CN107665315A - A kind of based role suitable for Hadoop and the access control method trusted - Google Patents

A kind of based role suitable for Hadoop and the access control method trusted Download PDF

Info

Publication number
CN107665315A
CN107665315A CN201711050032.2A CN201711050032A CN107665315A CN 107665315 A CN107665315 A CN 107665315A CN 201711050032 A CN201711050032 A CN 201711050032A CN 107665315 A CN107665315 A CN 107665315A
Authority
CN
China
Prior art keywords
degree
belief
hadoop
authority
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711050032.2A
Other languages
Chinese (zh)
Other versions
CN107665315B (en
Inventor
于万钧
沈斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Institute of Technology
Original Assignee
Shanghai Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Institute of Technology filed Critical Shanghai Institute of Technology
Priority to CN201711050032.2A priority Critical patent/CN107665315B/en
Publication of CN107665315A publication Critical patent/CN107665315A/en
Application granted granted Critical
Publication of CN107665315B publication Critical patent/CN107665315B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The invention discloses a kind of based role suitable for Hadoop and the access control method of trust, the mapping relations of degree of belief and authority are pre-defined in Hadoop configuration file first, processing is collected to the user behavior in Hadoop journal files afterwards, the data collected are handled using the backpropagation algorithms in neural network algorithm to calculate degree of belief again, and iteration is come and gone to correct degree of belief, gone the mapping relations for inquiring about degree of belief and authority that there is the authority of which kind of authority resource come clear and definite user according to the degree of belief of user.The present invention solves the problems, such as validated user later stage behavior creditability in Hadoop, by neural network algorithm dynamic renewal users to trust degree, realizes flexible, reliable access control mechanisms.

