摘要: |
第五代移动通信网络(The 5th generation mobile network,5G)已成为全球新一轮科技革命和产业革命的重要驱动力量,服务功能日益完善,面临的安全挑战更加复杂多样。传统防御方法主要通过创建网络边界保护网络内部安全,所应用的网络形态较为单一。基于软件定义网络和虚拟化技术的5G网络愈加开放灵活,网络边界逐渐消失,需要新的安全理念。零信任理论适用于开放性网络的数据安全防护,5G核心网络是由网络功能组成的动态系统,网络功能通信行为可抽象为马尔可夫过程,网络功能信任模型是实现5G零信任安全的重要技术手段。针对此问题,本文提出了基于马尔可夫过程的5G网络功能信任预测机制(Markov Network Function Trust Prediction,MNFTP),此机制包含网络功能信任评估和信任预测。信任评估机制依据行为方式将网络功能分类为合法、伪装、非法,层次分析访问请求安全威胁性并得出信任评分,采用k-means++算法将信任评分归类为五种信任状态。信任预测机制基于马尔可夫过程构建网络功能访问请求信任状态链,结合时间因子和自适应奖惩因子计算马尔可夫状态转移矩阵,通过求解转移矩阵平稳分布得出预测信任状态。最后,网络功能基于预测信任状态抵御不可信的访问请求。实验表明,MNFTP机制相对于现有信任预测机制对伪装网络功能和非法网络功能有更好的抑制效果和信任状态分类能力。 |
关键词: 5G网络功能|信任模型|零信任|马尔可夫|信任预测 |
DOI:10.19363/J.cnki.cn10-1380/tn.2023.07.04 |
投稿时间:2022-01-03修订日期:2022-03-10 |
基金项目:本课题得到国家科技重大专项(No. 2018ZX03002002)资助。 |
|
5G network function trust prediction mechanism based on Markov process |
ZHANG Yiming,LIU Caixia,LIU Shuxin,PAN Fei |
|
Abstract: |
The 5th generation mobile network (5G) has become an important driving force for a new round of technological and industrial revolutions in the world, with increasingly improved service functions and more complex and diverse security challenges. The traditional defense method mainly protects the internal security of the network by creating network boundaries, and the applied network form is relatively simple. 5G based on software-defined network and virtualization technology are becoming more open and flexible, and the network boundaries are gradually disappearing, requiring new security concepts. Zero trust theory is suitable for data security protection of open networks. The 5G core network is a dynamic system composed of network functions. The communication behavior of network functions can be abstracted into Markov process. The network function trust model is an important technology to realize 5G zero trust security. In response to this problem, this paper proposes Markov Network Function Trust Prediction (MNFTP) mechanism, which includes network function trust evaluation and trust prediction. The trust evaluation mechanism classifies the network functions into legal, fake, and illegal according to the behavior mode, performs hierarchical analysis on the security threat of network function access requests and obtains the trust score. The k-means++ algorithm is used to classify the trust score into five trust states. The trust prediction mechanism constructs the network function access request trust state chain based on the Markov process, calculates the Markov state transition matrix by combining the time factor and the adaptive reward-punishment factor, and solves the stable distribution of the transition matrix to obtain the predicted trust state. Finally, the network function defends against untrusted access requests based on the predicted trust state. Experiments show that the MNFTP mechanism has a better suppression effect and trust status classification ability than the existing trust prediction mechanism for fake and illegal network functions. |
Key words: 5G network function|trust model|zero trust|markov|trust prediction |