计算机科学 ›› 2022, Vol. 49 ›› Issue (11A): 210900217-7.doi: 10.11896/jsjkx.210900217
王清旭1, 董理君1, 贾伟1, 刘超1, 杨光2, 吴铁军3
WANG Qing-xu1, DONG Li-jun1, JIA Wei1, LIU Chao1, YANG Guang2, WU Tie-jun3
摘要: 访问控制是网络安全的基础技术。随着大数据技术与开放式网络的发展,互联网用户的访问行为变得越来越灵活。传统的访问控制机制主要从规则自动生成和规则匹配优化两方面来提升访问控制的工作效率,大多采用遍历匹配机制,存在计算量大、效率低等问题,难以满足开放式环境下访问控制动态、高效的需求。受人工智能领域中的分布式嵌入技术的启发,提出一种基于向量表征与计算的访问控制的VRCAC(Vector Representation and Computation based Access Control)模型。首先将访问控制规则转化为数值型向量,使得计算机能够以数值计算的方式实现快速的访问判定,用户向量与权限向量的位置关系可用两者的内积值表示,通过比较内积值与关系阈值,可以快速判断用户与权限的关系。此方法降低了访问控制执行的时间复杂度,从而提高了开放式大数据环境下的访问控制的执行效率。最后在两个真实数据集上,采用准确率、误报率等多种评价指标进行了比较实验,验证了所提方法的有效性。
中图分类号:
[1]ZHANG Y,ZHANG Y.Summary of Zero Trust Research [J].Information Security Research,2020,6(7):608-614. [2]WANG S L,FENG X,CAI Y B,et al.Analysis and Application Research of Zero Trust Security Model[J].Information Security Research,2020,6(11):966-971. [3]ERIC L,ZHU H,JIN X,et al.Neural Packet Classification[C]//Proceedings of the ACM Special Interest Group on Data Communication(Beijing,China)(SIGCOMM’19).Association for Computing Machinery,New York,NY,USA,2019:256-269. [4]SHI J,PESAVENTO D,BENMOHAMED L.NDN-DPDK:NDN Forwarding at 100 Gbps on Commodity Hardware[C]//Proceedings of the 7th ACM Conference on Information-Centric Networking.2020:30-40. [5]ASAI H.Palmtrie:a ternary key matching algorithm for IPpacket filtering rules[C]//Proceedings of the 16th International Conference on emerging Networking EXperiments and Techno-logies(CoNEXT ’20).Association for Computing Machinery,New York,NY,USA,2020:323-335. [6]CHENG Y,WANG W,WANG J,et al.FPC:A new approach to firewall policies compression[J].Tsinghua Science & Techno-logy,2019,24(1):65-76. [7]KARIMI L,ALDAIRI M,JOSHI J,et al.An Automatic Attri-bute Based Access Control Policy Extraction from Access Logs[J].arXiv:2003.07270,2021. [8]JABAL A A,BERTINOE,LOBO J,et al.Polisma-a framework for learning attribute-based access control policies[C]//Euro-pean Symposium on Research in Computer Security.Cham:Springer,2020. [9]THANG B,STOLLER S D,LI J J.Greedy and evolutionary algorithms for mining relationship-based access control policies[J].Computers & Security,2019(80):317-333. [10]KARIMI L,JOSHI J.An unsupervised learning based approach for mining attribute based access control policies[C]//International Conference on Big Data.Piscataway:IEEE Press,2018:1427-1436. [11]NAROUEI M,KHANPOUR H,TAKABI H,et al.Towards a top-down policy engineering framework for attribute-based access control[C]//Symposium on Access Control Models and Technologies.New York:ACM Press,2017:103-114. [12]ALOHALY M,TAKABI H,BLANCO E,et al.A deep learning approach for extracting attributes of ABAC policies[C]//Symposium on Access Control models and Technologies.New York:ACM Press,2018:137-148. [13]ALOHALY M,TAKABI H,BLANCO E.Automated extraction of attributes from natural language attribute-based access control(ABAC) policies[J].Cybersecurity,2019,2(1):2-12. [14]HEAPS J,WANG X,BREAUX T,et al.Toward Detection of Access Control Models from Source Code via Word Embedding[C]//Proceedings of the 24th ACM Symposium on Access Control Models and Technologies.2019:103-112. [15]DEVLIN J,CHANG M W,LEE K,et al.BERT:Pre-training of Deep Bidirectional Transformers for Language Understanding[J].arXiv:1810.04805,2018. [16]YAO L,MAO C,LUO Y.Graph convolutional networks fortext classification[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2019:7370-7377. [17]HAMILTON W L,YING R,LESKOVEC J.Inductive representation learning on large graphs[C]//Proceedings of the 31st International Conference on Neural Information Processing