CN-122027362-A - Zero-trust forced access method and device, computer equipment and storage medium

Abstract

The invention belongs to the field of information security and relates to a zero-trust forced access method, a zero-trust forced access device, computer equipment and a storage medium, wherein the method comprises the steps of collecting terminal behavior data in a multi-dimensional manner, and preprocessing to obtain a structured behavior segment; the method comprises the steps of inputting a structured behavior segment into a Transformer model, outputting a risk quantification observation value, a behavior category and a behavior deviation value, carrying out time sequence state estimation on an observation vector constructed by the risk quantification observation value and the behavior deviation value by adopting Kalman filtering, outputting a dynamic time sequence risk state, carrying out multidimensional risk fusion and joint judgment, outputting a comprehensive risk score and a behavior judgment label, generating and executing an access control instruction, outputting an execution log, carrying out feedback closed loop based on the execution log, and carrying out strategy self-adaptive optimization on the Transformer model. The deep time sequence modeling capability is improved, the fault tolerance recognition capability of normal misoperation is enhanced, and the closed loop self-adaptive optimization capability is improved.

Inventors

• QI JIANHUAI
• HU JINHUA
• HAN DANDAN

Assignees

• 深圳市永达电子信息股份有限公司

Dates

Publication Date

20260512

Application Date

20260410

Claims (10)

1. 1. A zero trust forced access method comprising the steps of: The method comprises the steps of acquiring terminal behavior data in multiple dimensions, and carrying out structural pretreatment on the behavior data to obtain a structural behavior fragment; Inputting the structured behavior segment into a transducer model, and outputting a risk quantification observation value, a behavior category and a behavior deviation value of the current behavior segment; Constructing an observation vector based on the risk quantification observation value and the behavior deviation value, carrying out time sequence state estimation on the observation vector by adopting Kalman filtering, and outputting a dynamic time sequence risk state; based on the dynamic time sequence risk state, multidimensional risk fusion and joint judgment are carried out, and a comprehensive risk score and a behavior judgment label are output; Generating and executing an access control instruction based on the comprehensive risk score and the behavior judgment label, and outputting an execution log; and based on the execution log, performing feedback closed loop, and performing strategy self-adaptive optimization on the transducer model.
2. 2. The zero-trust forced access method according to claim 1, wherein the steps of collecting terminal behavior data in a multi-dimension manner and performing structural preprocessing on the behavior data to obtain a structural behavior fragment specifically comprise: Collecting terminal multi-source heterogeneous behavior data; Performing data cleaning and time window segmentation on the behavior data; and extracting multidimensional features from the behavior data subjected to cleaning and time windowed segmentation to obtain a structured behavior segment.
3. 3. The zero-trust forced access method of claim 1, wherein the step of inputting the structured behavior segments into a transducer model and outputting risk quantification observations, behavior categories and behavior bias values for a current behavior segment specifically comprises: inputting the structured behavior segment into a transducer model, and carrying out heterogeneous feature vectorization and position coding; The transducer model dynamically calculates the association weight with all other events for each event in the window through a multi-head self-attention mechanism, and extracts the behavior characteristic representation fused with the global context information; And outputting the risk quantification observation value, the behavior category and the behavior deviation value.
4. 4. The zero-trust forced access method according to claim 1, wherein the step of constructing an observation vector based on the risk quantification observation value and the behavior deviation value, performing time sequence state estimation on the observation vector by using kalman filtering, and outputting a dynamic time sequence risk state specifically comprises: Constructing a zero-trust risk state space model based on the risk quantification observation value and the behavior deviation value; Iterative prediction and updating by adopting Kalman filtering; And outputting the filtered dynamic time sequence risk state.
5. 5. The zero-trust forced access method according to claim 1, wherein the step of performing multidimensional risk fusion and joint determination based on the dynamic time-series risk state, and outputting a comprehensive risk score and a behavior determination tag specifically comprises: based on the dynamic time sequence risk state, fusing multidimensional static and dynamic risk factors; based on the time sequence trend, carrying out misoperation judgment; And outputting the comprehensive risk correction value and the behavior judgment label.
6. 6. The zero-trust forced access method of claim 1, wherein the step of generating and executing an access control instruction based on the integrated risk score and the behavior decision tag, and outputting an execution log specifically comprises: Setting a multilevel threshold to make policy decisions based on the comprehensive risk score and the behavior decision tag; generating a standardized forced control instruction; And the full link cooperatively executes the standardized forced control instruction, and feeds back the execution state to output an execution log.
7. 7. The zero-trust forced access method according to any one of claims 1 to 6, wherein the step of performing feedback closed loop based on the execution log and performing policy adaptive optimization on a transducer model specifically comprises: Based on the execution log, multi-source feedback data acquisition and labeling are carried out; based on the multi-source feedback data, performing iterative optimization of multi-target parameters and a transducer model; Synchronizing the optimized parameters into a transducer model and Kalman filtering parameters.
8. 8. A zero trust forced access apparatus comprising: The system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring terminal behavior data in a multi-dimension mode, and carrying out structural pretreatment on the behavior data to obtain a structural behavior segment; the quantization module is used for inputting the structured behavior segments into a transducer model and outputting risk quantization observation values, behavior categories and behavior deviation values of the current behavior segments; the estimation module is used for constructing an observation vector based on the risk quantification observation value and the behavior deviation value, carrying out time sequence state estimation on the observation vector by adopting Kalman filtering, and outputting a dynamic time sequence risk state; The fusion module is used for carrying out multidimensional risk fusion and joint judgment based on the dynamic time sequence risk state and outputting a comprehensive risk score and a behavior judgment label; the execution module is used for generating and executing an access control instruction based on the comprehensive risk score and the behavior judgment label and outputting an execution log; and the optimization module is used for carrying out feedback closed loop based on the execution log and carrying out strategy self-adaptive optimization on the transducer model.
9. 9. A computer device comprising a memory having stored therein computer readable instructions which when executed by a processor implement the steps of the zero trust forced access method of any one of claims 1 to 7.
10. 10. A computer readable storage medium having stored thereon computer readable instructions which when executed by a processor implement the steps of the zero trust forced access method of any one of claims 1 to 7.

