Research On Dynamic Access Control Model For Private Cloud Data Security Based On User Behavior Analysis

To ensure data security is the primary goal of enterprise information security work,and Access Control is an important measure to achieve this goal.For the continuity of the business process,as enterprises integrating the information systems into the private cloud,most of them continue to use the traditional access control model,which grant static permission for users by some certain role.This scheme can not deal with the threats from the abuse of the legitimate user account or the compromise of some account with high privilege.In this thesis,we apply machine learning methods to analyze the user behavior,try to find out those abnormal user behaviors,estimate the behavior risk,adjust user's trust level,then adjust the user's role correspondingly,according to different role,grant different permissions for a user to access different enterprise data or application subsets.The main research contents are as following.We analyzed the shortcomings of the Role-Based Access Control models in the private cloud environment,and raised the necessity of analyzing the user behavior,in order to realize the dynamic access control model according to the user trust level.We analyzed the domestic and foreign research status,main methods and applications of machine learning in user behavior analysis.After the definition and formalization of user behavior in the private cloud environment is done,we proposed a user behavior analysis framework based on Hadoop and machine learning,which implemented user behavior data collecting,storing,preprocessing and automatic analysis,the typical environment and process of training and tuning Neural Network using TensorFlow are also presented.The calculation of user behavior risk value is introduced,and gives the method and process of dynamic adjustment of user trust level according to the user's average risk value through historical behavior.Based on the above research,a dynamic access control model based on user behavior analysis is proposed,functions of modules and the relationship between them are outlined.The dynamic access control model based on user behavior analysis in this thesis can help enterprises to discover unknown security risks in the private cloud environment,so they can respond in time,to achieve the enterprise data security goals.