Systems.2017:1025-1035. [18]VELICKOVIC P,CUCURULL G,CASANOVA A,et al.Graph attention networks[J].arXiv:1710.10903,2018. [19]BORDES A,USUNIER N,GARCIA-DURANA,et al.Translating embeddings for modeling multi-relational data[C]//Neural Information Processing Systems(NIPS).2013:1-9. [20]WANG Z,ZHANG J,FENG J,et al.Knowledge graph embedding by translating on hyperplanes[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2014. [21]LIN Y,LIU Z,SUN M,et al.Learning entity and relation embeddings for knowledge graph completion[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2015. [22]SUN Z,DENG Z H,NIE J Y,et al.RotatE:Knowledge Graph Embedding by Relational Rotation in Complex Space[J].arXiv:1902.10197,2019. |
[1] | 郭鹏军, 张泾周, 杨远帆, 阳申湘. 飞机机内无线通信网络架构与接入控制算法研究 Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft 计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220 |
[2] | 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠. 基于战术关联的网络安全风险评估框架 Network Security Risk Assessment Framework Based on Tactical Correlation 计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171 |
[3] | 王磊, 李晓宇. 基于随机洋葱路由的LBS移动隐私保护方案 LBS Mobile Privacy Protection Scheme Based on Random Onion Routing 计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077 |
[4] | 何强, 尹震宇, 黄敏, 王兴伟, 王源田, 崔硕, 赵勇. 基于大数据的进化网络影响力分析研究综述 Survey of Influence Analysis of Evolutionary Network Based on Big Data 计算机科学, 2022, 49(8): 1-11. https://doi.org/10.11896/jsjkx.210700240 |
[5] | 陈晶, 吴玲玲. 多源异构环境下的车联网大数据混合属性特征检测方法 Mixed Attribute Feature Detection Method of Internet of Vehicles Big Datain Multi-source Heterogeneous Environment 计算机科学, 2022, 49(8): 108-112. https://doi.org/10.11896/jsjkx.220300273 |
[6] | 赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测 Network Security Situation Prediction Based on IPSO-BiLSTM 计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103 |
[7] | 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓. 一种可快速迁移的领域知识图谱构建方法 Fast and Transmissible Domain Knowledge Graph Construction Method 计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018 |
[8] | 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏. 基于网络媒体的非线性动力学信息传播模型 Nonlinear Dynamics Information Dissemination Model Based on Network Media 计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043 |
[9] | 陶礼靖, 邱菡, 朱俊虎, 李航天. 面向网络安全训练评估的受训者行为描述模型 Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment 计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048 |
[10] | 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳. 基于进化神经网络的电力信息网安全态势量化方法 Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network 计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151 |
[11] | 阳真, 黄松, 郑长友. 基于区块链与改进CP-ABE的众测知识产权保护技术研究 Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE 计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075 |
[12] | 孙轩, 王焕骁. 政务大数据安全防护能力建设:基于技术和管理视角的探讨 Capability Building for Government Big Data Safety Protection:Discussions from Technologicaland Management Perspectives 计算机科学, 2022, 49(4): 67-73. https://doi.org/10.11896/jsjkx.211000010 |
[13] | 王美珊, 姚兰, 高福祥, 徐军灿. 面向医疗集值数据的差分隐私保护技术研究 Study on Differential Privacy Protection for Medical Set-Valued Data 计算机科学, 2022, 49(4): 362-368. https://doi.org/10.11896/jsjkx.210300032 |
[14] | 张康威, 张敬伟, 杨青, 胡晓丽, 单美静. DCPFS:分布式轨迹流伴随模式挖掘框架 DCPFS:Distributed Companion Patterns Mining Framework for Streaming Trajectories 计算机科学, 2022, 49(11A): 211100268-10. https://doi.org/10.11896/jsjkx.211100268 |
[15] | 王珏, 芦斌, 祝跃飞. 对抗性网络流量的生成与应用综述 Generation and Application of Adversarial Network Traffic:A Survey 计算机科学, 2022, 49(11A): 211000039-11. https://doi.org/10.11896/jsjkx.211000039 |
|