CN108076027A - A kind of adaptive black and white lists access control method and system based on attribute - Google Patents

A kind of adaptive black and white lists access control method and system based on attribute Download PDF

Info

Publication number
CN108076027A
CN108076027A CN201611030448.3A CN201611030448A CN108076027A CN 108076027 A CN108076027 A CN 108076027A CN 201611030448 A CN201611030448 A CN 201611030448A CN 108076027 A CN108076027 A CN 108076027A
Authority
CN
China
Prior art keywords
user
property value
resource
list
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611030448.3A
Other languages
Chinese (zh)
Inventor
杨育斌
沈金伟
柯宗贵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Blue Shield Information Security Technology Co Ltd
Bluedon Information Security Technologies Co Ltd
Original Assignee
Blue Shield Information Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Blue Shield Information Security Technology Co Ltd filed Critical Blue Shield Information Security Technology Co Ltd
Priority to CN201611030448.3A priority Critical patent/CN108076027A/en
Publication of CN108076027A publication Critical patent/CN108076027A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of adaptive black and white lists access control methods based on attribute and system, the access control method to include:System initialization method, user's input method, intelligent identification Method, method for updating system, alarm and output method, unknown Internet resources are asked to carry out intelligent decision, adaptive addition blacklist or white list list, so as to fulfill asking Internet resources to realize access control.

