Research On The Key Technologyof Of The Proactive Access Control Based On Game Theory

In recent years,with the development of computer technology and network technology,information security has become a growing concern problem of people.As a core security technology to protect sensitive information and critical resources,access control plays a more and more important role in resisting network threats and attacks.The current network environment has changed from the specific user,closed,static environment in the past to public users,open,dynamic environment now.The traditional access control mechanism is more designed for the closed network environment.The uncertainty of the dynamic network environment and the user identity in the open network makes the traditional access control mechanism unable to meet the security requirements.Access control technology,as an important gateway to guard the information security in open network,faces more complex security situation,bear more and more important security responsibility.Game theory provides a new approach to the study of access control in open networks.The access control based on dynamic game introduces the related concepts and theories of game theory into the traditional access control technology,which makes the access control mechanism,adapt to the constantly changing network environment of open network and meet the security requirements of open network.In the face of the achilles heel that the traditional access control is lack of active self-defense ability in the network application,with the use of the relevant theory in game theory,the design of active access control framework could use active means of access to curbed the subjects' non-standard or malicious access behavior effectively.So that the access objects and subjects would form a balance state to maintain the normal operation of access control.According to the framework,this paper mainly from the theoretical basis,mechanism design,game analysis levels to carry out the following four aspects of research work:(1)An access control mechanism based on Nash Equilibrium is proposed to solve the authorization problem of an access subject and a visited object in access control and improve the ability of the system to deal with the security attack and risk in the open network.The access subject and object are natural players in the access control.So game theory could be used to study the dynamic game relationship between the subject and the object in the access control.And on this basic,establish an active access control constraint mechanism.The main process is to judge the different payoffs of the different game strategies of the subject and the object according to the current access situation and the historical access information.The two sides adopt the proceeds to get the Nash equilibrium strategy and analyze the Nash equilibrium strategy to get final decision.The final strategy includes the assumption that the access control mechanism is distributed in different game strategies,and the distribution of the access control strategy that the object will take in different game strategies.Based on this,it is possible to determine a permission assignment scheme for access control.(2)A PE access control mechanism based on incomplete information static game is proposed to solve the problem of access efficiency in access control,to make the system respond quickly and effectively to the access request.Access efficiency is a problem that must be faced when establishing the access control mechanism,especially in intensive access.Facing the intensive access of the same user,the access control mechanism will consume the system resources and cause the problem of the access delay because of the game playing before the user's authority is given to each user.According to the incomplete information static game theory,we design the access control scheme,and improve the efficiency in intensive access process under the premise of taking security into consideration.In the mechanism,to achieve the purpose of improving the efficiency of the access,transfer each visit evaluation at the start of the access to a visit evaluation after the access.In order to better ensure the security of intensive access,the main request permissions are not fully accepted or rejected,but partly accepted,which include fully accepted and rejected,according to the evaluation and the game both sides in whole.(3)A DDoS attack defense mechanism based on cluster analysis and cooperative game is proposed to solve the security problem caused by DDoS attack in multi-agent concurrent access control.The resource allocation game is used to ensure the normal operation of the system.As the most common attack method in concurrent access,the proportion of DDoS attacks in open network attacks is increasing.How to allocate object resources to make the concurrent access requests of multiple subjects get high-speed and effective feedback under the premise of guaranteeing object security and usability is the focus of the research.In order to deal with the DDoS attacks in open network,this paper proposes a DDoS attack defense mechanism based on the theory of cluster analysis and cooperative game.Firstly,the clustering mechanism is built by clustering method,which clusters the attack data into multiple clusters.And then play cooperative games inter and intra these clusters.In the games,these clusters and their data must follow the principle of "guarantee the normal operation of the system".Then allocate the network resources according to the game result,so that the DDoS attack will no longer threaten the system and guarantee the security and usability of the system.(4)A privacy protection mechanism based on repeated games is proposed to solve the protection problem of privacy information in access control and protect the privacy of information.In open dynamic network,the privacy protection of information is an important problem but most access control mechanisms ignore it.On the basis of repeated games,a privacy protection mechanism based on access control is proposed.From the point of view of revenue,when the visiting subject accesses the privacy information of the object,the collection of the privacy information which has been accessed does not exceed the tolerance of the user to the privacy disclosure.Thus effectively prevent the access subject from gaining the privacy tolerance of the private information,and provide effective protection for the user's privacy information in the system.This scheme combines the relevant content in the repeated game theory with the multiple accesses of the subject to the user privacy information in the object.And obtain the probability of the subject's goodwill access by the game with different payoffs when the access subject and the visited object respectively take different strategies.The probability is compared with the object's privacy information disclosure tolerance,so as to get the decision whether the object authorizes the subject or not.In summary,this paper presents an active access control technology framework based on game theory,and designs the access control mechanism from different angles.So that subject and object form a balance.The security of the system is ensured,and the effectiveness of access control in protecting information security and privacy information has been improved.