Computer Science

Computer Science ›› 2022, Vol. 49 ›› Issue (11A): 210900217-7.doi: 10.11896/jsjkx.210900217

• Information Security • Previous Articles     Next Articles

Vector Representation and Computation Based Dynamic Access Control in Open Environment

WANG Qing-xu1, DONG Li-jun1, JIA Wei1, LIU Chao1, YANG Guang2, WU Tie-jun3   

  1. 1 School of Computer Sciences,China University of Geosciences,Wuhan 430078,China
    2 School of Information and Safety Engineering,Zhongnan University of Economics and Law,Wuhan 430073,China
    3 NSFOCUS,Beijing 100089,China
  • Online:2022-11-10 Published:2022-11-21
  • About author:WANG Qing-xu,born in 1996,master.His main research interests include access control and representation learning.
    DONG Li-jun,born in 1978,Ph.D,associate professor,master supervisor,is a member of China Computer Federation.His main research interests include network security and knowledge graphs.
  • Supported by:
    National Natural Science Foundation of China(61972365,42071382),Natural Science Foundation of Hubei Pro-vince,China(2020CFB752),Open Research Project of the Hubei Key Laboratory of Intelligent Geo-Information Processing,China(KLIGIP-2018B02) and CCF-NSFOCUS Kun-Peng Scientific Research Fund,China(CCF-NSFOCUS 2021002).

PDF (PC)

362

Abstract: Access control is the basic technology of network security.With the development of big data technology and open networks,the access behavior of Internet users has become more and more flexible.Traditional access control mechanisms mainly improve the efficiency of access control from two aspects:automatic rule generation and rule matching optimization.Most of them use the traversal matching mechanism,which has problems of large amount of calculation and low efficiency,and it is difficult to meet the dynamic and efficient demand of access control in an open environment.Inspired by the distributed embedded technology in the field of artificial intelligence,this paper proposes vector representation and computation based access control(VRCAC) model based on vector representation and computation.Firstly,the access control rules are converted into numerical vectors,so that the computer can realize fast access judgment by numerical calculation.The positional relationship between the user vector and the permission vector can be expressed by the inner product value of the two,and the inner product value is related to the relationship threshold.Thus,the relationship between users and permissions can be quickly determined.This method reduces the time complexity of access control execution,thereby improving the execution efficiency of access control in an open big data environment.Finally,on two real data sets,a comparison experiment is carried out using multiple evaluation indicators such as accuracy rate and false alarm rate,which verifies the effectiveness of the proposed method.

Key words: Network security, Access control, Big data, Distributed representation, Vector embedding

CLC Number: 

