网络与信息安全学报 ›› 2021, Vol. 7 ›› Issue (4): 175-182.doi: 10.11959/j.issn.2096-109x.2021077

• 学术论文 • 上一篇    下一篇

基于权限聚类的属性值优化

毋文超1,2, 任志宇1, 杜学绘1   

  1. 1 信息工程大学,河南 郑州 450001
    2 中国人民解放军31668部队,青海 西宁 810000
  • 修回日期:2020-08-07 出版日期:2021-08-15 发布日期:2021-08-01
  • 作者简介:毋文超(1995− ),男,河南焦作人,中国人民解放军 31668 部队助理工程师,主要研究方向为授权管理与访问控制
    任志宇(1974− ),女,河南汤阴人,博士,信息工程大学副教授,主要研究方向为网络与信息安全
    杜学绘(1968− ),女,河南新乡人,博士,信息工程大学教授、博士生导师,主要研究方向为网络与信息安全、空间信息网络、云计算安全
  • 基金资助:
    国家重点研发计划(2018YFB0803603);国家自然科学基金(61702550)

Permission clustering-based attribute value optimization

Wenchao WU1,2, Zhiyu REN1, Xuehui DU1   

  1. 1 Information Engineering University, Zhengzhou 450001, China
    2 31668 Unit PLA, Xining 810000, China
  • Revised:2020-08-07 Online:2021-08-15 Published:2021-08-01
  • Supported by:
    The National Key R&D Program of China(2018YFB0803603);The National Natural Science Foundation of China(61702550)

摘要:

在新型大规模计算环境下应用ABAC(基于属性的访问控制)面临着属性数量多、来源复杂、质量参差不齐、难以人工修正、难以直接应用于访问控制的问题。针对属性标称值的优化问题,设计了一种基于权限聚类的属性值优化算法,通过将实体表示成对应的权限集合,对实体进行基于密度的聚类,为实体赋予权限对应的类别标签,而后基于粗糙集理论对属性值进行化简与修正。最后在 UCI 公开数据集上对算法进行了验证,证明应用该算法后,ABAC策略挖掘在真阳性率和F1得分上均具有较大的提升。

关键词: 属性值优化, 粗糙集理论, 基于属性的访问控制, 访问控制

Abstract:

In new large-scale computing environment, the attributes of entities were massive and they had complex sources and uneven quality, which were great obstacles to the application of ABAC (attribute-based access control).The attributes were also hard to be corrected manually, making it difficult to be applied in access control system straightly.To solve the optimization problem of nominal attributes, a novel algorithm of attribute value optimization based on permission clustering was designed, in which entities were presented by the privilege set related to them.So that the entities were tagged by density-based clustering method with distances of their privilege set presentations.Then the attribute values were reduced and corrected based on rough set theory.Finally, the algorithm was verified on UCI data sets, which proved that after applying it, ABAC policy mining was improved in the evaluation criteria, such as the true positive rate and F1-score.

Key words: attribute valueoptimization, rough set theory, ABAC, access control

中图分类号: 

No Suggested Reading articles found!