高级持续性威胁攻击下多域互操作动态访问控制算法

doi:10.13229/j.cnki.jdxbgxb.20230985

摘要/Abstract

摘要：

为了减小高级持续性威胁（APT）攻击对网络造成的损失，提高网络运行的安全性，对网络中的访问展开控制，提出了APT攻击下多域互操作动态访问控制算法/。首先，基于Petri网构建APT攻击模型；其次，通过对APT攻击下网络中各域的信任经验、信任知识与信任推荐展开计算，获得各域的信任值；最后，基于域信任值计算域信任等级，根据等级分配给该域对应角色的访问权限，完成多域互操作动态访问控制。实验结果表明：该算法的控制效率高、控制性能好。

关键词: APT攻击, 多域互操作, 信任评价, 基于角色的访问控制, 动态访问

Abstract:

In order to reduce the losses caused by APT attacks on the network and improve the security of network operation， it is necessary to control access in the network. A dynamic access control algorithm for multi domain interoperability under APT attacks is proposed. Firstly， an APT attack model is constructed based on Petri nets； Secondly， by calculating the trust experience， knowledge， and recommendations of each domain in the network under APT attacks， the trust values of each domain are obtained； Finally， the domain trust level is calculated based on the domain trust value， and the access permissions assigned to the corresponding roles in the domain according to the level are used to complete dynamic access control for multi domain interoperability. The experimental results show that the algorithm has high control efficiency and good control performance.

Key words: APT attack, multi domain interoperability, trust evaluation, role based access control, dynamic access

中图分类号:

TP391

胡尧,涂碧波. 高级持续性威胁攻击下多域互操作动态访问控制算法[J]. 吉林大学学报(工学版), 2024, 54(12): 3620-3625.

Yao HU,Bi-bo TU. Dynamic access control algorithms for multi domain interoperability under advanced persistent threat attacks[J]. Journal of Jilin University(Engineering and Technology Edition), 2024, 54(12): 3620-3625.

图/表 3

图1

图2

表1

参考文献 15

1	梁若舟,高跃,赵曦滨.基于序列特征提取的溯源图上APT攻击检测方法[J].中国科学: 信息科学,2022, 52(8): 1463-1480.
	Liang Ruo-zhou, Gao Yue, Zhao Xi-bin. Sequence feature extraction-based APT attack detection method with provenance graphs [J]. Scientia Sinica(Informationis), 2022, 5(8): 1463-1480.
2	胡斌,赵晓芳,宋永浩,等.基于合约的Web服务个性化访问控制方法[J].高技术通讯,2021,31(9):901-909.
	Hu Bin, Zhao Xiao-fang, Song Yong-hao, et al. A smart contract based personalized access control method towards Web service [J]. Chinese High Technology Letters, 2021,31 (9): 901-909.
3	徐俊伟,袁景凌,向广利.可更新属性的链上数据访问控制方法[J].小型微型计算机系统,2023,44(2):429-434.
	Xu Jun-wei, Yuan Jing-ling, Xiang Guang-li. Data access control based on updatable attributes encryption[J]. Journal of Chinese Computer Systems, 2023,44(2): 429-434.
4	葛丽娜,胡雨谷,张桂芬,等.云计算环境基于客体属性匹配的逆向混合访问控制方案[J].计算机应用,2021,41(6):1604-1610.
	Ge Li-na, Hu Yu-gu, Zhang Gui-fen, et al. Reverse hybrid access control scheme based on object attribute matching in cloud computing environment [J]. Journal of Computer Applications, 2021,41(6): 1604-1610.
5	王思源,邹仕洪.多域物联网中基于区块链和权能的访问控制机制[J].应用科学学报, 2021, 39(1): 55-69.
	Wang Si-yuan, Zou Shi-hong. Blockchain and capability based access control mechanism in multi-domain IoT [J]. Journal of Applied Sciences, 2021,39(1): 55-69.
6	吕杨琦,王张宜,杨秀璋,等.基于特征功能函数的APT样本分类方法[J].郑州大学学报: 理学版,2023, 55(2): 10-17, 24.
	Lv Yang-qi, Wang Zhang-yi, Yang Xiu-zhang, et al. A novel APT malware classification method based on feature function code[J]. Journal of Zhengzhou University(Natural Science Edition), 2023,55(2): 10-17, 24
7	李宏仲,郭相辰.基于Petri网的配电网信息物理系统可靠性评估[J].电网技术,2023,47(1):347-359.
	Li Hong-zhong, Guo Xiang-chen. Reliability evaluation of cyber-physical system of distribution network based on petri net[J]. Power System Technology, 2023,47(1): 347-359.
8	建威,付保川,吴征天,等.基于区块链的多域微电网电力市场动态博弈[J].控制工程,2022,29(8):1505-1513.
	Jian Wei, Fu Bao-chuan, Wu Zheng-tian, et al. Dynamic game of multi-domain microgrid power market based on blockchain[J]. Control Engineering of China, 2022,29(8): 1505-1513.
9	李纲,张铎,完颜亚茹,等.基于信任度的农资营销社会网络中关键农民选取及应用[J].管理评论,2021,33(9): 155-168.
	Li Gang, Zhang Duo, Ya-ru Wanyan.A study on key farmers' selection and application based on trust in agricultural materials products marketing[J].Management Review,2021,33(9):155-168.
10	张槟淇,任丽芳,王文剑.融合信任隐性影响和信任度的推荐模型[J].模式识别与人工智能,2022,35(4):374-385.
	Zhang Bing-qi, Ren Li-fang, Wang Wen-jian. Recommendation model combining implicit influence of trust with trust degree[J]. Pattern Recognition and Artificial Intelligence, 2022,35 (4): 374-385.
11	徐选华,刘尚龙.社会网络环境下基于“信任—知识”模型的风险性大群体应急决策方法[J].运筹与管理,2021,30(2):31-38.
	Xu Xuan-hua, Liu Shang-long. Large group risky emergency decision-making method based on trust-knowledge model in social network environment [J]. Operations Research and Management Science, 2021,30(2): 31-38.
12	徐上上,孙福振,王绍卿,等.基于图神经网络的异构信任推荐算法[J].计算机工程,2022,48(9):89-95, 104.
	Xu Shang-shang, Sun Fu-zhen, Wang Shao-qing, et al. Heterogeneous trust recommendation algorithm based on graph neural networks[J]. Computer Engineering, 2022,48(9): 89-95, 104.
13	戴波,赖旬阳,胡凯,等.基于多角色节点的区块链可扩展方案研究与设计[J].浙江工业大学学报,2021,49(5):487-493.
	Dai Bo, Lai Xun-yang, Hu Kai, et al. Research and design of scalable blockchain scheme based on multi-role nodes[J]. Journal of Zhejiang University of Technology, 2021,49(5): 487-493.
14	刘敖迪,杜学绘,王娜,等.基于访问控制日志的访问控制策略生成方法[J].电子与信息学报,2022,44(1):324-331.
	Liu Ao-di, Du Xue-hui, Wang Na, et al. Access control policy generation method based on access control logs [J]. Journal of Electronics & Information Technology, 2022,44(1): 324-331.
15	刘炜,盛朝阳,佘维,等.基于智能合约的分类分级属性访问控制方法[J].计算机应用研究,2022,39(5):1313-1318.
	Liu Wei, Sheng Chao-yang, She Wei, et al. Classified and hierarchical attribute access control method based on smart contract[J]. Application Research of Computers, 2022, 39(5): 1313-1318.

