Font Size: a A A

Research On Access Control To Web Pages Based On User Browsing Behavior

Posted on:2019-02-17Degree:MasterType:Thesis
Country:ChinaCandidate:C LiuFull Text:PDF
GTID:2428330593450079Subject:Software engineering
Abstract/Summary:PDF Full Text Request
Due to the rapid development of computer network technology,people enjoy the convenience of the information age.But at the same time,the security risks along with computer network system are gradually exposed.Because of the destruction of the hardware and software of the network system,the identity of the user has been stolen,resulting in the disclosure of user information,property losses and so on.Access control,as the core means to protect sensitive information and key resources of network systems,which,on the one hand,prevents illegal attacks from outside,and on the other hand,manages human factors within the systemTraditional access control model is based on closed network environment,based on knowingthe user's real identity,through the central authority node to managenetwork users,to detect illegal users and behaviors.This authorization method ispassive.However,in the open network environment,the user identity is uncertain or untrue.In addition,the network environment becomes more open and dynamic,not just limited to a closed system.The uncertainty of user identity and the change of network environment make the traditional access control model have limitations in open network environment.How to deal with the security threats in the open network environment becomes an urgent problem to be solved.Access control model which is based on user behavior provides a new way to deal with security threats in open network environment.Based on the characteristics of user behavior and introducing related concepts and theories of machine learning into the traditional access control model,the new access control model can meet the requirements of open network environment.On the one hand,a more active way to detect malicious behaviors,enhances the system's active defense capabilities.On the other hand,by modeling user behavior and dynamically adapting to the changes in user behavior,the problem of user account being maliciously stolen can be effectively solved,thereby reducing the losses to users.The full text of the research is as follows:(1)Put forward scientifically quantitative descripte the user webpage behaviors and extract features from it.After conducting depth research on relevant articles about user's network behavior,it is clear that the individual user's access behavior and access habit in the network is an unique behavior pattern,which can identify a specific user,but the related paper describes the behavior of the user network is not specific.This paper extracts the user's normal and abnormal access behavior feature and form a scientific quantitative description.In addition,according to the principle of maximum relevant and maximum redundancy,maximize the correlation between features and categorical variables,minimizing the correlation between features and features.(2)Put forward using Markov chain algorithm to build user group behavior model.From a macroscopic perspective,when a large number of users browsing the webpage,the jump probabilities of each node in the path can be modeled,and thus the mass user behavior pattern is obtained.Moreover,machine learning algorithms is used to construct individual user behavior models based on the behavioral characteristics of individual users.From the microscopic point of view,each user's personalized behavior is modeled to effectively ensure the safety of each account,the use of machine learning algorithms make the model dynamically adapt to changes in user behavior.(3)Put forward abnormal behavior detection and behavior comparison algorithm.The user's network behavior is compared with the data formed in the backstagefrom the aspects of the access path and the visiting habits to judge whether the behavior is normal or not and the deviation from the normal behavior.In addition,the actual behavior of users in the process of browsing the website also takes into consideration,such as:the impact of back,refresh and other operations.(4)Put forward the method of fuzzy comprehensive evaluation.Considering all kinds of factors synthetically,then,determine the ultimate authorization level and realize the dynamic control of authority.(5)Finally,based on the above method,this paper proposes a Web page access control model based on user behavior.Based on this model,experiments are done to verify the feasibility of the model and the algorithm is encapsulated to implement the prototype system.For users with normal behavior,the value of permission is higher and higher,but not higher than the maximum permissions.For users of violent attacks,the value of permission has been at a low level.When disguised as a normal user,after obtaining a high privilege,then starts to attack the system,it' s authority value will drop sharply.The experimental results show that the web-based access control model based on user behavior can effectively and accurately identify the abnormal access behavior and dynamically adapt to changes in user behavior,thus ensuring the security of the system and improving the effectiveness of access control in protecting important information and resources.
Keywords/Search Tags:information security, access control, network behavior, behavior authentication
PDF Full Text Request
Related items