Research on Multi-Factor Continuous Trustworthy Identity Authentication for Users in Civil Aviation Air Traffic Control Operational Information Systems

doi:10.3969/j.issn.1671-1122.2024.11.003

Abstract

Abstract:

As cybersecurity threats continue to evolve, traditional identity authentication methods face increasingly severe challenges. This paper proposed an innovative strategy for multi-factor continuous trustworthy identity authentication to address the growing complexity of security threats. The strategy included multi-factor authentication during the first stage login and multi-factor behavior characteristics continuous authentication after the second stage login. In the second stage of continuous authentication, statistical feature method and machine learning model were used to enhance the real-time monitoring and analysised of user behavior patterns, and improved the accuracy of abnormal behavior detection. Finally, the paper validated the effectiveness of the proposed continuous multi-factor behavioral characteristic-based trustworthy identity authentication through experiments under single-point anomaly and contextual anomaly scenarios, demonstrating its reliability and practicality in the field of identity authentication. The experimental results indicate that this method offers certain advantages in enhancing system security and reducing the risk of compromise.

Key words: air traffic control, multi-factor behavioral characteristics, continuous identity authentication, anomaly detection, machine learning

CLC Number:

TP309

CHEN Baogang, ZHANG Yi, YAN Song. Research on Multi-Factor Continuous Trustworthy Identity Authentication for Users in Civil Aviation Air Traffic Control Operational Information Systems[J]. Netinfo Security, 2024, 24(11): 1632-1642.

