工业互联网中抗APT窃密的主动式零信任模型

doi:10.19665/j.issn1001-2400.2023.04.008

Abstract

Abstract:

The comprehensive and deep integration of the new generation of information technology and industrial systems that induces the advanced persistent threat (APT) theft has become a killer-level insider threat that leaks sensitive data in the industrial internet environment.The critical infrastructure in the industrial internet environment generates and maintains a large number of sensitive data with "ownership" characteristics,which will bring immeasurable economic losses to enterprises once they are leaked.Aiming at the lag of sensitive data protection in the current industrial internet,an active zero trust model against APT theft is proposed.Our model introduces the long short-term memory neural network to construct a feature extractor based on its advantages in processing temporal data,to train abstract sequence features from behavioral data,and to extract regular trust factors.The block creation is carried out for industrial internet terminals respectively.The forward sequential redundant block elimination algorithm is designed to evolve a scalable blockchain called the ZTE_chain so as to achieve tamper-proof and low-load trust factor security storage.To respond to the behavior changes of compromised terminals in time,the convolutional neural network is introduced to predict the mutation factor,which is used to dynamically adjust the trust value,on the basis of which an authentication algorithm is given to quickly identify the compromised terminals and to actively block their APT theft threat.Experimental results show that the model proposed in this paper has a good effect of identifying compromised terminals,which is helpful in combating the APT theft threat generated by compromised terminals in the industrial internet environment.

Key words: industrial internet, zero trust, APT theft, dynamic trust evaluation

CLC Number:

TP393

FENG Jingyu,LI Jialun,ZHANG Baojun,HAN Gang,ZHANG Wenbo. Active zero trust model against APT theft in the industrial internet[J].Journal of Xidian University, 2023, 50(4): 76-88.

