CN107665315A - A kind of based role suitable for Hadoop and the access control method trusted - Google Patents
A kind of based role suitable for Hadoop and the access control method trusted Download PDFInfo
- Publication number
- CN107665315A CN107665315A CN201711050032.2A CN201711050032A CN107665315A CN 107665315 A CN107665315 A CN 107665315A CN 201711050032 A CN201711050032 A CN 201711050032A CN 107665315 A CN107665315 A CN 107665315A
- Authority
- CN
- China
- Prior art keywords
- degree
- belief
- hadoop
- authority
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/084—Backpropagation, e.g. using gradient descent
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses a kind of based role suitable for Hadoop and the access control method of trust, the mapping relations of degree of belief and authority are pre-defined in Hadoop configuration file first, processing is collected to the user behavior in Hadoop journal files afterwards, the data collected are handled using the backpropagation algorithms in neural network algorithm to calculate degree of belief again, and iteration is come and gone to correct degree of belief, gone the mapping relations for inquiring about degree of belief and authority that there is the authority of which kind of authority resource come clear and definite user according to the degree of belief of user.The present invention solves the problems, such as validated user later stage behavior creditability in Hadoop, by neural network algorithm dynamic renewal users to trust degree, realizes flexible, reliable access control mechanisms.
Description
Technical field
The invention belongs to computer cloud storage access control technology field, more particularly to it is a kind of suitable for Hadoop based on
Role and the access control method trusted.
Background technology
The method that existing based role uses initial setting up users to trust degree with the access control trusted, this method is one
Determine to have ensured the safety of platform and resource in degree, suitable for the access control of Hadoop platform.This method is assuming that user
It is secure user, the authority of oneself will not be utilized and make illegal act, but often user often has some illegal operations
And unauthorized behavior.
Because this kind of access control method can not ensure it is illegal whether user can perform some when given users to trust is spent
Operation, therefore we are badly in need of a kind of model for being able to ensure that users to trust degree and matching with user behavior.
The content of the invention
Danger is caused to the safety of Hadoop platform using the authority of oneself in order to solve user, the present invention provides a kind of suitable
Based role and the access control method trusted for Hadoop, it can gather user behavior data by neutral net,
Real-time update users to trust degree and the operating right corresponding with degree of belief, to ensure the safety of Hadoop platform.
To achieve these goals, the technical solution adopted by the present invention is:
A kind of based role suitable for Hadoop and the access control method trusted, comprise the following steps:
S1, Hadoop configuration files are modified first, increase configuration file is used to preserve users to trust degree, degree of belief
With the mapping relations of authority and the algorithmic code of calculating degree of belief, wherein configuration file is all deposited in hard disk;
S2, the Hadoop journal files being stored in hard disk are read, and the data of needs are converted into Avro data formats
Export and be saved in HDFS;
The file exported in S3, read step S2, the function of calculating degree of belief is called by CPU, calculate degree of belief simultaneously
Result of calculation is stored in HDFS;
S4, users to trust degree is read, and contrasted with the mapping relations of degree of belief and authority to judge whether user has certain
One authority;
S5, if judging, user has the authority, and token is sent into user;If judging, user does not have the authority, just
Application record will specifically be failed into journal file.
Preferably, the calculating of users to trust degree comprises the following steps:
Wherein, OjRepresent hidden layer output data, IjIt is intermediate variable, by a Sigmod function
Obtain Oj;Wherein, OiRepresent input data, wijRepresent i-th of neuron of input layer and hidden layer jth
Connection weight between individual neuron, θjRepresent deviation;
This is reversely corrected, input layer error:Errj=Oj(1-Oj)(Tj-Oj), wherein TjIt is actual value, OjIt is pre-
Measured value;Hidden layer error:Weight updates:wij=wij+(l)ErrjOi, wherein l is study
Degree, the level of learning of artificial defined neural network algorithm;Deviation renewal:θj=θj+(l)Errj;
So round iteration renewal, until meeting program requirement, exports last degree of belief.