相关文章 15

[1]	易晓宇,易绵竹. 基于兴趣信息深度融合的网络图书资源推荐[J]. 吉林大学学报(工学版), 2024, 54(12): 3614-3619.
[2]	程鑫,刘升贤,周经美,周洲,赵祥模. 融合密集连接和高斯距离的三维目标检测算法[J]. 吉林大学学报(工学版), 2024, 54(12): 3589-3600.
[3]	拉巴顿珠,扎西多吉,珠杰. 藏语文本标准化方法[J]. 吉林大学学报(工学版), 2024, 54(12): 3577-3588.
[4]	刘俊杰,董佳怡,杨勇,刘丹,曲福恒,吕彦昌. 基于HM-OLS逐步回归模型的学生网络学习成绩关联因素分析[J]. 吉林大学学报(工学版), 2024, 54(12): 3755-3762.
[5]	苏育挺,景梦瑶,井佩光,刘先燚. 基于光度立体和深度学习的电池缺陷检测方法[J]. 吉林大学学报(工学版), 2024, 54(12): 3653-3659.
[6]	王法胜,贺冰,孙福明,周慧. 自适应内容感知空间正则化相关滤波跟踪算法[J]. 吉林大学学报(工学版), 2024, 54(10): 3037-3049.
[7]	周丰丰,于涛,范雨思. 基于质谱数据的生成对抗自编码器整合投票算法[J]. 吉林大学学报(工学版), 2024, 54(10): 2969-2977.
[8]	李路,宋均琦,朱明,谭鹤群,周玉凡,孙超奇,周铖钰. 基于RGHS图像增强和改进YOLOv5网络的黄颡鱼目标提取[J]. 吉林大学学报(工学版), 2024, 54(9): 2638-2645.
[9]	赵宏伟,武鸿,马克,李海. 基于知识蒸馏的图像分类框架[J]. 吉林大学学报(工学版), 2024, 54(8): 2307-2312.
[10]	赖丹晖,罗伟峰,袁旭东,邱子良. 复杂环境下多模态手势关键点特征提取算法[J]. 吉林大学学报(工学版), 2024, 54(8): 2288-2294.
[11]	特木尔朝鲁朝鲁,张亚萍. 基于卷积神经网络的无线传感器网络链路异常检测算法[J]. 吉林大学学报(工学版), 2024, 54(8): 2295-2300.
[12]	朱圣杰,王宣,徐芳,彭佳琦,王远超. 机载广域遥感图像的尺度归一化目标检测方法[J]. 吉林大学学报(工学版), 2024, 54(8): 2329-2337.
[13]	张良力,马晓凤. 基于改进粒子群算法的新能源汽车充电站选址方法[J]. 吉林大学学报(工学版), 2024, 54(8): 2275-2281.
[14]	郭昕刚,程超,沈紫琪. 基于卷积网络注意力机制的人脸表情识别[J]. 吉林大学学报(工学版), 2024, 54(8): 2319-2328.
[15]	才华,寇婷婷,杨依宁,马智勇,王伟刚,孙俊喜. 基于轨迹优化的三维车辆多目标跟踪[J]. 吉林大学学报(工学版), 2024, 54(8): 2338-2347.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

访问域数量/个	本文算法	文献［3］算法	文献［4］算法
2	0.6	1.1	1.5
4	0.9	1.5	1.9
6	1.1	1.7	2.5
8	1.2	2.0	3.0
10	1.4	2.3	3.2
12	1.6	2.4	3.7
14	1.7	2.7	4.3
16	2.0	3.1	4.8
18	2.1	3.3	5.2
20	2.3	3.7	5.7