基于GNN双源学习的访问控制关系预测方法

doi:10.11959/j.issn.2096-109x.2022062

网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (5): 40-55.doi: 10.11959/j.issn.2096-109x.2022062

• 专题：大数据与人工智能安全 • 上一篇下一篇

基于GNN双源学习的访问控制关系预测方法

单棣斌, 杜学绘, 王文娟, 刘敖迪, 王娜

信息工程大学，河南郑州 450001

修回日期:2022-08-15 出版日期:2022-10-15 发布日期:2022-10-01
作者简介:单棣斌（1982- ），男，河北邯郸人，信息工程大学讲师，主要研究方向为大数据安全、信任安全、图神经网络
杜学绘（1968- ），女，河南新乡人，博士，信息工程大学教授、博士生导师，主要研究方向为信息系统安全、大数据和区块链安全
王文娟（1981- ），女，河南鹤壁人，博士，信息工程大学教授，主要研究方向为云计算安全、入侵防御
刘敖迪（1992- ），男，黑龙江伊春人，博士，信息工程大学讲师，主要研究方向为大数据安全
王娜（1980- ），女，山西临汾人，博士，信息工程大学副教授，主要研究方向为信息系统安全、大数据和区块链安全
基金资助:
国家重点研发计划(2018YFB0803603);国家重点研发计划(2016YFB0501904);国家自然科学基金(62102449);河南省重点研发与推广专项(222102210069)

Access control relationship prediction method based on GNN dual source learning

Dibin SHAN, Xuehui DU, Wenjuan WANG, Aodi LIU, Na WANG

Information Engineering University, Zhengzhou 450001, China

Revised:2022-08-15 Online:2022-10-15 Published:2022-10-01
Supported by:
The National Key R＆D Program of China(2018YFB0803603);The National Key R＆D Program of China(2016YFB0501904);The National Natural Science Foundation of China(62102449);The Key Research and Development and Promotion Program of Henan Province(222102210069)

摘要/Abstract

摘要：

随着大数据技术的迅速发展和广泛应用，用户越权访问成为制约大数据资源安全共享、受控访问的主要问题之一。基于关系的访问控制（ReBAC，relation-based access control）模型利用实体之间关系制定访问控制规则，增强了策略的逻辑表达能力，实现了动态访问控制，但仍然面临着实体关系数据缺失、规则的关系路径复杂等问题。为克服这些问题，提出了一种基于GNN双源学习的边预测模型——LPMDLG，将大数据实体关系预测问题转化为有向多重图的边预测问题。提出了基于有向包围子图的拓扑结构学习方法和有向双半径节点标记算法，通过有向包围子图提取、子图节点标记计算和拓扑结构特征学习3个环节，从实体关系图中学习节点与子图的拓扑结构特征；提出了基于有向邻居子图的节点嵌入特征学习方法，融入了注意力系数、关系类型等要素，通过有向邻居子图提取、节点嵌入特征学习等环节，学习其节点嵌入特征；设计了双源融合的评分网络，将拓扑结构与节点嵌入联合计算边的得分，从而获得实体关系图的边预测结果。边预测实验结果表明，相较于 R-GCN、SEAL、GraIL、TACT 等基线模型，所提模型在AUC-PR、MRR和Hits@N等评价指标下均获得更优的预测结果；消融实验结果说明所提模型的双源学习模式优于单一模式的边预测效果；规则匹配实验结果验证了所提模型实现了对部分实体的自动授权和对规则的关系路径的压缩。所提模型有效提升了边预测的效果，能够满足大数据访问控制关系预测需求。

关键词: 大数据, 基于关系的访问控制, 边预测, 图神经网络

Abstract:

