信息安全研究2024,Vol.10Issue(10):928-936,9.DOI:10.12379/j.issn.2096-1057.2024.10.06
工业互联网中抗APT窃取身份的零信任动态认证
Zero-trust Dynamic Authentication to Resist APi Identity Compromise in the Industrial Internet
摘要
Abstract
The deep integration of new-generation information technology and industrial systems has improved the connectivity of industrial control systems and industrial equipment networks,making the industrial Internet a key target for APT attacks.In view of the problem that existing methods that prefer static authentication make it difficult to identify the"puppet identity"obtained by APT attackers controlling internal compromised terminals,thereby causing sensitive data leakage,a zero-trust dynamic authentication solution for the industrial Internet is proposed.Fusion of CNN-BiLSTM to build a hybrid neural network,and use its time series characteristics to design a behavioral factor prediction model.Features are extracted through a deep convolutional network composed of multiple residual blocks,and a two-way long short-term memory network performs time series analysis to generate behavioral factor predictions for the subject,which serve as important credentials for zero-trust dynamic authentication.In order to quickly identify the"puppet identity",the IPK-SPA dynamic authentication mechanism is designed by incorporating behavioral factors.Use lightweight identification public key technology to adapt to the massive number of terminals in the industrial Internet,and use zero-trust single-package authorization technology to hide the boundaries of industrial control networks.Security analysis and experimental results show that the proposed dynamic authentication scheme has better"puppet identity"identification capabilities and is helpful in combating the threat of data theft caused by APT identity compromise in the industrial Internet environment.关键词
工业互联网/APT攻击/零信任/动态认证/CNN-BiLSTMKey words
industrial Internet/APT attack/zero-trust/dynamic authentication/CNN-BiLSTM分类
信息技术与安全科学引用本文复制引用
安宇航,冯景瑜,庹善德,翟天旭,任柯岩..工业互联网中抗APT窃取身份的零信任动态认证[J].信息安全研究,2024,10(10):928-936,9.基金项目
陕西省重点研发计划项目(2024GX-YBXM-076) (2024GX-YBXM-076)