Description

A kind of based role suitable for Hadoop and the access control method trusted
Technical field
The invention belongs to computer cloud storage access control technology field, more particularly to it is a kind of suitable for Hadoop based on Role and the access control method trusted.
Background technology
The method that existing based role uses initial setting up users to trust degree with the access control trusted, this method is one Determine to have ensured the safety of platform and resource in degree, suitable for the access control of Hadoop platform.This method is assuming that user It is secure user, the authority of oneself will not be utilized and make illegal act, but often user often has some illegal operations And unauthorized behavior.
Because this kind of access control method can not ensure it is illegal whether user can perform some when given users to trust is spent Operation, therefore we are badly in need of a kind of model for being able to ensure that users to trust degree and matching with user behavior.
The content of the invention
Danger is caused to the safety of Hadoop platform using the authority of oneself in order to solve user, the present invention provides a kind of suitable Based role and the access control method trusted for Hadoop, it can gather user behavior data by neutral net, Real-time update users to trust degree and the operating right corresponding with degree of belief, to ensure the safety of Hadoop platform.
To achieve these goals, the technical solution adopted by the present invention is:
A kind of based role suitable for Hadoop and the access control method trusted, comprise the following steps:
S1, Hadoop configuration files are modified first, increase configuration file is used to preserve users to trust degree, degree of belief With the mapping relations of authority and the algorithmic code of calculating degree of belief, wherein configuration file is all deposited in hard disk;
S2, the Hadoop journal files being stored in hard disk are read, and the data of needs are converted into Avro data formats Export and be saved in HDFS;
The file exported in S3, read step S2, the function of calculating degree of belief is called by CPU, calculate degree of belief simultaneously Result of calculation is stored in HDFS;
S4, users to trust degree is read, and contrasted with the mapping relations of degree of belief and authority to judge whether user has certain One authority;
S5, if judging, user has the authority, and token is sent into user;If judging, user does not have the authority, just Application record will specifically be failed into journal file.
Preferably, the calculating of users to trust degree comprises the following steps:
Wherein, OjRepresent hidden layer output data, IjIt is intermediate variable, by a Sigmod function Obtain OjWherein, OiRepresent input data, wijRepresent i-th of neuron of input layer and hidden layer jth Connection weight between individual neuron, θjRepresent deviation;
This is reversely corrected, input layer error:Errj=Oj(1-Oj)(Tj-Oj), wherein TjIt is actual value, OjIt is pre- Measured value;Hidden layer error:Weight updates:wij=wij+(l)ErrjOi, wherein l is study Degree, the level of learning of artificial defined neural network algorithm;Deviation renewal:θjj+(l)Errj
So round iteration renewal, until meeting program requirement, exports last degree of belief.
Compared with prior art, the method have the benefit that:
Access control method provided by the invention solves the problems, such as validated user later stage behavior creditability in Hadoop, passes through Neural network algorithm dynamic renewal users to trust degree, it is ensured that users to trust degree matches with user behavior, and sets up and believe for it The operating right for appointing degree to match, realizes flexible, reliable access control mechanisms.
Brief description of the drawings
Fig. 1 is a kind of based role suitable for Hadoop and the flow chart for the access control method trusted of the present invention;
Fig. 2 is the calculating process schematic diagram of the degree of belief of the present invention.
Embodiment
Presently preferred embodiments of the present invention is described in detail below in conjunction with the accompanying drawings, so that advantages and features of the invention energy It is easier to be readily appreciated by one skilled in the art, apparent is clearly defined so as to be made to protection scope of the present invention.
As shown in figure 1, a kind of based role suitable for Hadoop and the access control method trusted, including following step Suddenly:
S1, Hadoop configuration files are modified first, increase configuration file is used to preserve users to trust degree, degree of belief With the mapping relations of authority and the algorithmic code of calculating degree of belief, wherein configuration file, which is all deposited in hard disk, (uses 5 I3-2130CPU, the computer for inside saving as 4GB build cluster);
S2, the Hadoop journal files being stored in hard disk are read, and the data of needs are converted into Avro data formats Export and be saved in HDFS (Hadoop file system), according to pretreatment operation, obtain user behavior data collection behavior ={ clientID, type, timeStart, timeFinish, errorService, trust }, wherein, the implication of each data is User identifies, operating right type, operates the time started, operates the end time, if having violation operation and the letter of active user Ren Du;
The file exported in S3, read step S2, the function of calculating degree of belief is called by CPU, calculate degree of belief simultaneously Result of calculation is stored in HDFS;
S4, users to trust degree is read, and contrasted with the mapping relations of degree of belief and authority to judge whether user has certain One authority;
S5, if judging, user has the authority, and token is sent into user;If judging, user does not have the authority, just Application record will specifically be failed into journal file.
In one embodiment of the invention, the calculating of users to trust degree comprises the following steps:
Wherein, OjRepresent hidden layer output data, IjIt is intermediate variable, by a Sigmod function call To OjWherein, OiRepresent input data, wijRepresent i-th of neuron of input layer and hidden layer j-th Connection weight between neuron, θjRepresent deviation;
Because we use the backpropagation algorithms of neutral net, for this, we need reversely to correct, input layer Error:Errj=Oj(1-Oj)(Tj-Oj), wherein TjIt is actual value, OjIt is predicted value;Hidden layer error:Weight updates:wij=wij+(l)ErrjOi, wherein l is study degree, artificial defined god Level of learning through network algorithm;Deviation renewal:θjj+(l)Errj
So round iteration renewal, until meeting program requirement, exports last degree of belief.
As shown in Fig. 2 the calculating process of degree of belief is exactly the illustraton of model of backpropagation algorithms, and first, definition wij, l and hidden layer the number of plies, and x is obtained according to data input1, x2... xn, then according to formulaCome Solve an Oj, i.e. hidden layer output data finally, equally uses formulaTo solve Ok, i.e. neural network algorithm Output result.The users to trust degree obtained according to us goes to inquire about degree of belief and the mapping relations of authority possess to obtain user Authority.
Embodiments of the invention are the foregoing is only, are not intended to limit the scope of the invention, it is every to utilize this hair The equivalent structure or equivalent flow conversion that bright specification and accompanying drawing content are made, or directly or indirectly it is used in other related skills Art field, is included within the scope of the present invention.