Description

Zero-trust forced access method and device, computer equipment and storage medium Technical Field The present invention relates to the field of information security technologies, and in particular, to a zero trust forced access method, a zero trust forced access device, a computer device, and a storage medium. Background As information systems evolve from traditional border protection modes to clouding, mobilizing and distributing, traditional security models of "trusted in the intranet and untrusted in the extranet" have been difficult to meet modern security requirements. The zero trust security architecture emphasizes "continuous authentication, minimum rights, dynamic authorization", requiring real-time assessment and fine-grained control of access principals, terminal states, behavioral processes, and resource requests. In the prior art, zero-trust access control generally relies on static authorization based on identity authentication, access control based on policy rules, admission control based on terminal compliance status, anomaly detection based on log analysis or simple statistical methods, and the like. However, the method still has the defects that the understanding capability of a terminal behavior sequence is insufficient, the conventional method mostly adopts a rule matching, threshold detection or shallow machine learning model, long-distance dependency relationship, context association relationship and multi-mode characteristic combination relationship in terminal user behaviors are difficult to effectively model, so that complex attack chains, low-speed small attack behaviors and disguised operation behaviors are weak in recognition capability, malicious anomalies and normal misoperation are difficult to distinguish, and in the actual terminal use process, the user can have some behaviors such as non-malicious false clicking, false input, false switching, occasional abnormal instructions, short-time abnormal access paths and the like. Such behavior may deviate from routine in local features, but still fall within normal fluctuations in overall state evolution. The existing system is easy to misjudge as malicious behavior, so that the error blocking, the error blocking and the error weight reduction are caused, and the service continuity and the user experience are affected. Therefore, a zero-trust access control manner is needed that can perform deep timing recognition on terminal behaviors, smooth estimation on behavior states, fault-tolerant recognition on misoperation in a normal range, and further linkage forced access control execution. Disclosure of Invention In order to solve the technical problems, the invention provides a zero trust forced access method, which adopts the following technical scheme that the method comprises the following steps: The method comprises the steps of acquiring terminal behavior data in multiple dimensions, and carrying out structural pretreatment on the behavior data to obtain a structural behavior fragment; Inputting the structured behavior segment into a transducer model, and outputting a risk quantification observation value, a behavior category and a behavior deviation value of the current behavior segment; Constructing an observation vector based on the risk quantification observation value and the behavior deviation value, carrying out time sequence state estimation on the observation vector by adopting Kalman filtering, and outputting a dynamic time sequence risk state; based on the dynamic time sequence risk state, multidimensional risk fusion and joint judgment are carried out, and a comprehensive risk score and a behavior judgment label are output; Generating and executing an access control instruction based on the comprehensive risk score and the behavior judgment label, and outputting an execution log; and based on the execution log, performing feedback closed loop, and performing strategy self-adaptive optimization on the transducer model. Preferably, the steps of collecting terminal behavior data in a multi-dimension manner and carrying out structural preprocessing on the behavior data to obtain a structural behavior segment specifically include: Collecting terminal multi-source heterogeneous behavior data; Performing data cleaning and time window segmentation on the behavior data; and extracting multidimensional features from the behavior data subjected to cleaning and time windowed segmentation to obtain a structured behavior segment. Preferably, the step of inputting the structured behavior segment into a transducer model and outputting a risk quantification observation value for the current behavior segment specifically includes: inputting the structured behavior segment into a transducer model, and carrying out heterogeneous feature vectorization and position coding; The transducer model dynamically calculates the association weight with all other events for each event in the window through a multi-head self-attention mechanism, and