Compared with prior art, the method have the benefit that:
Access control method provided by the invention solves the problems, such as validated user later stage behavior creditability in Hadoop, passes through
Neural network algorithm dynamic renewal users to trust degree, it is ensured that users to trust degree matches with user behavior, and sets up and believe for it
The operating right for appointing degree to match, realizes flexible, reliable access control mechanisms.
Brief description of the drawings
Fig. 1 is a kind of based role suitable for Hadoop and the flow chart for the access control method trusted of the present invention;
Fig. 2 is the calculating process schematic diagram of the degree of belief of the present invention.
Embodiment
Presently preferred embodiments of the present invention is described in detail below in conjunction with the accompanying drawings, so that advantages and features of the invention energy
It is easier to be readily appreciated by one skilled in the art, apparent is clearly defined so as to be made to protection scope of the present invention.
As shown in figure 1, a kind of based role suitable for Hadoop and the access control method trusted, including following step
Suddenly:
S1, Hadoop configuration files are modified first, increase configuration file is used to preserve users to trust degree, degree of belief
With the mapping relations of authority and the algorithmic code of calculating degree of belief, wherein configuration file, which is all deposited in hard disk, (uses 5
I3-2130CPU, the computer for inside saving as 4GB build cluster);
S2, the Hadoop journal files being stored in hard disk are read, and the data of needs are converted into Avro data formats
Export and be saved in HDFS (Hadoop file system), according to pretreatment operation, obtain user behavior data collection behavior
={ clientID, type, timeStart, timeFinish, errorService, trust }, wherein, the implication of each data is
User identifies, operating right type, operates the time started, operates the end time, if having violation operation and the letter of active user
Ren Du;
The file exported in S3, read step S2, the function of calculating degree of belief is called by CPU, calculate degree of belief simultaneously
Result of calculation is stored in HDFS;
S4, users to trust degree is read, and contrasted with the mapping relations of degree of belief and authority to judge whether user has certain
One authority;
S5, if judging, user has the authority, and token is sent into user;If judging, user does not have the authority, just
Application record will specifically be failed into journal file.
In one embodiment of the invention, the calculating of users to trust degree comprises the following steps:
Wherein, OjRepresent hidden layer output data, IjIt is intermediate variable, by a Sigmod function call
To Oj;Wherein, OiRepresent input data, wijRepresent i-th of neuron of input layer and hidden layer j-th
Connection weight between neuron, θjRepresent deviation;
Because we use the backpropagation algorithms of neutral net, for this, we need reversely to correct, input layer
Error:Errj=Oj(1-Oj)(Tj-Oj), wherein TjIt is actual value, OjIt is predicted value;Hidden layer error:Weight updates:wij=wij+(l)ErrjOi, wherein l is study degree, artificial defined god
Level of learning through network algorithm;Deviation renewal:θj=θj+(l)Errj;
So round iteration renewal, until meeting program requirement, exports last degree of belief.
As shown in Fig. 2 the calculating process of degree of belief is exactly the illustraton of model of backpropagation algorithms, and first, definition
wij, l and hidden layer the number of plies, and x is obtained according to data input1, x2... xn, then according to formulaCome
Solve an Oj, i.e. hidden layer output data finally, equally uses formulaTo solve Ok, i.e. neural network algorithm
Output result.The users to trust degree obtained according to us goes to inquire about degree of belief and the mapping relations of authority possess to obtain user
Authority.
Embodiments of the invention are the foregoing is only, are not intended to limit the scope of the invention, it is every to utilize this hair
The equivalent structure or equivalent flow conversion that bright specification and accompanying drawing content are made, or directly or indirectly it is used in other related skills
Art field, is included within the scope of the present invention.
