The Policy Matching Methods Based On Frequent Attribute Item Set Mining

The attribute-based access control model(ABAC)is different from other traditional access control models.It describes the subjects,objects,other entities,and access control policies included in the system through attributes.In recent years,it has received extensive attention from enterprises,academia,standard Organizations and other industries.Nowadays,with the rapid popularization and development of the network,the rapid growth of network services and the number of users makes the ABAC policy database become larger and more complex.As a result,it takes too long for users to obtain the access decision result corresponding to the access request,which leads to the contradiction between users and the actual system.Based on the above background,this paper focuses on the key step in the user access decision-making process which named the policy matching process,and proposes different policy matching methods for actual application scenarios to improve the efficiency of policy matching and alleviate the contradiction between users and actual systems.For a real system application scenario based on ABAC,the attributes contained therein and the range of attribute values corresponding to each attribute can be obtained and determined.In addition,for the actual access requests,there are duplicate or similar requests to match the same or similar policies.Based on this,combined with the characteristics of the ABAC model and the key issue of policy matching efficiency,despite the policy description language restrictions,and starting from mining the relationship between the attributes contained in system,the correlation and frequency of the attributes are measured through the calculation of point mutual information entropy and the method of frequent itemset mining.Based on the results of frequent attribute item set mining,this paper proposed two policy matching methods applicable to different practical systems,namely correlation and frequency mining based policy reordering matching method(CFBR)and correlation and frequency mining based policy grouping matching method(CFBG).Based on the frequent attribute item set mining results and the idea of reordering,combined with the attribute statistics of access requests over a period of time,given the corresponding policy weight calculation and adjustment methods,make the policies that are more relevant to requests in this period of time are reordered in the front position of the policy database,and thus getting the CFBR policy matching method which suitable for an actual system with a high repeat rate of access requests.Based on the frequent attribute item set mining results and the idea of policy similarity measurement and grouping,the corresponding policy similarity calculation method and grouping method are given,so that another CFBG policy matching method suitable for an actual system with a low repetition rate of access requests is obtained.These policy matching methods are not based on complex data structures and are easy to understand and implement.Finally,based on the policy matching framework and two policy matching methods,design and implement the related experiments.The results show that the CFBR and CFBG policy matching methods are superior to the direct matching method in both the policy matching position and policy matching time of the access requests,which can effectively improve the key issues of the policy matching efficiency in the access decision process proposed in this paper.