工业互联网中抗APT窃密的主动式零信任模型

doi:10.19665/j.issn1001-2400.2023.04.008

摘要/Abstract

摘要：

新一代信息技术与工业系统的全方位深度融合,诱发高级持续性威胁(APT)窃密成为工业互联网环境下泄露敏感数据的杀手级内部威胁。工业互联网环境下的关键基础设施产生和维护着大量具有“所有权”特征的敏感数据,一旦泄露会给企业带来不可估量的经济损失。针对当前工业互联网中敏感数据保护的滞后性,提出了一种抗APT窃密的主动式零信任模型。引入长短期记忆神经网络,利用其在处理时序性数据的优势构建特征提取器,从行为数据中训练得到抽象序列特征,提取出规则化信任因素。分别对工业互联网终端进行区块生成,设计前向按序冗余区块消除算法,演化出伸缩式区块链(ZTE_chain),实现防篡改和低负载的信任因素安全存储。为及时反映失陷终端的行为变化,引入卷积神经网络预测突变因子,用于动态调节信任值,给出快速识别失陷终端的认证算法,从而主动阻断失陷终端的APT窃密威胁。实验结果表明,提出的模型具有较好的失陷终端识别效果,有助于抗击工业互联网环境下失陷终端产生的APT窃密威胁。

关键词: 工业互联网, 零信任, APT窃密, 动态信任评估

Abstract:

The comprehensive and deep integration of the new generation of information technology and industrial systems that induces the advanced persistent threat (APT) theft has become a killer-level insider threat that leaks sensitive data in the industrial internet environment.The critical infrastructure in the industrial internet environment generates and maintains a large number of sensitive data with "ownership" characteristics,which will bring immeasurable economic losses to enterprises once they are leaked.Aiming at the lag of sensitive data protection in the current industrial internet,an active zero trust model against APT theft is proposed.Our model introduces the long short-term memory neural network to construct a feature extractor based on its advantages in processing temporal data,to train abstract sequence features from behavioral data,and to extract regular trust factors.The block creation is carried out for industrial internet terminals respectively.The forward sequential redundant block elimination algorithm is designed to evolve a scalable blockchain called the ZTE_chain so as to achieve tamper-proof and low-load trust factor security storage.To respond to the behavior changes of compromised terminals in time,the convolutional neural network is introduced to predict the mutation factor,which is used to dynamically adjust the trust value,on the basis of which an authentication algorithm is given to quickly identify the compromised terminals and to actively block their APT theft threat.Experimental results show that the model proposed in this paper has a good effect of identifying compromised terminals,which is helpful in combating the APT theft threat generated by compromised terminals in the industrial internet environment.

Key words: industrial internet, zero trust, APT theft, dynamic trust evaluation

中图分类号:

TP393

冯景瑜,李嘉伦,张宝军,韩刚,张文波. 工业互联网中抗APT窃密的主动式零信任模型[J]. 西安电子科技大学学报, 2023, 50(4): 76-88.

FENG Jingyu,LI Jialun,ZHANG Baojun,HAN Gang,ZHANG Wenbo. Active zero trust model against APT theft in the industrial internet[J]. Journal of Xidian University, 2023, 50(4): 76-88.

图/表 15

图1

表1

图2

图3

图4

图5

表2

图6

图7

表3

图8

表4

图9

图10

图11

参考文献 22

[1]	LI J Q, YU F R, DENG G, et al. Industrial Internet:A Survey on the Enabling Technologies,Applications,and Challenges[J]. IEEE Communications Surveys & Tutorials, 2017, 19(3):1504-1526.
[2]	刘奇旭, 陈艳辉, 尼杰硕, 等. 基于机器学习的工业互联网入侵检测综述[J]. 计算机研究与发展, 2022, 59(5):994-1014.
	LIU Qixu, CHEN Yanhui, NI Jieshuo, et al. Survey of Machine Learning-Based Intrusion Detection in Industrial Internet[J]. Journal of Computer Research and Development, 2022, 59(5):994-1014.
[3]	杨秀璋, 彭国军, 李子川, 等. 基于Bert和BiLSTM-CRF的APT攻击实体识别及对齐研究[J]. 通信学报, 2022, 43(6):58-70. doi: 10.11959/j.issn.1000-436x.2022116
	YANG Xiuzhang, PENG Guojun, LI Zichuan, et al. APT Attack Entity Recognition and Alignment Research Based on Bert and BiLSTM-CRF[J]. Journal of Communications, 2022, 43(6):58-70. doi: 10.11959/j.issn.1000-436x.2022116
[4]	SHANG L, GUO D, JI Y, et al. Discovering Unknown Advanced Persistent Threat Using Shared Features Mined by Neural Networks[J]. Computer Networks, 2021, 189:107937. doi: 10.1016/j.comnet.2021.107937
[5]	CHO D X, MAI D H. A Novel Approach for APT Attack Detection Based on Combined Deep Learning Model[J]. Neural Computing and Applications, 2021, 33(20):13251-13264. doi: 10.1007/s00521-021-05952-5
[6]	ABDULLAYEVA F J. Advanced Persistent Threat Attack Detection Method in Cloud Computing Based on Autoencoder and Softmax Regression Algorithm[J]. Array, 2021, 10:100067. doi: 10.1016/j.array.2021.100067
[7]	GILMAN E, BARTH D. Zero Trust Networks:Building Security System in Untrusted Network[M]. Beijing: Posts and Telecommunications Press, 2019:1-2.
[8]	NIST Special Publication 800-207. Zero Trust Architecture(2020)[R/OL].[2020-08-16].https://doi.org/10.6028/NIST.SP.800-207.
[9]	CHEN B, QIAO S, ZHAO J, et al. A Security Awareness and Protection System for 5G Smart Healthcare Based on Zero-Trust Architecture[J]. IEEE Internet of Things Journal, 2020, 8(13):10248-10263. doi: 10.1109/JIOT.2020.3041042
[10]	ZHANG X, CHEN L, FAN J, et al. Power IoT Security Protection Architecture Based on Zero Trust Framework[C]// 2021 IEEE 5th International Conference on Cryptography,Security and Privacy (CSP).Piscataway:IEEE, 2021:166-170.
[11]	MALIHA S, AFRIDA H, FABIHA L, et al. Towards Developing a Secure Medical Image Sharing System Based on Zero Trust Principles and Blockchain Technology[J]. BMC Medical Informatics and Decision Making, 2020, 20(1):1-10. doi: 10.1186/s12911-019-1002-x
[12]	滕金保, 孔韦韦, 田乔鑫, 等. 基于CNN和LSTM的多通道注意力机制文本分类模型[J]. 计算机工程与应用, 2021, 57(23):154-162. doi: 10.3778/j.issn.1002-8331.2104-0212
	TENG Jinbao, KONG Weiwei, TIAN Qiaoxin, et al. Multi-Channel Attention Mechanism Text Classification Model Based on CNN and LSTM[J]. Computer Engineering and Applications, 2021, 57(23):154-162. doi: 10.3778/j.issn.1002-8331.2104-0212
[13]	XIE J, YU F R, HUANG T, et al. A Survey on the Scalability of Blockchain Systems[J]. IEEE Network, 2019, 33(5):166-173. doi: 10.1109/MNET.001.1800290
[14]	MENG T, ZHAO Y, WOLTER K, et al. On Consortium Blockchain Consistency:A Queueing Network Model Approach[J]. IEEE Transactions on Parallel and Distributed Systems, 2021, 32(6):1369-1382. doi: 10.1109/TPDS.71
[15]	NAKAMOTO S. Bitcoin:A Peer-to-Peer Electronic Cash System[J]. Decentralized Business Review, 2008:21260.
[16]	何国锋. 零信任安全架构在5G云网中应用防护的研究[J]. 电信科学, 2020, 36(12):123-132. doi: 10.11959/j.issn.1000-0801.2020325
	HE Guofeng. Research on Application Protection of Zero Trust Security Architecture in 5G Cloud Network[J]. Telecommunication Science, 2020, 36(12):123-132. doi: 10.11959/j.issn.1000-0801.2020325
[17]	于洁潇, 于丽莹, 杨挺. 基于区块链的电力物联终端信任共识方法[J]. 电力系统自动化, 2021, 45(17):1-10.
	YU Jiexiao, YU Liying, YANG Ting. Blockchain-Based Terminal Trust Consensus Method for Power Things[J]. Automation of Electric Power Systems, 2021, 45(17):1-10.
[18]	JOSANG A, ISMAIL R. The beta reputation system[C]// Proceedings of the 15th Bled electronic commerce conference. Bled: Bled electronic commerce conference, 2002:2502-2511.
[19]	亓法欣, 童向荣, 于雷. 基于强化学习DQN的智能体信任增强[J]. 计算机研究与发展, 2020, 57(6):1227-1238.
	QI Faxin, TONG Xiangrong, YU Lei. Agent Trust Enhancement Based on Reinforcement learning DQN[J]. Journal of Computer Research and Development, 2020, 57(6):1227-1238.
[20]	谢丽霞, 魏瑞炘. 一种面向物联网节点的综合信任度评估模型[J]. 西安电子科技大学学报, 2019, 46(4):58-65.
	XIE Lixia, WEI Ruixin. Comprehensive Trust Evaluation Model for Internet of Things Nodes[J]. Journal of Xidian University, 2019, 46(4):58-65.
[21]	GLASSER J, LINDAUER B. Bridging the Gap:A Pragmatic Approach to Generating Insider Threat Data[C]// 2013 IEEE Security and Privacy Workshops.Piscataway:IEEE, 2013:98-104.
[22]	杨宏宇, 曾仁韵. 一种深度学习的网络安全态势评估方法[J]. 西安电子科技大学学报, 2021, 48(1):83-190.
	YANG Hongyu, ZENG Renyun. Network Security Situation Assessment Method Based on Deep Learning[J]. Journal of Xidian University, 2021, 48(1):83-190.

方法	零信任引入	信任因素收集	信任评估	检测数据源
文献[4]	不支持	中心化收集	不支持	APT流量
文献[5]	不支持	不支持	不支持	网络流量
文献[6]	不支持	不支持	不支持	用户行为
文献[9]	支持	中心化收集	动态	主体行为
文献[10]	支持	中心化收集	静态	用户行为
文献[11]	支持	不支持	静态	用户行为
文中模型	支持	分布式实时收集	动态	终端行为

文件名称	描述	数据量
logon.csv	用户登录/退出时间	854 859
device.csv	用户移动设备使用日志	405 380
file.csv	用户文件操作日志	445 581
email.csv	用户电子邮件日志	2 629 979
http.csv	用户网页访问日志	28 434 423

分类器	P	R	F₁
RNN	56.59	58.75	57.65
LSTM	91.30	92.67	91.98

参数	描述	预设值
T	仿真轮数	60
N	工业互联网终端数量	1 000
m	失陷终端比例	30%
δ	信任门限值	0.5