Hadoop云平台用户动态访问控制模型

doi:10.11959/j.issn.1000-436x.2017142

通信学报 ›› 2017, Vol. 38 ›› Issue (9): 9-17.doi: 10.11959/j.issn.1000-436x.2017142

Hadoop云平台用户动态访问控制模型

杨宏宇,孟令现

中国民航大学计算机科学与技术学院，天津 300300

修回日期:2017-04-12 出版日期:2017-09-01 发布日期:2017-10-18
作者简介:杨宏宇（1969-），男，吉林长春人，博士，中国民航大学教授，主要研究方向为网络信息安全。|孟令现（1990-），男，山东临沂人，中国民航大学硕士生，主要研究方向为云平台安全。
基金资助:
国家科技重大专项基金资助项目(2012ZX03002002);中国民航科技基金资助项目(MHRD201009);中国民航科技基金资助项目(MHRD201205)

Hadoop cloud platform user dynamic access control model

Hong-yu YANG,Ling-xian MENG

School of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China

Revised:2017-04-12 Online:2017-09-01 Published:2017-10-18
Supported by:
The National Science and Technology Major Project(2012ZX03002002);The Science ＆ Technology Project of CAAC(MHRD201009);The Science ＆ Technology Project of CAAC(MHRD201205)

摘要/Abstract

摘要：

为解决Hadoop云平台无法动态控制用户访问请求的问题，提出一种基于用户行为评估的Hadoop云平台动态访问控制（DACUBA,dynamic access control based on user behavior assessment）模型。该模型首先实时收集用户指令序列，通过并行指令序列学习（PCSL,parallel command sequence learning）获取用户行为轮廓。然后利用前向轮廓建立全局K模型，对后续行为序列进行分类并对分类结果进行评估。随后将评估结果与改进Hadoop访问控制机制结合，使云平台用户的访问权限随自身行为动态改变。最后通过实验验证了模型算法的有效性和动态访问控制机制的可行性。

关键词: 云平台, Hadoop, 用户行为, 访问控制, 并行指令序列学习

Abstract:

In order to solve the problem that Hadoop cloud platform could not dynamically control user access request,a Hadoop cloud dynamic access control model based on user behavior assessment (DACUBA) was proposed.The model first collected the user instruction sequence in real time and the user behavior contour was obtained by parallel command sequence learning (PCSL).Then the global K model was established by using the forward profile,the subsequent sequence was classified and the classification results were evaluated.The evaluation results were combined with the improved Hadoop access control mechanism to make the cloud platform users’ access rights change dynamically with their own behaviors.Experimental results demonstrate that the model algorithm is effective and the dynamic access control mechanism is feasible.

Key words: cloud platform, Hadoop, user behavior, access control, parallel command sequence learning

中图分类号:

TP393

杨宏宇,孟令现. Hadoop云平台用户动态访问控制模型[J]. 通信学报, 2017, 38(9): 9-17.

Hong-yu YANG,Ling-xian MENG. Hadoop cloud platform user dynamic access control model[J]. Journal on Communications, 2017, 38(9): 9-17.

图/表 9

图1

图2

图3

图4

表1

表2

图5

图6

表3

参考文献 12

[1]	陆嘉恒 . Hadoop实战[M]. 北京: 机械工业出版社, 2012.
	LU J H . Hadoop in action[M]. Beijing: China Machine Press, 2012.
[2]	GUPTA C , SINHA R , ZHANG Y . Eagle:user profile-based anomaly detection for securing Hadoop clusters[C]// IEEE International Conference on Big Data. 2015: 1336-1343.
[3]	TAN Z , TANG Z , LI R ,et al. Research on trust-based access control model in cloud computing[C]// Information Technology and Artificial Intelligence Conference. 2011: 339-344.
[4]	JING X , LIU Z , LI S ,et al. A cloud-user behavior assessment based dynamic access control model[J]. International Journal of System Assurance Engineering ＆ Management, 2015,22(12): 1-10.
[5]	ZBURIVSKY D . Hadoop集群与安全[M]. 北京: 机械工业出版社, 2014.
	ZBURIVSKY D . Hadoop cluster deployment,securing Hadoop[M]. Beiing: China Machine Press, 2014.
[6]	JAIGANESH M , AARTHI M , KUMAR A V A . Fuzzy ART-based user behavior trust in cloud computing[J]. Advances in Intelligent Systems＆ Computing, 2015,324: 341-348.
[7]	CHUA S L , MARSLAND S , GUESGEN H W . Unsupervised learning of patterns in data streams using compression and edit distance[C]// The International Joint Conference on Artificial Intelligence. 2011: 1231-1236.
[8]	KRANEN P , KREMER H , JANSEN T ,et al. Stream data mining using the MOA framework[C]// International Conference on Database Systems for Advanced Applications. 2012: 309-313.
[9]	王昕, 袁超伟, 黄晨 . 基于滑动窗口机制的 RFID 自同步可扩展所有权变更协议[J]. 北京邮电大学学报, 2013,36(5): 30-35.
	WANG X , YUAN C W , HUANG C . Scalable and self-synchronizable RFID ownership transfer protocol based on the sliding window mechanism[J]. Journal of Beijing University of Posts and Telecommunications, 2013,36(5): 30-35.
[10]	MAXION R A , TOWNSEND T N . Masquerade detection using truncated command lines[C]// International Conference on Dependable Systems and Networks. 2002: 219-228.
[11]	TIAN X G , DUAN M Y , LI W F ,et al. Anomaly detection of user behavior based on shell commands and homogeneous Markov chains[J]. Chinese Journal of Electronics, 2007,17(2): 231-236.
[12]	李超, 田新广, 肖喜 ,等. 基于 Shell 命令和共生矩阵的用户行为异常检测方法[J]. 计算机研究与发展, 2012,49(9): 1982-1990.
	LI C , TIAN X G , XIAO X ,et al. Anomaly detection of user behavior based on shell commands and commands and co-occurrence matrix[J]. Journal of Computer Research and Development, 2012,49(9): 1982-1990.

