CN116319025A - Zero-trust network trust evaluation method based on machine learning - Google Patents
Zero-trust network trust evaluation method based on machine learning Download PDFInfo
- Publication number
- CN116319025A CN116319025A CN202310294329.2A CN202310294329A CN116319025A CN 116319025 A CN116319025 A CN 116319025A CN 202310294329 A CN202310294329 A CN 202310294329A CN 116319025 A CN116319025 A CN 116319025A
- Authority
- CN
- China
- Prior art keywords
- trust
- neural network
- model
- particle
- selective
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 26
- 238000010801 machine learning Methods 0.000 title claims abstract description 10
- 239000002245 particle Substances 0.000 claims abstract description 74
- 238000013528 artificial neural network Methods 0.000 claims abstract description 72
- 239000013598 vector Substances 0.000 claims abstract description 55
- 238000005457 optimization Methods 0.000 claims abstract description 33
- 230000010354 integration Effects 0.000 claims abstract description 30
- 238000000034 method Methods 0.000 claims abstract description 23
- 238000007781 pre-processing Methods 0.000 claims abstract description 6
- 238000013461 design Methods 0.000 claims abstract description 3
- 238000012549 training Methods 0.000 claims description 44
- 230000006870 function Effects 0.000 claims description 18
- 238000010606 normalization Methods 0.000 claims description 12
- 238000012795 verification Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 8
- 230000000694 effects Effects 0.000 claims description 7
- 238000010200 validation analysis Methods 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000005070 sampling Methods 0.000 claims description 6
- 238000012360 testing method Methods 0.000 claims description 6
- 230000004913 activation Effects 0.000 claims description 3
- 230000002776 aggregation Effects 0.000 claims description 3
- 238000004220 aggregation Methods 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 239000000306 component Substances 0.000 description 5
- 238000012417 linear regression Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004931 aggregating effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012854 evaluation process Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000010845 search algorithm Methods 0.000 description 1
- 238000004659 sterilization and disinfection Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
- G06N20/20—Ensemble learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/004—Artificial life, i.e. computing arrangements simulating life
- G06N3/006—Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/084—Backpropagation, e.g. using gradient descent
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02T—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
- Y02T10/00—Road transport of goods or passengers
- Y02T10/10—Internal combustion engine [ICE] based vehicles
- Y02T10/40—Engine management systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mathematical Physics (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Artificial Intelligence (AREA)
- Biophysics (AREA)
- Biomedical Technology (AREA)
- Computational Linguistics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Medical Informatics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a machine learning-based zero trust network trust evaluation method, which comprises the following steps: the first stage comprises data preprocessing and structural design of a selective neural network integrated model, wherein the concentrated weight of the neural network integrated model is a randomly defined vector; a second stage, optimizing the integration weight according to the search of the particle swarm optimization algorithm by using the neural network integration model designed in the first stage; and thirdly, constructing an optimized selective neural network integration model by using the integration weight optimized in the second stage, and predicting the credibility of the access subject by using the optimized selective integration model. The method is suitable for trust evaluation of a zero trust network architecture, adopts selective integrated learning, uses a back propagation neural network as a basic classifier, adopts a particle swarm optimization algorithm to obtain an optimal aggregate weight vector, realizes prediction of access subject trusted components, has higher robustness, solves the problems of zero knowledge and cold start, and has better accuracy.
Description
Technical Field
The invention relates to a machine learning-based zero trust network trust evaluation method, and belongs to the technical field of network security.
Background
With the high-speed development of new generation technology, security risks and attack events under the brand new technological situation are continuously emerging. The drawbacks of the original security framework, such as the boundary security model, are more prominent. For example, once an attacker takes access control rights of a certain host computer in the intranet, and the existing defense strategy does not strictly control the rights of the intranet, the attacker can realize transverse movement in the intranet through a series of operations, and finally control the whole network. In this case, the network has no way to defend against attacks even with a perfect boundary security model. The root is due to the trust of the security system to the intranet users. In this case, zero trust is a new network security technology architecture. Under a zero trust system, by default, the intranet user, the computer and the application are not trusted, and all accesses need to be authenticated and authorized, i.e., any device or user is not authorized to enter the network.
