| Access control is an important method to achieve the security of system and network.Through specific access control policies,access control achieves the purpose of restricting user access to resources such as data and networks.The access network is a common scenario of access control,in which role-based access control policies and access control list technology are often used.This limit illegal users to access the Internet and filter malicious traffic.However,with the continuous development of technology,these strategies are difficult to deal with complex and diverse attacks and rapidly changing malicious traffic.In order to solve this problem,this paper studies the access control methods of the access network based on traffic characteristics.The access network gateway analyzes the traffic characteristics in real time and converts them into traffic attributes.Then it implements attribute-based access control with greater flexibility.The main research contents and innovations of this paper include:1.This paper proposes an access control framework of access network based on traffic characteristics to prevent fast-changing malicious traffic and ensure the security of the access network.Through real-time analysis of application layer traffic,the framework assigns traffic to corresponding attributes according to various characteristics such as application type and traffic source type,and then performs access control through flexible access control rules based on traffic attributes.2.This paper designs an application type identification scheme based on application trigger relationship,which provides an accurate application type feature attribute for the access control framework.The scheme analyzes the trigger relationship among applications and models it as a directed acyclic graph,mines the trigger relationship among applications from the traffic,and uses the trigger relationship to identify the application types based on existing deep packet inspection method.Evaluations show that the scheme effectively improves the accuracy of application type identification.3.This paper proposes a source type identification scheme based on traffic arrival pattern,which provides a more accurate traffic source type feature attribute for the access control framework.The scheme extracts key features such as arrival time distribution and URL distribution.The machine learning method classifies the traffic source into human users and multiple types of machine users.Evaluations show that the scheme can achieve higher recognition accuracy.4.This paper designs an attribute-based encryption scheme based on redundancy elimination,and provides traffic-attribute-based access control capabilities for the framework.This scheme analyzes the computation overhead of attribute-based encryption,and redesigns the calculation process of attribute-based encryption by redundancy elimination.Experiments show that this scheme can effectively reduce the storage and computational overhead in the access control process. |
PDF Full Text Request