民航空管信息系统用户多因子持续身份可信认证方法研究

doi:10.3969/j.issn.1671-1122.2024.11.003

摘要/Abstract

摘要：

随着网络安全威胁不断演变，传统身份认证方法面临着日益严峻的挑战。文章以民航空管信息系统为应用背景，提出一种多因子身份可信持续认证方法。该方法包含两个阶段，第一阶段为登录时多因子身份可信认证，第二阶段为登录后多因子行为特征持续身份可信认证。在第二阶段持续认证中采用统计特征法和机器学习模型，增强对用户行为模式的实时监测和分析能力，提高异常行为检测的准确性。文章通过实验验证了多因子行为特征持续身份可信认证在单点异常和上下文异常场景下的有效性，证明了其在身份认证领域的可靠性和实用性。实验结果表明，该方法在提高系统安全性和降低被破解风险方面具有一定的优势。

关键词: 民航空管, 多因子行为特征, 持续身份认证, 异常检测, 机器学习

Abstract:

As cybersecurity threats continue to evolve, traditional identity authentication methods face increasingly severe challenges. This paper proposed an innovative strategy for multi-factor continuous trustworthy identity authentication to address the growing complexity of security threats. The strategy included multi-factor authentication during the first stage login and multi-factor behavior characteristics continuous authentication after the second stage login. In the second stage of continuous authentication, statistical feature method and machine learning model were used to enhance the real-time monitoring and analysised of user behavior patterns, and improved the accuracy of abnormal behavior detection. Finally, the paper validated the effectiveness of the proposed continuous multi-factor behavioral characteristic-based trustworthy identity authentication through experiments under single-point anomaly and contextual anomaly scenarios, demonstrating its reliability and practicality in the field of identity authentication. The experimental results indicate that this method offers certain advantages in enhancing system security and reducing the risk of compromise.

Key words: air traffic control, multi-factor behavioral characteristics, continuous identity authentication, anomaly detection, machine learning

中图分类号:

TP309

陈宝刚, 张毅, 晏松. 民航空管信息系统用户多因子持续身份可信认证方法研究[J]. 信息网络安全, 2024, 24(11): 1632-1642.

CHEN Baogang, ZHANG Yi, YAN Song. Research on Multi-Factor Continuous Trustworthy Identity Authentication for Users in Civil Aviation Air Traffic Control Operational Information Systems[J]. Netinfo Security, 2024, 24(11): 1632-1642.

