通信学报 ›› 2020, Vol. 41 ›› Issue (12): 8-20.doi: 10.11959/j.issn.1000-436X.2020212
刘敖迪1,2, 杜学绘1,2, 王娜1,2, 乔蕊1,3
修回日期:
2020-09-30
出版日期:
2020-12-25
发布日期:
2020-12-01
作者简介:
刘敖迪(1992- ),男,黑龙江伊春人,信息工程大学博士生,主要研究方向为大数据安全、访问控制技术。基金资助:
Aodi LIU1,2, Xuehui DU1,2, Na WANG1,2, Rui QIAO1,3
Revised:
2020-09-30
Online:
2020-12-25
Published:
2020-12-01
Supported by:
摘要:
针对访问控制策略的自动化生成问题,提出了一种基于深度学习的ABAC访问控制策略生成框架,从自然语言文本中提取基于属性的访问控制策略,该技术能够显著降低访问控制策略生成的时间成本,为访问控制的实施提供有效支持。将策略生成问题分解为访问控制语句识别和访问控制属性挖掘两项核心任务,分别设计了 BiGRU-CNN-Attention和 AM-BiLSTM-CRF这 2个神经网络模型来实现访问控制策略语句识别和访问控制属性挖掘,从而生成可读、可执行的访问控制策略。实验结果表明,与基准方法相比,所提方法具有更好的性能。特别是在访问控制策略语句识别任务中平均F1-score指标能够达到0.941,比当前的state-of-the-art方法性能提高了4.1%。
中图分类号:
刘敖迪, 杜学绘, 王娜, 乔蕊. 基于深度学习的ABAC访问控制策略自动化生成技术[J]. 通信学报, 2020, 41(12): 8-20.
Aodi LIU, Xuehui DU, Na WANG, Rui QIAO. ABAC access control policy generation technique based on deep learning[J]. Journal on Communications, 2020, 41(12): 8-20.
表3
ACP句子识别性能对比"
方法 | 数据集 | 性能 | ||
Precision | Recall | F1-score | ||
文献[ | iTrust、IBM App | 0.887 | 0.894 | 0.891 |
文献[ | iTrust | 0.873 | 0.908 | 0.890 |
文献[ | iTrust、IBM App、Cyberchair、Collected ACP | 0.830 | 0.874 | 0.852 |
文献[ | iTrust、IBM App、Cyberchair、Collected ACP | 0.900 | 0.900 | 0.900 |
文献[ | iTrust、IBM App、Cyberchair、Collected ACP | 0.813 | 0.742 | 0.775 |
文献[ | iTrust、IBM App、Cyberchair | 0.583 | 0.863 | 0.657 |
文献[ | iTrust、IBM App、Cyberchair | 0.635 | 0.863 | 0.698 |
本文所提方法 | iTrust、IBM App、Cyberchair、Collected ACP |
[1] | 冯登国, 张敏, 李昊 . 大数据安全与隐私保护[J]. 计算机学报, 2014,37(1): 246-258. |
FENG D G , ZHANG M , LI H . Big data security and privacy protection[J]. Chinese Journal of Computers, 2014,37(1): 246-258. | |
[2] | 房梁, 殷丽华, 郭云川 ,等. 基于属性的访问控制关键技术研究综述[J]. 计算机学报, 2017,40(7): 1680-1698. |
FANG L , YIN L H , GUO Y C ,et al. A survey of key technologies in attribute-based access control scheme[J]. Chinese Journal of Computers, 2017,40(7): 1680-1698. | |
[3] | SERVOS D , OSBORN S L . Current research and open problems in attribute-based access control[J]. ACM Computing Surveys, 2017,49(4): 1-45. |
[4] | XIN J , KRISHNAN R , SANDHU R . A unified attribute-based access control model covering DAC,MAC and RBAC[C]// Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy. Berlin:Springer, 2012: 41-55. |
[5] | HU V , KUHN D , FERRAIOLO D . Attribute-based access control[J]. Computer, 2015,48(2): 85-88. |
[6] | BUI T , STOLLER S D , LI J . Greedy and evolutionary algorithms for mining relationship-based access control policies[J]. Computers & Security, 2019,80: 317-333. |
[7] | SANDERS M W , YUE C . Mining least privilege attribute based access control policies[C]// Annual Computer Security Applications Conference. New York:ACM Press, 2019: 404-416. |
[8] | VAIDYA J , ATLURI V , WARNER J ,et al. Role engineering via prioritized subset enumeration[J]. IEEE Transactions on Dependable & Secure Computing, 2010,7(3): 300-314. |
[9] | BAUMGRASS A , STREMBECK M . Bridging the gap between role mining and role engineering via migration guides[J]. Information Security Technical Report, 2013,17(4): 148-172. |
[10] | HARIKA P , NAGAJYOTHI M , JOHN J C ,et al. Meeting cardinality constraints in role mining[J]. IEEE Transactions on Dependable &Secure Computing, 2015,12(1): 71-84. |
[11] | NEUMANN G , STREMBECK M . A scenario-driven role engineering process for functional RBAC roles[C]// Symposium on Access Control Models and Technologies. New York:ACM Press, 2002: 33-42. |
[12] | DAS S , SURAL S , VAIDYA J ,et al. VisMAP:visual mining of attribute-based access control policies[C]// International Conference on Information Systems Security. Berlin:Springer, 2019: 79-98. |
[13] | TALUKDAR T , BATRA G , VAIDYA J ,et al. Efficient bottom-up mining of attribute based access control policies[C]// IEEE 3rd International Conference on Collaboration and Internet Computing. Piscataway:IEEE Press, 2017: 339-348. |
[14] | KARIMI L , JOSHI J . An unsupervised learning based approach for mining attribute based access control policies[C]// International Conference on Big Data. Piscataway:IEEE Press, 2018: 1427-1436. |
[15] | COTRINI C , WEGHORN T , BASIN D . Mining ABAC rules from sparse logs[C]// IEEE European Symposium on Security and Privacy. Piscataway:IEEE Press, 2018: 31-46. |
[16] | GAUTAM M , JHA S , SURAL S ,et al. Poster:constrained policy mining in attribute based access control[C]// Symposium on Access Control Models and Technologies. New York:ACM Press, 2017: 121-123. |
[17] | IYER P , MASOUMZADEH A . Mining positive and negative attribute-based access control policy rules[C]// Symposium on Access Control Models and technologies. New York:ACM Press, 2018: 161-172. |
[18] | KUHLMANN M , SHOHAT D , SCHIMPF G ,et al. Role mining-revealing business roles for security administration using data mining technology[C]// Symposium on Access Control Models and Technologies. New York:ACM Press, 2003: 179-186. |
[19] | NAROUEI M , KHANPOUR H , TAKABI H . Identification of access control policy sentences from natural language policy documents[C]// IFIP Annual Conference on Data and Applications Security and Privacy. Berlin:Springer, 2017: 82-100. |
[20] | NAROUEI M , TAKABI H , NIELSEN R D . Automatic extraction of access control policies from natural language documents[J]. IEEE Transactions on Dependable and Secure Computing, 2018,17(3): 1. |
[21] | XU Z , STOLLER S D . Mining attribute-based access control policies[J]. IEEE Transactions on Dependable and Secure Computing, 2015,12(5): 533-545. |
[22] | MOCANU D C , TURKMEN F , LIOTTA A . Towards ABAC policy mining from logs with deep learning[C]// In Proceedings of International Multi Conference. Piscataway:IEEE Press, 2015: 10-16. |
[23] | HE Q,ANTóN A I . Requirements-based access control analysis and policy specification (ReCAPS)[J]. Information & Software Technology, 2009,51(6): 993-1009. |
[24] | SHI L L , CHADWICK D W . A controlled natural language interface for authoring access control policies[C]// Applied Computing. New York:ACM Press, 2011: 1524-1530. |
[25] | SCHWITTER R , . Controlled natural languages for knowledge representation[C]// International Conference on Computational Linguistics. New York:ACM Press, 2010: 1113-1121. |
[26] | XIAO X , PARADKAR A , THUMMALAPENTA S ,et al. Automated extraction of security policies from natural-language software documents[C]// ACM Sigsoft International Symposium on the Foundations of Software Engineering. New York:ACM Press, 2012: 1-11. |
[27] | SLANKAS J , WILLIAMS L . Access control policy extraction from unconstrained natural language text[C]// 2013 International Conference on Social Computing. New York:ACM Press, 2013: 435-440. |
[28] | SLANKAS J , XIAO X , WILLIAMS L ,et al. Relation extraction for inferring access control rules from natural language artifacts[C]// Proceedings of the 30th Annual Computer Security Applications Conference. New York:ACM Press, 2014: 366-375. |
[29] | NAROUEI M , TAKABI H . Automatic top-down role engineering framework using natural language processing techniques[C]// International Conference Information Security Theory and Practice. New York:ACM Press, 2015: 137-152. |
[30] | NAROUEI M , TAKABI H . Towards an automatic top-down role engineering approach using natural language processing techniques[C]// Symposium on Access Control Models and Technologies. New York:ACM Press, 2015: 157-160. |
[31] | NAROUEI M , KHANPOUR H , TAKABI H ,et al. Towards a top-down policy engineering framework for attribute-based access control[C]// Symposium on Access Control Models and Technologies. New York:ACM Press, 2017: 103-114. |
[32] | ALOHALY M , TAKABI H , BLANCO E ,et al. A deep learning approach for extracting attributes of ABAC policies[C]// Symposium on Access Control models and Technologies. New York:ACM Press, 2018: 137-148. |
[33] | ALOHALY M , TAKABI H , BLANCO E . Automated extraction of attributes from natural language attribute-based access control (ABAC) policies[J]. Cybersecurity, 2019,2(1): 2-12. |
[34] | BROSSARD D , GEBEL G , BERG M . A systematic approach to implementing ABAC[C]// Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control. New York:ACM Press, 2017: 53-59. |
[35] | DEVLIN J , CHANG M , LEE K ,et al. BERT模型:pre-training of deep bidirectional transformers for language understanding[C]// North American Chapter of the Association for Computational Linguistics. Virginia:NAACL, 2019: 4171-4186. |
[36] | LUO X , ZHOU W , WANG W ,et al. Attention-based relation extraction with bidirectional gated recurrent unit and highway network in the analysis of geological data[J]. IEEE Access, 2018,6: 5705-5715. |
[1] | 陈东昱, 陈华, 范丽敏, 付一方, 王舰. 基于深度学习的随机性检验策略研究[J]. 通信学报, 2023, 44(6): 23-33. |
[2] | 李荣鹏, 汪丙炎, 张宏纲, 赵志峰. 知识增强的语义通信接收端设计[J]. 通信学报, 2023, 44(6): 70-76. |
[3] | 马帅, 裴科, 祁华艳, 李航, 曹雯, 王洪梅, 熊海良, 李世银. 基于生成模型的地磁室内高精度定位算法研究[J]. 通信学报, 2023, 44(6): 211-222. |
[4] | 金伟, 李凤华, 余铭洁, 郭云川, 周紫妍, 房梁. 面向HDFS的密钥资源控制机制[J]. 通信学报, 2022, 43(9): 27-41. |
[5] | 杨洁, 董标, 付雪, 王禹, 桂冠. 基于轻量化分布式学习的自动调制分类方法[J]. 通信学报, 2022, 43(7): 134-142. |
[6] | 杨秀璋, 彭国军, 李子川, 吕杨琦, 刘思德, 李晨光. 基于Bert和BiLSTM-CRF的APT攻击实体识别及对齐研究[J]. 通信学报, 2022, 43(6): 58-70. |
[7] | 廖勇, 王世义. 高速移动环境下基于RM-Net的大规模MIMO CSI反馈算法[J]. 通信学报, 2022, 43(5): 166-176. |
[8] | 廖育荣, 王海宁, 林存宝, 李阳, 方宇强, 倪淑燕. 基于深度学习的光学遥感图像目标检测研究进展[J]. 通信学报, 2022, 43(5): 190-203. |
[9] | 赵增华, 童跃凡, 崔佳洋. 基于域自适应的Wi-Fi指纹设备无关室内定位模型[J]. 通信学报, 2022, 43(4): 143-153. |
[10] | 廖勇, 程港, 李玉杰. 基于深度展开的大规模MIMO系统CSI反馈算法[J]. 通信学报, 2022, 43(12): 77-88. |
[11] | 段雪源, 付钰, 王坤, 李彬. 基于简单统计特征的LDoS攻击检测方法[J]. 通信学报, 2022, 43(11): 53-64. |
[12] | 霍俊彦, 邱瑞鹏, 马彦卓, 杨付正. 基于最邻近帧质量增强的视频编码参考帧列表优化算法[J]. 通信学报, 2022, 43(11): 136-147. |
[13] | 康海燕, 冀源蕊. 基于本地化差分隐私的联邦学习方法研究[J]. 通信学报, 2022, 43(10): 94-105. |
[14] | 张红霞, 王琪, 王登岳, 王奔. 基于深度学习的区块链蜜罐陷阱合约检测[J]. 通信学报, 2022, 43(1): 194-202. |
[15] | 晏燕, 丛一鸣, Adnan Mahmood, 盛权政. 基于深度学习的位置大数据统计发布与隐私保护方法[J]. 通信学报, 2022, 43(1): 203-216. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|