With the rapid development and wide application of big data technology, users’ unauthorized access to resources becomes one of the main problems that restrict the secure sharing and controlled access to big data resources.The ReBAC (Relationship-Based Access Control) model uses the relationship between entities to formulate access control rules, which enhances the logical expression of policies and realizes dynamic access control.However, It still faces the problems of missing entity relationship data and complex relationship paths of rules.To overcome these problems, a link prediction model LPMDLG based on GNN dual-source learning was proposed to transform the big data entity-relationship prediction problem into a link prediction problem with directed multiple graphs.A topology learning method based on directed enclosing subgraphs was designed in this modeled.And a directed dual-radius node labeling algorithm was proposed to learn the topological structure features of nodes and subgraphs from entity relationship graphs through three segments, including directed enclosing subgraph extraction, subgraph node labeling calculation and topological structure feature learning.A node embedding feature learning method based on directed neighbor subgraph was proposed, which incorporated elements such as attention coefficients and relationship types, and learned its node embedding features through the sessions of directed neighbor subgraph extraction and node embedding feature learning.A two-source fusion scoring network was designed to jointly calculate the edge scores by topology and node embedding to obtain the link prediction results of entity-relationship graphs.The experiment results of link prediction show that the proposed model obtains better prediction results under the evaluation metrics of AUC-PR, MRR and Hits@N compared with the baseline models such as R-GCN, SEAL, GraIL and TACT.The ablation experiment results illustrate that the model’s dual-source learning scheme outperforms the link prediction effect of a single scheme.The rule matching experiment results verify that the model achieves automatic authorization of some entities and compression of the relational path of rules.The model effectively improves the effect of link prediction and it can meet the demand of big data access control relationship prediction.

Key words: big data, relationship-based access control, link predication, graph neural network

中图分类号:

TP309

单棣斌, 杜学绘, 王文娟, 刘敖迪, 王娜. 基于GNN双源学习的访问控制关系预测方法[J]. 网络与信息安全学报, 2022, 8(5): 40-55.

Dibin SHAN, Xuehui DU, Wenjuan WANG, Aodi LIU, Na WANG. Access control relationship prediction method based on GNN dual source learning[J]. Chinese Journal of Network and Information Security, 2022, 8(5): 40-55.

图/表 12

图1

图2

图3

图4

图5

图6

图7

表1

AUC-PR结果Table 1 AUC-PR results"

数据集	版本	R-GCN*	SEAL*	GraIL**	TACT**	LPMDLG
WN18RR	v2	66.12	77.91	94.18	$97 . 95$	97.17
	v3	60.7	76.34	85.8	90.58	$92 . 02$
FB15k-237	v2	69.74	70.59	90.57	94.20	$95 . 97$
	v3	63.24	69.52	91.68	97.10	$97 . 83$
NELL-995	v2	67.55	71.03	92.62	96.58	$96 . 63$
	v3	68.87	68.92	93.34	95.70	$96 . 22$

表1

表2

MRR结果Table 2 MRR results"

数据集	版本	R-GCN*	SEAL*	GraIL**	TACT**	LPMDLG
WN18RR	V2	0.637	0.621	0.772	0.984	$0 . 988$
	V3	0.489	0.511	0.549	0.895	$0 . 922$
FB15k-237	V2	0.051	0.062	0.049	0.815	$0 . 902$
	V3	0.066	0.040	0.045	0.752	$0 . 883$
NELL-995	V2	0.071	0.055	0.058	0.680	$0 . 702$
	V3	0.062	0.049	0.042	0.548	$0 . 632$

表2

表3

Hits@1结果Table 3 Hits@1 results"

数据集	版本	R-GCN*	SEAL*	GraIL**	TACT**	LPMDLG
WN18RR	V2	0.611	0.595	0.628	0.978	$0 . 976$
	V3	0.584	0.411	0.377	0.852	$0 . 902$
FB15k-237	V2	0.376	0.327	0.013	0.717	$0 . 834$
	V3	0.491	0.233	0.003	0.609	$0 . 801$
NELL-995	V2	0.51	0.49	0.01	0.533	$0 . 634$
	V3	0.433	0.462	0.007	0.354	$0 . 601$

表3

表4

LPMDLG模型消融实验结果对比Table 4 Comparison of results of LPMDLG model ablationexperiments"