Figures/Tables 16

References 32

[1]	International Civil Aviation Organization. CYBERSECURITY ACTION PLAN-Second Edition[EB/OL]. [2024-05-11]. https://www.icao.int/aviationcybersecurity/Documents/CYBERSECURITY ACTION PLAN-Second edition.EN.pdf.
[2]	XU Dandan, LI Peiyu, ZHANG Shiqian, et al. Research on Multi-Factor Authentication Method in Unified Identity Authentication System[J]. Journal of Fuzhou University(Natural Science Edition), 2023, 51(5): 616-620.
	许丹丹, 李沛谕, 张世倩, 等. 统一身份认证系统中的多因子身份认证方法[J]. 福州大学学报(自然科学版), 2023, 51(5):616-620.
[3]	OMETOV A, BEZZATEEV S, MÄKITALO N, et al. Multi-Factor Authentication: A Survey[J]. Cryptography, 2018, 2(1): 1-31.
[4]	ZHANG Meng, YIN Qiqi. Research Progress of Static Password Authentication Technology[J]. Cyberspace Security, 2018, 9(7): 11-14.
	张猛, 尹其其. 静态口令认证技术研究进展[J]. 网络空间安全, 2018, 9(7):11-14.
[5]	ZHAO Zhihui, LI Xinshe. Research on Password-Based Identity Authentication System[J]. Network Security Technology & Application, 2009(4): 18-19.
	赵志辉, 李新社. 基于口令的身份认证系统研究[J]. 网络安全技术与应用, 2009(4):18-19.
[6]	YOU Lin. A Survey on Biometric Cryptographic Technology[J]. Journal of Hangzhou Dianzi University(Natural Sciences), 2015, 35(3): 1-17.
	游林. 生物特征密码技术综述[J]. 杭州电子科技大学学报(自然科学版), 2015, 35(3):1-17.
[7]	LI Fujuan, MA Zhuo, WANG Qun. Survey on Identity Management in Blockchain Systems[J]. Computer Engineering and Applications, 2024, 60(1): 57-73. doi: 10.3778/j.issn.1002-8331.2302-0189
	李馥娟, 马卓, 王群. 区块链系统身份管理机制研究综述[J]. 计算机工程与应用, 2024, 60(1):57-73. doi: 10.3778/j.issn.1002-8331.2302-0189
[8]	ZHAO Liang, MAO Bing, XIE Li. Survey of Acess Control[J]. Computer Engineering, 2004, 30(2): 1-2.
	赵亮, 茅兵, 谢立. 访问控制研究综述[J]. 计算机工程, 2004, 30(2):1-2.
[9]	LIU Long, CHEN Jianbin, XUE Ruisi. Research and Design of Data Permission Management[J]. Value Engineering, 2013, 32(31): 215-216.
	刘龙, 陈建斌, 薛锐思. 数据权限管理的研究和设计[J]. 价值工程, 2013, 32(31):215-216.
[10]	POTTIER F, SKALKA C, SMITH S. A Systematic Approach to Static Access Control[J]. ACM Transactions on Programming Languages and Systems, 2005, 27(2): 344-382.
[11]	CHEN T S, CHUNG J Y, TIAN Changsi, et al. A Novel Key Management Scheme for Dynamic Access Control in a User Hierarchy[J]. Applied Mathematics and Computation, 2005, 162(1): 339-351.
[12]	YU Jiang, SU Jinhai, ZHANG Yongfu. Design and Analysis of USB-Key Based Strong Password Authentication Scheme[J]. Journal of Computer Applications, 2011, 31(2): 511-513.
	于江, 苏锦海, 张永福. 基于USB-Key的强口令认证方案设计与分析[J]. 计算机应用, 2011, 31(2):511-513.
[13]	KRIEGEL H P, KRÖGER P, ZIMEK A. Outlier Detection Techniques[J]. Tutorial at KDD, 2010, 10: 1-76.
[14]	LAI K H, ZHA Daochen, WANG Guanchu, et al. TODS: An Automated Time Series Outlier Detection System[EB/OL]. [2024-05-22]. https://www.xueshufan.com/publication/3175611124.
[15]	SIEGMUND D. Error Probabilities and Average Sample Number of the Sequential Probability Ratio Test[J]. Journal of the Royal Statistical Society Series B: Statistical Methodology, 1975, 37(3): 394-401.
[16]	GOLDSTEIN M, DENGEL A. Histogram-Based Outlier Score(hbos): A Fast Unsupervised Anomaly Detection Algorithm[J]. KI-2012: Poster and Demo Track, 2012, 1: 59-63.
[17]	BOUKERCHE A, ZHENG Lining, ALFANDI O. Outlier Detection: Methods, Models, and Classification[J]. ACM Computing Surveys, 2020, 53(3): 1-37.
[18]	WALFISH S. A Review of Statistical Outlier Methods[J]. Pharmaceutical Technology, 2006, 30(11): 82-86.
[19]	GU Xiaoyi, AKOGLU L, RINALDO A. Statistical Analysis of Nearest Neighbor Methods for Anomaly Detection[EB/OL]. (2019-07-08)[2024-05-22]. https://arxiv.org/abs/1907.03813v1.
[20]	BREUNIG M M, KRIEGEL H P, NG R T, et al. LOF: Identifying Density-Based Local Outliers[C]//ACM. The 2000 ACM SIGMOD International Conference on Management of Data. New York: ACM, 2000: 93-104.
[21]	LIU F T, TINGKaiming, ZHOU Zhihua. Isolation Forest[C]//IEEE. 2008 8th IEEE International Conference on Data Mining. New York: IEEE, 2008: 413-422.
[22]	SHYU M L, CHEN S C, SARINNAPAKORN K, et al. A Novel Anomaly Detection Scheme Based on Principal Component Classifier[C]//IEEE. The IEEE Foundations and New Directions of Data Mining Workshop. New York: IEEE, 2003: 172-179.
[23]	RUMELHART D E, HINTON G E, WILLIAMS R J. Learning Representations by Back-Propagating Errors[J]. Nature, 1986, 323: 533-536.
[24]	HINTON G E, OSINDERO S, TEH Y W. A Fast Learning Algorithm for Deep Belief Nets[J]. Neural Computation, 2006, 18(7): 1527-1554. doi: 10.1162/neco.2006.18.7.1527 pmid: 16764513
[25]	BREIMAN L. Random Forests[J]. Machine Learning, 2001, 45: 5-32.
[26]	FRIEDMAN J H. Greedy Function Approximation: A Gradient Boosting Machine[J]. The Annals of Statistics, 2001, 29(5): 1189-1232.
[27]	GEURTS P, ERNST D, WEHENKEL L. Extremely Randomized Trees[J]. Machine Learning, 2006, 63(1): 3-42.
[28]	FREUND Y, SCHAPIRE R E. Experiments with a New Boosting Algorithm[C]//ACM. 13th International Conference on International Conference on Machine Learning. New York: ACM, 1996: 148-156.
[29]	ZHANG H. The Optimality of Naive Bayes[EB/OL]. [2024-05-22]. https://aaai.org/papers/flairs-2004-097/.
[30]	RENNIE J D M, SHIH L, TEEVAN J, et al. Tackling the Poor Assumptions of Naive Bayes Text Classifiers[EB/OL]. [2024-05-22]. https://www.semanticscholar.org/paper/Tackling-the-Poor-Assumptions-of-Naive-Bayes-Text-Rennie-Shih/b7fab2f72ebbf4e98def1daf8c29ffcfe91183bf.
[31]	MANNING C D, RAGHAVAN P, SCHÜTZE H. Introduction to Information Retrieval[M]. Cambridge: Cambridge University Press, 2008.
[32]	METSIS V, ANDROUTSOPOULOS I, PALIOURAS G. Spam Filtering with Naive Bayes-which Naive Bayes?[EB/OL]. [2024-05-22]. http://pdfs.semanticscholar.org/39a8/0339844a27e63a2b82ae4f8eb964da787172.pdf.