Description

A kind of adaptive black and white lists access control method and system based on attribute
Technical field
The present invention relates to a kind of Internet communication technology field, more particularly to a kind of adaptive black and white lists based on attribute Access control method and system.
Background technology
With computer system, the fast development of open network system and its extensive use in all trades and professions, interconnection Information content becomes increasing in net, and user is also growing day by day to the request of Internet resources;Meanwhile in internet it is a large amount of not Good information, not only regulation contrary to law, corrupts social values, and also seriously affects growing up healthy and sound in all respects for minor.
The core of security assurance information mechanism is access control function, and access control is a kind of visit for managing control target Ask ability and the method for access profile;For validated user, it can constrain its access rights, allow its legitimate request of letting pass, Its illegal operation is prevented, in order to avoid resource is damaged;For disabled user, it can prevent its request to resource, with this To ensure by controlled, the legal use of the security of protection resource, data integrity and resource.
Internet communication technology field is by blacklist, in vain mostly for the access control technology of Internet resources at present What the mode of name menu manager access request was realized, operation principle is to add in corresponding network address in black, white list, and blacklist is used Block network address, white list is for network address of letting pass, so as to achieve the purpose that user is controlled to access network address.However black and white lists exist Some defects:First, the professional that black, white list list only has the industry is familiar with, and is difficult to judge for layman a certain Whether unknown network address should add in black, white list list;2nd, the Internet resources of magnanimity are possessed in current internet, it is difficult to The request of each Internet resources is all manually screened.
The content of the invention
To overcome above-mentioned the deficiencies in the prior art, it is an object of the invention to provide a kind of adaptive black and white based on attribute List access control method and system, to unknown Internet resources ask carry out intelligent decision, adaptive addition blacklist or White list list, so as to fulfill asking Internet resources to realize access control.Its technical solution is as follows:
Access control system of the present invention includes input module, output module, access control module three parts.It accesses Control method includes:System initialization method, user's input method, intelligent identification Method, method for updating system, alarm and output Method.Wherein:
The system initialization method:Administrator is specifically described by black known to input module typing, white list list It is as follows:
Administrator is detailed by input module typing information:For blacklist list, you can to record each net in detail The absolute path of location can also arrive the upper level catalogue of record web site resource;For white list list, web site resource is recorded Upper level catalogue, the then corresponding attribute information of system initialization white list network address:<<Domain name, property value>,<Host, property value >,<1, first order directory name, property value>,<2, second level directory name, property value>...<N, n-th grade of catalogue, property value> >, wherein domain name, host, directory name can extract from website information, and it is initial that property value is arranged to administrator's attribute Value.Wherein, property value refers to the numeric indicia that this level resource is judged as to access resource;Specific property value numerical value value Scope is (0,100), wherein, when the property value numberical range of a certain level is in 0-10, then judge own under the hierarchical directory Resource belongs to inaccessible resource;When the property value numberical range of a certain level is in 11-30, then a warning information is generated; When the property value numberical range of a certain level is in 31-100, system judges resource all under the level for that can access money Source.
User's input method:User inputs the Internet resources address of request, is described in detail below:It is recorded including user Enter method and user's requesting method, wherein user's input method includes administrator's input method and ordinary user's input method, pipe Reason person's input method is primarily referred to as administrator and passes through input module typing black and white lists Internet resources data or systematic parameter Data, ordinary user's typing refer to that user inputs a certain Internet resources by input module and asks whether to belong to that money can be accessed Source, system update the property value of web site resource according to the input information of user.
The intelligent identification Method:Access control module extracts the Resource Properties in user's hyperlink request first, then Matched Internet resources address has been searched whether in blacklist list according to corresponding attribute, if found, that is, has been returned User is forbidden to access the Internet resources information, otherwise system has searched whether corresponding record in white list list, if It finds, that is, returning allows to access the Internet resources information, if searched less than being just added to the address information of Internet White list list, and update the parameter of white list list;System extracts the attribute of resource from Internet resources request first Information:<<Domain name>,<Host>,<1, first order directory name>,<2, second level directory name>...<N, n-th grade of catalogue>>, and According to the order of domain name-host name-catalogue level inside black and white lists list, corresponding record is searched, if found, is pressed Information of whether letting pass is returned according to rule;If search less than, attribute information is added to white list list, and set domain name, Host and the property value of every layer of catalogue are user property initial value.
The method for updating system:Access control module is according to input information, using intelligent recognition algorithm, adaptive tune The property value of whole a certain Internet resources;
The alarm and output method:The recognition result of resource request is shown to user by access control module;Work as triggering When alarm threshold value, outputting alarm information is to administrator.
The advantageous effect that technical solution of the present invention is brought:
(1) a kind of adaptive black and white lists access control method and system based on attribute proposed by the present invention are used, it can With adaptive adjustment is black, white list table data, in the environment of current mass network resource request, network management is alleviated The workload of member;