In the zero-trust network architecture, the trust evaluation engine serves as a core component thereof and serves as a numerical evaluation for the risk of network requests and activities, and the access control engine makes a further authorization decision based on the risk evaluation to determine whether to allow the access request. How to reasonably trust and evaluate network requests and activities is a problem to be solved first, and the zero trust technology falls to the ground.
In the existing literature of trust evaluation, a traditional method for trust evaluation based on direct or indirect interaction experience between an access subject and an access object is mostly adopted. However, conventional trust evaluation methods are not as good when there is no interactive experience between the accessing host and the object. Meanwhile, the situation that data for trust evaluation is incomplete and other valuable data are ignored in the evaluation process exists, so that the accuracy of trust evaluation is greatly influenced. In addition, in the conventional trust evaluation method, trust is determined by aggregating trust factors through weighting and the like Guan Ji, but determination of weights is difficult, and accuracy of evaluation is difficult to ensure.
Disclosure of Invention
Traditional trust assessment algorithms use direct historical interaction information and indirect recommendation information to calculate trust values, but when the accessing principal is a new person, these information do not exist, which results in the traditional approach becoming ineffective. In order to solve the problems of cold start and zero knowledge of the traditional method, the invention provides a machine learning-based zero trust network trust evaluation method, which predicts the trusted score of an access subject by using trust characteristics.
The method can be used for zero trust network, and the access subject is continuously and dynamically subjected to trust evaluation, and the obtained trusted score is used for subsequent access control.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
a machine learning-based zero-trust network trust evaluation method comprises the following steps:
the first stage comprises data preprocessing and structural design of a selective neural network integrated model, wherein the concentration weight of the integrated model is a randomly defined vector;
a second stage of optimizing the integration weight according to a search of a particle swarm optimization algorithm (PSO) by using the neural network integration model designed in the first stage;
and thirdly, constructing an optimized selective neural network integration model by using the integration weight optimized in the second stage, and predicting the credibility of the access subject by using the optimized selective integration model.
In the first stage, according to the requirements of the trust score prediction problem, designing a network structure and an input/output format of a back propagation neural network, and preprocessing a request record by a data normalization technology in the stage, wherein the normalization calculation mode is as follows:
wherein q is max And q min The minimum value and the maximum value of the j-th trust feature are respectively 1.ltoreq.j.ltoreq.mq ij Is the j-th trust feature value, q 'of the i-th request' ij The j-th trust characteristic value of the i-th access after normalization processing;
the request record of the ith access subject is recorded as follows:
exam i =((q i1 ,q i2 ,...,q im ),y i )
where m is the number of trust features, y i Trust score q for the ith request ij J is more than or equal to 1 and less than or equal to m, and is the j trust characteristic value of the i-th request;
D={exam 1 ,exam 2 ,...,exam n dividing the request record set into three subsets, namely training sets, wherein the training sets are continuously divided into d training subsets through random sampling and are used for training each back propagation neural network; the verification set is used for guiding a selective neural network integration model based on a particle swarm optimization algorithm to search an optimal aggregation weight vector; test set for evaluating trust score prediction model performance;
Each normalized sample (q' i1 ,q′ i2 ,...,q′ im ) The input used as the basic Back Propagation Neural Network (BPNN), the output is the trust score of the corresponding access subject; and d normalization training subsets are respectively used for training d back propagation neural networks, the particles in the particle swarm optimization algorithm are used for representing the integrated weight vectors, and the prediction results of the d back propagation neural networks are integrated.
