| The access control technology is an important technical means to protect the internal data of an enterprise organization,but the current mainstream access control methods have the problem of continuous monitoring of users and the lack of fine-grained access control management considering the characteristics of privacy-sensitive data.In view of the above problems,this paper combines the attribute characteristics of the subject and object objects of access control and the concept of zero trust security,introduces insider threat detection technology and named entity recognition technology,and proposes an improved dynamic allocation of permissions and fine-grained management of access objects.An access control method is provided,and it is verified that the method can effectively implement dynamic and fine-grained access control so as to improve the security of the system.The main research work of this paper is as follows:(1)Aiming at the requirement of continuous monitoring of users,a user abnormal behavior detection model based on user historical behavior and attention mechanism is proposed.The model first uses the long-shortterm memory network to perform deep feature extraction on the user’s daily behavior sequence data,and then uses the attention mechanism to fuse the user’s historical behavior data containing the user’s behavior habit information with the user’s behavior sequence features.The time memory network completes the construction of the user behavior habit model.At the same time,the detection effect is verified on the CERT dataset and compared with the current mainstream models,the AUC values are increased by 3.1%and 6.3%respectively.(2)Aiming at the problem that the privacy content of data objects is difficult to identify,a privacy data recognition model based on word embedding is proposed.The model uses the Bert pre-training model for character-level embedding,and uses the Soft Lexicon method to embed latent word information to improve the model’s ability to recognize entity word boundaries.Finally,experiments are carried out on the dataset of"Privacy Information Recognition Competition in Unstructured Commercial Text Information".Compared with the current mainstream model,the F1 value of the model’s best recognition effect is increased by 4.2%and 1.8%,respectively.At the same time,the same group of experiments were also carried out on the artificially constructed privacy data set.Compared with the current mainstream model,the F1 value of the best recognition effect of the model was increased by 3.9%and 1.1%respectively.(3)Based on the first two points,a dual-role access control model based on multi-attribute features and zero trust is proposed.The model uses abnormal user behavior detection to set dynamic role levels,and uses privacy data recognition model and existing research results in the laboratory to assign privacy-sensitive attributes to data objects,so as to realize dynamic permission allocation based on user behavior and finegrained access based on data privacy-sensitive attributes.management,and then mitigate the role explosion problem by setting static roles.Finally,it is verified by simulation experiments that the model can effectively carry out continuous monitoring of authorized users and fine-grained data access management.Finally,based on the research content of the third,fourth and fifth chapters,a dual-role access control prototype system is constructed.Provides a visual operation interface for system administrators to perform role assignment,permission assignment,and user abnormal behavior audit. |