(2) a kind of adaptive black and white lists access control method and system based on attribute proposed by the present invention are used, is System can access resource so that whether resource affiliated under a certain hierarchical directory of automatic identification belongs to, and improve systematic difference model It encloses;
(3) a kind of adaptive black and white lists access control method and system based on attribute proposed by the present invention are used, is The resource of black and white lists can be summarized as directory level by system, that is, is reduced amount of user effort, also optimized access control system.
Description of the drawings
It in order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of adaptive black and white lists access control system schematic based on attribute proposed by the present invention;
Fig. 2 is a kind of adaptive black and white lists access control method specific workflow based on attribute proposed by the present invention Schematic diagram;
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts Embodiment belongs to the scope of protection of the invention.
As shown in Figure 1, access control system of the present invention includes input module, output module, access control module Three parts.
Access control method as shown in Figure 2 includes:System initialization, user's input, intelligent recognition, system update, alarm With output.Wherein:
The system initialization method:Administrator passes through black known to input module typing, white list list;
User's input method:User inputs the Internet resources address of request.
The intelligent identification Method:Access control module extracts the Resource Properties in user's hyperlink request first, then Matched resource address has been searched whether in blacklist list according to corresponding attribute, if found, that is, has returned and forbids using Family accesses the Internet resources information, and otherwise system has searched whether corresponding record in white list list, if found, I.e. return allow to access the Internet resources information, if search less than, the internet information is just added to white list list, And update the parameter of white list list.
The method for updating system:Access control module is according to input information, using intelligent recognition algorithm, adaptive tune The property value of whole a certain Internet resources.
The alarm and output method:The recognition result of resource request is shown to user by access control module;Work as triggering When alarm threshold value, outputting alarm information is to administrator.
The system initialization method, specifically, administrator's typing information, detailed:For blacklist list, you can with The absolute path of each Internet resources is recorded in detail, can also arrive the upper level catalogue of record Internet resources;For white name The upper level catalogue of Internet resources is recorded, then the corresponding attribute information of system initialization white list network address in single-row table:<< Domain name, property value>,<Host, property value>,<1, first order directory name, property value>,<2, second level directory name, property value >...<N, n-th grade of catalogue, property value>>, wherein domain name, host, directory name can extract from resource request information Out, property value is arranged to administrator's attribute initial value 100.
The system initialization method, specifically, property value refers to the number that this level resource is judged as to access resource Value mark;Specific property value numerical value value range is (0,100), wherein, when the property value numberical range of a certain level is in 0- When 10, then judge that all resources belong to inaccessible resource under the hierarchical directory;When the property value numberical range of a certain level exists During 11-30, then a warning information is generated;When the property value numberical range of a certain level is in 31-100, system judges the layer All resources are that can access resource under grade.
User's input method, specifically, including user's input method and user's requesting method, wherein user typing side Method includes administrator's input method and ordinary user's input method, and administrator's input method is primarily referred to as administrator by inputting mould Block typing black and white lists Internet resources data or system parameter data, ordinary user's typing refer to that user passes through input module Input whether a certain request resource belongs to and can access resource, system is according to the attribute of the input information of user update web site resource Value.
The intelligent identification Method, specifically, system extracts the attribute information of network address from request network address first<<Domain Name>,<Host>,<1, first order directory name>,<2, second level directory name>...<N, n-th grade of catalogue>>, and in black and white name According to the order of domain name-host name-catalogue level inside single-row table, corresponding record is searched, if found, is returned according to rule Return information of whether letting pass;If it searches less than attribute information is added to white list list, and sets domain name, host and every The property value of layer catalogue is user property initial value 50.
Intelligent recognition algorithm in the method for updating system, specifically, the update method is mainly used for updating white name The web site resource property value of single-row table, algorithmic procedure are as follows:
Wherein OPRefer to the corresponding property value of request network address upper level catalogue, UPRefer to that user property discriminant value is defaulted as 1, USResource can be accessed by referring to whether user's decision request network address belongs to;When the property value of Internet resources reaches alarm scope When, system generates an alarm log;When the property value of Internet resources reaches blacklist scope, by the Internet resources Attribute information be added to blacklist list.
The alarm and output method, specifically, system asks Internet resources to return user according to intelligent identification Method The information returned be made whether the action that user is allowed to access the resource;System according to request Internet resources attribute-value ranges, Decide whether to generate a warning information.
A kind of adaptive black and white lists access control method based on attribute for being there is provided above to the embodiment of the present invention and System is described in detail, and specific case used herein is set forth the principle of the present invention and embodiment, with The explanation of upper embodiment is only intended to help the method and its core concept for understanding the present invention;Meanwhile for the general of this field Technical staff, thought according to the invention, there will be changes in specific embodiments and applications, in conclusion This specification content should not be construed as limiting the invention.