The integration of the prediction results of the d back propagation neural networks in the first stage is used as the input of the second stage, the purpose of the second stage is to optimize the integration weights of the d back propagation neural networks by using a particle swarm optimization algorithm, and the second stage comprises the following steps:
step 201, mapping the weight of the current selective neural network integrated model to the position vectors of the particles in the particle swarm optimization algorithm, and randomly initializing the position vectors of s particles;
step 202, sampling d training subsets from a complete training set by using a bootstrap strategy, and for each training subset, training an artificial neural network by using back propagation, wherein the iteration number t of particles is initialized to 0;
step 203, each particle p k Decoding the position vector of (k=1, 2,., s) into weights of the selective neural network ensemble learning model, generating the selective neural network ensemble learning model by integrating d basic back propagation neural networks trained respectively by the training subsets;
particle p in particle swarm optimization algorithm k =(p k1 ,p k2 ,...,p kd ) Representing the weight of a set of selective Back Propagation Neural Networks (BPNNs), where d is the number of back propagation neural networks, s is the population size, 1+.k+.s;
calculating a prediction error on the verification set as the fitness of each particle, and optimizing the integrated learning model by using the verification set;
fitness (pk) is the fitness function, which measures the prediction error on the validation set, n is the number of samples in the validation set, (p) k1 ,p k2 ,...,p kd ) Is a vector of the positions of the particles,trust score r for learning prediction for selective neural network integration i For true trust score, ++>A trust score predicted for the back propagation neural network learner;
step 204, updating the personal best value pbest using the fitness of each particle k And a global optimum gbest, if the fitness is better than the fitness of the personal best particle, designating the location vector as personal best; if the applicability is better than the applicability of the global optimal particle, designating the current position vector as global optimal;
having evaluated the applicable values for all particles, step 205, the velocity vector and position vector for each particle in the population is updated according to the following equation:
using v k And p k Respectively representing the speed and the position of the kth particle, and adjusting the speed of the particle according to personal optimal record and global optimal dynamic state of the particle in the optimization process;
v k (t+1)=λv k (k)+c 1 r 1k (pbest k -p k (t))+c 2 r 2k (gbest-p k (t))
p k (t+1)=p k (t)+v k (t+1)
wherein lambda is inertia weight for controlling the influence of the previous generation speed on the current generation speed, and the value is related to the iteration times; parameter c 1 And c 2 To learn factors, reflect the best pdest of individuals k And the effect of global optimum gbest on particle velocity; parameter r 1k And r 2k Is in the range of [0,1 ]]T is the current iteration number;
wherein t is max Is the maximum iteration number, t is the current iteration number, lambda max And lambda (lambda) min Is the maximum and minimum weight, set to 0.95 and 0.25 respectively;
in step 206, the iteration number is increased by 1, and when the termination condition is satisfied, the whole optimization process is ended.
In the second phase, the detailed process of training the neural network using back propagation at step 202 is as follows:
step a, determining a model, namely determining the number n of input layer units according to the input and output vectors 1 Number of hidden layers m, number of hidden layer units n 2 And number of output layer units n 3 Taking an input layer as a 0 th layer, taking hidden layers as 1 to m layers, taking an output layer as m+1 layers, setting the number of input layer units as 13, setting the number of hidden layers as 2, setting the number of hidden layers as 14, and setting the number of output layer units as 1;
the n-th layer output vector is expressed asThe calculation formula of the ith cell of the nth layer is:
g (z) is the activation function,characteristic parameter vector for the ith element of the nth layer,>bias value for the ith cell of the nth layer,/->For the n-1 layer output vector, the output of the output layer is the predictive trust score a [m+1] ;
Step b, compiling a model, setting a loss function, wherein the loss function of the jth sample is as follows:
the cost function is:
sum is the number of samples in the training subset,is the predictive trust score of the jth sample, y j Is the true trust score of the j-th sample, < ->Is a feature parameter vector, ">Is a bias value vector;
step c, model training, updating weights by back propagation, by minimizing the cost function value (J min ),
Repetition {
Until convergence. And establishing a final selective neural network integrated learning model by using the selective integrated weight after the second-stage optimization, wherein in the third stage, each request record in the test set is used as the input of the model, and the output of the model is the predicted trust score.
The method is suitable for the zero trust network architecture.
The above employs selective ensemble learning, in which a Back Propagation Neural Network (BPNN) is used as a basic classifier. d base learners are selectively integrated together to predict trust scores for access request activities. Since different base learners have different learning capabilities, they are selectively combined by setting different weights so as to maximize the learning capability. These weights are obtained using a PSO search algorithm under the direction of the validation set, i.e., an optimal aggregate weight vector is obtained using a particle swarm optimization algorithm (PSO).
The technology not mentioned in the present invention refers to the prior art.