参数	取值
行为检测阈值x	0.4
行为评估基准值w	0.5
异常行为调节参数θ	0.4
初始行为评估值T_s	5
滑窗长度L	100
推荐评估值V_r	2
当前行为权重α	0.6
历史行为权重β	0.3
推荐评估值权重γ	0.1
阈值T_d	4.5

分类方法	异常行为检测率	异常行为误报率	时间/s
朴素贝叶斯	84.46%	7.12%	49.38
马尔可夫链模型	88.24%	1.24%	91.85
共生矩阵	90.02%	1.16%	201.23
PCSL	87.59%	1.33%	3.42

平台	操作	速率/(MB·s^-1)
	HDFS读	41.426
原Hadoop平台	HDFS写	20.562
	MapReduce WordCount	0.415
	HDFS读	39.859
部署DACUBA的Hadoop平台	HDFS写	19.632
	MapReduce WordCount	0.393

[1]	金伟, 李凤华, 余铭洁, 郭云川, 周紫妍, 房梁. 面向HDFS的密钥资源控制机制[J]. 通信学报, 2022, 43(9): 27-41.
[2]	梁晓艳, 杜瑞忠. IoT下CapBAC规则语义表示及其时间间隔粗糙性分析[J]. 通信学报, 2021, 42(9): 43-53.
[3]	董江涛, 闫沛文, 杜瑞忠. 雾计算中基于无配对CP-ABE可验证的访问控制方案[J]. 通信学报, 2021, 42(8): 139-150.
[4]	彭长根, 彭宗凤, 丁红发, 田有亮, 刘荣飞. 具有可撤销功能的属性协同访问控制方案[J]. 通信学报, 2021, 42(5): 75-86.
[5]	应作斌, 斯元平, 马建峰, 刘西蒙. 基于区块链的分布式EHR细粒度可追溯方案[J]. 通信学报, 2021, 42(5): 205-215.
[6]	杜瑞忠, 闫沛文, 刘妍. 雾计算中细粒度属性更新的外包计算访问控制方案[J]. 通信学报, 2021, 42(3): 160-170.
[7]	涂碧波, 程杰, 夏豪骏, 张坤, 孙瑞娜. 云虚拟化平台可信证明技术研究综述[J]. 通信学报, 2021, 42(12): 212-225.
[8]	张嘉伟, 马建峰, 马卓, 李腾. 云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案[J]. 通信学报, 2021, 42(10): 81-94.
[9]	诸天逸,李凤华,金伟,郭云川,房梁,成林. 互操作性与自治性平衡的跨域访问控制策略映射[J]. 通信学报, 2020, 41(9): 29-48.
[10]	周清雷,班绍桓,韩英杰,冯峰. 针对物理访问控制的拟态防御认证方法[J]. 通信学报, 2020, 41(6): 80-87.
[11]	贾春福,哈冠雄,李瑞琪. 密文去重系统中的数据访问控制策略[J]. 通信学报, 2020, 41(5): 72-83.
[12]	付永贵,朱建明. 基于区块链的数据库访问控制机制设计[J]. 通信学报, 2020, 41(5): 130-140.
[13]	谢绒娜,李晖,史国振,郭云川. 基于属性轻量级可重构的访问控制策略[J]. 通信学报, 2020, 41(2): 112-122.
[14]	刘敖迪, 杜学绘, 王娜, 乔蕊. 基于深度学习的ABAC访问控制策略自动化生成技术[J]. 通信学报, 2020, 41(12): 8-20.
[15]	谢绒娜, 李晖, 史国振, 郭云川, 张铭, 董秀则. 基于区块链的可溯源访问控制机制[J]. 通信学报, 2020, 41(12): 82-93.

Hadoop云平台用户动态访问控制模型

Hadoop cloud platform user dynamic access control model

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 12

相关文章 15

Metrics

推荐阅读 0