摘要
随着网络边界日益模糊,零信任作为网络安全防御的新范式应运而生.针对零信任安全架构在面对大数据时代所带来的海量上下文信息和多样化终端情境下,信任评估效率低且难以有效保护用户数据隐私的问题,提出了一种基于联邦学习的SDP信任评估模型及其部署方法.该模型通过去中心化思想,在不共享原始数据的情况下训练全局模型,保护各分布式SDP控制器节点的用户数据隐私.通过实验和对比分析,证明此零信任评估模型可有效分类恶意和合法数据流,并且效率优于同类文献方案.
With the increasing blurring of network boundaries,zero trust has emerged as a new paradigm for network security defense.A federated learningbased SDP trust evaluation model and its deployment method are proposed to address the issues of low trust evaluation efficiency and difficulty in effectively protecting user data privacy in the face of massive contextual information and diverse terminal scenarios brought by the zero trust security architecture in the era of big data.This model adopts a decentralized approach to train a global model without sharing raw data,protecting the user data privacy of each distributed SDP controller node.Through experiments and comparative analysis,it has been proven that this zero trust evaluation model can effectively classify malicious and legitimate data streams,and its efficiency is superior to similar literature schemes.
作者
池亚平
刘佳辉
梁家铭
Chi Yaping;Liu Jiahui;Liang Jiaming(Cyberspace Security Department,Beijing Electronic Science and Technology Institute,Beijing 100070;School of Communication Engineering,Xidian University,Xi’an 710071)
出处
《信息安全研究》
CSCD
北大核心
2024年第10期903-911,共9页
Journal of Information Security Research
基金
中央高校基本科研业务费资金项目(3282023052)。