The invention relates to a machine learning-based trust evaluation method of a zero trust network, which is suitable for the trust evaluation method of a zero trust network architecture, and adopts selective ensemble learning, wherein a Back Propagation Neural Network (BPNN) is used as a basic classifier, and a Particle Swarm Optimization (PSO) is adopted to obtain an optimal aggregate weight vector, so that the prediction of access subject trusted components is realized, and the method has higher robustness; selecting relevant attributes of a user and equipment as trust characteristics by adopting a fuzzy linear regression method, then establishing a fuzzy linear regression equation by using a training data set to express a functional relation between the trust characteristics and the trusted components, inputting numerical data, and outputting fuzzy data by a model; the problems of zero knowledge and cold start are solved, and better accuracy is achieved.
Drawings
FIG. 1 is a zero trust authorization system in accordance with the present invention;
FIG. 2 is a schematic diagram of an optimization algorithm for learning an integrated neural network based on a particle swarm optimization algorithm according to the present invention;
FIG. 3 is a training process of the base learner of the present invention;
Detailed Description
For a better understanding of the present invention, the following examples are further illustrated, but are not limited to the following examples.
Fig. 1 is a zero trust authorization system in accordance with the present invention.
The access agent in zero trust is not a user or a device, but a user-device pair. When the trust evaluation is carried out on the access subject, firstly, related information of a user and equipment is required to be obtained from a trusted environment sensing system, and the information is stored into a data storage system after being processed; second, the trust engine uses the data in the data storage system to calculate a trust score. Based on the trusted score and the user role, it is derived by the policy engine whether this access request can be allowed.
The trust characteristics required for the access subject trust evaluation in the present invention are as follows.
The user: user identification, user location, user authentication, user enhanced authentication, number of user authentication failures, user activity, user request frequency, user override access.
The device comprises: device identification, device type, disinfection protection component, high-risk vulnerability count, and operating system version.
In the first stage, according to the requirements of trust score prediction, designing a network structure and an input/output format of a back propagation neural network, and preprocessing a request record by a data normalization technology in the stage, wherein the normalization calculation mode is as follows:
wherein q max And q min The minimum value and the maximum value of the j-th trust feature are respectively 1.ltoreq.j.ltoreq.m, q ij Is the j-th trust feature value, q 'of the i-th request' ij The j-th trust characteristic value of the i-th access after normalization processing;
the request record of the ith access subject is recorded as follows:
exam i =((q i1 ,q i2 ,...,q im ),y i )
where m is the number of trust features, y i Trust score for the ith request, q im Is the m trust characteristic value of the i-th request, and j is more than or equal to 1 and less than or equal to m;
D={exam 1 ,exam 2 ,...,exam n dividing the request record set into three subsets, namely training sets, wherein the training sets are continuously divided into d training subsets through random sampling and are used for training each back propagation neural network; the verification set is used for guiding a selective neural network integration model based on a particle swarm optimization algorithm to search an optimal aggregation weight vector; the test set is used for evaluating the performance of the trust score prediction model;
each normalized sample (q' i1 ,q′ i2 ,...,q′ im ) The input used as the basic Back Propagation Neural Network (BPNN), the output is the trust score of the corresponding access subject; and d normalization training subsets are respectively used for training d back propagation neural networks, the particles in the particle swarm optimization algorithm are used for representing the integrated weight vectors, and the prediction results of the d back propagation neural networks are integrated.
The integration of the prediction results of the d back propagation neural networks in the first stage is used as the input of the second stage, and the second stage optimizes the integration weights of the d back propagation neural networks by using a particle swarm optimization algorithm, as shown in fig. 2, and the second stage comprises the following steps:
step 201, mapping the weight of the current selective neural network integrated model to the position vectors of the particles in the particle swarm optimization algorithm, and randomly initializing the position vectors of s particles;
step 202, sampling d training subsets from a complete training set using a bootstrap strategy, for each training subset, training an artificial neural network using back propagation. Initializing the iteration times t of the particles to 0;
step 203, each particle p k Decoding the position vector of (k=1, 2,., s) into weights of the selective neural network ensemble learning model, generating the selective neural network ensemble learning model by integrating d basic back propagation neural networks trained respectively by the training subsets;
particle p in particle swarm optimization algorithm k =(p k1 ,p k2 ,...,p kd ) (1. Ltoreq.k. Ltoreq.s), representing the weight of the selective set of BPNNs (where d is the number of BPNNs and s is the population size). Calculating a prediction error on the verification set as the fitness of each particle, and optimizing a selective neural network integration model by using the verification set;
wherein fitness (pk) is the fitness function, which measures the prediction error on the validation set, n is the number of samples in the validation set, (p) k1 ,p k2 ,...,p kd ) Is a vector of the positions of the particles,trust score r for selective neural network integrated learning model prediction i For true trust score, ++>A trust score predicted for the back propagation neural network learner;
step 204, updating the personal best value pbest using the fitness of each particle k And a global optimum gbest, if the fitness is better than the fitness of the personal best particle, designating the location vector as personal best; if the applicability is better than the applicability of the global optimal particle, designating the current position vector as global optimal;
having evaluated the applicable values for all particles, step 205, the velocity vector and position vector for each particle in the population is updated according to the following equation:
using v k And p k Indicating the velocity and position of the kth particle, respectively.
