网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (5): 40-55.doi: 10.11959/j.issn.2096-109x.2022062
单棣斌, 杜学绘, 王文娟, 刘敖迪, 王娜
修回日期:
2022-08-15
出版日期:
2022-10-15
发布日期:
2022-10-01
作者简介:
单棣斌(1982- ),男,河北邯郸人,信息工程大学讲师,主要研究方向为大数据安全、信任安全、图神经网络基金资助:
Dibin SHAN, Xuehui DU, Wenjuan WANG, Aodi LIU, Na WANG
Revised:
2022-08-15
Online:
2022-10-15
Published:
2022-10-01
Supported by:
摘要:
随着大数据技术的迅速发展和广泛应用,用户越权访问成为制约大数据资源安全共享、受控访问的主要问题之一。基于关系的访问控制(ReBAC,relation-based access control)模型利用实体之间关系制定访问控制规则,增强了策略的逻辑表达能力,实现了动态访问控制,但仍然面临着实体关系数据缺失、规则的关系路径复杂等问题。为克服这些问题,提出了一种基于GNN双源学习的边预测模型——LPMDLG,将大数据实体关系预测问题转化为有向多重图的边预测问题。提出了基于有向包围子图的拓扑结构学习方法和有向双半径节点标记算法,通过有向包围子图提取、子图节点标记计算和拓扑结构特征学习3个环节,从实体关系图中学习节点与子图的拓扑结构特征;提出了基于有向邻居子图的节点嵌入特征学习方法,融入了注意力系数、关系类型等要素,通过有向邻居子图提取、节点嵌入特征学习等环节,学习其节点嵌入特征;设计了双源融合的评分网络,将拓扑结构与节点嵌入联合计算边的得分,从而获得实体关系图的边预测结果。边预测实验结果表明,相较于 R-GCN、SEAL、GraIL、TACT 等基线模型,所提模型在AUC-PR、MRR和Hits@N等评价指标下均获得更优的预测结果;消融实验结果说明所提模型的双源学习模式优于单一模式的边预测效果;规则匹配实验结果验证了所提模型实现了对部分实体的自动授权和对规则的关系路径的压缩。所提模型有效提升了边预测的效果,能够满足大数据访问控制关系预测需求。
中图分类号:
单棣斌, 杜学绘, 王文娟, 刘敖迪, 王娜. 基于GNN双源学习的访问控制关系预测方法[J]. 网络与信息安全学报, 2022, 8(5): 40-55.
Dibin SHAN, Xuehui DU, Wenjuan WANG, Aodi LIU, Na WANG. Access control relationship prediction method based on GNN dual source learning[J]. Chinese Journal of Network and Information Security, 2022, 8(5): 40-55.
表4
LPMDLG模型消融实验结果对比Table 4 Comparison of results of LPMDLG model ablationexperiments"
数据集 | 版本 | G | V | LPMDLG | |||||
MRR | Hits@1 | MRR | Hits@1 | MRR | Hits@1 | ||||
WN18RR | V2 | 0.857 | 0.742 | 0.841 | 0.897 | ||||
V3 | 0.902 | 0.891 | 0.913 | 0.812 | |||||
FB15k-237 | V2 | 0.836 | 0.763 | 0.811 | 0.82 | ||||
V3 | 0.832 | 0.760 | 0.715 | 0.698 | |||||
NELL-995 | V2 | 0.627 | 0.590 | 0.679 | 0.623 | ||||
V3 | 0.604 | 0.527 | 0.575 | 0.515 |
表5
关系预测前后SRA=T的数量、规则匹配开销变化Table 5 Changes of SRA=T quantityand rule matching costbefore and after link prediction"
数据集 | 实体数量 | SRA数量 | 实体关系数量和 | SRA=T数量 | 规则匹配长度和 | 边增长 | SRA=T增长 | 匹配开销减少 | |||||
预测前 | 预测后 | 预测前 | 预测后 | 预测前 | 预测后 | ||||||||
EMR_15 | 353 | 4 134 | 877 | 937 | 1 020 | 1 106 | 22 091 | 20 195 | 6.842% | 8.431% | 8.583% | ||
healthcare_5 | 736 | 42 121 | 1 804 | 1 921 | 5 931 | 6 168 | 25 783 | 24 927 | 6.486% | 3.996% | 3.320% | ||
Project-mgmt_5 | 179 | 4 080 | 296 | 325 | 981 | 1 002 | 19 829 | 19 035 | 9.797% | 2.141% | 4.004% | ||
University_5 | 738 | 83 761 | 926 | 1 107 | 25 018 | 26 175 | 46 926 | 45 820 | 19.546% | 4.625% | 2.357% | ||
e-document_175 | 563 | 152 093 | 2 830 | 3 256 | 40 937 | 42 192 | 682 960 | 670 291 | 15.053% | 3.066% | 1.855% | ||
eWorkforce_30 | 1 016 | 104 845 | 2 928 | 3 471 | 35 206 | 36 332 | 539 172 | 512 955 | 18.545% | 3.198% | 4.862% |
[1] | 李昊, 张敏, 冯登国 ,等. 大数据访问控制研究[J]. 计算机学报, 2017,40(1): 72-91. |
