基于深度学习的ABAC访问控制策略自动化生成技术  被引量：5

作　　者：刘敖迪 杜学绘[1,2] 王娜 乔蕊[1,3] LIU Aodi;DU Xuehui;WANG Na;QIAO Rui(Information Engineering University,Zhengzhou 450001,China;He’nan Province Key Laboratory of Information Security,Zhengzhou 450001,China;Zhoukou Normal University,Zhoukou 466001,China)

机构地区：[1]信息工程大学,河南郑州450001 [2]河南省信息安全重点实验室,河南郑州450001 [3]周口师范学院,河南周口466001

出　　处：《通信学报》2020年第12期8-20,共13页Journal on Communications

基　　金：国家重点研发计划基金资助项目(No.2018YFB0803603,No.2016YFB0501901);国家自然科学基金资助项目(No.61802436,No.61902447)。

摘　　要：针对访问控制策略的自动化生成问题,提出了一种基于深度学习的ABAC访问控制策略生成框架,从自然语言文本中提取基于属性的访问控制策略,该技术能够显著降低访问控制策略生成的时间成本,为访问控制的实施提供有效支持。将策略生成问题分解为访问控制语句识别和访问控制属性挖掘两项核心任务,分别设计了BiGRU-CNN-Attention和AM-BiLSTM-CRF这2个神经网络模型来实现访问控制策略语句识别和访问控制属性挖掘,从而生成可读、可执行的访问控制策略。实验结果表明,与基准方法相比,所提方法具有更好的性能。特别是在访问控制策略语句识别任务中平均F1-score指标能够达到0.941,比当前的state-of-the-art方法性能提高了4.1%。To solve the problem of automatic generation of access control policies,an access control policy generation framework based on deep learning was proposed.Access control policy based on attributes could be generated from natural language texts.This technology could significantly reduce the time cost of access control policy generation and provide effective support for the implementation of access control.The policy generation problem was decomposed into two core tasks,identification of access control policy sentence and access control attribute mining.Neural network models such as BiGRU-CNN-Attention and AM-BiLSTM-CRF were designed respectively to realize identification of access control policy sentence and access control attribute mining,so as to generate readable and executable access control policies.Experimental results show that the proposed method has better performance than the benchmark method.In particular,the average F1-score index can reach 0.941 in the identification task of access control policy sentence,which is 4.1%better than the current state-of-the-art method.

关 键 词：访问控制 ABAC模型 策略生成 自然语言处理 深度学习 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]