工业互联网中抗APT窃取身份的零信任动态认证  

作　　者：安宇航 冯景瑜[1] 庹善德 翟天旭 任柯岩 An Yuhang;Feng Jingyu;Tuo Shande;Zhai Tianxu;Ren Keyan(School of Cyberspace Security,Xi’an University of Posts and Telecommunications,Xi’an 710121;China Municipal Engineering Zhongnan Design and Research Institute Co.,Ltd.,Shanghai 200122)

机构地区：[1]西安邮电大学网络空间安全学院,西安710121 [2]中国市政工程中南设计研究总院有限公司,上海200122

出　　处：《信息安全研究》2024年第10期928-936,共9页Journal of Information Security Research

基　　金：陕西省重点研发计划项目(2024GX-YBXM-076)。

摘　　要：新一代信息技术与工业系统深度融合,提升了工业控制系统和工业设备网络的连接性,使得工业互联网成为APT攻击的重点目标.针对现有偏向于静态认证的方法难以识别APT攻击者控制内部失陷终端获取的“傀儡身份”,进而造成敏感数据泄露的问题,提出一种面向工业互联网的零信任动态认证方案.融合CNN-BiLSTM构建混合神经网络,利用其时序特性设计行为因子预测模型.通过多个残差块组成的深度卷积网络提取特征,双向长短时记忆网络(bidirectional long short-term memory,BiLSTM)进行时间序列分析,生成对主体的行为因子预测,作为零信任动态认证重要凭据.为快速识别“傀儡身份”,融入行为因子设计IPK-SPA动态认证机制.利用轻量级标识公钥技术适应工业互联网海量末梢,借助零信任单包授权技术隐藏工控网络边界.安全性分析和实验结果表明,提出的动态认证方案具有较好的“傀儡身份”识别能力,有助于抗击工业互联网环境下因APT攻击者窃取身份导致的数据窃密威胁.The deep integration of new-generation information technology and industrial systems has improved the connectivity of industrial control systems and industrial equipment networks,making the industrial Internet a key target for APT attacks.In view of the problem that existing methods that prefer static authentication make it difficult to identify the“puppet identity”obtained by APT attackers controlling internal compromised terminals,thereby causing sensitive data leakage,a zero-trust dynamic authentication solution for the industrial Internet is proposed.Fusion of CNN-BiLSTM to build a hybrid neural network,and use its time series characteristics to design a behavioral factor prediction model.Features are extracted through a deep convolutional network composed of multiple residual blocks,and a two-way long short-term memory network performs time series analysis to generate behavioral factor predictions for the subject,which serve as important credentials for zero-trust dynamic authentication.In order to quickly identify the“puppet identity”,the IPK-SPA dynamic authentication mechanism is designed by incorporating behavioral factors.Use lightweight identification public key technology to adapt to the massive number of terminals in the industrial Internet,and use zero-trust single-package authorization technology to hide the boundaries of industrial control networks.Security analysis and experimental results show that the proposed dynamic authentication scheme has better“puppet identity”identification capabilities and is helpful in combating the threat of data theft caused by APT identity compromise in the industrial Internet environment.

关 键 词：工业互联网 APT攻击 零信任 动态认证 CNN-BiLSTM 

分 类 号：TP393.0[自动化与计算机技术—计算机应用技术]