Claims (7)

1. a kind of adaptive black and white lists access control method and system based on attribute, including:System initialization method, user Input method, intelligent identification Method, method for updating system, alarm and output method.Wherein:
The system initialization method:Administrator passes through black known to input module typing, white list list;
User's input method:User inputs the Internet resources address of request;
The intelligent identification Method:Access control module extracts the Resource Properties in user's hyperlink request first, then basis Corresponding attribute has searched whether matched Internet resources address in blacklist list;If found, that is, return and forbid User accesses the Internet resources information;Otherwise system has searched whether corresponding record in white list list, if searched It arrives, that is, returning allows to access the Internet resources information, if searched less than the address information of Internet just is added to white name Single-row table, and update the parameter of white list list;
The method for updating system:Access control module is according to input information, using intelligent recognition algorithm, adaptive adjustment The property value of one Internet resources;
The alarm and output method:The recognition result of resource request is shown to user by access control module;When triggering alerts When threshold values, outputting alarm information is to administrator.
2. a kind of adaptive black and white lists access control method and system based on attribute according to claim 1, special Sign is:In system initialization method, administrator is described in detail below by input module typing information:
S1. for blacklist list, the absolute path of each network address can be both recorded in detail, can also arrive record web site resource Upper level catalogue;
S2. for white list list, the upper level catalogue of web site resource is recorded, then system initialization white list network address corresponds to Attribute information:<<Domain name, property value>,<Host, property value>,<1, first order directory name, property value>,<2, second level catalogue Name, property value>...<N, n-th grade of catalogue, property value>>, wherein domain name, host, directory name can be from website informations It extracts, property value is arranged to administrator's attribute initial value.
3. a kind of adaptive black and white lists access control method and system based on attribute according to claim 1 or 2, It is characterized in that:Property value refers to the numeric indicia that this level resource is judged as to access resource, is described in detail below:Property value Numerical value value range is (0,100), wherein, when the property value numberical range of a certain level is in 0-10, then judge the level mesh All resources belong to inaccessible resource under record;When the property value numberical range of a certain level is in 11-30, then an announcement is generated Alert information;When the property value numberical range of a certain level is in 31-100, system judges resource all under the level for can be with Access resource.
4. a kind of adaptive black and white lists access control method and system based on attribute according to claim 1, special Sign is:User's input method, is described in detail below:Including user's input method and user's requesting method, wherein user's typing Method includes administrator's input method and ordinary user's input method, and administrator's input method is primarily referred to as administrator and passes through input Module typing black and white lists Internet resources data or system parameter data, ordinary user's typing refer to user by inputting mould Whether block inputs a certain Internet resources and asks to belong to that resource can be accessed, and system updates network address according to the input information of user and provides The property value in source.
5. a kind of adaptive black and white lists access control method and system based on attribute according to claim 1, special Sign is:Intelligent identification Method is described in detail below:System extracts the attribute information of resource from Internet resources request:< <Domain name>,<Host>,<1, first order directory name>,<2, second level directory name>...<N, n-th grade of catalogue>>, and in black and white According to the order of domain name-host name-catalogue level inside list list, corresponding record is searched, if found, according to rule Return to information of whether letting pass;If search less than, attribute information is added to white list list, and set domain name, host and The property value of every layer of catalogue is user property initial value.
6. a kind of adaptive black and white lists access control method and system based on attribute according to claim 1, special Sign is:Intelligent recognition algorithm in method for updating system, specifically, the update method is mainly used for updating white list list Web site resource property value, algorithmic procedure is as follows:
Wherein OPRefer to the corresponding property value of request network address upper level catalogue, UPRefer to user property discriminant value, USRefer to user Whether decision request network address, which belongs to, can access resource;When the property value of Internet resources reaches alarm scope, system production A raw alarm log;When the property value of Internet resources reaches blacklist scope, by the attribute information of the Internet resources It is added to blacklist list.
7. a kind of adaptive black and white lists access control method and system based on attribute according to claim 1, special Sign is:Alarm and output method, specifically, system asks user according to intelligent identification Method in the letter that web site resource returns Breath be made whether the action that user is allowed to access the resource;System decides whether according to the attribute-value ranges of request web site resource Generate a warning information.
CN201611030448.3A 2016-11-16 2016-11-16 A kind of adaptive black and white lists access control method and system based on attribute Pending CN108076027A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611030448.3A CN108076027A (en) 2016-11-16 2016-11-16 A kind of adaptive black and white lists access control method and system based on attribute

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611030448.3A CN108076027A (en) 2016-11-16 2016-11-16 A kind of adaptive black and white lists access control method and system based on attribute

Publications (1)

Publication Number Publication Date
CN108076027A true CN108076027A (en) 2018-05-25

Family

ID=62161231

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611030448.3A Pending CN108076027A (en) 2016-11-16 2016-11-16 A kind of adaptive black and white lists access control method and system based on attribute

Country Status (1)

Country Link
CN (1) CN108076027A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109617719A (en) * 2018-12-07 2019-04-12 上海云屹信息技术有限公司 A kind of method that the collaboration that mobile broadband network determines broadband network with net is managed
CN109862025A (en) * 2019-02-28 2019-06-07 北京安护环宇科技有限公司 Access control method, apparatus and system based on black and white lists

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100017865A1 (en) * 2004-06-30 2010-01-21 Ebay Inc. Method and system for preventing fraudulent activities
CN101692639A (en) * 2009-09-15 2010-04-07 西安交通大学 Bad webpage recognition method based on URL
CN102231745A (en) * 2011-07-08 2011-11-02 盛大计算机(上海)有限公司 Safety system and method for network application
CN102299918A (en) * 2011-07-08 2011-12-28 盛大计算机(上海)有限公司 Network transaction safety system and method thereof
CN102685145A (en) * 2012-05-28 2012-09-19 西安交通大学 Domain name server (DNS) data packet-based bot-net domain name discovery method
CN103428196A (en) * 2012-12-27 2013-12-04 北京安天电子设备有限公司 URL white list-based WEB application intrusion detecting method and apparatus
CN104021143A (en) * 2014-05-14 2014-09-03 北京网康科技有限公司 Method and device for recording webpage access behavior
CN105897752A (en) * 2016-06-03 2016-08-24 北京奇虎科技有限公司 Safety detection method and device of unknown domain name
WO2016173327A1 (en) * 2015-04-28 2016-11-03 北京瀚思安信科技有限公司 Method and device for detecting website attack