The optimization process involves dynamically adjusting the velocity of the particles according to their own personal best record and global best. In solving the practical problem, if the particle velocity is too high, the optimal position is easily missed, so it is necessary to limit the velocity to [ -V max ,V max ]The range is as follows: if V is k <-V max Let v k =-v max The method comprises the steps of carrying out a first treatment on the surface of the In addition, if V k >V max Let v k =v max . Wherein v is k Is the velocity of the kth (1. Ltoreq.k. Ltoreq.s) particle.
v k (t+1)=λv k (k)+c 1 r 1k (pbesr k -p k (t))+c 2 r 2k (gbest-p k (t))
p k (t+1)=p k (t)+v k (t+1)
Wherein lambda is inertial weight for controlling the influence of the previous generation speed on the current generation speed, and the value is related to the iteration times. Parameter c 1 And c 2 To learn factors, reflect the best pdest of individuals k And the effect of the global optimum gbest on particle velocity. Parameter r 1k And r 2k Is in the range of [0,1 ]]T is the current iteration number.
Wherein t is max Is the maximum number of iterations, and t is the current number of iterations. Lambda (lambda) max And lambda (lambda) min Is the maximum and minimum weight, set to 0.95 and 0.25, respectively.
In step 206, the iteration number is increased by 1, and when the termination condition is satisfied, the whole optimization process is ended.
As shown in fig. 3, in step 202, the step of training the artificial neural network using back propagation is:
step a, determining a model, namely determining the number n of input layer units according to the input and output vectors 1 Number of hidden layers m, number of hidden layer units n 2 And number of output layer units n 3 Taking an input layer as a 0 th layer, taking hidden layers as 1 to m layers, taking an output layer as m+1 layers, setting the number of input layer units as 13, setting the number of hidden layers as 2, setting the number of hidden layers as 14, and setting the number of output layer units as 1;
the n-th layer output vector is expressed asThe calculation formula of the ith cell of the nth layer is:
g (z) is the activation function,characteristic parameter vector for the ith element of the nth layer,>bias value for the ith cell of the nth layer,/->For the n-1 layer output vector, the output of the output layer is the predictive trust score a [m+1] ;
Step b, compiling a model, setting a loss function, wherein the loss function of the jth sample is as follows:
the cost function is:
sum is the number of samples in the training subset,is the predictive trust score of the jth sample, y j Is the true trust score of the j-th sample, < ->Is a feature parameter vector, ">Is a bias value vector;
step c, model training, updating weights by back propagation, by minimizing the cost function value (J min ),
Repetition {
Until convergence.
And thirdly, establishing a final selective neural network integrated model by using the selective integration weight after the optimization in the second stage, taking each request record in the test set as the input of the model, and obtaining the model output as the predicted trust score.
The machine learning-based zero trust network trust evaluation method is suitable for the trust evaluation method of the zero trust network architecture, and the method adopts selective ensemble learning, wherein a Back Propagation Neural Network (BPNN) is used as a basic classifier, and a Particle Swarm Optimization (PSO) is adopted to obtain an optimal aggregate weight vector, so that the reliability of the access subject is predicted, and the method has higher robustness; selecting relevant attributes of a user and equipment as trust characteristics by adopting a fuzzy linear regression method, then establishing a fuzzy linear regression equation by using a training data set to express a functional relation between the trust characteristics and the trusted components, inputting numerical data, and outputting fuzzy data by a model; the problems of zero knowledge and cold start are solved, and better accuracy is achieved.