LI H , ZHANG M , FENG D G ,et al. Research on access control of big data[J]. Chinese Journal of Computers, 2017,40(1): 72-91. | |
[2] | FONG P W L , . Relationship-based access control:protection model and policy language[C]// Proceedings of the First ACM Conference on Data and Application Security and Privacy. 2011: 191-202. |
[3] | AHMED T , SANDHU R , PARK J . Classifying and comparing attribute-based and relationship-based access control[C]// Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. 2017: 59-70. |
[4] | BOGAERTS J , DECAT M , LAGAISSE B ,et al. Entity-based access control:supporting more expressive access control policies[C]// Proceedings of the 31st Annual Computer Security Applications Conference. 2015: 291-300. |
[5] | CHAKRABORTY S , SANDHU R . On Feasibility of attributeaware relationship-based access control policy mining[C]// IFIP International Federation for Information Processing 2021. 2021: 393-405. |
[6] | CHAKRABORTY S , SANDHU R . Formal analysis of ReBAC policy mining feasibility[C]// Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy(CODASPY '21). 2021: 197-207. |
[7] | HU V C , FERRAIOLO D , KUHN R ,et al. Guide to Attribute based access control (ABAC) definition and considerations:NIST Special Publication 800-162[S]. 2019: 1-37. |
[8] | BUI T , STOLLER S D , LI J J . Greedy and evolutionary algorithms for mining relationship-based access control policies[J]. Computers &Security, 2019,80: 317-333. |
[9] | BUI T , STOLLER S D . A decision tree learning approach for mining relationship-based access control policies[C]// Proceedings of the 25th ACM Symposium on Access Control Models and Technologies. 2020: 167-178. |
[10] | BUI T , STOLLER S D , LI J . Mining relationship-based access control policies from incomplete and noisy data[M]// Foundations and Practice of Security. Switzerland, 2019: 267-284. |
[11] | BUI T , STOLLER S D . Learning attribute-based and relationship-based access control policies with unknown values[C]// Information Systems Security - 16th International Conference(ICISS). 2020: 23-44. |
[12] | IYER P , MASOUMZADEH A . Active learning of relationship-based access control policies[C]// Proceedings of the 25th ACM Symposium on Access Control Models and Technologies. 2020: 155-166. |
[13] | ZHANG M . Graph neural networks:link prediction[M]// Graph Neural Networks: Foundations,Frontiers,and Applications.Singapore,Springer, 2021: 195-224. |
[14] | SCHLICHTKRULL M , KIPF T N , BLOEM P ,et al. Modeling relational data with graph convolutional networks[C]// The Semantic Web. 2018: 593-607. |
[15] | ZHANG M , CHEN Y . Link prediction based on graph neural networks[C]// Proceedings of 32nd Conference on Neural Information Processing Systems (NIPS 2018). 2018: 1-11. |
