CN-121997311-A - Authority self-adaptive adjustment method and device, electronic equipment and storage medium

Abstract

Responding to an access request initiated by a user to a protected resource, and collecting multidimensional scene features associated with the access request in real time; the method comprises the steps of determining a risk assessment result of an access request based on the multi-dimensional scene characteristics, inputting a state vector formed by the multi-dimensional scene characteristics and the risk assessment result into a reinforcement learning decision model, outputting a corresponding permission adjustment action by the reinforcement learning decision model, and adjusting the access permission of the access request according to the permission adjustment action. Therefore, the system can automatically adjust the authority policy according to the specific scene and the risk level of each access, not only can timely protect when abnormal access occurs, but also can avoid excessive limitation of normal business operation, thereby realizing effective balance of safety control and user experience in complex and changeable actual environments.

Inventors

• ZHOU REN
• YANG FAN
• HAN JIAXIAN
• XIA YU
• Lin shang

Assignees

• 重庆蓝电汽车科技有限公司

Dates

Publication Date

20260508

Application Date

20251210

Claims (10)

1. 1. A method for adaptively adjusting rights, the method comprising: Responding to an access request of a protected resource initiated by a user, and collecting multidimensional scene features associated with the access request in real time; determining a risk assessment result of the access request based on the multi-dimensional scene features; the state vector formed by the multi-dimensional scene characteristics and the risk assessment results is input into a reinforcement learning decision model, and the reinforcement learning decision model outputs corresponding authority adjustment actions; And adjusting the access authority of the access request according to the authority adjustment action.
2. 2. The method of claim 1, wherein the determining a risk assessment result for the access request based on the multi-dimensional scene feature comprises: preprocessing the multi-dimensional scene features to obtain comprehensive feature vectors; Calculating the similarity between the comprehensive feature vector and the feature vector in a preset risk feature library; and determining risk probability according to the similarity, and determining the risk probability as the risk assessment result.
3. 3. The method according to claim 1, wherein the method further comprises: Monitoring an operation result after the access right of the access request is adjusted; generating a reward value according to the operation result; updating the reinforcement learning decision model with the reward value.
4. 4. A method according to claim 3, wherein the operation result includes a risk event trigger condition and operation experience data of a user, and the generating a reward value according to the operation result includes: determining a safety evaluation value according to the risk event triggering condition; determining the user interference degree according to the operation experience data, wherein the operation experience data comprises additional operation time consumption caused by permission adjustment and/or operation failure times; And calculating the rewarding value according to the safety evaluation value and the user interference degree.
5. 5. The method of claim 1, wherein said adjusting access rights of said access request according to said rights adjustment action comprises: Identifying a first operation type intended to be performed in the access request if the rights adjustment action is to downgrade a resource operation type; Mapping the first operation type to a second operation type, wherein the authority level of the second operation type is lower than that of the first operation type; Processing the access request based on the second operation type.
6. 6. The method of claim 1, wherein said adjusting access rights of said access request according to said rights adjustment action comprises: Under the condition that the permission adjustment action triggers secondary verification, suspending execution of the access request, generating a verification request and sending the verification request to a user; and after receiving the correct verification information matched with the verification request, resuming the execution of the access request.
7. 7. The method of claim 1, wherein the multi-dimensional scene features comprise behavioral features, and wherein the collecting in real-time the multi-dimensional scene features associated with the access request comprises: recording a series of requests initiated by the user in a current session to form a real-time operation sequence; Determining an operating frequency based on the real-time operating sequence; calculating the similarity between the real-time operation sequence and the user history synchronous operation sequence to obtain history operation similarity; And taking the real-time operation sequence, the operation frequency and the historical operation similarity together as the behavior characteristics.
8. 8. A rights adaptive adjustment apparatus, the apparatus comprising: the acquisition module is used for responding to an access request of a protected resource initiated by a user and acquiring multidimensional scene characteristics associated with the access request in real time; The determining module is used for determining a risk assessment result of the access request based on the multi-dimensional scene characteristics; The input module is used for inputting a state vector formed by the multi-dimensional scene characteristics and the risk assessment result into a reinforcement learning decision model, and outputting a corresponding authority adjustment action by the reinforcement learning decision model; And the adjusting module is used for adjusting the access authority of the access request according to the authority adjusting action.
9. 9. An electronic device comprising a processor and a memory, the processor configured to execute a rights adaptation program stored in the memory to implement the rights adaptation method of any one of claims 1-7.
10. 10. A storage medium, characterized in that the storage medium stores one or more programs, the one or more programs are executable by one or more processors to implement the rights adaptive adjustment method of any of claims 1-7.