The invention provides a trust evaluation method thought suitable for zero trust based on machine learning, and the method and the way for realizing the technical scheme are numerous, the above is only a preferred embodiment of the invention, and it should be noted that, for those skilled in the art, several improvements and modifications can be made without departing from the principle of the invention, and the improvements and modifications should be regarded as the protection scope of the invention. The components not explicitly described in this embodiment can be implemented by using the prior art.
Claims (5)
1. A machine learning-based zero-trust network trust evaluation method is characterized by comprising the following steps of: comprising the following steps:
the first stage comprises data preprocessing and structural design of a selective neural network integrated model, wherein the concentrated weight of the neural network integrated model is a randomly defined vector;
a second stage, optimizing the integration weight according to the search of the particle swarm optimization algorithm by using the neural network integration model designed in the first stage;
and thirdly, constructing an optimized selective neural network integration model by using the integration weight optimized in the second stage, and predicting the credibility of the access subject by using the optimized selective integration model.
2. The assessment method according to claim 1, wherein: in the first stage, according to the requirements of trust score prediction, designing a network structure and an input/output format of a back propagation neural network, and preprocessing a request record by a data normalization technology in the stage, wherein the normalization calculation mode is as follows:
wherein q is max And q min The minimum value and the maximum value of the j-th trust feature are respectively 1.ltoreq.j.ltoreq.m, q ij Is the j-th trust feature value, q 'of the i-th request' ij The j-th trust characteristic value of the i-th access after normalization processing;
the request record of the ith access subject is recorded as follows:
exam i =((q i1 ,q i2 ,...,q im ),y i )
where m is the number of trust features, y i Trust score for the ith request, q im Is the m trust characteristic value of the i-th request, and j is more than or equal to 1 and less than or equal to m;
D={exam 1 ,exam 2 ,...,exam n for a request record set, the request record set is divided into three subsets, respectively: the training set is continuously divided into d training subsets through random sampling and is used for training each back propagation neural network; the verification set is used for guiding a selective neural network integration model based on a particle swarm optimization algorithm to search an optimal aggregation weight vector; the test set is used for evaluating the performance of the trust score prediction model;
each normalized sample q' i1 ,q′ i2 ,...,q′ im ) The output is a trust score of the corresponding access subject; and d normalization training subsets are respectively used for training d back propagation neural networks, the particles in the particle swarm optimization algorithm are used for representing the integrated weight vectors, and the prediction results of the d back propagation neural networks are integrated.
3. The assessment method according to claim 2, wherein: the integration of the prediction results of the d back propagation neural networks in the first stage is used as the input of the second stage, the second stage optimizes the integration weight of the d back propagation neural networks by using a particle swarm optimization algorithm, and the second stage comprises the following steps:
step 201, mapping the weight of the current selective neural network integrated model to the position vectors of the particles in the particle swarm optimization algorithm, and randomly initializing the position vectors of s particles;
step 202, sampling d training subsets from a complete training set by using a bootstrap strategy, and for each training subset, training an artificial neural network by using back propagation, wherein the iteration number t of particles is initialized to 0;
step 203, each particle p k Decoding the position vector of (k=1, 2,., s) into weights of the selective neural network ensemble learning model, generating the selective neural network ensemble learning model by integrating d basic back propagation neural networks trained respectively by the training subsets;
particle p in particle swarm optimization algorithm k =(p k1 ,p k2 ,...,p kd ) Representing the weight of a set of selective counter-propagating neural networks, wherein d is the number of counter-propagating neural networks, s is the population size, 1+.k+.s;
calculating a prediction error on the verification set as the fitness of each particle, and optimizing a selective neural network integration model by using the verification set;