字段	数据类型	数据类别	数据值
操作发起时间	时间戳	连续数据	—
用户ID	整型	有限离散无级	—
用户权限	整型	有限离散有级	—
操作类型	字符串	有限离散无级	删除、浏览、更新、下载、上传
操作结果	字符串	有限离散无级	成功、权限不足、连接超时、用户主动终止
某次操作消耗的流量	整型	连续数据	—
标签	整型	标签数据	0表示正常，1表示异常

算法类别	算法名称	异常识别率	异常误报率	AUC
统计特征法	3 sigma	31.05%	0	—
	Z-score	38.73%	0.94%	—
	Box-plot	33.87%	0	—
机器学习法	KNN	40.51%	5.21%	60.53%
	LOF	32.63%	9.17%	65.75%
	iForest	64.70%	7.52%	89.19%
	PCA	47.23%	8.62%	60.94%
	AutoEncoder	43.22%	8.63%	87.26%

算法	特征工程	阈值	异常识别率	异常误报率
3 sigma	全流量	—	12.25%	0
3 sigma	分组流量	—	31.05%	0
Z-score	全流量	1	34.59%	11.06%
		3	12.25%	0
		5	8.66%	0
		7	6.96%	0
		9	4.86%	0
	分组流量	1	38.73%	8.02%
		3	31.05%	0
		5	19.01%	0
		7	10.23%	0
		9	3.73%	0
Box-plot	全流量	—	33.87%	10.80%
Box-plot	分组流量	—	32.72%	0

方法	流量分组	超参数		异常识别率	异常误报率	AUC
KNN	全流量	邻近点	10	35.57%	8.67%	60.21%
			30	31.27%	9.20%	59.46%
			50	29.82%	9.12%	58.61%
			70	29.59%	8.96%	58.11%
			90	29.81%	9.14%	58.40%
	分组流量		10	39.57%	5.21%	60.53%
			30	39.12%	5.44%	60.23%
			50	40.51%	6.83%	58.90%
			70	40.11%	6.61%	57.98%
			90	39.97%	7.14%	57.97%
LOF	全流量		250	26.70%	9.39%	61.50%
			500	32.63%	9.17%	65.75%
			1000	32.28%	9.19%	65.09%
			1500	32.28%	9.19%	64.70%
			2000	32.47%	9.18%	64.48%
	分组流量		250	32.13%	9.19%	64.50%
			500	31.50%	9.22%	63.67%
			1000	28.04%	9.34%	61.20%
			1500	23.62%	9.50%	56.90%
			2000	22.77%	9.53%	58.73%
iForest	全流量	决策树数量	50	52.01%	8.43%	84.83%
			100	48.95%	8.50%	83.16%
			150	56.19%	8.30%	84.53%
			200	58.20%	8.22%	85.32%
			250	57.21%	8.27%	84.37%
	分组流量		50	64.67%	7.52%	88.13%
			100	64.70%	7.84%	88.66%
			150	64.19%	7.77%	88.34%
			200	64.49%	7.71%	89.19%
			250	64.68%	7.74%	88.92%
PCA	全流量	—		31.97%	9.20%	75.26%
PCA	分组流量	—		47.23%	8.62%	60.94%
AutoEncoder	全流量	—		29.03%	9.31%	76.20%
AutoEncoder	分组流量	—		43.22%	8.63%	87.26%

方法类别	方法	训练时间/s	推理时间/s
统计特征法	3 sigma	—	0.0100
	Z-score	—	0.0035
	Box-plot	—	0.0081
机器学习法	KNN	1.1938	51.9755
	LOF	33.0393	189.0263
	iForest	2.1232	3.5186
	PCA	0.0305	0.0174
	AutoEncoder	2149.9862	15.4997