  • TP393
[1]ZHANG Y,ZHANG Y.Summary of Zero Trust Research [J].Information Security Research,2020,6(7):608-614.
[2]WANG S L,FENG X,CAI Y B,et al.Analysis and Application Research of Zero Trust Security Model[J].Information Security Research,2020,6(11):966-971.
[3]ERIC L,ZHU H,JIN X,et al.Neural Packet Classification[C]//Proceedings of the ACM Special Interest Group on Data Communication(Beijing,China)(SIGCOMM’19).Association for Computing Machinery,New York,NY,USA,2019:256-269.
[4]SHI J,PESAVENTO D,BENMOHAMED L.NDN-DPDK:NDN Forwarding at 100 Gbps on Commodity Hardware[C]//Proceedings of the 7th ACM Conference on Information-Centric Networking.2020:30-40.
[5]ASAI H.Palmtrie:a ternary key matching algorithm for IPpacket filtering rules[C]//Proceedings of the 16th International Conference on emerging Networking EXperiments and Techno-logies(CoNEXT ’20).Association for Computing Machinery,New York,NY,USA,2020:323-335.
[6]CHENG Y,WANG W,WANG J,et al.FPC:A new approach to firewall policies compression[J].Tsinghua Science & Techno-logy,2019,24(1):65-76.
[7]KARIMI L,ALDAIRI M,JOSHI J,et al.An Automatic Attri-bute Based Access Control Policy Extraction from Access Logs[J].arXiv:2003.07270,2021.
[8]JABAL A A,BERTINOE,LOBO J,et al.Polisma-a framework for learning attribute-based access control policies[C]//Euro-pean Symposium on Research in Computer Security.Cham:Springer,2020.
[9]THANG B,STOLLER S D,LI J J.Greedy and evolutionary algorithms for mining relationship-based access control policies[J].Computers & Security,2019(80):317-333.
[10]KARIMI L,JOSHI J.An unsupervised learning based approach for mining attribute based access control policies[C]//International Conference on Big Data.Piscataway:IEEE Press,2018:1427-1436.
[11]NAROUEI M,KHANPOUR H,TAKABI H,et al.Towards a top-down policy engineering framework for attribute-based access control[C]//Symposium on Access Control Models and Technologies.New York:ACM Press,2017:103-114.
[12]ALOHALY M,TAKABI H,BLANCO E,et al.A deep learning approach for extracting attributes of ABAC policies[C]//Symposium on Access Control models and Technologies.New York:ACM Press,2018:137-148.
[13]ALOHALY M,TAKABI H,BLANCO E.Automated extraction of attributes from natural language attribute-based access control(ABAC) policies[J].Cybersecurity,2019,2(1):2-12.
[14]HEAPS J,WANG X,BREAUX T,et al.Toward Detection of Access Control Models from Source Code via Word Embedding[C]//Proceedings of the 24th ACM Symposium on Access Control Models and Technologies.2019:103-112.
[15]DEVLIN J,CHANG M W,LEE K,et al.BERT:Pre-training of Deep Bidirectional Transformers for Language Understanding[J].arXiv:1810.04805,2018.
[16]YAO L,MAO C,LUO Y.Graph convolutional networks fortext classification[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2019:7370-7377.
[17]HAMILTON W L,YING R,LESKOVEC J.Inductive representation learning on large graphs[C]//Proceedings of the 31st International Conference on Neural Information Processing Systems.2017:1025-1035.
[18]VELICKOVIC P,CUCURULL G,CASANOVA A,et al.Graph attention networks[J].arXiv:1710.10903,2018.
[19]BORDES A,USUNIER N,GARCIA-DURANA,et al.Translating embeddings for modeling multi-relational data[C]//Neural Information Processing Systems(NIPS).2013:1-9.
[20]WANG Z,ZHANG J,FENG J,et al.Knowledge graph embedding by translating on hyperplanes[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2014.
[21]LIN Y,LIU Z,SUN M,et al.Learning entity and relation embeddings for knowledge graph completion[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2015.
[22]SUN Z,DENG Z H,NIE J Y,et al.RotatE:Knowledge Graph Embedding by Relational Rotation in Complex Space[J].arXiv:1902.10197,2019.
[1] GUO Peng-jun, ZHANG Jing-zhou, YANG Yuan-fan, YANG Shen-xiang. Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft [J]. Computer Science, 2022, 49(9): 268-274.
[2] LIU Jie-ling, LING Xiao-bo, ZHANG Lei, WANG Bo, WANG Zhi-liang, LI Zi-mu, ZHANG Hui, YANG Jia-hai, WU Cheng-nan. Network Security Risk Assessment Framework Based on Tactical Correlation [J]. Computer Science, 2022, 49(9): 306-311.
[3] HE Qiang, YIN Zhen-yu, HUANG Min, WANG Xing-wei, WANG Yuan-tian, CUI Shuo, ZHAO Yong. Survey of Influence Analysis of Evolutionary Network Based on Big Data [J]. Computer Science, 2022, 49(8): 1-11.
[4] CHEN Jing, WU Ling-ling. Mixed Attribute Feature Detection Method of Internet of Vehicles Big Datain Multi-source Heterogeneous Environment [J]. Computer Science, 2022, 49(8): 108-112.
[5] ZHAO Dong-mei, WU Ya-xing, ZHANG Hong-bin. Network Security Situation Prediction Based on IPSO-BiLSTM [J]. Computer Science, 2022, 49(7): 357-362.
[6] DENG Kai, YANG Pin, LI Yi-zhou, YANG Xing, ZENG Fan-rui, ZHANG Zhen-yu. Fast and Transmissible Domain Knowledge Graph Construction Method [J]. Computer Science, 2022, 49(6A): 100-108.
[7] DU Hong-yi, YANG Hua, LIU Yan-hong, YANG Hong-peng. Nonlinear Dynamics Information Dissemination Model Based on Network Media [J]. Computer Science, 2022, 49(6A): 280-284.
[8] LYU Peng-peng, WANG Shao-ying, ZHOU Wen-fang, LIAN Yang-yang, GAO Li-fang. Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network [J]. Computer Science, 2022, 49(6A): 588-593.
[9] YANG Zhen, HUANG Song, ZHENG Chang-you. Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE [J]. Computer Science, 2022, 49(5): 325-332.
[10] WANG Mei-shan, YAO Lan, GAO Fu-xiang, XU Jun-can. Study on Differential Privacy Protection for Medical Set-Valued Data [J]. Computer Science, 2022, 49(4): 362-368.
[11] SUN Xuan, WANG Huan-xiao. Capability Building for Government Big Data Safety Protection:Discussions from Technologicaland Management Perspectives [J]. Computer Science, 2022, 49(4): 67-73.
[12] LI Hui, HAN Lin, TAO Hong-wei, DONG Ben-song. Study on Office Password Recovery Vectorization Technology Based on Sunway Many-core Processor [J]. Computer Science, 2022, 49(11A): 210900176-5.
[13] LI Hui, HAN Lin, YU Zhe, WANG Wei. Acceleration Method for Multidimensional Function Optimization Based on Artificial Bee Colony Algorithm [J]. Computer Science, 2022, 49(11A): 211200075-6.
[14] ZHANG Kang-wei, ZHANG Jing-wei, YANG Qing, HU Xiao-li, SHAN Mei-jing. DCPFS:Distributed Companion Patterns Mining Framework for Streaming Trajectories [J]. Computer Science, 2022, 49(11A): 211100268-10.
[15] ZHAO Hong, CHANG You-kang, WANG Wei-jie. Survey of Adversarial Attacks and Defense Methods for Deep Neural Networks [J]. Computer Science, 2022, 49(11A): 210900163-11.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.