西安电子科技大学学报 ›› 2023, Vol. 50 ›› Issue (4): 76-88.doi: 10.19665/j.issn1001-2400.2023.04.008

• 网络空间安全专栏 • 上一篇    下一篇

工业互联网中抗APT窃密的主动式零信任模型

冯景瑜1(),李嘉伦1(),张宝军2(),韩刚1(),张文波1()   

  1. 1.西安邮电大学 无线网络安全技术国家工程实验室,陕西 西安 710121
    2.国网甘肃省电力有限公司陇南供电公司指挥中心,甘肃 陇南 746000
  • 收稿日期:2023-01-12 出版日期:2023-08-20 发布日期:2023-10-17
  • 作者简介:冯景瑜(1984—),男,副教授,E-mail:fengjy@xupt.edu.cn;|李嘉伦(1999—),男,西安邮电大学硕士研究生,E-mail:lijialun0305@163.com;|张宝军(1974—),男,国网甘肃省电力有限公司陇南供电公司指挥中心主任,E-mail:zhangbj@gs.sgcc.com.cn;|韩刚(1990—),男,副教授,E-mail:hangang668866@163.com;|张文波(1983—),男,讲师,E-mail:zhangwenbo@xupt.edu.cn
  • 基金资助:
    国家自然科学基金(62102312);陕西省自然科学基础研究计划(2023-JC-YB-561)

Active zero trust model against APT theft in the industrial internet

FENG Jingyu1(),LI Jialun1(),ZHANG Baojun2(),HAN Gang1(),ZHANG Wenbo1()   

  1. 1. National Engineering Laboratory for Wireless Security,Xi’an University of Posts and Telecommunications,Xi’an 710121,China
    2. Command Center of Longnan Power Supply Company,State Grid Gansu Electric Power Co.,Ltd.,Longnan 746000,China
  • Received:2023-01-12 Online:2023-08-20 Published:2023-10-17

摘要:

新一代信息技术与工业系统的全方位深度融合,诱发高级持续性威胁(APT)窃密成为工业互联网环境下泄露敏感数据的杀手级内部威胁。工业互联网环境下的关键基础设施产生和维护着大量具有“所有权”特征的敏感数据,一旦泄露会给企业带来不可估量的经济损失。针对当前工业互联网中敏感数据保护的滞后性,提出了一种抗APT窃密的主动式零信任模型。引入长短期记忆神经网络,利用其在处理时序性数据的优势构建特征提取器,从行为数据中训练得到抽象序列特征,提取出规则化信任因素。分别对工业互联网终端进行区块生成,设计前向按序冗余区块消除算法,演化出伸缩式区块链(ZTE_chain),实现防篡改和低负载的信任因素安全存储。为及时反映失陷终端的行为变化,引入卷积神经网络预测突变因子,用于动态调节信任值,给出快速识别失陷终端的认证算法,从而主动阻断失陷终端的APT窃密威胁。实验结果表明,提出的模型具有较好的失陷终端识别效果,有助于抗击工业互联网环境下失陷终端产生的APT窃密威胁。

关键词: 工业互联网, 零信任, APT窃密, 动态信任评估

Abstract:

The comprehensive and deep integration of the new generation of information technology and industrial systems that induces the advanced persistent threat (APT) theft has become a killer-level insider threat that leaks sensitive data in the industrial internet environment.The critical infrastructure in the industrial internet environment generates and maintains a large number of sensitive data with "ownership" characteristics,which will bring immeasurable economic losses to enterprises once they are leaked.Aiming at the lag of sensitive data protection in the current industrial internet,an active zero trust model against APT theft is proposed.Our model introduces the long short-term memory neural network to construct a feature extractor based on its advantages in processing temporal data,to train abstract sequence features from behavioral data,and to extract regular trust factors.The block creation is carried out for industrial internet terminals respectively.The forward sequential redundant block elimination algorithm is designed to evolve a scalable blockchain called the ZTE_chain so as to achieve tamper-proof and low-load trust factor security storage.To respond to the behavior changes of compromised terminals in time,the convolutional neural network is introduced to predict the mutation factor,which is used to dynamically adjust the trust value,on the basis of which an authentication algorithm is given to quickly identify the compromised terminals and to actively block their APT theft threat.Experimental results show that the model proposed in this paper has a good effect of identifying compromised terminals,which is helpful in combating the APT theft threat generated by compromised terminals in the industrial internet environment.

Key words: industrial internet, zero trust, APT theft, dynamic trust evaluation

中图分类号: 

  • TP393