CN-122027241-A - Dynamic access control method and device based on multidimensional fusion analysis

Abstract

The invention relates to the technical field of high-level information security and confidentiality, in particular to a dynamic access control method and device based on multidimensional fusion analysis. The method comprises the steps of receiving a computer access event, extracting a source IP address and an inherent risk score, matching a user ID based on the source IP address, taking a user corresponding to the user ID as a target user, obtaining a plurality of original events related to the user ID, carrying out fusion analysis on the plurality of original events to generate a physical confidence coefficient, carrying out behavior analysis on the computer access event to obtain a behavior matching degree conforming to the normal behavior of the target user, carrying out Bayesian fusion reasoning on the inherent risk score, the physical confidence coefficient and the behavior matching degree to obtain dynamic credibility of the normal behavior of the target user at a correct position, and generating and executing an access control instruction according to a comparison result of the dynamic credibility and a trust threshold. The invention can ensure that the authority moves along with the personnel, and eliminates the contradiction between a static authorization mode and dynamic physical reality.

Inventors

• WU JIAMING
• Ao Changde

Assignees

• 武汉绿色网络股份有限公司

Dates

Publication Date

20260512

Application Date

20260122

Claims (10)

1. 1. A dynamic access control method based on multi-dimensional fusion analysis is characterized by comprising the following steps: receiving a computer access event, extracting a source IP address and an inherent risk score in the computer access event, matching a corresponding user ID based on the source IP address, and taking a user corresponding to the user ID as a target user; acquiring a plurality of original events associated with the user ID and reflecting the presence or departure of the target user, and performing fusion analysis on the plurality of original events to generate physical confidence; performing personalized behavior analysis on the computer access event to obtain behavior matching degree which accords with the normal behavior of the target user; bayesian fusion reasoning is carried out on the inherent risk score, the physical confidence coefficient and the behavior matching degree, so that the dynamic credibility of normal behavior of the target user at the correct position is obtained; And generating and executing an access control instruction aiming at the computer access event according to the comparison result of the dynamic credibility and the trust threshold.
2. 2. The method for dynamic access control based on multidimensional fusion analysis according to claim 1, wherein defining a bayesian fusion inference formula comprises: defining whether the computer access event is legal or not as a hidden variable; according to basic priori knowledge, defining prior probability distribution when assuming hidden variables are established; when the hidden variable is assumed to be established or the hidden variable is not established, respectively defining probability distribution of the physical confidence coefficient to obey normal distribution; defining the probability distribution of the inherent risk score to follow the left partial beta distribution when the hidden variable is assumed to be established, and defining the probability distribution of the inherent risk score to follow the right partial beta distribution when the hidden variable is assumed to be not established; Defining a probability distribution of the behavior matching degree to follow a normal distribution when the assumed hidden variable is established, and defining a probability distribution of the behavior matching degree to follow a first normal distribution when the assumed hidden variable is not established, wherein the mean value of the first normal distribution is defined as a function of inherent risk wind; And synthesizing the prior probability formula and a plurality of probability distributions to obtain a Bayesian fusion inference formula.
3. 3. The method for dynamic access control based on multidimensional fusion analysis according to claim 2, wherein a bayesian fusion inference formula is as follows: ; Wherein, the Representing posterior probability, p representing physical confidence, b representing behavior matching, and r representing inherent risk score; representing the probability that the hidden variable is true; Representing the probability that the hidden variable is not established; Represents the full probability, N (-) represents the normal distribution, beta (-) represents the Beta distribution, A mean value representing a probability distribution to which the physical confidence obeys when the hidden variable is established, Standard deviation representing probability distribution obeyed by physical confidence when hidden variables were established; representing the mean value of probability distribution obeying the behavior matching degree when the hidden variable is established; Representing standard deviation of probability distribution obeyed by behavior matching degree when hidden variables are established; a first shape parameter representing a probability distribution to which an intrinsic risk score obeys when the hidden variable is established; a second shape parameter representing a probability distribution to which the inherent risk score obeys when the hidden variable is established; A mean value representing a probability distribution to which the physical confidence obeys when the hidden variable is established, Standard deviation representing probability distribution obeyed by physical confidence when hidden variables were established; representing the mean value of probability distribution obeying the behavior matching degree when the hidden variable is established; Representing standard deviation of probability distribution obeyed by behavior matching degree when hidden variables are established; a first shape parameter representing a probability distribution to which an intrinsic risk score obeys when the hidden variable is established; a second shape parameter representing a probability distribution to which the inherent risk score obeys when the hidden variable is established.