数据集	版本	G		V		LPMDLG
数据集	版本	MRR	Hits@1	MRR	Hits@1	MRR	Hits@1
WN18RR	V2	0.857	0.742	0.841	0.897	$0 . 988$	$0 . 976$
	V3	0.902	0.891	0.913	0.812	$0 . 922$	$0 . 902$
FB15k-237	V2	0.836	0.763	0.811	0.82	$0 . 902$	$0 . 834$
	V3	0.832	0.760	0.715	0.698	$0 . 883$	$0 . 801$
NELL-995	V2	0.627	0.590	0.679	0.623	$0 . 702$	$0 . 632$
	V3	0.604	0.527	0.575	0.515	$0 . 634$	$0 . 601$

表4

表5

参考文献 40

[1]	李昊, 张敏, 冯登国 ,等. 大数据访问控制研究[J]. 计算机学报, 2017,40(1): 72-91.
	LI H , ZHANG M , FENG D G ,et al. Research on access control of big data[J]. Chinese Journal of Computers, 2017,40(1): 72-91.
[2]	FONG P W L , . Relationship-based access control:protection model and policy language[C]// Proceedings of the First ACM Conference on Data and Application Security and Privacy. 2011: 191-202.
[3]	AHMED T , SANDHU R , PARK J . Classifying and comparing attribute-based and relationship-based access control[C]// Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. 2017: 59-70.
[4]	BOGAERTS J , DECAT M , LAGAISSE B ,et al. Entity-based access control:supporting more expressive access control policies[C]// Proceedings of the 31st Annual Computer Security Applications Conference. 2015: 291-300.
[5]	CHAKRABORTY S , SANDHU R . On Feasibility of attributeaware relationship-based access control policy mining[C]// IFIP International Federation for Information Processing 2021. 2021: 393-405.
[6]	CHAKRABORTY S , SANDHU R . Formal analysis of ReBAC policy mining feasibility[C]// Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy(CODASPY '21). 2021: 197-207.
[7]	HU V C , FERRAIOLO D , KUHN R ,et al. Guide to Attribute based access control (ABAC) definition and considerations:NIST Special Publication 800-162[S]. 2019: 1-37.
[8]	BUI T , STOLLER S D , LI J J . Greedy and evolutionary algorithms for mining relationship-based access control policies[J]. Computers ＆Security, 2019,80: 317-333.
[9]	BUI T , STOLLER S D . A decision tree learning approach for mining relationship-based access control policies[C]// Proceedings of the 25th ACM Symposium on Access Control Models and Technologies. 2020: 167-178.
[10]	BUI T , STOLLER S D , LI J . Mining relationship-based access control policies from incomplete and noisy data[M]// Foundations and Practice of Security. Switzerland, 2019: 267-284.
[11]	BUI T , STOLLER S D . Learning attribute-based and relationship-based access control policies with unknown values[C]// Information Systems Security - 16th International Conference(ICISS). 2020: 23-44.
[12]	IYER P , MASOUMZADEH A . Active learning of relationship-based access control policies[C]// Proceedings of the 25th ACM Symposium on Access Control Models and Technologies. 2020: 155-166.
[13]	ZHANG M . Graph neural networks:link prediction[M]// Graph Neural Networks: Foundations,Frontiers,and Applications.Singapore,Springer, 2021: 195-224.
[14]	SCHLICHTKRULL M , KIPF T N , BLOEM P ,et al. Modeling relational data with graph convolutional networks[C]// The Semantic Web. 2018: 593-607.
[15]	ZHANG M , CHEN Y . Link prediction based on graph neural networks[C]// Proceedings of 32nd Conference on Neural Information Processing Systems (NIPS 2018). 2018: 1-11.
[16]	TERU K K , DENIS E , HAMILTON W L . Inductive relation prediction by subgraph reasoning[C]// Proceedings of the 37th International Conference on Machine Learning(ICML). 2020: 1-10.
[17]	CHEN J , HE H , WU F ,et al. Topology-aware correlations between relations for inductive link prediction in knowledge graphs[C]// Proceedings of 35th AAAI Conference on Artificial Intelligence.ELECTR NETWORK. 2021: 6271-6278.
[18]	KIPF T N , WELLING M . Variational graph auto-encoders[C]// Bayesian Deep Learning Workshop (NIPS 2016). 2016: 1-3.