wherein fitness (pk) is the fitness function, which measures the prediction error on the validation set, n is the number of samples in the validation set, (p) k1 ,p k2 ,...,p kd ) Is the position of the particleThe vector is set up in such a way that,trust score, r, for model prediction integration for selective neural networks i For true trust score, ++>Trust scores for the back propagation neural network predictions;
step 204, updating the personal best value pbest using the fitness of each particle k And a global optimum gbest, if the fitness is better than the fitness of the personal best particle, designating the location vector as personal best; if the applicability is better than the applicability of the global optimal particle, designating the current position vector as global optimal;
having evaluated the applicable values for all particles, step 205, the velocity vector and position vector for each particle in the population is updated according to the following equation:
using v k And p k Respectively representing the speed and the position of the kth particle, and adjusting the speed of the particle according to personal optimal record and global optimal dynamic state of the particle in the optimization process;
v k (t+1)=λv k (k)+c 1 r 1k (pbest k -p k (t))+c 2 r 2k (gbest-p k (t))
p k (t+1)=p k (t)+v k (t+1)
wherein lambda is inertia weight for controlling the influence of the previous generation speed on the current generation speed, and the value is related to the iteration times; parameter c 1 And c 2 To learn factors, reflect the best pdest of individuals k And the effect of global optimum gbest on particle velocity; parameter r 1k And r 2k Is in the range of [0,1 ]]T is the current iteration number;
wherein t is max Is the maximum iteration number, t is the current iteration number, lambda max And lambda (lambda) min Is the maximum and minimum weight, set to 0.95 and 0.25 respectively;
in step 206, the iteration number is increased by 1, and when the termination condition is satisfied, the whole optimization process is ended.
4. A method of evaluating as claimed in claim 3 wherein: in step 202, the step of training the artificial neural network using back propagation is:
step a, determining a model, namely determining the number n of input layer units according to the input and output vectors 1 Number of hidden layers m, number of hidden layer units n 2 And number of output layer units n 3 Taking an input layer as a 0 th layer, taking hidden layers as 1 to m layers, taking an output layer as m+1 layers, setting the number of input layer units as 13, setting the number of hidden layers as 2, setting the number of hidden layers as 14, and setting the number of output layer units as 1;
the n-th layer output vector is expressed asThe calculation formula of the ith cell of the nth layer is:
g (z) is the activation function,characteristic parameter vector for the ith element of the nth layer,>bias value for the ith cell of the nth layer,/->For the n-1 layer output vector, the output of the output layer is predictionTrust score a [m+1] ;
Step b, compiling a model, setting a loss function, wherein the loss function of the jth sample is as follows:
the cost function is:
sum is the number of samples in the training subset,is the predictive trust score of the jth sample, y j Is the true trust score of the j-th sample, < ->Is a feature parameter vector, ">Is a bias value vector;
step c, model training, updating weight values through back propagation, minimizing cost function values through the following method,
repetition {
Until convergence.
5. The assessment method according to claim 4, wherein: and thirdly, establishing a final selective neural network integrated model by using the selective integration weight after the optimization in the second stage, taking each request record in the test set as the input of the model, and obtaining the model output as the predicted trust score.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310294329.2A CN116319025B (en) | 2023-03-22 | 2023-03-22 | Zero-trust network trust evaluation method based on machine learning |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310294329.2A CN116319025B (en) | 2023-03-22 | 2023-03-22 | Zero-trust network trust evaluation method based on machine learning |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116319025A true CN116319025A (en) | 2023-06-23 |
CN116319025B CN116319025B (en) | 2024-01-26 |
Family
ID=86825495
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310294329.2A Active CN116319025B (en) | 2023-03-22 | 2023-03-22 | Zero-trust network trust evaluation method based on machine learning |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116319025B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117254981A (en) * | 2023-11-17 | 2023-12-19 | 长扬科技(北京)股份有限公司 | Industrial control network security situation prediction method and device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103294601A (en) * | 2013-07-03 | 2013-09-11 | 中国石油大学(华东) | Software reliability forecasting method based on selective dynamic weight neural network integration |