4. 4. The method of dynamic access control based on multidimensional fusion analysis of claim 1, the method further comprising: if the dynamic credibility is greater than or equal to the trust threshold, not performing access control on the computer access event; If the dynamic credibility is smaller than the trust threshold, calculating a trust gap between the dynamic credibility and the trust threshold; if the trust gap is smaller than or equal to a first threshold value, performing light verification on the target user; If the trust gap is larger than the first threshold and smaller than or equal to the second threshold, limiting access authority and carrying out strong verification on the target user, wherein the verification intensity of the strong verification is larger than that of the light verification; And if the trust gap is larger than the second threshold value, blocking and suppressing the computer access event.
5. 5. The method of dynamic access control based on multidimensional fusion analysis of claim 1, wherein prior to receiving a computer access event, the method further comprises: capturing raw data of at least one user from aspects of access control, stations and equipment through a plurality of internet of things sensors; Judging the original data according to preset judging logic to obtain a state reflecting the physical existence or non-existence of a user, and generating an original event containing the state; Collecting a computer-generated access request, performing risk analysis on access behaviors from the aspects of access targets, access contents and generation flow to obtain inherent risk scores, and generating a computer access event containing the inherent risk scores; preprocessing the original event and the computer access event, and associating the preprocessed original event of the same user with the preprocessed computer access event.
6. 6. The method of dynamic access control based on multidimensional fusion analysis of claim 1, the method further comprising: Acquiring an original event corresponding to the target user according to the user ID, and intercepting a preset time window for the original event to obtain a target event, wherein the end point of the preset time window is the moment of receiving the computer access event; Processing a target event corresponding to the smallest timestamp in a preset time window according to a preset rule, generating initial confidence coefficient, and fixing initial attenuation rate; if the state of the target event corresponding to the target timestamp in the preset window changes, the initial attenuation rate is adjusted according to a preset rule to obtain a target attenuation rate; And calculating the initial confidence coefficient and the target decay rate to obtain the physical confidence coefficient reflecting the presence or absence of the target user.
7. 7. The method of dynamic access control based on multidimensional fusion analysis of claim 1, the method further comprising: Extracting a plurality of features of the computer access event, and forming a feature vector from the plurality of features; Invoking a trained probability model corresponding to the target user through the user ID, wherein the probability model comprises K normal working mode clusters corresponding to the target user; Estimating the probability that the feature vector belongs to each normal working mode cluster by using the probability model, and combining the weight of each normal working mode cluster to obtain the probability that the feature vector belongs to the normal behavior of the target user; and mapping the probability to a percentage interval to obtain the behavior matching degree.
8. 8. The method of dynamic access control based on multidimensional fusion analysis of claim 1, wherein the original event comprises a location event, the method further comprising: Positioning base stations are deployed in key areas of a company, and a positioning engine receives tag signals sent by work cards worn by users; the positioning engine maps the real-time coordinates into specific position identifiers based on a digital twin map of the company and calculates the result confidence of the specific position identifiers; and when the specific position identifier is changed or the result confidence degree is updated to be larger than the preset degree in the preset time, generating a position event containing the latest specific position identifier and the latest result confidence degree.
9. 9. A dynamic access control device based on multidimensional fusion analysis, comprising: and a memory communicatively coupled to the at least one processor, wherein the memory stores instructions executable by the at least one processor for performing the multi-dimensional fusion analysis-based dynamic access control method of any one of claims 1-8.
10. 10. A non-transitory computer storage medium storing computer-executable instructions for execution by one or more processors for performing the multi-dimensional fusion analysis-based dynamic access control method recited in any one of claims 1-8.

Description

Dynamic access control method and device based on multidimensional fusion analysis Technical Field The invention relates to the technical field of high-level information security and confidentiality, in particular to a dynamic access control method and device based on multidimensional fusion analysis. Background At present, the protection center of gravity of a high-security-level information system is changed from external network boundary defense to unauthorized access and data theft possibly implemented by internal legal personnel, while multiple defense measures are deployed in the prior art system, the following systematic defects which are related to each other and not solved at all still exist when dealing with dynamic and collaborative modern working scenes, for example, authorization is completed and continuously effective when logging in based on a static access control model of a role, and after personnel leave a field, network session, background process and access authority still exist, so that the problem of authority suspension is caused, and high-risk loopholes are formed. In addition, the discovery, cross-domain association, research and judgment and disposal of security events are completely dependent on manual work, and the response period is as long as several minutes to several hours, so that the rapid flash attack (namely the extremely rapid data theft completed in the authority suspension window period) initiated by internal personnel cannot be dealt with. The current defense methods include a zero trust network access method, a user and entity behavior analysis method and an existing separation Xi Suobing method. The continuous verification in the zero-trust network access method is concentrated on the equipment health degree and the network identity, and lacks of real-time and quantitative perception capability on the basic trust foundation stone of the accurate physical presence of personnel. The user and entity behavior analysis method is mainly used for post risk scoring and alarming, and is difficult to drive real-time and mandatory access control decisions, and the response speed is low. The existing method of leaving Xi Suobing (such as Windows dynamic lock and notebook sensor) is an isolated, passive and experience layer solution, which can trigger local screen locking based on a single signal (such as Bluetooth disconnection), and cannot sense and prevent network layer data stealing behavior initiated by background process during leaving. The protection is incomplete. In summary, the existing defense method has a dislocation in terms of personnel authority and personnel position, cannot cope with the problem of authority suspension, and cannot respond to and process the security event occurring in the authority suspension in time. In view of this, overcoming the drawbacks of the prior art is a problem to be solved in the art. Disclosure of Invention Aiming at the defects or improvement demands of the prior art, the invention provides a dynamic access control method and a device based on multidimensional fusion analysis, which can ensure that rights move along with personnel and eliminate contradiction between a static authorization mode and dynamic physical reality. The embodiment of the invention adopts the following technical scheme: In a first aspect, the invention provides a dynamic access control method based on multidimensional fusion analysis, which comprises the steps of receiving a computer access event, extracting a source IP address and an inherent risk score in the computer access event, matching a corresponding user ID based on the source IP address, and taking a user corresponding to the user ID as a target user; acquiring a plurality of original events associated with the user ID and reflecting the presence or departure of the target user, and performing fusion analysis on the plurality of original events to generate physical confidence; performing personalized behavior analysis on the computer access event to obtain behavior matching degree which accords with the normal behavior of the target user; bayesian fusion reasoning is carried out on the inherent risk score, the physical confidence coefficient and the behavior matching degree, so that the dynamic credibility of normal behavior of the target user at the correct position is obtained; And generating and executing an access control instruction aiming at the computer access event according to the comparison result of the dynamic credibility and the trust threshold. Preferably, defining a bayesian fusion inference formula includes: defining whether the computer access event is legal or not as a hidden variable; according to basic priori knowledge, defining prior probability distribution when assuming hidden variables are established; when the hidden variable is assumed to be established or the hidden variable is not established, respectively defining probability distribution of the physical confidence coeff