[19]	YOU J , YING R , LESKOVEC J . Position-aware graph neural networks[C]// Proceedings of 36th International Conference on Machine Learning (ICML). 2019: 7134-7143.
[20]	CHAMI I , YING R , Ré C , ,et al. Hyperbolic graph convolutional neural networks[J]. Advances in Neural Information Processing Systems, 2019,32: 4869-4880.
[21]	LI P , WANG Y B , WANG H W ,et al. Distance encoding:design provably more powerful neural networks for graph representation learning[J]. arXiv:2009.00142, 2020.
[22]	LIBEN-NOWELL D , KLEINBERG J . The link prediction problem for social networks[J]. Journal of the American Society for Information Science and Technology, 2007,58(7): 1019-1031.
[23]	ADAMIC L A , ADAR E . Friends and neighbors on the Web[J]. Social Networks, 2003,25(3): 211-230.
[24]	SHIBATA N , KAJIKAWA Y , SAKATA I . Link prediction in citation networks[J]. Journal of the American Society for Information Science and Technology, 2012,63(1): 78-85.
[25]	STANFIELD Z , CO?KUN M , KOYUTüRK M . Drug response prediction as a link prediction problem[J]. Scientific Reports, 2017,7:40321.
[26]	NICKEL M , MURPHY K , TRESP V ,et al. A review of relational machine learning for knowledge graphs[J]. Proceedings of the IEEE, 2016,104(1): 11-33.
[27]	CRAMPTON J , SELLWOOD J . Path conditions and principal matching:A new approach to access control[C]// Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT’14). 2014: 187-198.
[28]	PACI F , SQUICCIARINI A , ZANNONE N . Survey on access control for community-centered collaborative systems[J]. ACM Computing Surveys, 2019,51(1): 1-38.
[29]	ASIM Y , MALIK A K . A survey on access control techniques for social networks[M]// Information Diffusion Management and Knowledge Sharing. IGI Global, 2020: 319-342.
[30]	BRIN S , PAGE L . Reprint of:the anatomy of a large-scale hypertextual Web search engine[J]. Computer Networks, 2012,56(18): 3825-3833.
[31]	OU M D , CUI P , PEI J ,et al. Asymmetric transitivity preserving graph embedding[C]// Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining(KDD’16). 2016: 1105-1114.
[32]	PEROZZI B , AL-RFOU R ,, SKIENA S . Deepwalk:online learning of social representations[C]// Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data mining(KDD'14). 2014: 701-710.
[33]	RIBEIRO L , SAVERESE P , FIGUEIREDO D R . Struc2vec:learning node representations from structural identity[C]// The ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 2017: 385-394.
[34]	ZHANG M H , CHEN Y X . Inductive matrix completion based on graph neural networks[J]. arXiv:1904.12058, 2019.
[35]	ZHANG M , LI P , XIA Y ,et al. Labeling trick:a theory of using graph neural networks for multi-node representation learning[C]// 35th Conference on Neural Information Processing Systems (NeurIPS 2021). 2022: 9061-9073.
[36]	BANG-JENSEN J , GUTIN G . Digraphs theory,algorithms and applications (second edition)[M]. London: Springer-Verlag, 2007.
[37]	VELI?KOVI? P , CUCURULL G , CASANOVA A ,et al. Graph attention networks[J]. arXiv:1710.10903, 2017.
[38]	TOUTANOVA K , CHEN D J . Observed versus latent features for knowledge base and text inference[C]// Proceedings of the 3rd Workshop on Continuous Vector Space Models and their Compositionality(CVSC). 2015:57.
[39]	DETTMERS T , MINERVINI P , STENETORP P ,et al. Convolutional 2D knowledge graph embeddings[C]// Proceedings of the AAAI Conference on Artificial Intelligence. 2018: 1811-1818.
[40]	XIONG W , HOANG T , WANG W Y . DeepPath:a reinforcement learning method for knowledge graph reasoning[C]// Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing(EMNLP). 2017: 564-573.

