Search

CN-121984778-A - Dynamic trust evaluation-based data flow security control method and system

CN121984778ACN 121984778 ACN121984778 ACN 121984778ACN-121984778-A

Abstract

The invention discloses a data flow security control method and system based on dynamic trust evaluation, which belong to the technical field of data security, acquire a behavior feature sequence of a data request entity in a fixed time window, construct a behavior pattern to identify a typical behavior mode of the data request entity, calculate a risk weight under a context by combining network topology change, data sensitivity and upstream and downstream entity states, input the behavior pattern and the risk weight into a historical trust evolution model to generate a current trust value, match an access control strategy according to the trust value and the data sensitivity, execute access operation and feed back the behavior and the result to the trust model for self-adaptive update, realize dynamic regulation and real-time risk response of data access authority by introducing a behavior modeling and feedback learning mechanism, and improve the security and intelligence in a cross-domain data flow process.

Inventors

  • CHEN ZILONG
  • Ma Zikai
  • Man Jianshe
  • YIN XIANGJUN
  • LI JIE

Assignees

  • 山东慢雾信息技术有限公司

Dates

Publication Date
20260505
Application Date
20260313

Claims (7)

  1. 1. A data flow security control method based on dynamic trust evaluation is characterized by comprising the following steps: s100, acquiring a behavior feature sequence F of a current data request entity in a fixed time window, wherein the behavior feature sequence F comprises an access frequency, an access object category, a historical access offset degree and an abnormal behavior trigger record; S200, constructing a behavior pattern B according to the behavior feature sequence F, and identifying a typical behavior pattern of an entity in a data circulation path; S300, calculating a risk weight R of a behavior pattern B under the context information by combining the context information of the current environment, including network topology change, data sensitivity level and upstream and downstream entity states; S400, inputting the risk weight R and the behavior pattern B according to a historical trust evolution model, and dynamically generating a trust value T of a current request entity; S500, according to the trust value T and the data sensitivity, matching a preset trust level threshold value table, and determining an access decision strategy of a request entity to target data, wherein the access decision strategy comprises access permission, partial desensitization access, access blocking or audit flow initiation; And S600, executing the access decision strategy, and feeding back the behavior feature sequence F and the corresponding processing result to the historical trust evolution model for self-adaptive adjustment of the follow-up trust value T.
  2. 2. The method for controlling data flow security based on dynamic trust evaluation according to claim 1, wherein the step of constructing a behavior pattern B according to the behavior feature sequence F comprises the steps of: mapping the access frequency, the access object category distribution, the behavior offset and the abnormal behavior event sequence in the behavior feature sequence F into multidimensional behavior vectors respectively; based on the multidimensional behavior vector, performing feature aggregation on behaviors of the same entity in a plurality of time windows by adopting a graph neural network to generate behavior node embedded representation; Taking a request entity as a central node, constructing access edge relations between the request entity and a plurality of target data nodes in a data flow path, and introducing edge weights to represent access strength and sensitivity; And identifying a typical behavior mode of the request entity according to the connection density and the evolution path between the nodes in the graph, and taking the typical behavior mode as an output result of the behavior graph B.
  3. 3. The method for data flow security control based on dynamic trust evaluation according to claim 1, wherein the step of calculating the risk weight R of the behavior pattern B under the context information comprises the following steps: collecting network topology change information corresponding to a current data flow path, identifying whether newly added or invalid nodes exist in the path, and recording a structure fluctuation factor as a network dynamic characteristic; marking a high-sensitivity node access path and giving a weight gain value to each data target node in the behavior map B by combining with a predefined data sensitivity level; retrieving the state information of the upstream and downstream entities with direct or indirect interaction relation with the request entity, and marking the upstream and downstream entity as a risk infection node if abnormal trust value reduction or authority adjustment record exists; And generating a context vector according to the context characteristics, and calculating a risk weight R by adopting a weighted scoring function in combination with the side weight distribution in the behavior spectrum B.
  4. 4. The method for controlling data flow security based on dynamic trust evaluation according to claim 1, wherein the step of inputting the risk weight R and the behavior pattern B to dynamically generate the trust value T of the current requesting entity comprises the following steps: constructing a time sequence sample set containing a plurality of past time window behavior patterns of the entity and corresponding trust values, and taking the time sequence sample set as training input of a historical trust evolution model; Training a sample set by adopting a long-term and short-term memory neural network, capturing a time dependency relationship between entity behaviors and trust values, and generating a historical trust evolution prediction model; feature fusion is carried out on the behavior spectrum B of the current request entity and the risk weight R, and the current request entity is encoded into an input state vector of the current time step; and inputting the input state vector into a historical trust evolution prediction model, and outputting a trust value T of the current entity.
  5. 5. The method for controlling data flow security based on dynamic trust evaluation according to claim 1, wherein the step of matching a preset trust level threshold table according to the trust value T and the data sensitivity to determine an access decision policy of a requesting entity to target data comprises the steps of: inquiring the corresponding data sensitivity level according to the type and the label of the target data node, and normalizing the data sensitivity level into a level value D epsilon {1, 2, 3}; taking the trust value T and the grade value D of the current request entity as input parameters, and searching for an access control strategy mapped in a preset trust-sensitivity threshold decision table; The trust-sensitivity threshold decision table is composed of a three-dimensional strategy matrix, and strategies corresponding to different T intervals and D combinations are predefined, wherein the strategies comprise complete permission, partial desensitization, access limitation and forced audit; Outputting the corresponding access decision strategy and binding the access decision strategy into the data request transaction.
  6. 6. The method for controlling data flow security based on dynamic trust evaluation according to claim 1, wherein the step of feeding back the current behavior feature sequence F and the corresponding processing result to the historical trust evolution model comprises the following steps: Executing corresponding data access operation on the current data request according to the determined access decision strategy, and generating a processing result record containing whether access is successful, a desensitization mode, a blocking reason or an audit mark; after the access execution is completed, the behavior feature sequence F corresponding to the request is collected again, and the processing result is associated with the behavior feature sequence F to form a behavior sample with a result mark; adding the behavior samples to an entity historical behavior sequence according to time sequence, and synchronously updating trust value change records of corresponding time windows; and inputting the updated behavior sample into a historical trust evolution model for adjusting model parameters, and realizing self-adaptive updating and correction of a subsequent trust value T.
  7. 7. A data flow security control system based on dynamic trust evaluation, for implementing the data flow security control method based on dynamic trust evaluation according to any one of claims 1-6, comprising: The behavior perception module is used for acquiring a behavior characteristic sequence F of a current data request entity in a fixed time window, wherein the behavior characteristic sequence F comprises an access frequency, an access object category, a historical access offset degree and an abnormal behavior trigger record; the behavior modeling module is used for constructing a behavior pattern B according to the behavior feature sequence F and identifying a typical behavior mode of an entity in a data circulation path; the context awareness calculating module is used for calculating a risk weight R of the behavior pattern B under the context information by combining the context information of the current environment, including network topology change, data sensitivity level and upstream and downstream entity states; the trust evaluation module is used for inputting the risk weight R and the behavior pattern B according to the historical trust evolution model and dynamically generating a trust value T of the current request entity; The policy decision module is used for matching a preset trust level threshold value table according to the trust value T and the data sensitivity, and determining an access decision policy of a request entity to target data, wherein the access decision policy comprises access permission, partial desensitization access, access blocking or audit flow initiation; and the self-adaptive learning module is used for executing the access decision strategy, feeding back the behavior feature sequence F and the corresponding processing result to the historical trust evolution model and being used for self-adaptive adjustment of the follow-up trust value T.