Claims (2)
1. a kind of based role suitable for Hadoop and the access control method trusted, it is characterised in that comprise the following steps:
S1, Hadoop configuration files are modified first, increase configuration file is used to preserve users to trust degree, degree of belief and power
The mapping relations of limit and the algorithmic code for calculating degree of belief, wherein configuration file are all deposited in hard disk;
S2, the Hadoop journal files being stored in hard disk are read, and the data of needs are converted into the output of Avro data formats
And it is saved in HDFS;
The file exported in S3, read step S2, the function of calculating degree of belief is called by CPU, calculating degree of belief simultaneously will meter
Result is calculated to be stored in HDFS;
S4, users to trust degree is read, and contrasted with the mapping relations of degree of belief and authority to judge whether user has a certain power
Limit;
S5, if judging, user has the authority, and token is sent into user;If judging, user does not have the authority, just by this
Secondary failure application record is into journal file.
2. a kind of based role suitable for Hadoop according to claim 1 and the access control method trusted, it is special
Sign is that the calculating of users to trust degree comprises the following steps:
Wherein, OjRepresent hidden layer output data, IjIt is intermediate variable, is obtained by a Sigmod function
Oj;Wherein, OiRepresent input data, wijRepresent j-th of god of i-th of neuron of input layer and hidden layer
Through the connection weight between member, θjRepresent deviation;
This is reversely corrected, input layer error:Errj=Oj(1-Oj)(Tj-Oj), wherein TjIt is actual value, OjIt is predicted value;
Hidden layer error:Weight updates:wij=wij+(l)ErrjOi, wherein l is study degree, people
For the level of learning of defined neural network algorithm;Deviation renewal:θj=θj+(l)Errj;
So round iteration renewal, until meeting program requirement, exports last degree of belief.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711050032.2A CN107665315B (en) | 2017-10-31 | 2017-10-31 | Role and trust-based access control method suitable for Hadoop |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711050032.2A CN107665315B (en) | 2017-10-31 | 2017-10-31 | Role and trust-based access control method suitable for Hadoop |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107665315A true CN107665315A (en) | 2018-02-06 |
CN107665315B CN107665315B (en) | 2020-12-15 |
Family
ID=61144485
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711050032.2A Active CN107665315B (en) | 2017-10-31 | 2017-10-31 | Role and trust-based access control method suitable for Hadoop |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107665315B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110046205A (en) * | 2019-04-22 | 2019-07-23 | 瀚高基础软件股份有限公司 | A kind of relevant database row safety access control method and system |
CN111245861A (en) * | 2020-02-07 | 2020-06-05 | 上海应用技术大学 | Power data storage and sharing method |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110173190A1 (en) * | 2010-01-08 | 2011-07-14 | Yahoo! Inc. | Methods, systems and/or apparatuses for identifying and/or ranking graphical images |
CN104008427A (en) * | 2014-05-16 | 2014-08-27 | 华南理工大学 | Central air conditioner cooling load prediction method based on BP neural network |
CN104935590A (en) * | 2015-06-10 | 2015-09-23 | 南京航空航天大学 | HDFS access control method based on role and user trust value |
CN105991596A (en) * | 2015-02-15 | 2016-10-05 | 中兴通讯股份有限公司 | Access control method and system |
US20170076105A1 (en) * | 2015-09-11 | 2017-03-16 | International Business Machines Corporation | Enabling secure big data analytics in the cloud |
CN106920008A (en) * | 2017-02-28 | 2017-07-04 | 山东大学 | A kind of wind power forecasting method based on Modified particle swarm optimization BP neural network |
CN106940801A (en) * | 2016-01-04 | 2017-07-11 | 中国科学院声学研究所 | A kind of deeply for Wide Area Network learns commending system and method |
CN106961441A (en) * | 2017-04-06 | 2017-07-18 | 中国民航大学 | A kind of user's dynamic accesses control method for Hadoop cloud platform |
-
2017
