Summary of the invention
The objective of the invention is to have overcome above-mentioned shortcoming of the prior art, provide a kind of high security that can satisfy the user require, to greatest extent conserve system resources, stable and reliable working performance, the scope of application comparatively widely in the wireless network mobile device realize continuing the authentication joint intrusion method for testing.
In order to realize above-mentioned purpose, mobile device realizes that lasting authentication joint intrusion method for testing is as follows in the wireless network of the present invention:
Mobile device is realized continuing the authentication joint intrusion method for testing in this wireless network, comprises several biological characteristic authentication functions modules that are arranged on the mobile device, and its main feature is that described method may further comprise the steps:
(1) sets up the considerable Markovian decision process system model of part according to continuing authentication process, and determine the information state space of this system model and system information state at each discrete time point;
(2) set up system's accumulation cost model, and according to system resource constrained dispatch strategy system's accumulation cost model is carried out constrained dispatch and handle;
(3) calculate corresponding relation between each information state and the best biological characteristic authentication functions module according to the demand for security restrictive condition of system;
(4) obtain best biological characteristic authentication functions module based on historical information, and the biological characteristic authentication functions module of in authentication process next time, using this to determine;
(5) output information of the biological characteristic authentication functions module of the next time point the best of observation;
(6) come the current information state of update system by the up-to-date output information that observes, and judge the result of authentication according to this information state;
(7) repeat above-mentioned steps (4).
The information state space of determining this system model in this wireless network in the lasting authentication joint intrusion method for testing of mobile device realization and system may further comprise the steps at the information state of each discrete time point:
(11) determine the information state π of this system model according to following formula
k:
π
k(i)=P(X
k=e
i|Y(k)),i=1,2,…,S,
1
S′π=1,0≤π(i)≤1
Wherein, k is a time point, X
kBe the mobile device status at time point k, { e
1, e
2..., e
SBe state space, S is the state sum, e
iFor in the state space be 1 in the position of i, remaining position is 0 single vector, Y (k) is the information that obtains at time point k, Y (k)={ u
1, u
2..., u
k, y
1, y
2..., y
k, u
kBe the selected biological characteristic authentication functions of time point k module, u
k∈ 1,2 ..., L}, y
kFor to biological characteristic authentication functions module u
kObserved result, 1
SBe the one-dimensional vector of state space, 1
S' be its transposed vector;
(12) set up the Markov chain of system model according to following formula:
Wherein, B is the observed result matrix, B (u
k, O
m(u
k))=diag[b
1(u
k, O
m(u
k)) ..., b
S(u
k, O
m(u
k))], diag represents diagonal matrix, b
i(u
k=l, y
k=O
m(l))=P (y
k(u
k)=O
m(u
k) | X
k=e
i, u
k=l), and i=1,2 ..., S, b
i(u
k=l, y
k=O
m(l)) be in e for system mode
iObserve the result at time point k from selected l biological characteristic authentication functions module and be the probability of m, the result that l biological characteristic authentication functions module observes belongs to limited assemble of symbol { O
1(l), O
2(l) ..., O
M1(1) }, wherein | M
l| be l the biological characteristic authentication functions module result's that may observe quantity; A is the state transposed matrix, A=[a
Ij] s * s, a here
Ij=P (X
k=e
j| X
K-1=e
i), i, j ∈ 1 ..., S};
And π
0=[π
0(i)]
S * 1, π here
0(i)=P (X
0=i), i ∈ 1 ..., S};
(13) obtain the information state of each discrete time point according to Markov chain, thereby obtain the information state space of whole system model.
Mobile device realizes that the system's accumulation cost model that continues in the authentication joint intrusion method for testing is in this wireless network:
Wherein, π ∈ P, P are the set of information state.
Mobile device realize to continue according to system resource constrained dispatch strategy system's accumulation cost model is carried out constrained dispatch and handle in the authentication joint intrusion method for testing in this wireless network, may further comprise the steps:
(21) determine transition probability matrix according to following formula
Wherein,
Be the tensor operation symbol, promptly the Crow inner product operation accords with, z
k=Q ' (u
k) z
K-1, z
0=e
1, z
N=e
N+1, z
kBe l the employed number of times of biological characteristic authentication functions module, Q is
And
If u
k≠ 1, I is a unit matrix, and Q ' is the transposed matrix of Q;
(22) determine the Markov chain (X of system extension according to following formula
k, z
k) information state
(23) determine considerable probability matrix according to following formula
(24) according to following formula determined value function
(25) in described system accumulation cost model, use
Replace J
k, use
Replace A,
Replace B.
Mobile device realize to continue the corresponding relation between the biological characteristic authentication functions module that the demand for security restrictive condition according to system in the authentication joint intrusion method for testing calculates each information state and the best in this wireless network, may further comprise the steps:
(31) according to segments theory, it is limited vector set according to following formulate that cost model is accumulated by system:
To all π ∈ P;
Wherein, Γ
kBe a limited S dimensional vector γ
I, k *' set, u
I, k *Biological characteristic authentication functions module for the best;
(32), use off-line Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out pairing vectorial γ according to the set ζ of all biological feature authentication functions module
K, i ζWith relevant biological characteristic authentication functions module u
K, i ζ, *
(33) set of the not affined biological characteristic authentication functions module of basis
, use off-line Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out pairing vector
With relevant not affined biological characteristic authentication functions module
(34) use Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out the pairing vectorial γ of all information state π
K, i ζWith
(35) according to each vectorial γ
K, i ζThe biological characteristic authentication functions module u of pairing the best
K, i ζ, *, obtain all information state π and best biological characteristic authentication functions module u
K, i ζ, *Between corresponding relation, and according to each vector
The not affined biological characteristic authentication functions module of pairing the best
, obtain all information state π and best not affined biological characteristic authentication functions module
Between corresponding relation.
Mobile device realize to continue to obtain optimum biological characteristic authentication functions module based on historical information in the authentication joint intrusion method for testing in this wireless network, may further comprise the steps:
(41) determine the evaluated error quadratic constraints equation of demand for security restrictive condition according to following formula:
Wherein, ζ
cBe the set of affined biological characteristic authentication functions module, and
;
(42) if the current information state π (k) of system model satisfies above constraint equation, then, obtain the biological characteristic authentication functions module u of corresponding optimum according to the current information state π (k) of system model by the corresponding relation between the biological characteristic authentication functions module of each information state and the best
K, i ζ, *
(43) if the discontented constraint equation that is enough to of the current information state π (k) of system model, then, obtain the not affined biological characteristic authentication functions module of corresponding optimum according to the current information state π (k) of system model by the corresponding relation between the not affined biological characteristic authentication functions module of each information state and the best
Mobile device realizes that the biological characteristic authentication functions module that continues in the authentication joint intrusion method for testing is a biology sensor in this wireless network.
Adopted in the wireless network of this invention mobile device to realize continuing the authentication joint intrusion method for testing, because it is mainly based on the lasting authentication of biological characteristic, therefore the lasting authentication in the wireless network can be expressed as the selection problem of biology sensor, by lasting authentication problem being established as an objective Markovian decision process model of part, and intrusion detection and responding system concured together, re-authenticating is an important respond style, this is invaded initiation, after re-authenticating process, have only a believable user can continue to use Internet resources, jeopardize safe user simultaneously and will be excluded out network, this system is established as an objective Markovian decision process model of part, and the stealthy Markov model dispatching algorithm of using Dynamic Programming obtains best scheduling strategy, whether decision will select biology sensor, and select which kind of biology sensor, so that the best performanceization of system, thereby obtain best lasting authentication policy, not only can improve the fail safe of mobile device greatly, satisfy the user's request very high to the mobile device security requirement, and can best control whether carry out and re-authenticate, and select which biology sensor to carry out authentication, thereby MIN using system resource; Can best control whether activate intruding detection system simultaneously, thus MIN using system resource; And intruding detection system and lasting authentication can share information each other mutually, and the restriction that security of system requires and the restriction of resource can be guaranteed, have saved the cost of system's operation; The stable and reliable working performance of while this method, the scope of application is comparatively extensive, for the further developing of information security technology of mobile device in the wireless network established solid foundation.
Embodiment
In order more to be expressly understood technology contents of the present invention, describe in detail especially exemplified by following examples.
See also shown in Figure 2, mobile device realizes continuing the authentication joint intrusion method for testing in this wireless network, comprise several biological characteristic authentication functions modules that are arranged on the mobile device, this biological characteristic authentication functions module can be biology sensor, can certainly adopt other to have the device of physical characteristics collecting and authentication functions, wherein, described method may further comprise the steps:
(1) set up the considerable Markovian decision process system model of part according to continuing authentication process, and determine that the information state space of this system model and system at the information state of each discrete time point, may further comprise the steps:
(a) determine the information state π of this system model according to following formula
k:
π
k(i)=P(X
k=e
i|Y(k)),i=1,2,…,S,
1
S′π=1,0≤π(i)≤1
Wherein, k is a time point, X
kBe the mobile device status at time point k, { e
1, e
2..., e
SBe state space, S is the state sum, e
iFor in the state space be 1 in the position of i, remaining position is 0 single vector, Y (k) is the information that obtains at time point k, Y (k)={ u
1, u
2..., u
k, y
1, y
2..., y
k, u
kBe the selected biological characteristic authentication functions of time point k module, u
k∈ 1,2 ..., L}, y
kFor to biological characteristic authentication functions module u
kObserved result, 1
SBe the one-dimensional vector of state space, 1
S' be its transposed vector;
(b) set up the Markov chain of system model according to following formula:
Wherein, B is the observed result matrix, B (u
k, O
m(u
k))=diag[b
1(u
k, O
m(u
k)) ..., b
S(u
k, O
m(u
k))], diag represents diagonal matrix, b
i(u
k=l, y
k=O
m(l))=P (y
k(u
k)=O
m(u
k) | X
k=e
i, u
k=l), and i=1,2 ..., S is for system mode is in e
iObserve the result at time point k from selected l biological characteristic authentication functions module and be the probability of m, the result that l biological characteristic authentication functions module observes belongs to limited assemble of symbol { O
1(l), O
2(l) ..., O
Ml(l) }, wherein | M
l| be l the biological characteristic authentication functions module result's that may observe quantity; A is the state transposed matrix, A=[a
Ij] s * s, α here
Ij=P (X
k=e
j| X
K-1=e
i), i, j ∈ 1 ..., S}; And π
0=[π
0(i)]
S * 1, π here
0(i)=P (X
0=i), i ∈ 1 ..., S};
(c) obtain the information state of each discrete time point according to Markov chain, thereby obtain the information state space of whole system model;
(2) set up system's accumulation cost model, and according to system resource constrained dispatch strategy system's cumulative cost model is carried out constrained dispatch and handle; This system's accumulation cost model is:
Wherein, π ∈ P, P are the set of information state;
Describedly according to system resource constrained dispatch strategy system's cumulative cost model is carried out constrained dispatch and handles, may further comprise the steps:
(a) determine transition probability matrix according to following formula
Wherein, _ be the tensor operation symbol, promptly the Crow inner product operation accords with, z
k=Q ' (u
k) z
K-1, z
0=e
1, z
N=e
N+1, z
KBe l the employed number of times of biological characteristic authentication functions module, Q is
And
If u
k≠ 1, I is a unit matrix, and Q ' is the transposed matrix of Q;
(b) determine the Markov chain (X of system extension according to following formula
k, z
k) information state
(c) determine considerable probability matrix according to following formula
(d) according to following formula determined value function
(e) in described system accumulation cost model, use
Replace J
k, use
Replace A,
Replace B;
(3) calculate corresponding relation between each information state and the best biological characteristic authentication functions module according to the demand for security restrictive condition of system; May further comprise the steps:
(a) according to segments theory, it is limited vector set according to following formulate that cost model is accumulated by system:
To all π ∈ P;
Wherein, Γ
kBe a limited S dimensional vector γ
I, k *' set, u
I, k *Biological characteristic authentication functions module for the best;
(b), use off-line Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out pairing vectorial γ according to the set ζ of all biological feature authentication functions module
K, i ζWith relevant biological characteristic authentication functions module u
K, i ζ, *
(c) set of the not affined biological characteristic authentication functions module of basis
, use off-line Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out pairing vector
With relevant not affined biological characteristic authentication functions module
(d) use Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out the pairing vectorial γ of all information state π
K, i ζWith
(e) according to each vectorial γ
K, i ζThe biological characteristic authentication functions module u of pairing the best
K, i ζ, *, obtain all information state π and best biological characteristic authentication functions module u
K, i ζ, *Between corresponding relation, and according to each vector
The not affined biological characteristic authentication functions module of pairing the best
, obtain all information state π and best not affined biological characteristic authentication functions module
Between corresponding relation;
(4) obtain best biological characteristic authentication functions module based on historical information, and the biological characteristic authentication functions module of in authentication process next time, using this to determine; Should obtain optimum biological characteristic authentication functions module based on historical information, may further comprise the steps:
(a) determine the evaluated error quadratic constraints equation of demand for security restrictive condition according to following formula:
Wherein, ζ
cBe the set of affined biological characteristic authentication functions module, and
;
(b) if the current information state π (k) of system model satisfies above constraint equation, then, obtain the biological characteristic authentication functions module u of corresponding optimum according to the current information state π (k) of system model by the corresponding relation between the biological characteristic authentication functions module of each information state and the best
K, i ζ, *
(c) if the discontented constraint equation that is enough to of the current information state π (k) of system model, then, obtain the not affined biological characteristic authentication functions module of corresponding optimum according to the current information state π (k) of system model by the corresponding relation between the not affined biological characteristic authentication functions module of each information state and the best
(5) output information of the biological characteristic authentication functions module of the next time point the best of observation;
(6) come the current information state of update system by the up-to-date output information that observes, and judge the result of authentication according to this information state;
(7) repeat above-mentioned steps (4).
In the middle of practical application, method of the present invention relates to the security management field of mobile device, uses lasting authentication based on the multi-model human body biological characteristics as the first road barrier of mobile device to user rs authentication, uses intrusion detection and protects as the second layer.These two kinds of methods are to replenish mutually.
At first set up the system model of the inventive method:
This system can be modeled as one time-discrete, { Xk}, wherein k represents the discrete time point to the single order Markov chain of two states (safety and dangerous).Time shaft is divided into the time interval that time span equates, this time interval is exactly two times between the operation.The operation of system comprises intrusion detection and authentication.The length of time slot depends on demand for security and system environments.For example, if the environment that system is used for being absolutely unsafe, the ratio that the time interval will be divided is in that to be used for security context shorter, and the system mode in that time is X
k, state space is { e
1, e
2.Here e
iRepresenting two-dimentional unit vector, is 1 in the position of i, and remaining position is 0.The transition probability matrix A of 2 * 2 dimensions is defined as:
A=[a
Ij] 2 * 2, a wherein
Ij=P (X
k=e
j| X
K-1=e
i), i, j ∈ 1,2}
In this model, if intrusion detection surveillance continuously, it will be moved at all time points.Simultaneously, on each time point, re-authenticate also and can be activated.But invasion and authentication will consume a large amount of system resource, and as the power of battery, this is important problem in the wireless terminal device.Therefore, consider the restriction of the demand and the resource of system safety, the scheduling of optimizing intrusion detection and continuous authentication at each time point is very worth.
Suppose that continuous right discriminating system has a plurality of biology sensors, and can collect a plurality of biological characteristics.Intrusion detection and can be conceptualized as the considerable Markovian decision process model of part of two states based on the problem that the lasting authentication of biological characteristic combines.In this model, there are several transducers to be used for continuous authentication, also there is plurality of sensors to be used for intrusion detection.Add up to L transducer in the system.In order to simplify foregoing description, we suppose can select on each time point a transducer (can be re-authenticate also can be system for monitoring intrusion).Attention: it will directly be summarised as each time point and extract
The model of individual transducer (wherein
)。Like this, intruding detection system and re-authenticate and to move simultaneously.u
k∈ 1 ..., L} is illustrated in the biology sensor that time point k selects, and y
k(u
k) represent the observed result of this biology sensor.The result that l biology sensor observes belongs to a limited assemble of symbol { O
1(l), O
2(l) ..., O
Ml(l) }, | M
l| represent the result's that l biology sensor may observe quantity.When the state of system is e
i, what select at time point k is l biology sensor, from the following expression of probability that is m of l biology sensor observed result:
b
i(u
k=l,y
k=O
m(l))=P(y
k(u
k)=O
m(u
k)|X
k=e
i,u
k=l),i=1,2
Definition observed result matrix is:
B(u
k,O
m(u
k))=diag[b
1(u
k,O
m(u
k)),...,b
S(u
k,O
m(u
k))] ……(1)
Like this, at the given state of Markov chain, time point kk selects biology sensor u
ku
kObserved result is that the probability of mm is available.The observed result that obtains from biology sensor may be " safety ", " dangerous ", and " non-existent " be not when having transducer to be used.The observed result matrix of intruding detection system can be expressed as:
State that it should be noted that system is directly to be observed, so the Markov model of the state of system for hiding.
Use relevant cost that the energy consumption of the assessment of calculating is arranged with biology sensor, and wrong authentication or intrusion detection acquisition and the information that causes are stolen etc.
To solve by the considerable Markovian decision process of part below and continue the authentication problem.
Because the considerable Markovian decision process of part can be used for optimized dispatching intrusion detection and continuous authentication process at each time point with relevant algorithm.Use this theory, depend on system safety demand and system resource constraints reducing resulting cost to greatest extent.
(1) information state
Information state is an important notion in the considerable Markovian decision process of part.Thereby the probability distribution of state is used as an information state and whole probability space (one group of all possible probability distribution) is used as information space.Any one information state all is enough to the feature of history, and that just means the biology sensor (optimum operation for example, intrusion detection or re-authenticate) that just can select a best based on an information state.Information state π
kExpression.K express time point wherein.Because historical information comprises intrusion detection and continuous authentication, these two processes can be shared information each other, so system can both enough obtain better validity.
In our mobile system, two states are arranged, element π
kBe defined as:
π
k(i)=P(X
k=e
i|Y
k),i=1,2,π
k(1)+π
k(2)=1,0≤π
k(1),π
k(2)≤1 ......(3)
Wherein, Y
k={ u
1, u
2..., u
k, y
1, y
2..., y
k, it is illustrated in k obtainable information constantly.For information state importantly, each state transition merges becomes historical information, and it is easy to upgrade, and sees also following formula (4):
The initial probability tables of the vector of Markov chain is shown:
π
0=[π
0(1), π
0(2)] ', π wherein
0(i)=P (X
0=i), i ∈ 1,2}
By using the contact between information state and the system mode, just can be based at certain set time information state, rather than definite system mode is selected a biology sensor.
(2) biology sensor scheduling framework
According to top information, the scheduling process of biology sensor can simply be summarized as for three steps, saw also shown in Figure 2.
A) scheduling---based on information state π
kFind the biology sensor u of an optimum
K+1, this biology sensor can be used in authentication next time;
B) observed result---the next output y of best biology sensor constantly of observation
K+1(u
K+1);
C) upgrade---by using nearest observed result Y
K+1Come lastest imformation state π
K+1
(3) cost definition
At k constantly, based on historical information Y
k(u
k), select biology sensor u
K+1=l then at k moment cost constantly is:
Here, a
k(l), l=1,2 ..., L is positive weight, and D is the mould of a quantification, and " ‖ ‖ " is modulo operation.In this method, select D=l
2Part 1 is represented owing to select transducer scheduling u
1..., u
kThe mean square error of state estimation.In the authentication based on biological characteristic, the state estimation mistake is closely related with the reject rate (FRR) of mistake and wrong receptance (FAR).Part 2 represents that the state when system is X
kThe time, use biology sensor u
K+1The time instantaneous cost.In wireless terminal device, we think that cost is exactly the loss of battery, leakage of information or the like.There are many methods can be used for instant cost of balance and standing cost.Here only consider the following discount cost of expectation.Can be expressed as from the discrete accumulation cost of time point 1 to N:
For the discount cost of endless range, value at cost can be expressed as:
Wherein, E{} represents mathematical expectation, and constraint 0≤β<1 guarantees that mathematical expectation is limited.What need here to do is exactly by selecting best biology sensor scheduling (optimal policy), minimizing the discount cost.
Top accumulation cost can be expressed as:
Here u
K+1=u
K+1(π
k)
C
N(π
N)=a
Ng′(π
N)π
N,C
k(π
k,u
k+1)=a
k(u
k+1)g′(π
k)π
k+c
k′(u
k+1)π
k,k∈{0,…,N-1}......(8)
In the superincumbent equation, g (π
k) expression 2 dimension estimation variance vectors:
g(π
k)=[‖e
1-π
k‖
D,‖e
2-π
k‖
D]′ ......(9)
(4) solve the biology sensor scheduling problem
A) Dynamic Programming
For effective calculation equation (6), will use Dynamic Programming to come the calculating optimum strategy here.In other words, this equation of 0 direction calculating from the time T to time.The functional value of equation (7) can be write as:
J
N(π)=C
N(π)
And for k=N-1, N-2 ..., 0, have:
According to segments theory, functional value can be expressed as a limited vector set again:
For all π ∈ P ... (11)
Γ wherein
kBe 2 limited dimensional vector γ
I, k' set.
B) piecewise linear calculating
In this problem, from equation (8):
C
k(π
k,u
k+1)=a
k(u
k+1)g′(π
k)π
k+c
k′(u
k+1)π
k
Can get: g ' (π) π is l
2The mould evaluated error, it is not the linear function of π.This makes that the considerable Markovian decision process problem of part of this problem and standard is different.According to list of references:
V.Krishnamurthy,“Algorithms?for?Optimal?Scheduling?and?Management?of?Hidden?MarkovModel?Sensors,”IEEE?Trans.Signal?Proc.,vol.50,no.6,pp.1382-1397,June?2002,
Wherein draw, this evaluated error can be approximately the piecewise linearity value without exception:
Wherein, R represents to be used for the number of 2 dimensional vectors of approximate evaluation error.Use this approximation, our biology sensor scheduling problem is converted into the considerable Markovian decision process problem of part of a standard.All can both be used to solve problem of the present invention with the algorithm that solves the considerable Markovian decision process of standard part.
The value of quadratic equation is the curve of projection, describes to some extent in the above referred-to references.The coboundary approximation of positive tangent can be used for representing approximate evaluation error in the model of the present invention.
C) optimal algorithm
The algorithm that the considerable Markovian decision process of the narrow part of many solutions is arranged, Sondik algorithm for example, asymptotic pruning algorithm, Cheng Shi is linear to support algorithm, and the witness algorithm.Being presented in detail of these algorithms: A.R.Cassandra below with reference to describing in the document, and " Tony ' s POMDP Webpage, " [Online] .Available:
http://www.cs.brown.edu/researcb/ai/pomdp/index.html.
They have identical basic framework, the different mode differences of just calculating single dynamic routine step.The code of the asymptotic pruning algorithm in the above list of references will be modified and use in example of the present invention.The solution of the considerable Markovian decision process of part can be by the best action of one group of vector sum expression together, and functional value can be written as:
To all π ∈ P..... (13)
As can be seen, the biology sensor of each vectorial γ and a best interrelates from this equation.Therefore can solve problem of the present invention by two steps:
The first step: operation off-line Dynamic Programming: use best biology sensor u
K, i *Calculate with the considerable Markovian decision process algorithm of part
Wherein i ∈ 1,2 ..., | Γ
k|.
Second step: Real-Time Scheduling: for special information state π (k) finds a Γ by above-mentioned formula (11)
k,, so just can select the biology sensor an of the best because each vector all interrelates with the biology sensor of the best.
D) dispatching algorithm of demand for security restriction
Different mobile systems has different security needs.To these systems, guarantee that FRR and the satisfied of FAR are necessary.In formula of the present invention, the evaluated error of security needs restriction and system safety state is directly related.If evaluated error produces because of some transducer surpasses threshold threshold, will select other the more transducer of high precision that has so.Here the present invention only considers the constraint (short-term constraint) rather than the global restriction (long-term constraint) of local time.Evaluated error is designated as our desired evaluated error.Target of the present invention is by the constraint of expectation evaluated error quadratic equation, and biology sensor consumption is minimized.Just be defined as:
Make:
Here, ζ
cRepresent affined one group of biology sensor.
Represent not affined one group of transducer, and
Therefore, solution security needs restricted problem step is as follows:
● move the off-line Dynamic Programming with the ζ set that activates: this planning of ζ set operation with activating obtains vectorial γ
K, i ζWith relevant optimum biology sensor u
K, i ζ, *
● with what activate
Set operation off-line Dynamic Programming: with what activate
This planning of set operation obtains vector
With relevant optimum biology sensor
● operation Real-Time Scheduling: find γ under the special information state π (k) by above-mentioned formula (11)
K, i ζWith
● if π (k) satisfies formula (15), so with vectorial γ
K, i ζRelevant transducer u
K, i ζ, *With selected, otherwise, select and vector
Relevant transducer
Replace.
E) system resource constrained dispatch algorithm
Authentication and intrusion detection all can consume a large amount of system resource continuously.Therefore, the specific employed number of times of transducer is conditional.Briefly, the present invention supposes only on use transducer 1 constraint is arranged herein: under N dimension problem, transducer 1 only can use at most with N1 time.
Suppose
Expression N
1The unit vector value of+1 dimension, f here
iOn i position, take place 1 time.We use z
kRepresent the number of times that transducer 1 is used.Allow z
kEqual to have state space S
1N
1The Markov chain of+1 attitude.If transducer has been used i-1 time, z so
k=f
iz
kDynamic is as described below:
If transducer 1 is used (i.e., u
k=1), z then
kJump to f
I+1State.If that operation is other transducer, then z
kRemain unchanged.Here can dynamically represent z with the Markov chain of determining
k, that is:
z
k=Q′(u
k)z
k-1,z
0=e
1,z
N=e
N+1 ......(16)
In order to use aforementioned formula (10) to obtain optimum and scheduling strategy that be subjected to resource constraint, the present invention has done following corresponding adjustment transposing.The Markov chain of supposing expansion is (X
k, z
k), and transition probability matrix is
(X then
k, z
k) information state be
Considerable probability matrix is simultaneously:
Wherein, _ expression tensor (Crow inner product).Like this, according to the stealthy markov filter of standard, the information state of expansion
From A, B develops into
Value function is defined as:
Here use now
Replace J
k, use
Replace A,
Replace B, find the solution above-mentionedly value function by aforementioned formula (10).
Like this.The present invention is finally in the selection that guarantees to have realized under the MIN prerequisite of utilizing resource optimum transducer, just Zui Jia carrying out lasting authentication and intrusion detection make up.
Adopted the lasting authentication joint intrusion method for testing of mobile device realization in the above-mentioned wireless network, because it is mainly based on the lasting authentication of biological characteristic, therefore the lasting authentication in the wireless network can be expressed as the selection problem of biology sensor, by lasting authentication problem being established as an objective Markovian decision process model of part, and intrusion detection and responding system concured together, re-authenticating is an important respond style, this is invaded initiation, after re-authenticating process, have only a believable user can continue to use Internet resources, jeopardize safe user simultaneously and will be excluded out network, this system is established as an objective Markovian decision process model of part, and the stealthy Markov model dispatching algorithm of using Dynamic Programming obtains best scheduling strategy, whether decision will select biology sensor, and select which kind of biology sensor, so that the best performanceization of system, thereby obtain best lasting authentication policy, not only can improve the fail safe of mobile device greatly, satisfy the user's request very high to the mobile device security requirement, and can best control whether carry out and re-authenticate, and select which biology sensor to carry out authentication, thereby MIN using system resource; Can best control whether activate intruding detection system simultaneously, thus MIN using system resource; And intruding detection system and lasting authentication can share information each other mutually, and the restriction that security of system requires and the restriction of resource can be guaranteed, have saved the cost of system's operation; The stable and reliable working performance of while this method, the scope of application is comparatively extensive, for the further developing of information security technology of mobile device in the wireless network established solid foundation.
In this specification, the present invention is described with reference to its certain embodiments.But, still can make various modifications and conversion obviously and not deviate from the spirit and scope of the present invention.Therefore, specification and accompanying drawing are regarded in an illustrative, rather than a restrictive.