Figures/Tables 15

References 22

[1]	LI J Q, YU F R, DENG G, et al. Industrial Internet:A Survey on the Enabling Technologies,Applications,and Challenges[J]. IEEE Communications Surveys & Tutorials, 2017, 19(3):1504-1526.
[2]	刘奇旭, 陈艳辉, 尼杰硕, 等. 基于机器学习的工业互联网入侵检测综述[J]. 计算机研究与发展, 2022, 59(5):994-1014.
	LIU Qixu, CHEN Yanhui, NI Jieshuo, et al. Survey of Machine Learning-Based Intrusion Detection in Industrial Internet[J]. Journal of Computer Research and Development, 2022, 59(5):994-1014.
[3]	杨秀璋, 彭国军, 李子川, 等. 基于Bert和BiLSTM-CRF的APT攻击实体识别及对齐研究[J]. 通信学报, 2022, 43(6):58-70. doi: 10.11959/j.issn.1000-436x.2022116
	YANG Xiuzhang, PENG Guojun, LI Zichuan, et al. APT Attack Entity Recognition and Alignment Research Based on Bert and BiLSTM-CRF[J]. Journal of Communications, 2022, 43(6):58-70. doi: 10.11959/j.issn.1000-436x.2022116
[4]	SHANG L, GUO D, JI Y, et al. Discovering Unknown Advanced Persistent Threat Using Shared Features Mined by Neural Networks[J]. Computer Networks, 2021, 189:107937. doi: 10.1016/j.comnet.2021.107937
[5]	CHO D X, MAI D H. A Novel Approach for APT Attack Detection Based on Combined Deep Learning Model[J]. Neural Computing and Applications, 2021, 33(20):13251-13264. doi: 10.1007/s00521-021-05952-5
[6]	ABDULLAYEVA F J. Advanced Persistent Threat Attack Detection Method in Cloud Computing Based on Autoencoder and Softmax Regression Algorithm[J]. Array, 2021, 10:100067. doi: 10.1016/j.array.2021.100067
[7]	GILMAN E, BARTH D. Zero Trust Networks:Building Security System in Untrusted Network[M]. Beijing: Posts and Telecommunications Press, 2019:1-2.
[8]	NIST Special Publication 800-207. Zero Trust Architecture(2020)[R/OL].[2020-08-16].https://doi.org/10.6028/NIST.SP.800-207.
[9]	CHEN B, QIAO S, ZHAO J, et al. A Security Awareness and Protection System for 5G Smart Healthcare Based on Zero-Trust Architecture[J]. IEEE Internet of Things Journal, 2020, 8(13):10248-10263. doi: 10.1109/JIOT.2020.3041042
[10]	ZHANG X, CHEN L, FAN J, et al. Power IoT Security Protection Architecture Based on Zero Trust Framework[C]// 2021 IEEE 5th International Conference on Cryptography,Security and Privacy (CSP).Piscataway:IEEE, 2021:166-170.
[11]	MALIHA S, AFRIDA H, FABIHA L, et al. Towards Developing a Secure Medical Image Sharing System Based on Zero Trust Principles and Blockchain Technology[J]. BMC Medical Informatics and Decision Making, 2020, 20(1):1-10. doi: 10.1186/s12911-019-1002-x
[12]	滕金保, 孔韦韦, 田乔鑫, 等. 基于CNN和LSTM的多通道注意力机制文本分类模型[J]. 计算机工程与应用, 2021, 57(23):154-162. doi: 10.3778/j.issn.1002-8331.2104-0212
	TENG Jinbao, KONG Weiwei, TIAN Qiaoxin, et al. Multi-Channel Attention Mechanism Text Classification Model Based on CNN and LSTM[J]. Computer Engineering and Applications, 2021, 57(23):154-162. doi: 10.3778/j.issn.1002-8331.2104-0212
[13]	XIE J, YU F R, HUANG T, et al. A Survey on the Scalability of Blockchain Systems[J]. IEEE Network, 2019, 33(5):166-173. doi: 10.1109/MNET.001.1800290
[14]	MENG T, ZHAO Y, WOLTER K, et al. On Consortium Blockchain Consistency:A Queueing Network Model Approach[J]. IEEE Transactions on Parallel and Distributed Systems, 2021, 32(6):1369-1382. doi: 10.1109/TPDS.71
[15]	NAKAMOTO S. Bitcoin:A Peer-to-Peer Electronic Cash System[J]. Decentralized Business Review, 2008:21260.
[16]	何国锋. 零信任安全架构在5G云网中应用防护的研究[J]. 电信科学, 2020, 36(12):123-132. doi: 10.11959/j.issn.1000-0801.2020325
	HE Guofeng. Research on Application Protection of Zero Trust Security Architecture in 5G Cloud Network[J]. Telecommunication Science, 2020, 36(12):123-132. doi: 10.11959/j.issn.1000-0801.2020325
[17]	于洁潇, 于丽莹, 杨挺. 基于区块链的电力物联终端信任共识方法[J]. 电力系统自动化, 2021, 45(17):1-10.
	YU Jiexiao, YU Liying, YANG Ting. Blockchain-Based Terminal Trust Consensus Method for Power Things[J]. Automation of Electric Power Systems, 2021, 45(17):1-10.
[18]	JOSANG A, ISMAIL R. The beta reputation system[C]// Proceedings of the 15th Bled electronic commerce conference. Bled: Bled electronic commerce conference, 2002:2502-2511.
[19]	亓法欣, 童向荣, 于雷. 基于强化学习DQN的智能体信任增强[J]. 计算机研究与发展, 2020, 57(6):1227-1238.
	QI Faxin, TONG Xiangrong, YU Lei. Agent Trust Enhancement Based on Reinforcement learning DQN[J]. Journal of Computer Research and Development, 2020, 57(6):1227-1238.
[20]	谢丽霞, 魏瑞炘. 一种面向物联网节点的综合信任度评估模型[J]. 西安电子科技大学学报, 2019, 46(4):58-65.
	XIE Lixia, WEI Ruixin. Comprehensive Trust Evaluation Model for Internet of Things Nodes[J]. Journal of Xidian University, 2019, 46(4):58-65.
[21]	GLASSER J, LINDAUER B. Bridging the Gap:A Pragmatic Approach to Generating Insider Threat Data[C]// 2013 IEEE Security and Privacy Workshops.Piscataway:IEEE, 2013:98-104.
[22]	杨宏宇, 曾仁韵. 一种深度学习的网络安全态势评估方法[J]. 西安电子科技大学学报, 2021, 48(1):83-190.
	YANG Hongyu, ZENG Renyun. Network Security Situation Assessment Method Based on Deep Learning[J]. Journal of Xidian University, 2021, 48(1):83-190.

