计算机科学

计算机科学 ›› 2022, Vol. 49 ›› Issue (11A): 210900217-7.doi: 10.11896/jsjkx.210900217

• 信息安全 • 上一篇    下一篇

开放式环境下基于向量表征与计算的动态访问控制

王清旭1, 董理君1, 贾伟1, 刘超1, 杨光2, 吴铁军3   

  1. 1 中国地质大学(武汉)计算机学院 武汉 430078
    2 中南财经政法大学信息与安全工程学院 武汉 430073
    3 绿盟科技 北京 100089
  • 出版日期:2022-11-10 发布日期:2022-11-21
  • 通讯作者: 董理君(ljdong@cug.edu.cn)
  • 作者简介:(546161515@qq.com)
  • 基金资助:
    国家自然科学基金(61972365,42071382);湖北省自然科学基金(2020CFB752);智能地学信息处理湖北省重点实验室开放基金(KLIGIP-2018B02);CCF-绿盟科技“鲲鹏”科研基金(CCF-NSFOCUS 2021002)

Vector Representation and Computation Based Dynamic Access Control in Open Environment

WANG Qing-xu1, DONG Li-jun1, JIA Wei1, LIU Chao1, YANG Guang2, WU Tie-jun3   

  1. 1 School of Computer Sciences,China University of Geosciences,Wuhan 430078,China
    2 School of Information and Safety Engineering,Zhongnan University of Economics and Law,Wuhan 430073,China
    3 NSFOCUS,Beijing 100089,China
  • Online:2022-11-10 Published:2022-11-21
  • About author:WANG Qing-xu,born in 1996,master.His main research interests include access control and representation learning.
    DONG Li-jun,born in 1978,Ph.D,associate professor,master supervisor,is a member of China Computer Federation.His main research interests include network security and knowledge graphs.
  • Supported by:
    National Natural Science Foundation of China(61972365,42071382),Natural Science Foundation of Hubei Pro-vince,China(2020CFB752),Open Research Project of the Hubei Key Laboratory of Intelligent Geo-Information Processing,China(KLIGIP-2018B02) and CCF-NSFOCUS Kun-Peng Scientific Research Fund,China(CCF-NSFOCUS 2021002).

PDF (PC)

344

摘要: 访问控制是网络安全的基础技术。随着大数据技术与开放式网络的发展,互联网用户的访问行为变得越来越灵活。传统的访问控制机制主要从规则自动生成和规则匹配优化两方面来提升访问控制的工作效率,大多采用遍历匹配机制,存在计算量大、效率低等问题,难以满足开放式环境下访问控制动态、高效的需求。受人工智能领域中的分布式嵌入技术的启发,提出一种基于向量表征与计算的访问控制的VRCAC(Vector Representation and Computation based Access Control)模型。首先将访问控制规则转化为数值型向量,使得计算机能够以数值计算的方式实现快速的访问判定,用户向量与权限向量的位置关系可用两者的内积值表示,通过比较内积值与关系阈值,可以快速判断用户与权限的关系。此方法降低了访问控制执行的时间复杂度,从而提高了开放式大数据环境下的访问控制的执行效率。最后在两个真实数据集上,采用准确率、误报率等多种评价指标进行了比较实验,验证了所提方法的有效性。

关键词: 网络安全, 访问控制, 大数据, 分布式表征, 向量嵌入

Abstract: Access control is the basic technology of network security.With the development of big data technology and open networks,the access behavior of Internet users has become more and more flexible.Traditional access control mechanisms mainly improve the efficiency of access control from two aspects:automatic rule generation and rule matching optimization.Most of them use the traversal matching mechanism,which has problems of large amount of calculation and low efficiency,and it is difficult to meet the dynamic and efficient demand of access control in an open environment.Inspired by the distributed embedded technology in the field of artificial intelligence,this paper proposes vector representation and computation based access control(VRCAC) model based on vector representation and computation.Firstly,the access control rules are converted into numerical vectors,so that the computer can realize fast access judgment by numerical calculation.The positional relationship between the user vector and the permission vector can be expressed by the inner product value of the two,and the inner product value is related to the relationship threshold.Thus,the relationship between users and permissions can be quickly determined.This method reduces the time complexity of access control execution,thereby improving the execution efficiency of access control in an open big data environment.Finally,on two real data sets,a comparison experiment is carried out using multiple evaluation indicators such as accuracy rate and false alarm rate,which verifies the effectiveness of the proposed method.