图/表 16

图1

图2

图3

表1

图4

图5

图6

表2

图7

表3

表4

表5

表6

图8

表7

表8

参考文献 32

[1]	International Civil Aviation Organization. CYBERSECURITY ACTION PLAN-Second Edition[EB/OL]. [2024-05-11]. https://www.icao.int/aviationcybersecurity/Documents/CYBERSECURITY ACTION PLAN-Second edition.EN.pdf.
[2]	XU Dandan, LI Peiyu, ZHANG Shiqian, et al. Research on Multi-Factor Authentication Method in Unified Identity Authentication System[J]. Journal of Fuzhou University(Natural Science Edition), 2023, 51(5): 616-620.
	许丹丹, 李沛谕, 张世倩, 等. 统一身份认证系统中的多因子身份认证方法[J]. 福州大学学报(自然科学版), 2023, 51(5):616-620.
[3]	OMETOV A, BEZZATEEV S, MÄKITALO N, et al. Multi-Factor Authentication: A Survey[J]. Cryptography, 2018, 2(1): 1-31.
[4]	ZHANG Meng, YIN Qiqi. Research Progress of Static Password Authentication Technology[J]. Cyberspace Security, 2018, 9(7): 11-14.
	张猛, 尹其其. 静态口令认证技术研究进展[J]. 网络空间安全, 2018, 9(7):11-14.
[5]	ZHAO Zhihui, LI Xinshe. Research on Password-Based Identity Authentication System[J]. Network Security Technology & Application, 2009(4): 18-19.
	赵志辉, 李新社. 基于口令的身份认证系统研究[J]. 网络安全技术与应用, 2009(4):18-19.
[6]	YOU Lin. A Survey on Biometric Cryptographic Technology[J]. Journal of Hangzhou Dianzi University(Natural Sciences), 2015, 35(3): 1-17.
	游林. 生物特征密码技术综述[J]. 杭州电子科技大学学报(自然科学版), 2015, 35(3):1-17.
[7]	LI Fujuan, MA Zhuo, WANG Qun. Survey on Identity Management in Blockchain Systems[J]. Computer Engineering and Applications, 2024, 60(1): 57-73. doi: 10.3778/j.issn.1002-8331.2302-0189
	李馥娟, 马卓, 王群. 区块链系统身份管理机制研究综述[J]. 计算机工程与应用, 2024, 60(1):57-73. doi: 10.3778/j.issn.1002-8331.2302-0189
[8]	ZHAO Liang, MAO Bing, XIE Li. Survey of Acess Control[J]. Computer Engineering, 2004, 30(2): 1-2.
	赵亮, 茅兵, 谢立. 访问控制研究综述[J]. 计算机工程, 2004, 30(2):1-2.
[9]	LIU Long, CHEN Jianbin, XUE Ruisi. Research and Design of Data Permission Management[J]. Value Engineering, 2013, 32(31): 215-216.
	刘龙, 陈建斌, 薛锐思. 数据权限管理的研究和设计[J]. 价值工程, 2013, 32(31):215-216.
[10]	POTTIER F, SKALKA C, SMITH S. A Systematic Approach to Static Access Control[J]. ACM Transactions on Programming Languages and Systems, 2005, 27(2): 344-382.
[11]	CHEN T S, CHUNG J Y, TIAN Changsi, et al. A Novel Key Management Scheme for Dynamic Access Control in a User Hierarchy[J]. Applied Mathematics and Computation, 2005, 162(1): 339-351.
[12]	YU Jiang, SU Jinhai, ZHANG Yongfu. Design and Analysis of USB-Key Based Strong Password Authentication Scheme[J]. Journal of Computer Applications, 2011, 31(2): 511-513.
	于江, 苏锦海, 张永福. 基于USB-Key的强口令认证方案设计与分析[J]. 计算机应用, 2011, 31(2):511-513.
[13]	KRIEGEL H P, KRÖGER P, ZIMEK A. Outlier Detection Techniques[J]. Tutorial at KDD, 2010, 10: 1-76.
[14]	LAI K H, ZHA Daochen, WANG Guanchu, et al. TODS: An Automated Time Series Outlier Detection System[EB/OL]. [2024-05-22]. https://www.xueshufan.com/publication/3175611124.
[15]	SIEGMUND D. Error Probabilities and Average Sample Number of the Sequential Probability Ratio Test[J]. Journal of the Royal Statistical Society Series B: Statistical Methodology, 1975, 37(3): 394-401.
[16]	GOLDSTEIN M, DENGEL A. Histogram-Based Outlier Score(hbos): A Fast Unsupervised Anomaly Detection Algorithm[J]. KI-2012: Poster and Demo Track, 2012, 1: 59-63.
[17]	BOUKERCHE A, ZHENG Lining, ALFANDI O. Outlier Detection: Methods, Models, and Classification[J]. ACM Computing Surveys, 2020, 53(3): 1-37.
[18]	WALFISH S. A Review of Statistical Outlier Methods[J]. Pharmaceutical Technology, 2006, 30(11): 82-86.
[19]	GU Xiaoyi, AKOGLU L, RINALDO A. Statistical Analysis of Nearest Neighbor Methods for Anomaly Detection[EB/OL]. (2019-07-08)[2024-05-22]. https://arxiv.org/abs/1907.03813v1.
[20]	BREUNIG M M, KRIEGEL H P, NG R T, et al. LOF: Identifying Density-Based Local Outliers[C]//ACM. The 2000 ACM SIGMOD International Conference on Management of Data. New York: ACM, 2000: 93-104.
[21]	LIU F T, TINGKaiming, ZHOU Zhihua. Isolation Forest[C]//IEEE. 2008 8th IEEE International Conference on Data Mining. New York: IEEE, 2008: 413-422.
[22]	SHYU M L, CHEN S C, SARINNAPAKORN K, et al. A Novel Anomaly Detection Scheme Based on Principal Component Classifier[C]//IEEE. The IEEE Foundations and New Directions of Data Mining Workshop. New York: IEEE, 2003: 172-179.
[23]	RUMELHART D E, HINTON G E, WILLIAMS R J. Learning Representations by Back-Propagating Errors[J]. Nature, 1986, 323: 533-536.
[24]	HINTON G E, OSINDERO S, TEH Y W. A Fast Learning Algorithm for Deep Belief Nets[J]. Neural Computation, 2006, 18(7): 1527-1554. doi: 10.1162/neco.2006.18.7.1527 pmid: 16764513
[25]	BREIMAN L. Random Forests[J]. Machine Learning, 2001, 45: 5-32.
[26]	FRIEDMAN J H. Greedy Function Approximation: A Gradient Boosting Machine[J]. The Annals of Statistics, 2001, 29(5): 1189-1232.
[27]	GEURTS P, ERNST D, WEHENKEL L. Extremely Randomized Trees[J]. Machine Learning, 2006, 63(1): 3-42.
[28]	FREUND Y, SCHAPIRE R E. Experiments with a New Boosting Algorithm[C]//ACM. 13th International Conference on International Conference on Machine Learning. New York: ACM, 1996: 148-156.
[29]	ZHANG H. The Optimality of Naive Bayes[EB/OL]. [2024-05-22]. https://aaai.org/papers/flairs-2004-097/.
[30]	RENNIE J D M, SHIH L, TEEVAN J, et al. Tackling the Poor Assumptions of Naive Bayes Text Classifiers[EB/OL]. [2024-05-22]. https://www.semanticscholar.org/paper/Tackling-the-Poor-Assumptions-of-Naive-Bayes-Text-Rennie-Shih/b7fab2f72ebbf4e98def1daf8c29ffcfe91183bf.
[31]	MANNING C D, RAGHAVAN P, SCHÜTZE H. Introduction to Information Retrieval[M]. Cambridge: Cambridge University Press, 2008.
[32]	METSIS V, ANDROUTSOPOULOS I, PALIOURAS G. Spam Filtering with Naive Bayes-which Naive Bayes?[EB/OL]. [2024-05-22]. http://pdfs.semanticscholar.org/39a8/0339844a27e63a2b82ae4f8eb964da787172.pdf.