方法	零信任引入	信任因素收集	信任评估	检测数据源
文献[4]	不支持	中心化收集	不支持	APT流量
文献[5]	不支持	不支持	不支持	网络流量
文献[6]	不支持	不支持	不支持	用户行为
文献[9]	支持	中心化收集	动态	主体行为
文献[10]	支持	中心化收集	静态	用户行为
文献[11]	支持	不支持	静态	用户行为
文中模型	支持	分布式实时收集	动态	终端行为

文件名称	描述	数据量
logon.csv	用户登录/退出时间	854 859
device.csv	用户移动设备使用日志	405 380
file.csv	用户文件操作日志	445 581
email.csv	用户电子邮件日志	2 629 979
http.csv	用户网页访问日志	28 434 423

分类器	P	R	F₁
RNN	56.59	58.75	57.65
LSTM	91.30	92.67	91.98

参数	描述	预设值
T	仿真轮数	60
N	工业互联网终端数量	1 000
m	失陷终端比例	30%
δ	信任门限值	0.5

Active zero trust model against APT theft in the industrial internet

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 22

Related Articles 15

Metrics

Comments

Recommended 10

[1]	LIU Jingmei,YAN Yibo. Artificial fish feature selection network intrusion detection system [J]. Journal of Xidian University, 2023, 50(4): 132-138.
[2]	HUO Yuehua,WU Wenhao,ZHAO Faqi,WANG Qiang. Multi-view encryption malicious traffic detection method combined with co-training [J]. Journal of Xidian University, 2023, 50(4): 139-147.
[3]	FU Anmin,MAO An,HUANG Tao,HU Chao,LIU Ying,ZHANG Xiaoming,WANG Zhanfeng. Industrial control protocol reverse analysis based on active interactive learning [J]. Journal of Xidian University, 2023, 50(4): 22-33.
[4]	ZHANG Yue,CHEN Qingwang,LIU Baoxu,YU Cunwei,TAN Ru,ZHANG Fangjiao. Research on cloud native API attack trapping technology [J]. Journal of Xidian University, 2023, 50(4): 237-248.
[5]	ZHANG Hao, QIN Tao, XU Linghua, WANG Xiao, YANG Jing. WSNs node deployment strategy based on the improved multi-objective ant-lion algorithm [J]. Journal of Xidian University, 2022, 49(5): 47-59.
[6]	CHEN Jintao,LIANG Jun,GUO Zizhen,XIAO Nan,LIU Bo. Research on deployment strategy of multiple controllers in the software-defined satellite network [J]. Journal of Xidian University, 2022, 49(3): 59-67.
[7]	SUN Zeyu,LAN Lan,ZENG Cao,LIAO Guisheng. Adaptive sink-routing decision algorithm for minimum-energy consumption [J]. Journal of Xidian University, 2022, 49(2): 11-20.
[8]	GU Zhaojun,LIU Tingting,SUI He. Latent feature reconstruction generative GAN model for ICS anomaly detection [J]. Journal of Xidian University, 2022, 49(2): 173-181.
[9]	PAN Senshan,XU Lamei. DorChain:Utilization of dormant coins to improve the transaction verification efficiency [J]. Journal of Xidian University, 2022, 49(2): 182-189.
[10]	QIAO Wenxin,LU Yu,LIU Yicen,LI Zhiwei,LI Xi. Dynamic scheduling method for service function chains in space air terrestrial aided edge cloud networks [J]. Journal of Xidian University, 2022, 49(2): 79-88.
[11]	LI Ming,HU Jiangping,CAO Xiaoli. Minimum cost of node deployment strategy for heterogeneous sensor networks [J]. Journal of Xidian University, 2021, 48(4): 11-19.
[12]	MA Yue,ZHANG Yumei. Method for distributed deployment of the virtual network function manager for MEC [J]. Journal of Xidian University, 2021, 48(4): 20-26.
[13]	SHEN Lixiang,MU Dejun,CAO Guo,XIE Guangqian,SHU Fangyong. Constructing formal verification models for hardware Trojans [J]. Journal of Xidian University, 2021, 48(3): 146-153.
[14]	ZENG Yong,WU Zhengyuan,DONG Lihua,LIU Zhihong,MA Jianfeng,LI Zan. Research on malicious traffic identification technology in encrypted traffic [J]. Journal of Xidian University, 2021, 48(3): 170-187.
[15]	CHAI Yanna,LI Kunlun,SONG Huansheng. On the security of the intrusion detection system in smart vehicles [J]. Journal of Xidian University, 2021, 48(3): 31-39.