Key words: Network security, Access control, Big data, Distributed representation, Vector embedding

中图分类号: 

  • TP393
[1]ZHANG Y,ZHANG Y.Summary of Zero Trust Research [J].Information Security Research,2020,6(7):608-614.
[2]WANG S L,FENG X,CAI Y B,et al.Analysis and Application Research of Zero Trust Security Model[J].Information Security Research,2020,6(11):966-971.
[3]ERIC L,ZHU H,JIN X,et al.Neural Packet Classification[C]//Proceedings of the ACM Special Interest Group on Data Communication(Beijing,China)(SIGCOMM’19).Association for Computing Machinery,New York,NY,USA,2019:256-269.
[4]SHI J,PESAVENTO D,BENMOHAMED L.NDN-DPDK:NDN Forwarding at 100 Gbps on Commodity Hardware[C]//Proceedings of the 7th ACM Conference on Information-Centric Networking.2020:30-40.
[5]ASAI H.Palmtrie:a ternary key matching algorithm for IPpacket filtering rules[C]//Proceedings of the 16th International Conference on emerging Networking EXperiments and Techno-logies(CoNEXT ’20).Association for Computing Machinery,New York,NY,USA,2020:323-335.
[6]CHENG Y,WANG W,WANG J,et al.FPC:A new approach to firewall policies compression[J].Tsinghua Science & Techno-logy,2019,24(1):65-76.
[7]KARIMI L,ALDAIRI M,JOSHI J,et al.An Automatic Attri-bute Based Access Control Policy Extraction from Access Logs[J].arXiv:2003.07270,2021.
[8]JABAL A A,BERTINOE,LOBO J,et al.Polisma-a framework for learning attribute-based access control policies[C]//Euro-pean Symposium on Research in Computer Security.Cham:Springer,2020.
[9]THANG B,STOLLER S D,LI J J.Greedy and evolutionary algorithms for mining relationship-based access control policies[J].Computers & Security,2019(80):317-333.
[10]KARIMI L,JOSHI J.An unsupervised learning based approach for mining attribute based access control policies[C]//International Conference on Big Data.Piscataway:IEEE Press,2018:1427-1436.
[11]NAROUEI M,KHANPOUR H,TAKABI H,et al.Towards a top-down policy engineering framework for attribute-based access control[C]//Symposium on Access Control Models and Technologies.New York:ACM Press,2017:103-114.
[12]ALOHALY M,TAKABI H,BLANCO E,et al.A deep learning approach for extracting attributes of ABAC policies[C]//Symposium on Access Control models and Technologies.New York:ACM Press,2018:137-148.
[13]ALOHALY M,TAKABI H,BLANCO E.Automated extraction of attributes from natural language attribute-based access control(ABAC) policies[J].Cybersecurity,2019,2(1):2-12.
[14]HEAPS J,WANG X,BREAUX T,et al.Toward Detection of Access Control Models from Source Code via Word Embedding[C]//Proceedings of the 24th ACM Symposium on Access Control Models and Technologies.2019:103-112.
[15]DEVLIN J,CHANG M W,LEE K,et al.BERT:Pre-training of Deep Bidirectional Transformers for Language Understanding[J].arXiv:1810.04805,2018.
[16]YAO L,MAO C,LUO Y.Graph convolutional networks fortext classification[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2019:7370-7377.
[17]HAMILTON W L,YING R,LESKOVEC J.Inductive representation learning on large graphs[C]//Proceedings of the 31st International Conference on Neural Information Processing Systems.2017:1025-1035.
[18]VELICKOVIC P,CUCURULL G,CASANOVA A,et al.Graph attention networks[J].arXiv:1710.10903,2018.
[19]BORDES A,USUNIER N,GARCIA-DURANA,et al.Translating embeddings for modeling multi-relational data[C]//Neural Information Processing Systems(NIPS).2013:1-9.
[20]WANG Z,ZHANG J,FENG J,et al.Knowledge graph embedding by translating on hyperplanes[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2014.
[21]LIN Y,LIU Z,SUN M,et al.Learning entity and relation embeddings for knowledge graph completion[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2015.
[22]SUN Z,DENG Z H,NIE J Y,et al.RotatE:Knowledge Graph Embedding by Relational Rotation in Complex Space[J].arXiv:1902.10197,2019.
[1] 郭鹏军, 张泾周, 杨远帆, 阳申湘.
飞机机内无线通信网络架构与接入控制算法研究
Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft
计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220
[2] 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠.
基于战术关联的网络安全风险评估框架
Network Security Risk Assessment Framework Based on Tactical Correlation
计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171
[3] 王磊, 李晓宇.
基于随机洋葱路由的LBS移动隐私保护方案
LBS Mobile Privacy Protection Scheme Based on Random Onion Routing
计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077
[4] 何强, 尹震宇, 黄敏, 王兴伟, 王源田, 崔硕, 赵勇.
基于大数据的进化网络影响力分析研究综述
Survey of Influence Analysis of Evolutionary Network Based on Big Data
计算机科学, 2022, 49(8): 1-11. https://doi.org/10.11896/jsjkx.210700240
[5] 陈晶, 吴玲玲.
多源异构环境下的车联网大数据混合属性特征检测方法
Mixed Attribute Feature Detection Method of Internet of Vehicles Big Datain Multi-source Heterogeneous Environment
计算机科学, 2022, 49(8): 108-112. https://doi.org/10.11896/jsjkx.220300273
[6] 赵冬梅, 吴亚星, 张红斌.
基于IPSO-BiLSTM的网络安全态势预测
Network Security Situation Prediction Based on IPSO-BiLSTM
计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103
[7] 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓.
一种可快速迁移的领域知识图谱构建方法
Fast and Transmissible Domain Knowledge Graph Construction Method
计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018
[8] 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏.
基于网络媒体的非线性动力学信息传播模型
Nonlinear Dynamics Information Dissemination Model Based on Network Media
计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043
[9] 陶礼靖, 邱菡, 朱俊虎, 李航天.
面向网络安全训练评估的受训者行为描述模型
Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment
计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048
[10] 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳.
基于进化神经网络的电力信息网安全态势量化方法
Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network
计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151
[11] 阳真, 黄松, 郑长友.
基于区块链与改进CP-ABE的众测知识产权保护技术研究
Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE
计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075
[12] 孙轩, 王焕骁.
政务大数据安全防护能力建设:基于技术和管理视角的探讨
Capability Building for Government Big Data Safety Protection:Discussions from Technologicaland Management Perspectives
计算机科学, 2022, 49(4): 67-73. https://doi.org/10.11896/jsjkx.211000010
[13] 王美珊, 姚兰, 高福祥, 徐军灿.
面向医疗集值数据的差分隐私保护技术研究
Study on Differential Privacy Protection for Medical Set-Valued Data
计算机科学, 2022, 49(4): 362-368. https://doi.org/10.11896/jsjkx.210300032
[14] 张康威, 张敬伟, 杨青, 胡晓丽, 单美静.
DCPFS:分布式轨迹流伴随模式挖掘框架
DCPFS:Distributed Companion Patterns Mining Framework for Streaming Trajectories
计算机科学, 2022, 49(11A): 211100268-10. https://doi.org/10.11896/jsjkx.211100268
[15] 王珏, 芦斌, 祝跃飞.
对抗性网络流量的生成与应用综述
Generation and Application of Adversarial Network Traffic:A Survey
计算机科学, 2022, 49(11A): 211000039-11. https://doi.org/10.11896/jsjkx.211000039
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发