Description

Dynamic trust evaluation-based data flow security control method and system Technical Field The invention relates to the technical field of data security, in particular to a data flow security control method and system based on dynamic trust evaluation. Background Currently, in the key fields of government affairs, finance, medical treatment and the like, data often needs to be circulated and shared across organizations and systems so as to meet the demands of business linkage, data driving decision making, intelligent processing and the like. However, as the frequency and granularity of data flows continue to increase, traditional data access control models, such as role-based access control (RBAC), attribute-based access control (ABAC), gradually expose limitations in dynamic environments. For example, under a micro-service architecture, frequent calls between services make it difficult for access rights set statically to adapt to trust changes in real time, and a "rights drift" problem is easily formed, which leads to data leakage. More hidden and serious, part of micro-service or data request entities may behave abnormally gradually after initial authorization is obtained, such as frequent access to non-responsibility range data, unauthorized detection of system boundaries, etc., while the existing mechanism evaluates the trust level of the micro-service or data request entities statically, lacks pertinence and timeliness, and cannot identify and adjust the data access authority of the micro-service or data request entities in time. Especially in the scenes of medical image sharing, cross-border fund transfer, intelligent power grid monitoring and the like, once a node in a data flow path loses trust, the information security of the whole link is damaged, and the consequences are serious. Therefore, a trust evaluation mechanism based on dynamic behavior feedback and sustainable learning is needed, and the security of each data transfer operation is dynamically controlled in fine granularity by combining a data transfer path and a context environment, so that the transfer of data according to needs, trust and traceability is realized, and the toughness and the security of a system are fundamentally enhanced. Disclosure of Invention The invention aims to provide a data flow security control method and system based on dynamic trust evaluation, which solve the defects in the background technology. In order to achieve the above purpose, the invention provides a data flow security control method based on dynamic trust evaluation, comprising the following steps: s100, acquiring a behavior feature sequence F of a current data request entity in a fixed time window, wherein the behavior feature sequence F comprises an access frequency, an access object category, a historical access offset degree and an abnormal behavior trigger record; S200, constructing a behavior pattern B according to the behavior feature sequence F, and identifying a typical behavior pattern of an entity in a data circulation path; S300, calculating a risk weight R of a behavior pattern B under the context information by combining the context information of the current environment, including network topology change, data sensitivity level and upstream and downstream entity states; S400, inputting the risk weight R and the behavior pattern B according to a historical trust evolution model, and dynamically generating a trust value T of a current request entity; S500, according to the trust value T and the data sensitivity, matching a preset trust level threshold value table, and determining an access decision strategy of a request entity to target data, wherein the access decision strategy comprises access permission, partial desensitization access, access blocking or audit flow initiation; And S600, executing the access decision strategy, and feeding back the behavior feature sequence F and the corresponding processing result to the historical trust evolution model for self-adaptive adjustment of the follow-up trust value T. Preferably, the step of constructing the behavior pattern B according to the behavior feature sequence F includes: mapping the access frequency, the access object category distribution, the behavior offset and the abnormal behavior event sequence in the behavior feature sequence F into multidimensional behavior vectors respectively; based on the multidimensional behavior vector, performing feature aggregation on behaviors of the same entity in a plurality of time windows by adopting a graph neural network to generate behavior node embedded representation; Taking a request entity as a central node, constructing access edge relations between the request entity and a plurality of target data nodes in a data flow path, and introducing edge weights to represent access strength and sensitivity; And identifying a typical behavior mode of the request entity according to the connection density and the evolution path between the nod