字段	数据类型	数据类别	数据值
操作发起时间	时间戳	连续数据	—
用户ID	整型	有限离散无级	—
用户权限	整型	有限离散有级	—
操作类型	字符串	有限离散无级	删除、浏览、更新、下载、上传
操作结果	字符串	有限离散无级	成功、权限不足、连接超时、用户主动终止
某次操作消耗的流量	整型	连续数据	—
标签	整型	标签数据	0表示正常，1表示异常

算法类别	算法名称	异常识别率	异常误报率	AUC
统计特征法	3 sigma	31.05%	0	—
	Z-score	38.73%	0.94%	—
	Box-plot	33.87%	0	—
机器学习法	KNN	40.51%	5.21%	60.53%
	LOF	32.63%	9.17%	65.75%
	iForest	64.70%	7.52%	89.19%
	PCA	47.23%	8.62%	60.94%
	AutoEncoder	43.22%	8.63%	87.26%

算法	特征工程	阈值	异常识别率	异常误报率
3 sigma	全流量	—	12.25%	0
3 sigma	分组流量	—	31.05%	0
Z-score	全流量	1	34.59%	11.06%
		3	12.25%	0
		5	8.66%	0
		7	6.96%	0
		9	4.86%	0
	分组流量	1	38.73%	8.02%
		3	31.05%	0
		5	19.01%	0
		7	10.23%	0
		9	3.73%	0
Box-plot	全流量	—	33.87%	10.80%
Box-plot	分组流量	—	32.72%	0

方法	流量分组	超参数		异常识别率	异常误报率	AUC
KNN	全流量	邻近点	10	35.57%	8.67%	60.21%
			30	31.27%	9.20%	59.46%
			50	29.82%	9.12%	58.61%
			70	29.59%	8.96%	58.11%
			90	29.81%	9.14%	58.40%
	分组流量		10	39.57%	5.21%	60.53%
			30	39.12%	5.44%	60.23%
			50	40.51%	6.83%	58.90%
			70	40.11%	6.61%	57.98%
			90	39.97%	7.14%	57.97%
LOF	全流量		250	26.70%	9.39%	61.50%
			500	32.63%	9.17%	65.75%
			1000	32.28%	9.19%	65.09%
			1500	32.28%	9.19%	64.70%
			2000	32.47%	9.18%	64.48%
	分组流量		250	32.13%	9.19%	64.50%
			500	31.50%	9.22%	63.67%
			1000	28.04%	9.34%	61.20%
			1500	23.62%	9.50%	56.90%
			2000	22.77%	9.53%	58.73%
iForest	全流量	决策树数量	50	52.01%	8.43%	84.83%
			100	48.95%	8.50%	83.16%
			150	56.19%	8.30%	84.53%
			200	58.20%	8.22%	85.32%
			250	57.21%	8.27%	84.37%
	分组流量		50	64.67%	7.52%	88.13%
			100	64.70%	7.84%	88.66%
			150	64.19%	7.77%	88.34%
			200	64.49%	7.71%	89.19%
			250	64.68%	7.74%	88.92%
PCA	全流量	—		31.97%	9.20%	75.26%
PCA	分组流量	—		47.23%	8.62%	60.94%
AutoEncoder	全流量	—		29.03%	9.31%	76.20%
AutoEncoder	分组流量	—		43.22%	8.63%	87.26%

方法类别	方法	训练时间/s	推理时间/s
统计特征法	3 sigma	—	0.0100
	Z-score	—	0.0035
	Box-plot	—	0.0081
机器学习法	KNN	1.1938	51.9755
	LOF	33.0393	189.0263
	iForest	2.1232	3.5186
	PCA	0.0305	0.0174
	AutoEncoder	2149.9862	15.4997