[16] | TERU K K , DENIS E , HAMILTON W L . Inductive relation prediction by subgraph reasoning[C]// Proceedings of the 37th International Conference on Machine Learning(ICML). 2020: 1-10. |
[17] | CHEN J , HE H , WU F ,et al. Topology-aware correlations between relations for inductive link prediction in knowledge graphs[C]// Proceedings of 35th AAAI Conference on Artificial Intelligence.ELECTR NETWORK. 2021: 6271-6278. |
[18] | KIPF T N , WELLING M . Variational graph auto-encoders[C]// Bayesian Deep Learning Workshop (NIPS 2016). 2016: 1-3. |
[19] | YOU J , YING R , LESKOVEC J . Position-aware graph neural networks[C]// Proceedings of 36th International Conference on Machine Learning (ICML). 2019: 7134-7143. |
[20] | CHAMI I , YING R , Ré C , ,et al. Hyperbolic graph convolutional neural networks[J]. Advances in Neural Information Processing Systems, 2019,32: 4869-4880. |
[21] | LI P , WANG Y B , WANG H W ,et al. Distance encoding:design provably more powerful neural networks for graph representation learning[J]. arXiv:2009.00142, 2020. |
[22] | LIBEN-NOWELL D , KLEINBERG J . The link prediction problem for social networks[J]. Journal of the American Society for Information Science and Technology, 2007,58(7): 1019-1031. |
[23] | ADAMIC L A , ADAR E . Friends and neighbors on the Web[J]. Social Networks, 2003,25(3): 211-230. |
[24] | SHIBATA N , KAJIKAWA Y , SAKATA I . Link prediction in citation networks[J]. Journal of the American Society for Information Science and Technology, 2012,63(1): 78-85. |
[25] | STANFIELD Z , CO?KUN M , KOYUTüRK M . Drug response prediction as a link prediction problem[J]. Scientific Reports, 2017,7:40321. |
[26] | NICKEL M , MURPHY K , TRESP V ,et al. A review of relational machine learning for knowledge graphs[J]. Proceedings of the IEEE, 2016,104(1): 11-33. |
[27] | CRAMPTON J , SELLWOOD J . Path conditions and principal matching:A new approach to access control[C]// Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT’14). 2014: 187-198. |
[28] | PACI F , SQUICCIARINI A , ZANNONE N . Survey on access control for community-centered collaborative systems[J]. ACM Computing Surveys, 2019,51(1): 1-38. |
[29] | ASIM Y , MALIK A K . A survey on access control techniques for social networks[M]// Information Diffusion Management and Knowledge Sharing. IGI Global, 2020: 319-342. |
[30] | BRIN S , PAGE L . Reprint of:the anatomy of a large-scale hypertextual Web search engine[J]. Computer Networks, 2012,56(18): 3825-3833. |
[31] | OU M D , CUI P , PEI J ,et al. Asymmetric transitivity preserving graph embedding[C]// Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining(KDD’16). 2016: 1105-1114. |