数据集	实体数量	SRA数量	实体关系数量和		SRA=T数量		规则匹配长度和		边增长	SRA=T增长	匹配开销减少
数据集	实体数量	SRA数量	预测前	预测后	预测前	预测后	预测前	预测后	边增长	SRA=T增长	匹配开销减少
EMR_15	353	4 134	877	937	1 020	1 106	22 091	20 195	6.842%	8.431%	8.583%
healthcare_5	736	42 121	1 804	1 921	5 931	6 168	25 783	24 927	6.486%	3.996%	3.320%
Project-mgmt_5	179	4 080	296	325	981	1 002	19 829	19 035	9.797%	2.141%	4.004%
University_5	738	83 761	926	1 107	25 018	26 175	46 926	45 820	19.546%	4.625%	2.357%
e-document_175	563	152 093	2 830	3 256	40 937	42 192	682 960	670 291	15.053%	3.066%	1.855%
eWorkforce_30	1 016	104 845	2 928	3 471	35 206	36 332	539 172	512 955	18.545%	3.198%	4.862%

基于GNN双源学习的访问控制关系预测方法

Access control relationship prediction method based on GNN dual source learning

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 40

相关文章 15

Metrics

推荐阅读 0

[1]	蔡召, 荆涛, 任爽. 以太坊钓鱼诈骗检测技术综述[J]. 网络与信息安全学报, 2023, 9(2): 21-32.
[2]	李东, 郝艳妮, 彭升辉, 訾瑞杰, 刘西蒙. 国家自然科学基金委员会网络安全现状与展望[J]. 网络与信息安全学报, 2022, 8(6): 92-101.
[3]	穆超, 王鑫, 杨明, 张恒, 陈振娅, 吴晓明. 面向物联网设备固件的硬编码漏洞检测方法[J]. 网络与信息安全学报, 2022, 8(5): 98-110.
[4]	高振升, 曹利峰, 杜学绘. 基于区块链的访问控制技术研究进展[J]. 网络与信息安全学报, 2021, 7(6): 68-87.
[5]	周家顺, 王娜, 杜学绘. 基于区块链的数据完整性多方高效审计机制[J]. 网络与信息安全学报, 2021, 7(6): 113-125.
[6]	陈晋音, 张敦杰, 黄国瀚, 林翔, 鲍亮. 面向图神经网络的对抗攻击与防御综述[J]. 网络与信息安全学报, 2021, 7(3): 1-28.
[7]	陈皓, 易平. 基于图神经网络的代码漏洞检测方法[J]. 网络与信息安全学报, 2021, 7(3): 37-45.
[8]	熊钢,葛雨玮,褚衍杰,曹卫权. 基于跨域协同的网络空间威胁预警模式[J]. 网络与信息安全学报, 2020, 6(6): 88-96.
[9]	朱建明,杨鸿瑞. 金融科技中数据安全的挑战与对策[J]. 网络与信息安全学报, 2019, 5(4): 71-79.
[10]	苏秋月, 陈兴蜀, 罗永刚. 大数据环境下多源异构数据的访问控制模型[J]. 网络与信息安全学报, 2019, 5(1): 78-86.
[11]	明拓思宇, 陈鸿昶. 文本摘要研究进展与趋势[J]. 网络与信息安全学报, 2018, 4(6): 1-10.
[12]	袁得嵛,王小娟,万建超. “互联网+”对网络空间安全影响及未来发展趋势[J]. 网络与信息安全学报, 2017, 3(5): 1-9.
[13]	魏凯敏,翁健,任奎. 大数据安全保护技术综述[J]. 网络与信息安全学报, 2016, 2(4): 1-11.
[14]	李尚,周志刚,张宏莉,余翔湛. 大数据安全高效搜索与隐私保护机制展望[J]. 网络与信息安全学报, 2016, 2(4): 21-32.
[15]	仝伟,毛云龙,陈庆军,王彬入,张保佳,仲盛. 抗大数据分析的隐私保护：研究现状与进展[J]. 网络与信息安全学报, 2016, 2(4): 44-55.