Claims (2)

1. a kind of based role suitable for Hadoop and the access control method trusted, it is characterised in that comprise the following steps:
S1, Hadoop configuration files are modified first, increase configuration file is used to preserve users to trust degree, degree of belief and power The mapping relations of limit and the algorithmic code for calculating degree of belief, wherein configuration file are all deposited in hard disk;
S2, the Hadoop journal files being stored in hard disk are read, and the data of needs are converted into the output of Avro data formats And it is saved in HDFS;
The file exported in S3, read step S2, the function of calculating degree of belief is called by CPU, calculating degree of belief simultaneously will meter Result is calculated to be stored in HDFS;
S4, users to trust degree is read, and contrasted with the mapping relations of degree of belief and authority to judge whether user has a certain power Limit;
S5, if judging, user has the authority, and token is sent into user;If judging, user does not have the authority, just by this Secondary failure application record is into journal file.
2. a kind of based role suitable for Hadoop according to claim 1 and the access control method trusted, it is special Sign is that the calculating of users to trust degree comprises the following steps:
Wherein, OjRepresent hidden layer output data, IjIt is intermediate variable, is obtained by a Sigmod function OjWherein, OiRepresent input data, wijRepresent j-th of god of i-th of neuron of input layer and hidden layer Through the connection weight between member, θjRepresent deviation;
This is reversely corrected, input layer error:Errj=Oj(1-Oj)(Tj-Oj), wherein TjIt is actual value, OjIt is predicted value; Hidden layer error:Weight updates:wij=wij+(l)ErrjOi, wherein l is study degree, people For the level of learning of defined neural network algorithm;Deviation renewal:θjj+(l)Errj
So round iteration renewal, until meeting program requirement, exports last degree of belief.
CN201711050032.2A 2017-10-31 2017-10-31 Role and trust-based access control method suitable for Hadoop Active CN107665315B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711050032.2A CN107665315B (en) 2017-10-31 2017-10-31 Role and trust-based access control method suitable for Hadoop

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711050032.2A CN107665315B (en) 2017-10-31 2017-10-31 Role and trust-based access control method suitable for Hadoop

Publications (2)

Publication Number Publication Date
CN107665315A true CN107665315A (en) 2018-02-06
CN107665315B CN107665315B (en) 2020-12-15

Family

ID=61144485

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711050032.2A Active CN107665315B (en) 2017-10-31 2017-10-31 Role and trust-based access control method suitable for Hadoop

Country Status (1)

Country Link
CN (1) CN107665315B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110046205A (en) * 2019-04-22 2019-07-23 瀚高基础软件股份有限公司 A kind of relevant database row safety access control method and system
CN111245861A (en) * 2020-02-07 2020-06-05 上海应用技术大学 Power data storage and sharing method

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110173190A1 (en) * 2010-01-08 2011-07-14 Yahoo! Inc. Methods, systems and/or apparatuses for identifying and/or ranking graphical images
CN104008427A (en) * 2014-05-16 2014-08-27 华南理工大学 Central air conditioner cooling load prediction method based on BP neural network
CN104935590A (en) * 2015-06-10 2015-09-23 南京航空航天大学 HDFS access control method based on role and user trust value
CN105991596A (en) * 2015-02-15 2016-10-05 中兴通讯股份有限公司 Access control method and system
US20170076105A1 (en) * 2015-09-11 2017-03-16 International Business Machines Corporation Enabling secure big data analytics in the cloud
CN106920008A (en) * 2017-02-28 2017-07-04 山东大学 A kind of wind power forecasting method based on Modified particle swarm optimization BP neural network
CN106940801A (en) * 2016-01-04 2017-07-11 中国科学院声学研究所 A kind of deeply for Wide Area Network learns commending system and method
CN106961441A (en) * 2017-04-06 2017-07-18 中国民航大学 A kind of user's dynamic accesses control method for Hadoop cloud platform

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110173190A1 (en) * 2010-01-08 2011-07-14 Yahoo! Inc. Methods, systems and/or apparatuses for identifying and/or ranking graphical images
CN104008427A (en) * 2014-05-16 2014-08-27 华南理工大学 Central air conditioner cooling load prediction method based on BP neural network
CN105991596A (en) * 2015-02-15 2016-10-05 中兴通讯股份有限公司 Access control method and system
CN104935590A (en) * 2015-06-10 2015-09-23 南京航空航天大学 HDFS access control method based on role and user trust value
US20170076105A1 (en) * 2015-09-11 2017-03-16 International Business Machines Corporation Enabling secure big data analytics in the cloud
CN106940801A (en) * 2016-01-04 2017-07-11 中国科学院声学研究所 A kind of deeply for Wide Area Network learns commending system and method
CN106920008A (en) * 2017-02-28 2017-07-04 山东大学 A kind of wind power forecasting method based on Modified particle swarm optimization BP neural network
CN106961441A (en) * 2017-04-06 2017-07-18 中国民航大学 A kind of user's dynamic accesses control method for Hadoop cloud platform

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
刘莎 等: "Hadoop云平台中基于信任的访问控制模型", 《计算机科学》 *
李玉丹: "并行BP神经网络多模式分类模型的研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
樊振宇: "BP神经网络模型与学习算法", 《软件导刊》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110046205A (en) * 2019-04-22 2019-07-23 瀚高基础软件股份有限公司 A kind of relevant database row safety access control method and system
CN111245861A (en) * 2020-02-07 2020-06-05 上海应用技术大学 Power data storage and sharing method

Also Published As

Publication number Publication date
CN107665315B (en) 2020-12-15

Similar Documents

Publication Publication Date Title
CN107395430B (en) Cloud platform dynamic risk access control method
US11212076B2 (en) Distributed platform for computation and trusted validation
US20210273781A1 (en) Distributed Platform For Computation And Trusted Validation
Guan et al. Forecasting model for the incidence of hepatitis A based on artificial neural network
US20220327428A1 (en) Executing Machine-Learning Models
US11940978B2 (en) Distributed platform for computation and trusted validation
CN114626547A (en) Group collaborative learning method based on block chain
Pratama et al. A novel meta-cognitive-based scaffolding classifier to sequential non-stationary classification problems
JP2020107331A (en) User verification method and apparatus using generalized user model
CN107665315A (en) A kind of based role suitable for Hadoop and the access control method trusted
CN113822315A (en) Attribute graph processing method and device, electronic equipment and readable storage medium
Liu et al. Result-based re-computation for error-tolerant classification by a support vector machine
CN115378988A (en) Data access abnormity detection and control method and device based on knowledge graph
WO2011045115A1 (en) Dynamically constructed capability for enforcing object access order
CN112925914A (en) Data security classification method, system, device and storage medium
CN112084509A (en) Block chain key generation method and system based on biological identification technology
Xu et al. An interindividual iterative consensus model for fuzzy preference relations
Qiao et al. Causal discovery with confounding cascade nonlinear additive noise models
CN111428869A (en) Model generation method and device, computer equipment and storage medium
CN113705929B (en) Spring festival holiday load prediction method based on load characteristic curve and typical characteristic value fusion
US20220129248A1 (en) Apparatus and method for generating random numbers based on reinforcement learning
BR112019005315A2 (en) network architecture of a human aspect network, and method of implementing a human aspect network.
Nakashima et al. Incremental learning of fuzzy rule-based classifiers for large data sets
Shi et al. A privacy risk assessment model for medical big data based on adaptive neuro-fuzzy theory
KR102480140B1 (en) A method of generating a common model by synthesizing learning results of artificial neural network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant