CN101488855B - Method for implementing continuous authentication joint intrusion detection by mobile equipment in wireless network - Google Patents

Method for implementing continuous authentication joint intrusion detection by mobile equipment in wireless network Download PDF

Info

Publication number
CN101488855B
CN101488855B CN2008100327272A CN200810032727A CN101488855B CN 101488855 B CN101488855 B CN 101488855B CN 2008100327272 A CN2008100327272 A CN 2008100327272A CN 200810032727 A CN200810032727 A CN 200810032727A CN 101488855 B CN101488855 B CN 101488855B
Authority
CN
China
Prior art keywords
biological characteristic
functions module
authentication functions
information state
characteristic authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2008100327272A
Other languages
Chinese (zh)
Other versions
CN101488855A (en
Inventor
于非
张霞
杨金峰
张鑫
宁涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Spreadtrum Communications Shanghai Co Ltd
Original Assignee
Shanghai Mobilepeak Semiconductor Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Mobilepeak Semiconductor Co Ltd filed Critical Shanghai Mobilepeak Semiconductor Co Ltd
Priority to CN2008100327272A priority Critical patent/CN101488855B/en
Publication of CN101488855A publication Critical patent/CN101488855A/en
Application granted granted Critical
Publication of CN101488855B publication Critical patent/CN101488855B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention relates to a method for mobile apparatus implementing continuous authentication combined intrusion detection in wireless network, the method comprises: building a Markovian decision process model and determining the information state space and the information state of the discrete time point; building an accumulation cost model and performing restriction scheduling according to the system resource restriction scheduling strategy; calculating the corresponding relationship between the information state and the optimum biology characteristic authentication function module; obtaining the optimum biology characteristic authentication function module and scheduling the next time authentication based on the historical information; observing the next time point output information; updating the information state and judging the authentication result. According to the method of the invention, the performance can be optimized, the safety of the mobile apparatus can be improved, the user requirement with high safety can be satisfied, the system resource and the operation cost can be saved, the working performance is stabilized and reliable, the method has wide application range and establishes the hardness foundation for the further development of the information safety technology.

Description

Mobile device realizes continuing the authentication joint intrusion method for testing in the wireless network
Technical field
The present invention relates to the mobile communication system information security field, particularly mobile device information security management technical field in the mobile communication system is meant that specifically mobile device realizes continuing the authentication joint intrusion method for testing in a kind of wireless network.
Background technology
Authentication is used for discerning user identity, can use one or more RMs: password for example, token, and user's biological characteristic, biological characteristic is divided into static biological characteristic and dynamic biological feature again, fingerprint for example, and retinas etc. belong to static biological characteristic, and countenance, limb actions etc. belong to the dynamic biological feature.The password authentication is fairly simple and is easy to use, because not directly association between password and the user itself, so can not determine that input password person is exactly user itself.Token also is the same reason.These two kinds of RM ratios are easier to lose and be decrypted in addition.Biological characteristic is the RM that unique user and importer have direct correlation.In common communication system, no matter be the authentication that network carries out mobile device, or the at present the most widely used still password authentication of authentication that mobile device carries out the user, also some has also used biological characteristic to carry out authentication to the high high-end mobile device of security requirement.
Because biological characteristic has the most direct the contact with the user who is differentiated, so be can prove user identity.But each biological characteristic has oneself strong point and shortcoming again.Because the difference of applied environment is so can not determine that it is best which kind of biological characteristic is used to discern identity.The biological characteristic of single-mode must be faced many challenges, such as the noise in remotely-sensed data, and the variation of type itself, acquaintance between the type or the like.This problem can be used multiple biological characteristic integration technology.Multiple biological characteristic integration technology provides the most reliable RM.In certain environment, can utilize the advantage of certain single creature feature to compensate the shortcoming of another one biological characteristic.In addition, the subclass that the biological characteristic that can also selection user at random provides is concentrated better guarantees fail safe.
Along with the use of multi-biological characteristic integration technology more and more widely, this technology is also in continuous improve.The operational mode of present this technology mainly contains serial mode, parallel port mode, hierarchical schema.In the serial operational mode, the output of a biological characteristic can only be used once.Therefore do not need multiple biological characteristic at synchronization, and just can determine to use which biological characteristic before can being received at all biological characteristics.In the operational mode of parallel port, need multiple biological characteristic at synchronization.Multi-level operational mode is fit to the system that a lot of living things feature recognitions of use are discerned.
Present most mobile device all is to carry out authentication when the user enters into mobile device one time to user's identification, if the user just thinks that time the inside after this all is safe after entering into mobile device.But sometimes such protection still is not enough, and very important data or privacy are arranged in the mobile device, and forgets and close mobile device.Such as the mobile device that the staff of national security agency uses, stored or the like the user very high in the mobile device to security requirement.Thereby need the corresponding algorithm that continues authentication and lasting authentication, can satisfy this demand like this very high user of security requirement.
Only continue in the system of authentication owing to various reasons always have many shortcomings, it can not eliminate invasion.In order to address this problem, intruding detection system is used as second layer protection wall, and it can effectively help to differentiate the behavior of malice.That intrusion detection continues or supervisory control system periodically initiatively, with the normal appearance of preserving or attack signaling relatively they, initiate suitable response then.Re-authenticating is the important respond style that invaded detection system is initiated.After re-authenticating process, have only a believable user can continue to use this resource apparatus, will be rejected as an outsider and jeopardize safe user.
Lasting or periodic monitoring initiatively behavior at present, with the signature of normal configuration of storing or attack come comparison they, and start appropriate responsive.Basically, intruding detection system can be divided into based on network and Host Based.Host Based intruding detection system, its dependence are arranged in the user of main frame or the data that program produces, and are fit to wireless terminal device.
The error rate (CER) of intersecting usually is used to provide the measurement baseline of an intruding detection system, and its description sees also shown in Figure 1.Wherein, false positive rate (FPR) is the frequency of the mistake of invasion report malicious act, and false negative ratio (FNR) is when malicious act takes place, and invasion does not have to rise to the frequency of a warning.FPR that selects and the value of FNR are based on the requirement of the fail safe of system.In figure one, we can find out that it is one and reasonably imitates an invasion as noise transducer, the state that it can detection system safety (safety or threaten).The accuracy of noise transducer is fixed against the value of the FPR and the FNR of invasion.
Although done a lot of research work for lasting authentication and intrusion detection, but in research work before, all study respectively, and can't in conjunction with and be applied in the wireless terminal device, and both information separately can't realize sharing each other, thereby these two processes just can't join together to obtain better validity like this.
Summary of the invention
The objective of the invention is to have overcome above-mentioned shortcoming of the prior art, provide a kind of high security that can satisfy the user require, to greatest extent conserve system resources, stable and reliable working performance, the scope of application comparatively widely in the wireless network mobile device realize continuing the authentication joint intrusion method for testing.
In order to realize above-mentioned purpose, mobile device realizes that lasting authentication joint intrusion method for testing is as follows in the wireless network of the present invention:
Mobile device is realized continuing the authentication joint intrusion method for testing in this wireless network, comprises several biological characteristic authentication functions modules that are arranged on the mobile device, and its main feature is that described method may further comprise the steps:
(1) sets up the considerable Markovian decision process system model of part according to continuing authentication process, and determine the information state space of this system model and system information state at each discrete time point;
(2) set up system's accumulation cost model, and according to system resource constrained dispatch strategy system's accumulation cost model is carried out constrained dispatch and handle;
(3) calculate corresponding relation between each information state and the best biological characteristic authentication functions module according to the demand for security restrictive condition of system;
(4) obtain best biological characteristic authentication functions module based on historical information, and the biological characteristic authentication functions module of in authentication process next time, using this to determine;
(5) output information of the biological characteristic authentication functions module of the next time point the best of observation;
(6) come the current information state of update system by the up-to-date output information that observes, and judge the result of authentication according to this information state;
(7) repeat above-mentioned steps (4).
The information state space of determining this system model in this wireless network in the lasting authentication joint intrusion method for testing of mobile device realization and system may further comprise the steps at the information state of each discrete time point:
(11) determine the information state π of this system model according to following formula k:
π k(i)=P(X k=e i|Y(k)),i=1,2,…,S,
1 S′π=1,0≤π(i)≤1
Wherein, k is a time point, X kBe the mobile device status at time point k, { e 1, e 2..., e SBe state space, S is the state sum, e iFor in the state space be 1 in the position of i, remaining position is 0 single vector, Y (k) is the information that obtains at time point k, Y (k)={ u 1, u 2..., u k, y 1, y 2..., y k, u kBe the selected biological characteristic authentication functions of time point k module, u k∈ 1,2 ..., L}, y kFor to biological characteristic authentication functions module u kObserved result, 1 SBe the one-dimensional vector of state space, 1 S' be its transposed vector;
(12) set up the Markov chain of system model according to following formula:
π k + 1 = B ( u k + 1 , y k + 1 ( u k + 1 ) ) A ′ π k 1 S ′ B ( u k + 1 , y k + 1 ( u k + 1 ) ) A ′ π k ,
Wherein, B is the observed result matrix, B (u k, O m(u k))=diag[b 1(u k, O m(u k)) ..., b S(u k, O m(u k))], diag represents diagonal matrix, b i(u k=l, y k=O m(l))=P (y k(u k)=O m(u k) | X k=e i, u k=l), and i=1,2 ..., S, b i(u k=l, y k=O m(l)) be in e for system mode iObserve the result at time point k from selected l biological characteristic authentication functions module and be the probability of m, the result that l biological characteristic authentication functions module observes belongs to limited assemble of symbol { O 1(l), O 2(l) ..., O M1(1) }, wherein | M l| be l the biological characteristic authentication functions module result's that may observe quantity; A is the state transposed matrix, A=[a Ij] s * s, a here Ij=P (X k=e j| X K-1=e i), i, j ∈ 1 ..., S};
And π 0=[π 0(i)] S * 1, π here 0(i)=P (X 0=i), i ∈ 1 ..., S};
(13) obtain the information state of each discrete time point according to Markov chain, thereby obtain the information state space of whole system model.
Mobile device realizes that the system's accumulation cost model that continues in the authentication joint intrusion method for testing is in this wireless network:
J k ( π ) = min u k + 1 ∈ { 1 , . . , L } [ C k ( π , u k + 1 ) + Σ m = 1 M u k + 1 J k + 1 ( B ( u k + 1 , O m ( u k + 1 ) ) A ′ π 1 S ′ B ( u k + 1 , O m ( u k + 1 ) ) A ′ π ) × 1 S ′ B ( u k + 1 , O m ( u k + 1 ) ) A ′ π ]
Wherein, π ∈ P, P are the set of information state.
Mobile device realize to continue according to system resource constrained dispatch strategy system's accumulation cost model is carried out constrained dispatch and handle in the authentication joint intrusion method for testing in this wireless network, may further comprise the steps:
(21) determine transition probability matrix according to following formula
Figure S2008100327272D00042
A ‾ = A ⊗ Q ,
Wherein,
Figure DEST_PATH_GSB00000343048400024
Be the tensor operation symbol, promptly the Crow inner product operation accords with, z k=Q ' (u k) z K-1, z 0=e 1, z N=e N+1, z kBe l the employed number of times of biological characteristic authentication functions module, Q is Q ( u k = 1 ) = 0 1 0 . . . 0 0 0 1 . . . 0 . . . . . . . . 1 . . . . 0 0 0 . . . 1 , And Q ( u k ) = I ( N 1 + 1 ) × ( N 1 + 1 ) , If u k≠ 1, I is a unit matrix, and Q ' is the transposed matrix of Q;
(22) determine the Markov chain (X of system extension according to following formula k, z k) information state
Figure S2008100327272D00046
π ‾ = π k ⊗ z k ,
(23) determine considerable probability matrix according to following formula
Figure S2008100327272D00048
B ‾ ( u , O m ( u ) ) = B ( u , O m ( u ) ) ⊗ I N + 1 ;
(24) according to following formula determined value function
J ‾ k = J k ( π , z ) , π ‾ = π ⊗ z ;
(25) in described system accumulation cost model, use
Figure S2008100327272D000412
Replace J k, use
Figure S2008100327272D000413
Replace A,
Figure S2008100327272D000414
Replace B.
Mobile device realize to continue the corresponding relation between the biological characteristic authentication functions module that the demand for security restrictive condition according to system in the authentication joint intrusion method for testing calculates each information state and the best in this wireless network, may further comprise the steps:
(31) according to segments theory, it is limited vector set according to following formulate that cost model is accumulated by system:
J k ( π ) = min i ∈ Γ k γ i , k * ′ ( u i , k * ) π , To all π ∈ P;
Wherein, Γ kBe a limited S dimensional vector γ I, k *' set, u I, k *Biological characteristic authentication functions module for the best;
(32), use off-line Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out pairing vectorial γ according to the set ζ of all biological feature authentication functions module K, i ζWith relevant biological characteristic authentication functions module u K, i ζ, *
(33) set of the not affined biological characteristic authentication functions module of basis
Figure S2008100327272D00051
, use off-line Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out pairing vector With relevant not affined biological characteristic authentication functions module
Figure S2008100327272D00053
(34) use Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out the pairing vectorial γ of all information state π K, i ζWith
(35) according to each vectorial γ K, i ζThe biological characteristic authentication functions module u of pairing the best K, i ζ, *, obtain all information state π and best biological characteristic authentication functions module u K, i ζ, *Between corresponding relation, and according to each vector
Figure S2008100327272D00055
The not affined biological characteristic authentication functions module of pairing the best
Figure S2008100327272D00056
, obtain all information state π and best not affined biological characteristic authentication functions module
Figure S2008100327272D00057
Between corresponding relation.
Mobile device realize to continue to obtain optimum biological characteristic authentication functions module based on historical information in the authentication joint intrusion method for testing in this wireless network, may further comprise the steps:
(41) determine the evaluated error quadratic constraints equation of demand for security restrictive condition according to following formula:
&Sigma; m = 1 M u a k + 1 ( l ) ( 1 - &pi; &prime; AB 2 ( u , O m ( u ) ) 1 1 B ( u , O m ( u ) ) A &prime; &pi; 2 ) &times; 1 1 B ( u , O m ( u ) ) A &prime; &pi; ) < K l , l &Element; &zeta; c ,
Wherein, ζ cBe the set of affined biological characteristic authentication functions module, and &zeta; = { 1 , . . . , L } = { &zeta; c &cup; &zeta; c &OverBar; }
(42) if the current information state π (k) of system model satisfies above constraint equation, then, obtain the biological characteristic authentication functions module u of corresponding optimum according to the current information state π (k) of system model by the corresponding relation between the biological characteristic authentication functions module of each information state and the best K, i ζ, *
(43) if the discontented constraint equation that is enough to of the current information state π (k) of system model, then, obtain the not affined biological characteristic authentication functions module of corresponding optimum according to the current information state π (k) of system model by the corresponding relation between the not affined biological characteristic authentication functions module of each information state and the best
Mobile device realizes that the biological characteristic authentication functions module that continues in the authentication joint intrusion method for testing is a biology sensor in this wireless network.
Adopted in the wireless network of this invention mobile device to realize continuing the authentication joint intrusion method for testing, because it is mainly based on the lasting authentication of biological characteristic, therefore the lasting authentication in the wireless network can be expressed as the selection problem of biology sensor, by lasting authentication problem being established as an objective Markovian decision process model of part, and intrusion detection and responding system concured together, re-authenticating is an important respond style, this is invaded initiation, after re-authenticating process, have only a believable user can continue to use Internet resources, jeopardize safe user simultaneously and will be excluded out network, this system is established as an objective Markovian decision process model of part, and the stealthy Markov model dispatching algorithm of using Dynamic Programming obtains best scheduling strategy, whether decision will select biology sensor, and select which kind of biology sensor, so that the best performanceization of system, thereby obtain best lasting authentication policy, not only can improve the fail safe of mobile device greatly, satisfy the user's request very high to the mobile device security requirement, and can best control whether carry out and re-authenticate, and select which biology sensor to carry out authentication, thereby MIN using system resource; Can best control whether activate intruding detection system simultaneously, thus MIN using system resource; And intruding detection system and lasting authentication can share information each other mutually, and the restriction that security of system requires and the restriction of resource can be guaranteed, have saved the cost of system's operation; The stable and reliable working performance of while this method, the scope of application is comparatively extensive, for the further developing of information security technology of mobile device in the wireless network established solid foundation.
Description of drawings
Fig. 1 is the intersection error rate schematic diagram of intruding detection system in the prior art.
Fig. 2 is that the scheduling and the information state of biology sensor in the stealthy Markovian decision process of the present invention upgrades schematic diagram.
Embodiment
In order more to be expressly understood technology contents of the present invention, describe in detail especially exemplified by following examples.
See also shown in Figure 2, mobile device realizes continuing the authentication joint intrusion method for testing in this wireless network, comprise several biological characteristic authentication functions modules that are arranged on the mobile device, this biological characteristic authentication functions module can be biology sensor, can certainly adopt other to have the device of physical characteristics collecting and authentication functions, wherein, described method may further comprise the steps:
(1) set up the considerable Markovian decision process system model of part according to continuing authentication process, and determine that the information state space of this system model and system at the information state of each discrete time point, may further comprise the steps:
(a) determine the information state π of this system model according to following formula k:
π k(i)=P(X k=e i|Y(k)),i=1,2,…,S,
1 S′π=1,0≤π(i)≤1
Wherein, k is a time point, X kBe the mobile device status at time point k, { e 1, e 2..., e SBe state space, S is the state sum, e iFor in the state space be 1 in the position of i, remaining position is 0 single vector, Y (k) is the information that obtains at time point k, Y (k)={ u 1, u 2..., u k, y 1, y 2..., y k, u kBe the selected biological characteristic authentication functions of time point k module, u k∈ 1,2 ..., L}, y kFor to biological characteristic authentication functions module u kObserved result, 1 SBe the one-dimensional vector of state space, 1 S' be its transposed vector;
(b) set up the Markov chain of system model according to following formula:
&pi; k + 1 = B ( u k + 1 , y k + 1 ( u k + 1 ) ) A &prime; &pi; k 1 S &prime; B ( u k + 1 , y k + 1 ( u k + 1 ) ) A &prime; &pi; k ,
Wherein, B is the observed result matrix, B (u k, O m(u k))=diag[b 1(u k, O m(u k)) ..., b S(u k, O m(u k))], diag represents diagonal matrix, b i(u k=l, y k=O m(l))=P (y k(u k)=O m(u k) | X k=e i, u k=l), and i=1,2 ..., S is for system mode is in e iObserve the result at time point k from selected l biological characteristic authentication functions module and be the probability of m, the result that l biological characteristic authentication functions module observes belongs to limited assemble of symbol { O 1(l), O 2(l) ..., O Ml(l) }, wherein | M l| be l the biological characteristic authentication functions module result's that may observe quantity; A is the state transposed matrix, A=[a Ij] s * s, α here Ij=P (X k=e j| X K-1=e i), i, j ∈ 1 ..., S}; And π 0=[π 0(i)] S * 1, π here 0(i)=P (X 0=i), i ∈ 1 ..., S};
(c) obtain the information state of each discrete time point according to Markov chain, thereby obtain the information state space of whole system model;
(2) set up system's accumulation cost model, and according to system resource constrained dispatch strategy system's cumulative cost model is carried out constrained dispatch and handle; This system's accumulation cost model is:
J k ( &pi; ) = min u k + 1 &Element; { 1 , . . , L } [ C k ( &pi; , u k + 1 ) + &Sigma; m = 1 M u k + 1 J k + 1 ( B ( u k + 1 , O m ( u k + 1 ) ) A &prime; &pi; 1 S &prime; B ( u k + 1 , O m ( u k + 1 ) ) A &prime; &pi; ) &times; 1 S &prime; B ( u k + 1 , O m ( u k + 1 ) ) A &prime; &pi; ]
Wherein, π ∈ P, P are the set of information state;
Describedly according to system resource constrained dispatch strategy system's cumulative cost model is carried out constrained dispatch and handles, may further comprise the steps:
(a) determine transition probability matrix according to following formula
Figure S2008100327272D00073
A &OverBar; = A &CircleTimes; Q ,
Wherein, _ be the tensor operation symbol, promptly the Crow inner product operation accords with, z k=Q ' (u k) z K-1, z 0=e 1, z N=e N+1, z KBe l the employed number of times of biological characteristic authentication functions module, Q is Q ( u k = 1 ) = 0 1 0 . . . 0 0 0 1 . . . 0 . . . . . . . . 1 . . . . 0 0 0 . . . 1 , And Q ( u k ) = I ( N 1 + 1 ) &times; ( N 1 + 1 ) , If u k≠ 1, I is a unit matrix, and Q ' is the transposed matrix of Q;
(b) determine the Markov chain (X of system extension according to following formula k, z k) information state
Figure S2008100327272D00081
&pi; &OverBar; = &pi; k &CircleTimes; z k ,
(c) determine considerable probability matrix according to following formula
Figure S2008100327272D00083
B &OverBar; ( u , O m ( u ) ) = B ( u , O m ( u ) ) &CircleTimes; I N + 1 ;
(d) according to following formula determined value function
J &OverBar; k = J k ( &pi; , z ) , &pi; &OverBar; = &pi; &CircleTimes; z ;
(e) in described system accumulation cost model, use Replace J k, use
Figure S2008100327272D00088
Replace A,
Figure S2008100327272D00089
Replace B;
(3) calculate corresponding relation between each information state and the best biological characteristic authentication functions module according to the demand for security restrictive condition of system; May further comprise the steps:
(a) according to segments theory, it is limited vector set according to following formulate that cost model is accumulated by system:
J k ( &pi; ) = min i &Element; &Gamma; k &gamma; i , k * &prime; ( u i , k * ) &pi; , To all π ∈ P;
Wherein, Γ kBe a limited S dimensional vector γ I, k *' set, u I, k *Biological characteristic authentication functions module for the best;
(b), use off-line Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out pairing vectorial γ according to the set ζ of all biological feature authentication functions module K, i ζWith relevant biological characteristic authentication functions module u K, i ζ, *
(c) set of the not affined biological characteristic authentication functions module of basis
Figure S2008100327272D000811
, use off-line Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out pairing vector With relevant not affined biological characteristic authentication functions module
(d) use Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out the pairing vectorial γ of all information state π K, i ζWith
Figure S2008100327272D000814
(e) according to each vectorial γ K, i ζThe biological characteristic authentication functions module u of pairing the best K, i ζ, *, obtain all information state π and best biological characteristic authentication functions module u K, i ζ, *Between corresponding relation, and according to each vector
Figure S2008100327272D000815
The not affined biological characteristic authentication functions module of pairing the best
Figure S2008100327272D000816
, obtain all information state π and best not affined biological characteristic authentication functions module
Figure S2008100327272D000817
Between corresponding relation;
(4) obtain best biological characteristic authentication functions module based on historical information, and the biological characteristic authentication functions module of in authentication process next time, using this to determine; Should obtain optimum biological characteristic authentication functions module based on historical information, may further comprise the steps:
(a) determine the evaluated error quadratic constraints equation of demand for security restrictive condition according to following formula:
&Sigma; m = 1 M u a k + 1 ( l ) ( 1 - &pi; &prime; AB 2 ( u , O m ( u ) ) 1 1 B ( u , O m ( u ) ) A &prime; &pi; 2 ) &times; 1 1 B ( u , O m ( u ) ) A &prime; &pi; ) < K l , l &Element; &zeta; c ,
Wherein, ζ cBe the set of affined biological characteristic authentication functions module, and &zeta; = { 1 , . . . , L } = { &zeta; c &cup; &zeta; c &OverBar; }
(b) if the current information state π (k) of system model satisfies above constraint equation, then, obtain the biological characteristic authentication functions module u of corresponding optimum according to the current information state π (k) of system model by the corresponding relation between the biological characteristic authentication functions module of each information state and the best K, i ζ, *
(c) if the discontented constraint equation that is enough to of the current information state π (k) of system model, then, obtain the not affined biological characteristic authentication functions module of corresponding optimum according to the current information state π (k) of system model by the corresponding relation between the not affined biological characteristic authentication functions module of each information state and the best
Figure S2008100327272D00093
(5) output information of the biological characteristic authentication functions module of the next time point the best of observation;
(6) come the current information state of update system by the up-to-date output information that observes, and judge the result of authentication according to this information state;
(7) repeat above-mentioned steps (4).
In the middle of practical application, method of the present invention relates to the security management field of mobile device, uses lasting authentication based on the multi-model human body biological characteristics as the first road barrier of mobile device to user rs authentication, uses intrusion detection and protects as the second layer.These two kinds of methods are to replenish mutually.
At first set up the system model of the inventive method:
This system can be modeled as one time-discrete, { Xk}, wherein k represents the discrete time point to the single order Markov chain of two states (safety and dangerous).Time shaft is divided into the time interval that time span equates, this time interval is exactly two times between the operation.The operation of system comprises intrusion detection and authentication.The length of time slot depends on demand for security and system environments.For example, if the environment that system is used for being absolutely unsafe, the ratio that the time interval will be divided is in that to be used for security context shorter, and the system mode in that time is X k, state space is { e 1, e 2.Here e iRepresenting two-dimentional unit vector, is 1 in the position of i, and remaining position is 0.The transition probability matrix A of 2 * 2 dimensions is defined as:
A=[a Ij] 2 * 2, a wherein Ij=P (X k=e j| X K-1=e i), i, j ∈ 1,2}
In this model, if intrusion detection surveillance continuously, it will be moved at all time points.Simultaneously, on each time point, re-authenticate also and can be activated.But invasion and authentication will consume a large amount of system resource, and as the power of battery, this is important problem in the wireless terminal device.Therefore, consider the restriction of the demand and the resource of system safety, the scheduling of optimizing intrusion detection and continuous authentication at each time point is very worth.
Suppose that continuous right discriminating system has a plurality of biology sensors, and can collect a plurality of biological characteristics.Intrusion detection and can be conceptualized as the considerable Markovian decision process model of part of two states based on the problem that the lasting authentication of biological characteristic combines.In this model, there are several transducers to be used for continuous authentication, also there is plurality of sensors to be used for intrusion detection.Add up to L transducer in the system.In order to simplify foregoing description, we suppose can select on each time point a transducer (can be re-authenticate also can be system for monitoring intrusion).Attention: it will directly be summarised as each time point and extract The model of individual transducer (wherein 1 &le; L &OverBar; &le; L )。Like this, intruding detection system and re-authenticate and to move simultaneously.u k∈ 1 ..., L} is illustrated in the biology sensor that time point k selects, and y k(u k) represent the observed result of this biology sensor.The result that l biology sensor observes belongs to a limited assemble of symbol { O 1(l), O 2(l) ..., O Ml(l) }, | M l| represent the result's that l biology sensor may observe quantity.When the state of system is e i, what select at time point k is l biology sensor, from the following expression of probability that is m of l biology sensor observed result:
b i(u k=l,y k=O m(l))=P(y k(u k)=O m(u k)|X k=e i,u k=l),i=1,2
Definition observed result matrix is:
B(u k,O m(u k))=diag[b 1(u k,O m(u k)),...,b S(u k,O m(u k))] ……(1)
Like this, at the given state of Markov chain, time point kk selects biology sensor u ku kObserved result is that the probability of mm is available.The observed result that obtains from biology sensor may be " safety ", " dangerous ", and " non-existent " be not when having transducer to be used.The observed result matrix of intruding detection system can be expressed as:
B ( u k = ids ) = 1 - FPR FPR FNR 1 - FNR . . . . . ( 2 )
State that it should be noted that system is directly to be observed, so the Markov model of the state of system for hiding.
Use relevant cost that the energy consumption of the assessment of calculating is arranged with biology sensor, and wrong authentication or intrusion detection acquisition and the information that causes are stolen etc.
To solve by the considerable Markovian decision process of part below and continue the authentication problem.
Because the considerable Markovian decision process of part can be used for optimized dispatching intrusion detection and continuous authentication process at each time point with relevant algorithm.Use this theory, depend on system safety demand and system resource constraints reducing resulting cost to greatest extent.
(1) information state
Information state is an important notion in the considerable Markovian decision process of part.Thereby the probability distribution of state is used as an information state and whole probability space (one group of all possible probability distribution) is used as information space.Any one information state all is enough to the feature of history, and that just means the biology sensor (optimum operation for example, intrusion detection or re-authenticate) that just can select a best based on an information state.Information state π kExpression.K express time point wherein.Because historical information comprises intrusion detection and continuous authentication, these two processes can be shared information each other, so system can both enough obtain better validity.
In our mobile system, two states are arranged, element π kBe defined as:
π k(i)=P(X k=e i|Y k),i=1,2,π k(1)+π k(2)=1,0≤π k(1),π k(2)≤1 ......(3)
Wherein, Y k={ u 1, u 2..., u k, y 1, y 2..., y k, it is illustrated in k obtainable information constantly.For information state importantly, each state transition merges becomes historical information, and it is easy to upgrade, and sees also following formula (4):
&pi; k + 1 = B ( u k + 1 , y k + 1 ( u k + 1 ) ) A &prime; &pi; k 1 1 B ( u k + 1 , y k + 1 ( u k + 1 ) ) A &prime; &pi; k . . . . . . . ( 4 )
The initial probability tables of the vector of Markov chain is shown:
π 0=[π 0(1), π 0(2)] ', π wherein 0(i)=P (X 0=i), i ∈ 1,2}
By using the contact between information state and the system mode, just can be based at certain set time information state, rather than definite system mode is selected a biology sensor.
(2) biology sensor scheduling framework
According to top information, the scheduling process of biology sensor can simply be summarized as for three steps, saw also shown in Figure 2.
A) scheduling---based on information state π kFind the biology sensor u of an optimum K+1, this biology sensor can be used in authentication next time;
B) observed result---the next output y of best biology sensor constantly of observation K+1(u K+1);
C) upgrade---by using nearest observed result Y K+1Come lastest imformation state π K+1
(3) cost definition
At k constantly, based on historical information Y k(u k), select biology sensor u K+1=l then at k moment cost constantly is:
Figure S2008100327272D00112
Here, a k(l), l=1,2 ..., L is positive weight, and D is the mould of a quantification, and " ‖ ‖ " is modulo operation.In this method, select D=l 2Part 1 is represented owing to select transducer scheduling u 1..., u kThe mean square error of state estimation.In the authentication based on biological characteristic, the state estimation mistake is closely related with the reject rate (FRR) of mistake and wrong receptance (FAR).Part 2 represents that the state when system is X kThe time, use biology sensor u K+1The time instantaneous cost.In wireless terminal device, we think that cost is exactly the loss of battery, leakage of information or the like.There are many methods can be used for instant cost of balance and standing cost.Here only consider the following discount cost of expectation.Can be expressed as from the discrete accumulation cost of time point 1 to N:
J u = E { &Sigma; k = 0 N - 1 a k ( u k + 1 ) | | X k - &pi; k | | D + &Sigma; k = 0 N - 1 c k ( X k , u k + 1 ) + a N | | x N - &pi; N | | D } . . . . . . . ( 6 )
For the discount cost of endless range, value at cost can be expressed as:
E { &Sigma; k = 0 &infin; &beta; k [ a ( u k + 1 ) | | X k - &pi; k | | D + c ( X k , u k + 1 ) ] }
Wherein, E{} represents mathematical expectation, and constraint 0≤β<1 guarantees that mathematical expectation is limited.What need here to do is exactly by selecting best biology sensor scheduling (optimal policy), minimizing the discount cost.
Top accumulation cost can be expressed as:
J u = E { &Sigma; k = 0 N - 1 C k ( &pi; k , u k + 1 ) C N ( &pi; N ) } . . . . . . . . ( 7 )
Here u K+1=u K+1k)
C NN)=a Ng′(π NN,C kk,u k+1)=a k(u k+1)g′(π kk+c k′(u k+1k,k∈{0,…,N-1}......(8)
In the superincumbent equation, g (π k) expression 2 dimension estimation variance vectors:
g(π k)=[‖e 1kD,‖e 2kD]′ ......(9)
(4) solve the biology sensor scheduling problem
A) Dynamic Programming
For effective calculation equation (6), will use Dynamic Programming to come the calculating optimum strategy here.In other words, this equation of 0 direction calculating from the time T to time.The functional value of equation (7) can be write as:
J N(π)=C N(π)
And for k=N-1, N-2 ..., 0, have:
J k ( &pi; ) = min u k + 1 &Element; { 1 , . . . , L } [ C k ( &pi; , u k + 1 ) +
&Sigma; m = 1 M u k + 1 J k + 1 ( B ( u k + 1 , O m ( u k + 1 ) ) A &prime; &pi; 1 1 B ( u k + 1 , O m ( u k + 1 ) ) A &prime; &pi; ) &times; 1 1 B ( u k + 1 , O m ( u k + 1 ) ) A &prime; &pi; ] , &pi; &Element; P . . . . . . ( 10 )
According to segments theory, functional value can be expressed as a limited vector set again:
J k ( &pi; ) = min i &Element; &Gamma; k &gamma; i , k &prime; &pi; , For all π ∈ P ... (11)
Γ wherein kBe 2 limited dimensional vector γ I, k' set.
B) piecewise linear calculating
In this problem, from equation (8):
C kk,u k+1)=a k(u k+1)g′(π kk+c k′(u k+1k
Can get: g ' (π) π is l 2The mould evaluated error, it is not the linear function of π.This makes that the considerable Markovian decision process problem of part of this problem and standard is different.According to list of references:
V.Krishnamurthy,“Algorithms?for?Optimal?Scheduling?and?Management?of?Hidden?MarkovModel?Sensors,”IEEE?Trans.Signal?Proc.,vol.50,no.6,pp.1382-1397,June?2002,
Wherein draw, this evaluated error can be approximately the piecewise linearity value without exception:
g &prime; ( &pi; ) &pi; = min r &Element; 1,2 , . . . , R g &OverBar; &prime; r &pi; . . . . . . . . . . ( 12 )
Wherein, R represents to be used for the number of 2 dimensional vectors of approximate evaluation error.Use this approximation, our biology sensor scheduling problem is converted into the considerable Markovian decision process problem of part of a standard.All can both be used to solve problem of the present invention with the algorithm that solves the considerable Markovian decision process of standard part.
The value of quadratic equation is the curve of projection, describes to some extent in the above referred-to references.The coboundary approximation of positive tangent can be used for representing approximate evaluation error in the model of the present invention.
C) optimal algorithm
The algorithm that the considerable Markovian decision process of the narrow part of many solutions is arranged, Sondik algorithm for example, asymptotic pruning algorithm, Cheng Shi is linear to support algorithm, and the witness algorithm.Being presented in detail of these algorithms: A.R.Cassandra below with reference to describing in the document, and " Tony ' s POMDP Webpage, " [Online] .Available:
http://www.cs.brown.edu/researcb/ai/pomdp/index.html.
They have identical basic framework, the different mode differences of just calculating single dynamic routine step.The code of the asymptotic pruning algorithm in the above list of references will be modified and use in example of the present invention.The solution of the considerable Markovian decision process of part can be by the best action of one group of vector sum expression together, and functional value can be written as:
J k ( &pi; ) = min i &Element; &Gamma; k &gamma; i , k * &prime; ( u i , k * ) &pi; , To all π ∈ P..... (13)
As can be seen, the biology sensor of each vectorial γ and a best interrelates from this equation.Therefore can solve problem of the present invention by two steps:
The first step: operation off-line Dynamic Programming: use best biology sensor u K, i *Calculate with the considerable Markovian decision process algorithm of part &Gamma; k = &gamma; k , i * . Wherein i ∈ 1,2 ..., | Γ k|.
Second step: Real-Time Scheduling: for special information state π (k) finds a Γ by above-mentioned formula (11) k,, so just can select the biology sensor an of the best because each vector all interrelates with the biology sensor of the best.
D) dispatching algorithm of demand for security restriction
Different mobile systems has different security needs.To these systems, guarantee that FRR and the satisfied of FAR are necessary.In formula of the present invention, the evaluated error of security needs restriction and system safety state is directly related.If evaluated error produces because of some transducer surpasses threshold threshold, will select other the more transducer of high precision that has so.Here the present invention only considers the constraint (short-term constraint) rather than the global restriction (long-term constraint) of local time.Evaluated error is designated as our desired evaluated error.Target of the present invention is by the constraint of expectation evaluated error quadratic equation, and biology sensor consumption is minimized.Just be defined as:
J u = min u E { &Sigma; k = 0 N - 1 c k &prime; ( u k + 1 ) &pi; k } . . . . . . . . . . ( 14 )
Make:
&Sigma; m = 1 M u a k + 1 ( l ) ( 1 - &pi; &prime; AB 2 ( u , O m ( u ) ) 1 1 B ( u , O m ( u ) ) A &prime; &pi; 2 ) &times; 1 1 B ( u , O m ( u ) ) A &prime; &pi; ) < K l , l &Element; &zeta; c . . . . . . ( 15 )
Here, ζ cRepresent affined one group of biology sensor.
Figure S2008100327272D00143
Represent not affined one group of transducer, and &zeta; = { 1 , . . . , L } = { &zeta; c &cup; &zeta; c &OverBar; } .
Therefore, solution security needs restricted problem step is as follows:
● move the off-line Dynamic Programming with the ζ set that activates: this planning of ζ set operation with activating obtains vectorial γ K, i ζWith relevant optimum biology sensor u K, i ζ, *
● with what activate
Figure S2008100327272D00145
Set operation off-line Dynamic Programming: with what activate
Figure S2008100327272D00146
This planning of set operation obtains vector
Figure S2008100327272D00147
With relevant optimum biology sensor
Figure S2008100327272D00148
● operation Real-Time Scheduling: find γ under the special information state π (k) by above-mentioned formula (11) K, i ζWith
Figure S2008100327272D00149
● if π (k) satisfies formula (15), so with vectorial γ K, i ζRelevant transducer u K, i ζ, *With selected, otherwise, select and vector
Figure S2008100327272D001410
Relevant transducer
Figure S2008100327272D001411
Replace.
E) system resource constrained dispatch algorithm
Authentication and intrusion detection all can consume a large amount of system resource continuously.Therefore, the specific employed number of times of transducer is conditional.Briefly, the present invention supposes only on use transducer 1 constraint is arranged herein: under N dimension problem, transducer 1 only can use at most with N1 time.
Suppose S 1 = { f 1 , . . . , f N 1 + 1 } Expression N 1The unit vector value of+1 dimension, f here iOn i position, take place 1 time.We use z kRepresent the number of times that transducer 1 is used.Allow z kEqual to have state space S 1N 1The Markov chain of+1 attitude.If transducer has been used i-1 time, z so k=f iz kDynamic is as described below:
If transducer 1 is used (i.e., u k=1), z then kJump to f I+1State.If that operation is other transducer, then z kRemain unchanged.Here can dynamically represent z with the Markov chain of determining k, that is:
z k=Q′(u k)z k-1,z 0=e 1,z N=e N+1 ......(16)
In order to use aforementioned formula (10) to obtain optimum and scheduling strategy that be subjected to resource constraint, the present invention has done following corresponding adjustment transposing.The Markov chain of supposing expansion is (X k, z k), and transition probability matrix is A &OverBar; = A &CircleTimes; Q , (X then k, z k) information state be &pi; &OverBar; = &pi; k &CircleTimes; z k , Considerable probability matrix is simultaneously:
B &OverBar; ( u , O m ( u ) ) = B ( u , O m ( u ) ) &CircleTimes; I N + 1
Wherein, _ expression tensor (Crow inner product).Like this, according to the stealthy markov filter of standard, the information state of expansion From A, B develops into
Figure S2008100327272D00155
Figure S2008100327272D00156
Value function is defined as:
J &OverBar; k = J k ( &pi; , z ) , &pi; &OverBar; = &pi; &CircleTimes; z
Here use now
Figure S2008100327272D00158
Replace J k, use
Figure S2008100327272D00159
Replace A,
Figure S2008100327272D001510
Replace B, find the solution above-mentionedly value function by aforementioned formula (10).
Like this.The present invention is finally in the selection that guarantees to have realized under the MIN prerequisite of utilizing resource optimum transducer, just Zui Jia carrying out lasting authentication and intrusion detection make up.
Adopted the lasting authentication joint intrusion method for testing of mobile device realization in the above-mentioned wireless network, because it is mainly based on the lasting authentication of biological characteristic, therefore the lasting authentication in the wireless network can be expressed as the selection problem of biology sensor, by lasting authentication problem being established as an objective Markovian decision process model of part, and intrusion detection and responding system concured together, re-authenticating is an important respond style, this is invaded initiation, after re-authenticating process, have only a believable user can continue to use Internet resources, jeopardize safe user simultaneously and will be excluded out network, this system is established as an objective Markovian decision process model of part, and the stealthy Markov model dispatching algorithm of using Dynamic Programming obtains best scheduling strategy, whether decision will select biology sensor, and select which kind of biology sensor, so that the best performanceization of system, thereby obtain best lasting authentication policy, not only can improve the fail safe of mobile device greatly, satisfy the user's request very high to the mobile device security requirement, and can best control whether carry out and re-authenticate, and select which biology sensor to carry out authentication, thereby MIN using system resource; Can best control whether activate intruding detection system simultaneously, thus MIN using system resource; And intruding detection system and lasting authentication can share information each other mutually, and the restriction that security of system requires and the restriction of resource can be guaranteed, have saved the cost of system's operation; The stable and reliable working performance of while this method, the scope of application is comparatively extensive, for the further developing of information security technology of mobile device in the wireless network established solid foundation.
In this specification, the present invention is described with reference to its certain embodiments.But, still can make various modifications and conversion obviously and not deviate from the spirit and scope of the present invention.Therefore, specification and accompanying drawing are regarded in an illustrative, rather than a restrictive.

Claims (7)

1. mobile device is realized continuing the authentication joint intrusion method for testing in the wireless network, comprises several biological characteristic authentication functions modules that are arranged on the mobile device, it is characterized in that described method may further comprise the steps:
(1) sets up the considerable Markovian decision process system model of part according to continuing authentication process, and determine the information state space of this system model and system information state at each discrete time point;
(2) set up system's accumulation cost model, and according to system resource constrained dispatch strategy system's accumulation cost model is carried out constrained dispatch and handle;
(3) calculate corresponding relation between each information state and the best biological characteristic authentication functions module according to the demand for security restrictive condition of system;
(4) obtain best biological characteristic authentication functions module based on historical information, and the biological characteristic authentication functions module of in authentication process next time, using this to determine;
(5) output information of the biological characteristic authentication functions module of the next time point the best of observation;
(6) come the current information state of update system by the up-to-date output information that observes, and judge the result of authentication according to this information state;
(7) repeat above-mentioned steps (4).
2. mobile device realizes continuing the authentication joint intrusion method for testing in the wireless network according to claim 1, it is characterized in that, the information state space of described definite this system model and system may further comprise the steps at the information state of each discrete time point:
(11) determine the information state π of this system model according to following formula k:
π k(i)=P(X k=e i|Y(k)),i=1,2,…,S,
1′ Sπ=1,0≤π(i)≤1
Wherein, k is a time point, X kBe the mobile device status at time point k, { e 1, e 2..., e SBe state space, S is the state sum, e iFor in the state space be 1 in the position of i, remaining position is 0 single vector, Y (k) is the information that obtains at time point k, Y (k)={ u 1, u 2..., u k, y 1, y 2..., y k, u kBe the selected biological characteristic authentication functions of time point k module, u k∈ 1,2 ..., L}, y kFor to biological characteristic authentication functions module u kObserved result, 1 SBe the one-dimensional vector of state space, 1 ' SBe its transposed vector;
(12) set up the Markov chain of system model according to following formula:
Figure FYZ000002316086700011
Wherein, B is the observed result matrix, B (u k, O m(u k))=diag[b 1(u k, O m(u k)) ..., b S(u k, O m(u k))], diag represents diagonal matrix, b i(u k=l, y k=O m(l))=P (y k(u k)=O m(u k) | X k=e i, u k=l), and i=1,2 ..., S, b i(u k=l, y k=O m(l)) be in e for system mode iObserve the result at time point k from selected l biological characteristic authentication functions module and be the probability of m, the result that l biological characteristic authentication functions module observes belongs to limited assemble of symbol
Figure FYZ000002316086700021
, wherein | M l| be l the biological characteristic authentication functions module result's that may observe quantity; A is the state transposed matrix, A=[a Ij] s * s, a here Ij=P (X k=e j| X K-1=e i), i, j ∈ 1 ..., S};
And π 0=[π 0(i)] S * 1, π here 0(i)=P (X 0=i), i ∈ 1 ..., S};
(13) obtain the information state of each discrete time point according to Markov chain, thereby obtain the information state space of whole system model.
3. mobile device is realized continuing the authentication joint intrusion method for testing in the wireless network according to claim 2, it is characterized in that, described system accumulation cost model is:
Figure FYZ000002316086700022
Wherein, π ∈ P, P are the set of information state.
4. mobile device realizes continuing the authentication joint intrusion method for testing in the wireless network according to claim 3, it is characterized in that, describedly according to system resource constrained dispatch strategy system accumulation cost model is carried out constrained dispatch and handles, may further comprise the steps:
(21) determine transition probability matrix according to following formula
Figure FYZ000002316086700023
Figure FYZ000002316086700024
Wherein,
Figure FYZ000002316086700025
Be the tensor operation symbol, promptly the Crow inner product operation accords with, z k=Q ' (u k) z K-1, z 0=e 1, z N=e N+1, z kBe l the employed number of times of biological characteristic authentication functions module, Q is
Figure FYZ000002316086700026
And
Figure FYZ000002316086700027
If u k≠ 1, I is a unit matrix, and Q ' is the transposed matrix of Q;
(22) determine the Markov chain (X of system extension according to following formula k, z k) information state
Figure FYZ000002316086700028
Figure FYZ000002316086700029
(23) determine considerable probability matrix according to following formula
Figure FYZ0000023160867000210
Figure FYZ0000023160867000211
(24) according to following formula determined value function
Figure FYZ000002316086700031
Figure FYZ000002316086700032
Figure FYZ000002316086700033
(25) in described system accumulation cost model, use
Figure FYZ000002316086700034
Replace J k, use Replace A,
Figure FYZ000002316086700036
Replace B.
5. mobile device realizes continuing the authentication joint intrusion method for testing in the wireless network according to claim 4, it is characterized in that, described demand for security restrictive condition according to system calculates the corresponding relation between each information state and the best biological characteristic authentication functions module, may further comprise the steps:
(31) according to segments theory, it is limited vector set according to following formulate that cost model is accumulated by system:
Figure FYZ000002316086700037
To all π ∈ P;
Wherein, Γ kIt is a limited S dimensional vector
Figure FYZ000002316086700038
Set,
Figure FYZ000002316086700039
Biological characteristic authentication functions module for the best;
(32) according to the set of all biological feature authentication functions module
Figure FYZ0000023160867000310
, use off-line Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out pairing vector
Figure FYZ0000023160867000311
With relevant biological characteristic authentication functions module
Figure FYZ0000023160867000312
(33) set of the not affined biological characteristic authentication functions module of basis
Figure FYZ0000023160867000313
, use off-line Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out pairing vector
Figure FYZ0000023160867000314
With relevant not affined biological characteristic authentication functions module
Figure FYZ0000023160867000315
(34) use Dynamic Programming and the considerable Markovian decision process algorithm computation of part to go out all pairing vectors of information state π
Figure FYZ0000023160867000316
With
(35) according to each vector
Figure FYZ0000023160867000318
The biological characteristic authentication functions module of pairing the best
Figure FYZ0000023160867000319
, obtain all information state π and best biological characteristic authentication functions module
Figure FYZ0000023160867000320
Between corresponding relation, and according to each vector
Figure FYZ0000023160867000321
The not affined biological characteristic authentication functions module of pairing the best
Figure FYZ0000023160867000322
, obtain all information state π and best not affined biological characteristic authentication functions module
Figure FYZ0000023160867000323
Between corresponding relation.
6. mobile device realize to continue the authentication joint intrusion method for testing in the wireless network according to claim 5, it is characterized in that, describedly obtains optimum biological characteristic authentication functions module based on historical information, may further comprise the steps:
(41) determine the evaluated error quadratic constraints equation of demand for security restrictive condition according to following formula:
Figure FYZ0000023160867000324
Figure FYZ0000023160867000325
Wherein,
Figure FYZ0000023160867000326
Be the set of affined biological characteristic authentication functions module, and
Figure FYZ0000023160867000327
(42) if the current information state π (k) of system model satisfies above constraint equation, then, obtain the biological characteristic authentication functions module of corresponding optimum according to the current information state π (k) of system model by the corresponding relation between the biological characteristic authentication functions module of each information state and the best
Figure FYZ000002316086700041
(43) if the discontented constraint equation that is enough to of the current information state π (k) of system model, then, obtain the not affined biological characteristic authentication functions module of corresponding optimum according to the current information state π (k) of system model by the corresponding relation between the not affined biological characteristic authentication functions module of each information state and the best
Figure FYZ000002316086700042
7. realize continuing the authentication joint intrusion method for testing according to mobile device in each described wireless network in the claim 1 to 6, it is characterized in that described biological characteristic authentication functions module is a biology sensor.
CN2008100327272A 2008-01-16 2008-01-16 Method for implementing continuous authentication joint intrusion detection by mobile equipment in wireless network Active CN101488855B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008100327272A CN101488855B (en) 2008-01-16 2008-01-16 Method for implementing continuous authentication joint intrusion detection by mobile equipment in wireless network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008100327272A CN101488855B (en) 2008-01-16 2008-01-16 Method for implementing continuous authentication joint intrusion detection by mobile equipment in wireless network

Publications (2)

Publication Number Publication Date
CN101488855A CN101488855A (en) 2009-07-22
CN101488855B true CN101488855B (en) 2011-06-01

Family

ID=40891549

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008100327272A Active CN101488855B (en) 2008-01-16 2008-01-16 Method for implementing continuous authentication joint intrusion detection by mobile equipment in wireless network

Country Status (1)

Country Link
CN (1) CN101488855B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036974B (en) * 2012-12-13 2016-12-21 广东省电信规划设计院有限公司 Cloud computing resource scheduling method based on hidden Markov model and system
US10887327B2 (en) * 2018-03-23 2021-01-05 Juniper Networks, Inc. Enforcing threat policy actions based on network addresses of host threats
CN108566656B (en) 2018-04-13 2021-04-30 上海连尚网络科技有限公司 Method and equipment for detecting security of wireless network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1454371A (en) * 2000-05-16 2003-11-05 瑞士电信流动电话公司 Recognizing & discriminating method of biological metering
CN1672384A (en) * 2002-07-29 2005-09-21 皇家飞利浦电子股份有限公司 Security system for apparatuses in a network
CN101047497A (en) * 2006-03-31 2007-10-03 香港中文大学 Entity capability discrimination and key managing method for body (sensor) network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1454371A (en) * 2000-05-16 2003-11-05 瑞士电信流动电话公司 Recognizing & discriminating method of biological metering
CN1672384A (en) * 2002-07-29 2005-09-21 皇家飞利浦电子股份有限公司 Security system for apparatuses in a network
CN101047497A (en) * 2006-03-31 2007-10-03 香港中文大学 Entity capability discrimination and key managing method for body (sensor) network

Also Published As

Publication number Publication date
CN101488855A (en) 2009-07-22

Similar Documents

Publication Publication Date Title
Zhang et al. Fakemask: A novel privacy preserving approach for smartphones
Jacob et al. Measure for degree heterogeneity in complex networks and its application to recurrence network analysis
Zhang et al. FRUIT: A blockchain-based efficient and privacy-preserving quality-aware incentive scheme
Mucchi et al. Secrecy capacity and secure distance for diffusion-based molecular communication systems
Zhu et al. Emergent technologies in big data sensing: a survey
Erdemir et al. Privacy-aware time-series data sharing with deep reinforcement learning
Takano et al. Extracting commercialization opportunities of the Internet of Things: Measuring text similarity between papers and patents
Qin et al. Privacy-preserving blockchain-based federated learning for marine Internet of Things
Luo et al. Predictable privacy-preserving mobile crowd sensing: A tale of two roles
Tsang et al. Guest editorial industrial wireless networks: Applications, challenges, and future directions
Beck et al. Iterative minimization schemes for solving the single source localization problem
CN101488855B (en) Method for implementing continuous authentication joint intrusion detection by mobile equipment in wireless network
Wang et al. Hybrid consensus sigma point approximation nonlinear filter using statistical linearization
Murakami et al. Group sparsity tensor factorization for re-identification of open mobility traces
CN113298191A (en) User behavior identification method based on personalized semi-supervised online federal learning
Murakami et al. Localization attacks using matrix and tensor factorization
Zhang et al. Dp-trajgan: A privacy-aware trajectory generation model with differential privacy
Zhu et al. Learning-empowered privacy preservation in beyond 5G edge intelligence networks
Yu et al. Traffic anomaly detection algorithm for wireless sensor networks based on improved exploitation of the GM (1, 1) model
Shen et al. A game-theoretic method for cross-layer stochastic resilient control design in CPS
Wu et al. TCPP: Achieving privacy-preserving trajectory correlation with differential privacy
CN109195098B (en) Shared collaborative filtering method based on differential privacy
Shi et al. Embedding entropy: a nonlinear measure of dynamical causality
Saputra et al. Federated learning framework with straggling mitigation and privacy-awareness for AI-based mobile application services
Kumar et al. Reliability analysis of infinite slope using metamodels

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20170626

Address after: 201203 Shanghai Zhangjiang High Tech Park of Pudong New Area Chunxiao Road No. 439 Building No. 2

Patentee after: SPREADTRUM COMMUNICATIONS (SHANGHAI) Co.,Ltd.

Address before: The Zhangjiang hi tech park Shanghai City Chenhui road 201203 Lane 377 No. 42

Patentee before: Shanghai Mobilepeak Semiconductor Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20180402

Address after: The 300456 Tianjin FTA test area (Dongjiang Bonded Port) No. 6865 North Road, 1-1-1802-7 financial and trade center of Asia

Patentee after: Xinji Lease (Tianjin) Co.,Ltd.

Address before: 201203 Shanghai Zhangjiang High Tech Park of Pudong New Area Chunxiao Road No. 439 Building No. 2

Patentee before: SPREADTRUM COMMUNICATIONS (SHANGHAI) Co.,Ltd.

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090722

Assignee: SPREADTRUM COMMUNICATIONS (SHANGHAI) Co.,Ltd.

Assignor: Xinji Lease (Tianjin) Co.,Ltd.

Contract record no.: 2018990000196

Denomination of invention: Method for implementing continuous authentication joint intrusion detection by mobile equipment in wireless network

Granted publication date: 20110601

License type: Exclusive License

Record date: 20180801

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20221019

Address after: 201203 Shanghai city Zuchongzhi road Pudong New Area Zhangjiang hi tech park, Spreadtrum Center Building 1, Lane 2288

Patentee after: SPREADTRUM COMMUNICATIONS (SHANGHAI) Co.,Ltd.

Address before: 300456 1-1-1802-7, north area of financial and Trade Center, No. 6865, Asia Road, Tianjin pilot free trade zone (Dongjiang Bonded Port Area)

Patentee before: Xinji Lease (Tianjin) Co.,Ltd.