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100017865A1 (en) * 2004-06-30 2010-01-21 Ebay Inc. Method and system for preventing fraudulent activities
CN101692639A (en) * 2009-09-15 2010-04-07 西安交通大学 Bad webpage recognition method based on URL
CN102231745A (en) * 2011-07-08 2011-11-02 盛大计算机(上海)有限公司 Safety system and method for network application
CN102299918A (en) * 2011-07-08 2011-12-28 盛大计算机(上海)有限公司 Network transaction safety system and method thereof
CN102685145A (en) * 2012-05-28 2012-09-19 西安交通大学 Domain name server (DNS) data packet-based bot-net domain name discovery method
CN103428196A (en) * 2012-12-27 2013-12-04 北京安天电子设备有限公司 URL white list-based WEB application intrusion detecting method and apparatus
CN104021143A (en) * 2014-05-14 2014-09-03 北京网康科技有限公司 Method and device for recording webpage access behavior
WO2016173327A1 (en) * 2015-04-28 2016-11-03 北京瀚思安信科技有限公司 Method and device for detecting website attack
CN105897752A (en) * 2016-06-03 2016-08-24 北京奇虎科技有限公司 Safety detection method and device of unknown domain name

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109617719A (en) * 2018-12-07 2019-04-12 上海云屹信息技术有限公司 A kind of method that the collaboration that mobile broadband network determines broadband network with net is managed
CN109617719B (en) * 2018-12-07 2021-07-02 上海云屹信息技术有限公司 Method for cooperative management and control of mobile broadband network and fixed broadband network
CN109862025A (en) * 2019-02-28 2019-06-07 北京安护环宇科技有限公司 Access control method, apparatus and system based on black and white lists

Similar Documents

Publication Publication Date Title
CN104735055B (en) A kind of cross-domain safety access control method based on degree of belief
US8839440B2 (en) Apparatus and method for forecasting security threat level of network
Namaki et al. Discovering graph temporal association rules
KR101699653B1 (en) Identifying and preventing leaks of sensitive information
CN111177743B (en) Credit big data oriented risk control method and system thereof
CN109246064A (en) Safe access control, the generation method of networkaccess rules, device and equipment
CN106572116A (en) Role-and-attribute-based cross-domain secure switch access control method of integrated network
CN108769070A (en) One kind is gone beyond one&#39;s commission leak detection method and device
CN105653725A (en) MYSQL database mandatory access control self-adaptive optimization method based on conditional random fields
US20230281249A1 (en) Computer-implemented methods, systems comprising computer-readable media, and electronic devices for enabled intervention into a network computing environment
US20230273959A1 (en) Computer-implemented methods, systems comprising computer-readable media, and electronic devices for narrative representation of a network computing environment
US12105756B2 (en) Computer-implemented methods, systems comprising computer-readable media, and electronic devices for narrative representation of a network computing environment
CN112016078A (en) Method, device, server and storage medium for detecting forbidding of login equipment
CN108076027A (en) A kind of adaptive black and white lists access control method and system based on attribute
Vörös et al. Web content filtering through knowledge distillation of large language models
Yang et al. Mathematical Problems in Engineering Decision‐Making Based on Improved Entropy Weighting Method: An Example of Passenger Comfort in a Smart Cockpit of a Car
US20200274753A1 (en) Method for creating and managing permissions for accessing yang data in yang-based datastores
Jiang et al. Tapchain: A rule chain recognition model based on multiple features
CN109409102B (en) Data privacy protection method based on dynamic context
CN108366068A (en) Cloud network resource management control system based on policy language under a kind of software defined network
CN112085369A (en) Security detection method, device, equipment and system for rule model
CN105488390B (en) A kind of apocrypha under Linux finds method and system
CN108377275B (en) Network security protection method based on neural network algorithm
CN109670339A (en) The access control method and device towards secret protection based on ontology
EP3334128B1 (en) A method for automatic determining at time of registration whether a domain name registration is likely to be intended for use for malicious activity or not

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180525

WD01 Invention patent application deemed withdrawn after publication