[32] | PEROZZI B , AL-RFOU R ,, SKIENA S . Deepwalk:online learning of social representations[C]// Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data mining(KDD'14). 2014: 701-710. |
[33] | RIBEIRO L , SAVERESE P , FIGUEIREDO D R . Struc2vec:learning node representations from structural identity[C]// The ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 2017: 385-394. |
[34] | ZHANG M H , CHEN Y X . Inductive matrix completion based on graph neural networks[J]. arXiv:1904.12058, 2019. |
[35] | ZHANG M , LI P , XIA Y ,et al. Labeling trick:a theory of using graph neural networks for multi-node representation learning[C]// 35th Conference on Neural Information Processing Systems (NeurIPS 2021). 2022: 9061-9073. |
[36] | BANG-JENSEN J , GUTIN G . Digraphs theory,algorithms and applications (second edition)[M]. London: Springer-Verlag, 2007. |
[37] | VELI?KOVI? P , CUCURULL G , CASANOVA A ,et al. Graph attention networks[J]. arXiv:1710.10903, 2017. |
[38] | TOUTANOVA K , CHEN D J . Observed versus latent features for knowledge base and text inference[C]// Proceedings of the 3rd Workshop on Continuous Vector Space Models and their Compositionality(CVSC). 2015:57. |
[39] | DETTMERS T , MINERVINI P , STENETORP P ,et al. Convolutional 2D knowledge graph embeddings[C]// Proceedings of the AAAI Conference on Artificial Intelligence. 2018: 1811-1818. |
[40] | XIONG W , HOANG T , WANG W Y . DeepPath:a reinforcement learning method for knowledge graph reasoning[C]// Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing(EMNLP). 2017: 564-573. |
[1] | 蔡召, 荆涛, 任爽. 以太坊钓鱼诈骗检测技术综述[J]. 网络与信息安全学报, 2023, 9(2): 21-32. |
[2] | 李东, 郝艳妮, 彭升辉, 訾瑞杰, 刘西蒙. 国家自然科学基金委员会网络安全现状与展望[J]. 网络与信息安全学报, 2022, 8(6): 92-101. |
[3] | 穆超, 王鑫, 杨明, 张恒, 陈振娅, 吴晓明. 面向物联网设备固件的硬编码漏洞检测方法[J]. 网络与信息安全学报, 2022, 8(5): 98-110. |
[4] | 高振升, 曹利峰, 杜学绘. 基于区块链的访问控制技术研究进展[J]. 网络与信息安全学报, 2021, 7(6): 68-87. |
[5] | 周家顺, 王娜, 杜学绘. 基于区块链的数据完整性多方高效审计机制[J]. 网络与信息安全学报, 2021, 7(6): 113-125. |
[6] | 陈晋音, 张敦杰, 黄国瀚, 林翔, 鲍亮. 面向图神经网络的对抗攻击与防御综述[J]. 网络与信息安全学报, 2021, 7(3): 1-28. |
[7] | 陈皓, 易平. 基于图神经网络的代码漏洞检测方法[J]. 网络与信息安全学报, 2021, 7(3): 37-45. |
[8] | 熊钢,葛雨玮,褚衍杰,曹卫权. 基于跨域协同的网络空间威胁预警模式[J]. 网络与信息安全学报, 2020, 6(6): 88-96. |
[9] | 朱建明,杨鸿瑞. 金融科技中数据安全的挑战与对策[J]. 网络与信息安全学报, 2019, 5(4): 71-79. |
[10] | 苏秋月, 陈兴蜀, 罗永刚. 大数据环境下多源异构数据的访问控制模型[J]. 网络与信息安全学报, 2019, 5(1): 78-86. |
[11] | 明拓思宇, 陈鸿昶. 文本摘要研究进展与趋势[J]. 网络与信息安全学报, 2018, 4(6): 1-10. |
[12] | 袁得嵛,王小娟,万建超. “互联网+”对网络空间安全影响及未来发展趋势[J]. 网络与信息安全学报, 2017, 3(5): 1-9. |
[13] | 魏凯敏,翁健,任奎. 大数据安全保护技术综述[J]. 网络与信息安全学报, 2016, 2(4): 1-11. |
[14] | 李尚,周志刚,张宏莉,余翔湛. 大数据安全高效搜索与隐私保护机制展望[J]. 网络与信息安全学报, 2016, 2(4): 21-32. |
[15] | 仝伟,毛云龙,陈庆军,王彬入,张保佳,仲盛. 抗大数据分析的隐私保护:研究现状与进展[J]. 网络与信息安全学报, 2016, 2(4): 44-55. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|