SECaaS-Based Partially Observable Defense Model for IIoT Against Advanced Persistent Threats

IF 5.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Transactions on Services Computing Pub Date : 2024-07-03 DOI:10.1109/TSC.2024.3422870

Zikai Zhang;Chuntao Ding;Yidong Li;Jinhui Yu;Jingyi Li

{"title":"SECaaS-Based Partially Observable Defense Model for IIoT Against Advanced Persistent Threats","authors":"Zikai Zhang;Chuntao Ding;Yidong Li;Jinhui Yu;Jingyi Li","doi":"10.1109/TSC.2024.3422870","DOIUrl":null,"url":null,"abstract":"With the advancement of intelligent and networked technology, the Industrial Internet of Things (IIoT) faces an escalating threat from cyberattacks, especially by Advanced Persistent Threat (APT) attacks. These novel and complex attacks, characterized by their dynamic nature and life-long duration, pose significant challenges to existing security protection methods. The challenges are twofold, i.e., sparse reward problem in the long-lasting attack, and partial observation of attack actions. To this end, we propose a Security-as-a-Service based reinforcement learning method, namely Attention Augmented Dueling Deep Q-learning Network (AD2QN), to make real-time defense strategies for the hot standby IIoT. First, we build the attack-defend confrontation model as black boxes interact with the IIoT environment to play a long-lasting partially observable zero-sum stochastic game on the server. Then, to dynamically generate optimal defense strategies as the service, AD2QN is proposed employing information completion and prediction to more informed action selection. Furthermore, AD2QN utilizes an iteratively updated reward network to deal with the sparse reward problem. Extensive simulation results shown that the defense strategies generated by our method have a higher defense success rate and a stable defense performance with the average success rate of 0.7384, while the average success rate of baseline methods was 0.7375, in the best case.","PeriodicalId":13255,"journal":{"name":"IEEE Transactions on Services Computing","volume":"17 6","pages":"4267-4280"},"PeriodicalIF":5.8000,"publicationDate":"2024-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Services Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10584320/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

With the advancement of intelligent and networked technology, the Industrial Internet of Things (IIoT) faces an escalating threat from cyberattacks, especially by Advanced Persistent Threat (APT) attacks. These novel and complex attacks, characterized by their dynamic nature and life-long duration, pose significant challenges to existing security protection methods. The challenges are twofold, i.e., sparse reward problem in the long-lasting attack, and partial observation of attack actions. To this end, we propose a Security-as-a-Service based reinforcement learning method, namely Attention Augmented Dueling Deep Q-learning Network (AD2QN), to make real-time defense strategies for the hot standby IIoT. First, we build the attack-defend confrontation model as black boxes interact with the IIoT environment to play a long-lasting partially observable zero-sum stochastic game on the server. Then, to dynamically generate optimal defense strategies as the service, AD2QN is proposed employing information completion and prediction to more informed action selection. Furthermore, AD2QN utilizes an iteratively updated reward network to deal with the sparse reward problem. Extensive simulation results shown that the defense strategies generated by our method have a higher defense success rate and a stable defense performance with the average success rate of 0.7384, while the average success rate of baseline methods was 0.7375, in the best case.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于 SECaaS 的 IIoT 部分可观测防御模型，抵御高级持续性威胁

随着智能化和网络化技术的不断发展，工业物联网面临着日益严重的网络攻击威胁，尤其是高级持续威胁（APT）攻击。这些新颖复杂的攻击具有动态性和终身持续时间的特点，对现有的安全防护方法提出了重大挑战。挑战是双重的，即长期攻击中的稀疏奖励问题，以及攻击行为的局部观察问题。为此，我们提出了一种基于安全即服务（Security-as-a-Service）的强化学习方法，即注意力增强决斗深度q -学习网络（Attention Augmented Dueling Deep Q-learning Network, AD2QN），为工业物联网热备份制定实时防御策略。首先，我们建立了攻击防御对抗模型，因为黑盒与工业物联网环境交互，在服务器上玩一个长期的部分可观察的零和随机游戏。然后，为了动态生成最优防御策略作为服务，提出了基于信息补全和预测的AD2QN策略，实现更明智的行动选择。此外，AD2QN利用迭代更新的奖励网络来处理稀疏奖励问题。大量仿真结果表明，本文方法生成的防御策略具有较高的防御成功率和稳定的防御性能，平均成功率为0.7384，而在最佳情况下，基线方法的平均成功率为0.7375。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Transactions on Services Computing COMPUTER SCIENCE, INFORMATION SYSTEMS-COMPUTER SCIENCE, SOFTWARE ENGINEERING

CiteScore

11.50

自引率

6.20%

发文量

278

审稿时长

>12 weeks

期刊介绍： IEEE Transactions on Services Computing encompasses the computing and software aspects of the science and technology of services innovation research and development. It places emphasis on algorithmic, mathematical, statistical, and computational methods central to services computing. Topics covered include Service Oriented Architecture, Web Services, Business Process Integration, Solution Performance Management, and Services Operations and Management. The transactions address mathematical foundations, security, privacy, agreement, contract, discovery, negotiation, collaboration, and quality of service for web services. It also covers areas like composite web service creation, business and scientific applications, standards, utility models, business process modeling, integration, collaboration, and more in the realm of Services Computing.