Description

Authority self-adaptive adjustment method and device, electronic equipment and storage medium Technical Field The present application relates to the field of computer security technologies, and in particular, to a method and apparatus for adaptively adjusting rights, an electronic device, and a storage medium. Background In the field of information technology, safe and reliable access control to system resources is a fundamental and critical requirement. How to accurately determine the access rights of users in specific scenes is always the key point of research in the industry. The mainstream scheme currently adopts a role-based access control model. The scheme realizes authorization by pre-distributing fixed roles for system users and binding access rights with the roles. When a user initiates an access request, the system determines whether to grant the access right to the target resource by inquiring the assigned role and according to the fixed mapping relation between the role and the authority. However, the permission grant mechanism in the prior art is static and fixed, and cannot be dynamically and adaptively adjusted according to the specific scene where the access request occurs and the potential risk thereof, so that it is difficult to consider security and user experience in a complex and changeable practical application environment. Disclosure of Invention The application provides a permission self-adaptive adjustment method, a permission self-adaptive adjustment device, electronic equipment and a storage medium, which are used for solving the problems that in the prior art, a permission grant mechanism is static and fixed, and dynamic and self-adaptive adjustment cannot be carried out according to a specific scene where an access request occurs and potential risks thereof, so that the security and user experience are difficult to consider in a complex and changeable practical application environment. In a first aspect, the present application provides a method for adaptively adjusting rights, including: Responding to an access request of a protected resource initiated by a user, and collecting multidimensional scene features associated with the access request in real time; determining a risk assessment result of the access request based on the multi-dimensional scene features; the state vector formed by the multi-dimensional scene characteristics and the risk assessment results is input into a reinforcement learning decision model, and the reinforcement learning decision model outputs corresponding authority adjustment actions; And adjusting the access authority of the access request according to the authority adjustment action. In one possible implementation manner, the determining, based on the multi-dimensional scene feature, a risk assessment result of the access request includes: preprocessing the multi-dimensional scene features to obtain comprehensive feature vectors; Calculating the similarity between the comprehensive feature vector and the feature vector in a preset risk feature library; and determining risk probability according to the similarity, and determining the risk probability as the risk assessment result. In one possible embodiment, the method further comprises: Monitoring an operation result after the access right of the access request is adjusted; generating a reward value according to the operation result; updating the reinforcement learning decision model with the reward value. In one possible implementation manner, the operation result includes a risk event triggering condition and operation experience data of a user, and generating a reward value according to the operation result includes: determining a safety evaluation value according to the risk event triggering condition; determining the user interference degree according to the operation experience data, wherein the operation experience data comprises additional operation time consumption caused by permission adjustment and/or operation failure times; And calculating the rewarding value according to the safety evaluation value and the user interference degree. In one possible implementation manner, the adjusting the access right of the access request according to the right adjustment action includes: Identifying a first operation type intended to be performed in the access request if the rights adjustment action is to downgrade a resource operation type; Mapping the first operation type to a second operation type, wherein the authority level of the second operation type is lower than that of the first operation type; Processing the access request based on the second operation type. In one possible implementation manner, the adjusting the access right of the access request according to the right adjustment action includes: Under the condition that the permission adjustment action triggers secondary verification, suspending execution of the access request, generating a verification request and sending the verificat