- 2017-10-31 CN CN201711050032.2A patent/CN107665315B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110173190A1 (en) * | 2010-01-08 | 2011-07-14 | Yahoo! Inc. | Methods, systems and/or apparatuses for identifying and/or ranking graphical images |
CN104008427A (en) * | 2014-05-16 | 2014-08-27 | 华南理工大学 | Central air conditioner cooling load prediction method based on BP neural network |
CN105991596A (en) * | 2015-02-15 | 2016-10-05 | 中兴通讯股份有限公司 | Access control method and system |
CN104935590A (en) * | 2015-06-10 | 2015-09-23 | 南京航空航天大学 | HDFS access control method based on role and user trust value |
US20170076105A1 (en) * | 2015-09-11 | 2017-03-16 | International Business Machines Corporation | Enabling secure big data analytics in the cloud |
CN106940801A (en) * | 2016-01-04 | 2017-07-11 | 中国科学院声学研究所 | A kind of deeply for Wide Area Network learns commending system and method |
CN106920008A (en) * | 2017-02-28 | 2017-07-04 | 山东大学 | A kind of wind power forecasting method based on Modified particle swarm optimization BP neural network |
CN106961441A (en) * | 2017-04-06 | 2017-07-18 | 中国民航大学 | A kind of user's dynamic accesses control method for Hadoop cloud platform |
Non-Patent Citations (3)
Title |
---|
刘莎 等: "Hadoop云平台中基于信任的访问控制模型", 《计算机科学》 * |
李玉丹: "并行BP神经网络多模式分类模型的研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
樊振宇: "BP神经网络模型与学习算法", 《软件导刊》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110046205A (en) * | 2019-04-22 | 2019-07-23 | 瀚高基础软件股份有限公司 | A kind of relevant database row safety access control method and system |
CN111245861A (en) * | 2020-02-07 | 2020-06-05 | 上海应用技术大学 | Power data storage and sharing method |
Also Published As
Publication number | Publication date |
---|---|
CN107665315B (en) | 2020-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107395430B (en) | Cloud platform dynamic risk access control method | |
US11212076B2 (en) | Distributed platform for computation and trusted validation | |
US20210273781A1 (en) | Distributed Platform For Computation And Trusted Validation | |
Guan et al. | Forecasting model for the incidence of hepatitis A based on artificial neural network | |
US20220327428A1 (en) | Executing Machine-Learning Models | |
US11940978B2 (en) | Distributed platform for computation and trusted validation | |
CN114626547A (en) | Group collaborative learning method based on block chain | |
Pratama et al. | A novel meta-cognitive-based scaffolding classifier to sequential non-stationary classification problems | |
JP2020107331A (en) | User verification method and apparatus using generalized user model | |
CN107665315A (en) | A kind of based role suitable for Hadoop and the access control method trusted | |
CN113822315A (en) | Attribute graph processing method and device, electronic equipment and readable storage medium | |
Liu et al. | Result-based re-computation for error-tolerant classification by a support vector machine | |
CN115378988A (en) | Data access abnormity detection and control method and device based on knowledge graph | |
WO2011045115A1 (en) | Dynamically constructed capability for enforcing object access order | |
CN112925914A (en) | Data security classification method, system, device and storage medium | |
CN112084509A (en) | Block chain key generation method and system based on biological identification technology | |
Xu et al. | An interindividual iterative consensus model for fuzzy preference relations | |
Qiao et al. | Causal discovery with confounding cascade nonlinear additive noise models | |
CN111428869A (en) | Model generation method and device, computer equipment and storage medium | |
CN113705929B (en) | Spring festival holiday load prediction method based on load characteristic curve and typical characteristic value fusion | |
US20220129248A1 (en) | Apparatus and method for generating random numbers based on reinforcement learning | |
BR112019005315A2 (en) | network architecture of a human aspect network, and method of implementing a human aspect network. | |
Nakashima et al. | Incremental learning of fuzzy rule-based classifiers for large data sets | |
Shi et al. | A privacy risk assessment model for medical big data based on adaptive neuro-fuzzy theory | |
KR102480140B1 (en) | A method of generating a common model by synthesizing learning results of artificial neural network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |