an active zero trust model against APT theft is proposed.Our model introduces the long short-term memory neural network to construct a feature extractor based on its advantages in processing temporal data,to train abstract sequence features from behavioral data,and to extract regular trust factors.The block creation is carried out for industrial internet terminals respectively.The forward sequential redundant block elimination algorithm is designed to evolve a scalable blockchain called the ZTE_chain so as to achieve tamper-proof and low-load trust factor security storage.To respond to the behavior changes of compromised terminals in time,the convolutional neural network is introduced to predict the mutation factor,which is used to dynamically adjust the trust value,on the basis of which an authentication algorithm is given to quickly identify the compromised terminals and to actively block their APT theft threat.Experimental results show that the model proposed in this paper has a good effect of identifying compromised terminals,which is helpful in combating the APT theft threat generated by compromised terminals in the industrial internet environment.

关键词

工业互联网零信任APT窃密动态信任评估

Keywords

industrial internetzero trustAPT theftdynamic trust evaluation

references

LI J Q, YU F R, DENG G, et al. Industrial Internet:A Survey on the Enabling Technologies,Applications,and Challenges[J]. IEEE Communications Surveys & Tutorials, 2017, 19(3):1504-1526.

刘奇旭, 陈艳辉, 尼杰硕, 等. 基于机器学习的工业互联网入侵检测综述[J]. 计算机研究与发展, 2022, 59(5):994-1014.

LIU Qixu, CHEN Yanhui, NI Jieshuo, et al. Survey of Machine Learning-Based Intrusion Detection in Industrial Internet[J]. Journal of Computer Research and Development, 2022, 59(5):994-1014.

杨秀璋, 彭国军, 李子川, 等. 基于Bert和BiLSTM-CRF的APT攻击实体识别及对齐研究[J]. 通信学报, 2022, 43(6):58-70. DOI:10.11959/j.issn.1000-436x.2022116http://doi.org/10.11959/j.issn.1000-436x.2022116

YANG Xiuzhang, PENG Guojun, LI Zichuan, et al. APT Attack Entity Recognition and Alignment Research Based on Bert and BiLSTM-CRF[J]. Journal of Communications, 2022, 43(6):58-70.

SHANG L, GUO D, JI Y, et al. Discovering Unknown Advanced Persistent Threat Using Shared Features Mined by Neural Networks[J]. Computer Networks, 2021, 189:107937. DOI:10.1016/j.comnet.2021.107937http://doi.org/10.1016/j.comnet.2021.107937https://linkinghub.elsevier.com/retrieve/pii/S1389128621000803https://linkinghub.elsevier.com/retrieve/pii/S1389128621000803

CHO D X, MAI D H. A Novel Approach for APT Attack Detection Based on Combined Deep Learning Model[J]. Neural Computing and Applications, 2021, 33(20):13251-13264. DOI:10.1007/s00521-021-05952-5http://doi.org/10.1007/s00521-021-05952-5

ABDULLAYEVA F J. Advanced Persistent Threat Attack Detection Method in Cloud Computing Based on Autoencoder and Softmax Regression Algorithm[J]. Array, 2021, 10:100067. DOI:10.1016/j.array.2021.100067http://doi.org/10.1016/j.array.2021.100067https://linkinghub.elsevier.com/retrieve/pii/S2590005621000151https://linkinghub.elsevier.com/retrieve/pii/S2590005621000151

GILMAN E, BARTH D. Zero Trust Networks:Building Security System in Untrusted Network[M]. Beijing: Posts and Telecommunications Press, 2019:1-2.

NIST Special Publication 800-207. Zero Trust Architecture(2020)[R/OL].[2020-08-16].https://doi.org/10.6028/NIST.SP.800-207https://doi.org/10.6028/NIST.SP.800-207. https://doi.org/10.6028/NIST.SP.800-207https://doi.org/10.6028/NIST.SP.800-207

CHEN B, QIAO S, ZHAO J, et al. A Security Awareness and Protection System for 5G Smart Healthcare Based on Zero-Trust Architecture[J]. IEEE Internet of Things Journal, 2020, 8(13):10248-10263. DOI:10.1109/JIOT.2020.3041042http://doi.org/10.1109/JIOT.2020.3041042https://ieeexplore.ieee.org/document/9273056/https://ieeexplore.ieee.org/document/9273056/

ZHANG X, CHEN L, FAN J, et al. Power IoT Security Protection Architecture Based on Zero Trust Framework[C]// 2021 IEEE 5th International Conference on Cryptography,Security and Privacy (CSP).Piscataway:IEEE, 2021:166-170.

MALIHA S, AFRIDA H, FABIHA L, et al. Towards Developing a Secure Medical Image Sharing System Based on Zero Trust Principles and Blockchain Technology[J]. BMC Medical Informatics and Decision Making, 2020, 20(1):1-10. DOI:10.1186/s12911-019-1002-xhttp://doi.org/10.1186/s12911-019-1002-x

滕金保, 孔韦韦, 田乔鑫, 等. 基于CNN和LSTM的多通道注意力机制文本分类模型[J]. 计算机工程与应用, 2021, 57(23):154-162. DOI:10.3778/j.issn.1002-8331.2104-0212http://doi.org/10.3778/j.issn.1002-8331.2104-0212

TENG Jinbao, KONG Weiwei, TIAN Qiaoxin, et al. Multi-Channel Attention Mechanism Text Classification Model Based on CNN and LSTM[J]. Computer Engineering and Applications, 2021, 57(23):154-162. DOI:10.3778/j.issn.1002-8331.2104-0212http://doi.org/10.3778/j.issn.1002-8331.2104-0212

XIE J, YU F R, HUANG T, et al. A Survey on the Scalability of Blockchain Systems[J]. IEEE Network, 2019, 33(5):166-173. DOI:10.1109/MNET.001.1800290http://doi.org/10.1109/MNET.001.1800290

MENG T, ZHAO Y, WOLTER K, et al. On Consortium Blockchain Consistency:A Queueing Network Model Approach[J]. IEEE Transactions on Parallel and Distributed Systems, 2021, 32(6):1369-1382. DOI:10.1109/TPDS.71http://doi.org/10.1109/TPDS.71https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=71https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=71

NAKAMOTO S. Bitcoin:A Peer-to-Peer Electronic Cash System[J]. Decentralized Business Review, 2008:21260.

何国锋. 零信任安全架构在5G云网中应用防护的研究[J]. 电信科学, 2020, 36(12):123-132. DOI:10.11959/j.issn.1000-0801.2020325http://doi.org/10.11959/j.issn.1000-0801.2020325

HE Guofeng. Research on Application Protection of Zero Trust Security Architecture in 5G Cloud Network[J]. Telecommunication Science, 2020, 36(12):123-132.

于洁潇, 于丽莹, 杨挺. 基于区块链的电力物联终端信任共识方法[J]. 电力系统自动化, 2021, 45(17):1-10.

YU Jiexiao, YU Liying, YANG Ting. Blockchain-Based Terminal Trust Consensus Method for Power Things[J]. Automation of Electric Power Systems, 2021, 45(17):1-10.

JOSANG A, ISMAIL R. The beta reputation system[C]// Proceedings of the 15th Bled electronic commerce conference. Bled: Bled electronic commerce conference, 2002:2502-2511.

亓法欣, 童向荣, 于雷. 基于强化学习DQN的智能体信任增强[J]. 计算机研究与发展, 2020, 57(6):1227-1238.

QI Faxin, TONG Xiangrong, YU Lei. Agent Trust Enhancement Based on Reinforcement learning DQN[J]. Journal of Computer Research and Development, 2020, 57(6):1227-1238.

谢丽霞, 魏瑞炘. 一种面向物联网节点的综合信任度评估模型[J]. 西安电子科技大学学报, 2019, 46(4):58-65.

XIE Lixia, WEI Ruixin. Comprehensive Trust Evaluation Model for Internet of Things Nodes[J]. Journal of Xidian University, 2019, 46(4):58-65.

GLASSER J, LINDAUER B. Bridging the Gap:A Pragmatic Approach to Generating Insider Threat Data[C]// 2013 IEEE Security and Privacy Workshops.Piscataway:IEEE, 2013:98-104.

杨宏宇, 曾仁韵. 一种深度学习的网络安全态势评估方法[J]. 西安电子科技大学学报, 2021, 48(1):83-190.

YANG Hongyu, ZENG Renyun. Network Security Situation Assessment Method Based on Deep Learning[J]. Journal of Xidian University, 2021, 48(1):83-190.

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据