CN112016669A (en) * | 2019-05-31 | 2020-12-01 | 辉达公司 | Training neural networks using selective weight updates |
CN114465807A (en) * | 2022-02-24 | 2022-05-10 | 重庆邮电大学 | Zero-trust API gateway dynamic trust evaluation and access control method and system based on machine learning |
CN115131131A (en) * | 2022-07-06 | 2022-09-30 | 浙江财经大学 | Credit risk assessment method for unbalanced data set multi-stage integration model |
US20220345484A1 (en) * | 2021-04-21 | 2022-10-27 | ANDRO Computation Solutions, LLC | Zero trust architecture for networks employing machine learning engines |
US20230044102A1 (en) * | 2021-08-02 | 2023-02-09 | Noblis, Inc. | Ensemble machine learning models incorporating a model trust factor |
-
2023
- 2023-03-22 CN CN202310294329.2A patent/CN116319025B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103294601A (en) * | 2013-07-03 | 2013-09-11 | 中国石油大学(华东) | Software reliability forecasting method based on selective dynamic weight neural network integration |
CN112016669A (en) * | 2019-05-31 | 2020-12-01 | 辉达公司 | Training neural networks using selective weight updates |
US20220345484A1 (en) * | 2021-04-21 | 2022-10-27 | ANDRO Computation Solutions, LLC | Zero trust architecture for networks employing machine learning engines |
US20230044102A1 (en) * | 2021-08-02 | 2023-02-09 | Noblis, Inc. | Ensemble machine learning models incorporating a model trust factor |
CN114465807A (en) * | 2022-02-24 | 2022-05-10 | 重庆邮电大学 | Zero-trust API gateway dynamic trust evaluation and access control method and system based on machine learning |
CN115131131A (en) * | 2022-07-06 | 2022-09-30 | 浙江财经大学 | Credit risk assessment method for unbalanced data set multi-stage integration model |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117254981A (en) * | 2023-11-17 | 2023-12-19 | 长扬科技(北京)股份有限公司 | Industrial control network security situation prediction method and device |
CN117254981B (en) * | 2023-11-17 | 2024-02-02 | 长扬科技(北京)股份有限公司 | Industrial control network security situation prediction method and device |
Also Published As
Publication number | Publication date |
---|---|
CN116319025B (en) | 2024-01-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Elmasry et al. | Evolving deep learning architectures for network intrusion detection using a double PSO metaheuristic | |
CN111914256B (en) | Defense method for machine learning training data under toxic attack | |
Disha et al. | Performance analysis of machine learning models for intrusion detection system using Gini Impurity-based Weighted Random Forest (GIWRF) feature selection technique | |
Hayes et al. | Contamination attacks and mitigation in multi-party machine learning | |
Alghanam et al. | An improved PIO feature selection algorithm for IoT network intrusion detection system based on ensemble learning | |
US20210160247A1 (en) | Real-time entity anomaly detection | |
Koroniotis et al. | Enhancing network forensics with particle swarm and deep learning: The particle deep framework | |
Adhao et al. | Feature selection using principal component analysis and genetic algorithm | |
CN116319025B (en) | Zero-trust network trust evaluation method based on machine learning | |
Yin et al. | Towards accurate intrusion detection based on improved clonal selection algorithm | |
CN115037553B (en) | Information security monitoring model construction method and device, information security monitoring model application method and device, and storage medium | |
Wen et al. | With great dispersion comes greater resilience: Efficient poisoning attacks and defenses for linear regression models | |
CN115238827B (en) | Privacy-protecting sample detection system training method and device | |
Cheng et al. | Long-term effect estimation with surrogate representation | |
Wang et al. | Defense strategies toward model poisoning attacks in federated learning: A survey | |
Shang et al. | Network security situation prediction based on long short-term memory network | |
Shukla | An efficient hybrid evolutionary approach for identification of zero-day attacks on wired/wireless network system | |
Xiao et al. | SBPA: sybil-based backdoor poisoning attacks for distributed big data in AIoT-based federated learning system | |
Dong et al. | Towards intrinsic adversarial robustness through probabilistic training | |
CN112668697B (en) | Fuzzy test method and system for flight control parameters of unmanned aerial vehicle | |
Guo et al. | Multimodal dual-embedding networks for malware open-set recognition | |
Wang et al. | BARS: Local Robustness Certification for Deep Learning based Traffic Analysis Systems. | |
Xie et al. | A method based on hierarchical spatiotemporal features for Trojan traffic detection | |
Wu et al. | Practical and efficient model extraction of sentiment analysis APIs | |
Jia et al. | Fast propagation is better: Accelerating single-step adversarial training via sampling subnetworks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |