CN108076027A - A kind of adaptive black and white lists access control method and system based on attribute - Google Patents
A kind of adaptive black and white lists access control method and system based on attribute Download PDFInfo
- Publication number
- CN108076027A CN108076027A CN201611030448.3A CN201611030448A CN108076027A CN 108076027 A CN108076027 A CN 108076027A CN 201611030448 A CN201611030448 A CN 201611030448A CN 108076027 A CN108076027 A CN 108076027A
- Authority
- CN
- China
- Prior art keywords
- user
- property value
- resource
- list
- attribute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of adaptive black and white lists access control methods based on attribute and system, the access control method to include:System initialization method, user's input method, intelligent identification Method, method for updating system, alarm and output method, unknown Internet resources are asked to carry out intelligent decision, adaptive addition blacklist or white list list, so as to fulfill asking Internet resources to realize access control.
Description
Technical field
The present invention relates to a kind of Internet communication technology field, more particularly to a kind of adaptive black and white lists based on attribute
Access control method and system.
Background technology
With computer system, the fast development of open network system and its extensive use in all trades and professions, interconnection
Information content becomes increasing in net, and user is also growing day by day to the request of Internet resources;Meanwhile in internet it is a large amount of not
Good information, not only regulation contrary to law, corrupts social values, and also seriously affects growing up healthy and sound in all respects for minor.
The core of security assurance information mechanism is access control function, and access control is a kind of visit for managing control target
Ask ability and the method for access profile;For validated user, it can constrain its access rights, allow its legitimate request of letting pass,
Its illegal operation is prevented, in order to avoid resource is damaged;For disabled user, it can prevent its request to resource, with this
To ensure by controlled, the legal use of the security of protection resource, data integrity and resource.
Internet communication technology field is by blacklist, in vain mostly for the access control technology of Internet resources at present
What the mode of name menu manager access request was realized, operation principle is to add in corresponding network address in black, white list, and blacklist is used
Block network address, white list is for network address of letting pass, so as to achieve the purpose that user is controlled to access network address.However black and white lists exist
Some defects:First, the professional that black, white list list only has the industry is familiar with, and is difficult to judge for layman a certain
Whether unknown network address should add in black, white list list;2nd, the Internet resources of magnanimity are possessed in current internet, it is difficult to
The request of each Internet resources is all manually screened.
The content of the invention
To overcome above-mentioned the deficiencies in the prior art, it is an object of the invention to provide a kind of adaptive black and white based on attribute
List access control method and system, to unknown Internet resources ask carry out intelligent decision, adaptive addition blacklist or
White list list, so as to fulfill asking Internet resources to realize access control.Its technical solution is as follows:
Access control system of the present invention includes input module, output module, access control module three parts.It accesses
Control method includes:System initialization method, user's input method, intelligent identification Method, method for updating system, alarm and output
Method.Wherein:
The system initialization method:Administrator is specifically described by black known to input module typing, white list list
It is as follows:
Administrator is detailed by input module typing information:For blacklist list, you can to record each net in detail
The absolute path of location can also arrive the upper level catalogue of record web site resource;For white list list, web site resource is recorded
Upper level catalogue, the then corresponding attribute information of system initialization white list network address:<<Domain name, property value>,<Host, property value
>,<1, first order directory name, property value>,<2, second level directory name, property value>...<N, n-th grade of catalogue, property value>
>, wherein domain name, host, directory name can extract from website information, and it is initial that property value is arranged to administrator's attribute
Value.Wherein, property value refers to the numeric indicia that this level resource is judged as to access resource;Specific property value numerical value value
Scope is (0,100), wherein, when the property value numberical range of a certain level is in 0-10, then judge own under the hierarchical directory
Resource belongs to inaccessible resource;When the property value numberical range of a certain level is in 11-30, then a warning information is generated;
When the property value numberical range of a certain level is in 31-100, system judges resource all under the level for that can access money
Source.
User's input method:User inputs the Internet resources address of request, is described in detail below:It is recorded including user
Enter method and user's requesting method, wherein user's input method includes administrator's input method and ordinary user's input method, pipe
Reason person's input method is primarily referred to as administrator and passes through input module typing black and white lists Internet resources data or systematic parameter
Data, ordinary user's typing refer to that user inputs a certain Internet resources by input module and asks whether to belong to that money can be accessed
Source, system update the property value of web site resource according to the input information of user.
The intelligent identification Method:Access control module extracts the Resource Properties in user's hyperlink request first, then
Matched Internet resources address has been searched whether in blacklist list according to corresponding attribute, if found, that is, has been returned
User is forbidden to access the Internet resources information, otherwise system has searched whether corresponding record in white list list, if
It finds, that is, returning allows to access the Internet resources information, if searched less than being just added to the address information of Internet
White list list, and update the parameter of white list list;System extracts the attribute of resource from Internet resources request first
Information:<<Domain name>,<Host>,<1, first order directory name>,<2, second level directory name>...<N, n-th grade of catalogue>>, and
According to the order of domain name-host name-catalogue level inside black and white lists list, corresponding record is searched, if found, is pressed
Information of whether letting pass is returned according to rule;If search less than, attribute information is added to white list list, and set domain name,
Host and the property value of every layer of catalogue are user property initial value.
The method for updating system:Access control module is according to input information, using intelligent recognition algorithm, adaptive tune
The property value of whole a certain Internet resources;
The alarm and output method:The recognition result of resource request is shown to user by access control module;Work as triggering
When alarm threshold value, outputting alarm information is to administrator.
The advantageous effect that technical solution of the present invention is brought:
(1) a kind of adaptive black and white lists access control method and system based on attribute proposed by the present invention are used, it can
With adaptive adjustment is black, white list table data, in the environment of current mass network resource request, network management is alleviated
The workload of member;
(2) a kind of adaptive black and white lists access control method and system based on attribute proposed by the present invention are used, is
System can access resource so that whether resource affiliated under a certain hierarchical directory of automatic identification belongs to, and improve systematic difference model
It encloses;
(3) a kind of adaptive black and white lists access control method and system based on attribute proposed by the present invention are used, is
The resource of black and white lists can be summarized as directory level by system, that is, is reduced amount of user effort, also optimized access control system.
Description of the drawings
It in order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of adaptive black and white lists access control system schematic based on attribute proposed by the present invention;
Fig. 2 is a kind of adaptive black and white lists access control method specific workflow based on attribute proposed by the present invention
Schematic diagram;
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts
Embodiment belongs to the scope of protection of the invention.
As shown in Figure 1, access control system of the present invention includes input module, output module, access control module
Three parts.
Access control method as shown in Figure 2 includes:System initialization, user's input, intelligent recognition, system update, alarm
With output.Wherein:
The system initialization method:Administrator passes through black known to input module typing, white list list;
User's input method:User inputs the Internet resources address of request.
The intelligent identification Method:Access control module extracts the Resource Properties in user's hyperlink request first, then
Matched resource address has been searched whether in blacklist list according to corresponding attribute, if found, that is, has returned and forbids using
Family accesses the Internet resources information, and otherwise system has searched whether corresponding record in white list list, if found,
I.e. return allow to access the Internet resources information, if search less than, the internet information is just added to white list list,
And update the parameter of white list list.
The method for updating system:Access control module is according to input information, using intelligent recognition algorithm, adaptive tune
The property value of whole a certain Internet resources.
The alarm and output method:The recognition result of resource request is shown to user by access control module;Work as triggering
When alarm threshold value, outputting alarm information is to administrator.
The system initialization method, specifically, administrator's typing information, detailed:For blacklist list, you can with
The absolute path of each Internet resources is recorded in detail, can also arrive the upper level catalogue of record Internet resources;For white name
The upper level catalogue of Internet resources is recorded, then the corresponding attribute information of system initialization white list network address in single-row table:<<
Domain name, property value>,<Host, property value>,<1, first order directory name, property value>,<2, second level directory name, property value
>...<N, n-th grade of catalogue, property value>>, wherein domain name, host, directory name can extract from resource request information
Out, property value is arranged to administrator's attribute initial value 100.
The system initialization method, specifically, property value refers to the number that this level resource is judged as to access resource
Value mark;Specific property value numerical value value range is (0,100), wherein, when the property value numberical range of a certain level is in 0-
When 10, then judge that all resources belong to inaccessible resource under the hierarchical directory;When the property value numberical range of a certain level exists
During 11-30, then a warning information is generated;When the property value numberical range of a certain level is in 31-100, system judges the layer
All resources are that can access resource under grade.
User's input method, specifically, including user's input method and user's requesting method, wherein user typing side
Method includes administrator's input method and ordinary user's input method, and administrator's input method is primarily referred to as administrator by inputting mould
Block typing black and white lists Internet resources data or system parameter data, ordinary user's typing refer to that user passes through input module
Input whether a certain request resource belongs to and can access resource, system is according to the attribute of the input information of user update web site resource
Value.
The intelligent identification Method, specifically, system extracts the attribute information of network address from request network address first<<Domain
Name>,<Host>,<1, first order directory name>,<2, second level directory name>...<N, n-th grade of catalogue>>, and in black and white name
According to the order of domain name-host name-catalogue level inside single-row table, corresponding record is searched, if found, is returned according to rule
Return information of whether letting pass;If it searches less than attribute information is added to white list list, and sets domain name, host and every
The property value of layer catalogue is user property initial value 50.
Intelligent recognition algorithm in the method for updating system, specifically, the update method is mainly used for updating white name
The web site resource property value of single-row table, algorithmic procedure are as follows:
Wherein OPRefer to the corresponding property value of request network address upper level catalogue, UPRefer to that user property discriminant value is defaulted as
1, USResource can be accessed by referring to whether user's decision request network address belongs to;When the property value of Internet resources reaches alarm scope
When, system generates an alarm log;When the property value of Internet resources reaches blacklist scope, by the Internet resources
Attribute information be added to blacklist list.
The alarm and output method, specifically, system asks Internet resources to return user according to intelligent identification Method
The information returned be made whether the action that user is allowed to access the resource;System according to request Internet resources attribute-value ranges,
Decide whether to generate a warning information.
A kind of adaptive black and white lists access control method based on attribute for being there is provided above to the embodiment of the present invention and
System is described in detail, and specific case used herein is set forth the principle of the present invention and embodiment, with
The explanation of upper embodiment is only intended to help the method and its core concept for understanding the present invention;Meanwhile for the general of this field
Technical staff, thought according to the invention, there will be changes in specific embodiments and applications, in conclusion
This specification content should not be construed as limiting the invention.
Claims (7)
1. a kind of adaptive black and white lists access control method and system based on attribute, including:System initialization method, user
Input method, intelligent identification Method, method for updating system, alarm and output method.Wherein:
The system initialization method:Administrator passes through black known to input module typing, white list list;
User's input method:User inputs the Internet resources address of request;
The intelligent identification Method:Access control module extracts the Resource Properties in user's hyperlink request first, then basis
Corresponding attribute has searched whether matched Internet resources address in blacklist list;If found, that is, return and forbid
User accesses the Internet resources information;Otherwise system has searched whether corresponding record in white list list, if searched
It arrives, that is, returning allows to access the Internet resources information, if searched less than the address information of Internet just is added to white name
Single-row table, and update the parameter of white list list;
The method for updating system:Access control module is according to input information, using intelligent recognition algorithm, adaptive adjustment
The property value of one Internet resources;
The alarm and output method:The recognition result of resource request is shown to user by access control module;When triggering alerts
When threshold values, outputting alarm information is to administrator.
2. a kind of adaptive black and white lists access control method and system based on attribute according to claim 1, special
Sign is:In system initialization method, administrator is described in detail below by input module typing information:
S1. for blacklist list, the absolute path of each network address can be both recorded in detail, can also arrive record web site resource
Upper level catalogue;
S2. for white list list, the upper level catalogue of web site resource is recorded, then system initialization white list network address corresponds to
Attribute information:<<Domain name, property value>,<Host, property value>,<1, first order directory name, property value>,<2, second level catalogue
Name, property value>...<N, n-th grade of catalogue, property value>>, wherein domain name, host, directory name can be from website informations
It extracts, property value is arranged to administrator's attribute initial value.
3. a kind of adaptive black and white lists access control method and system based on attribute according to claim 1 or 2,
It is characterized in that:Property value refers to the numeric indicia that this level resource is judged as to access resource, is described in detail below:Property value
Numerical value value range is (0,100), wherein, when the property value numberical range of a certain level is in 0-10, then judge the level mesh
All resources belong to inaccessible resource under record;When the property value numberical range of a certain level is in 11-30, then an announcement is generated
Alert information;When the property value numberical range of a certain level is in 31-100, system judges resource all under the level for can be with
Access resource.
4. a kind of adaptive black and white lists access control method and system based on attribute according to claim 1, special
Sign is:User's input method, is described in detail below:Including user's input method and user's requesting method, wherein user's typing
Method includes administrator's input method and ordinary user's input method, and administrator's input method is primarily referred to as administrator and passes through input
Module typing black and white lists Internet resources data or system parameter data, ordinary user's typing refer to user by inputting mould
Whether block inputs a certain Internet resources and asks to belong to that resource can be accessed, and system updates network address according to the input information of user and provides
The property value in source.
5. a kind of adaptive black and white lists access control method and system based on attribute according to claim 1, special
Sign is:Intelligent identification Method is described in detail below:System extracts the attribute information of resource from Internet resources request:<
<Domain name>,<Host>,<1, first order directory name>,<2, second level directory name>...<N, n-th grade of catalogue>>, and in black and white
According to the order of domain name-host name-catalogue level inside list list, corresponding record is searched, if found, according to rule
Return to information of whether letting pass;If search less than, attribute information is added to white list list, and set domain name, host and
The property value of every layer of catalogue is user property initial value.
6. a kind of adaptive black and white lists access control method and system based on attribute according to claim 1, special
Sign is:Intelligent recognition algorithm in method for updating system, specifically, the update method is mainly used for updating white list list
Web site resource property value, algorithmic procedure is as follows:
Wherein OPRefer to the corresponding property value of request network address upper level catalogue, UPRefer to user property discriminant value, USRefer to user
Whether decision request network address, which belongs to, can access resource;When the property value of Internet resources reaches alarm scope, system production
A raw alarm log;When the property value of Internet resources reaches blacklist scope, by the attribute information of the Internet resources
It is added to blacklist list.
7. a kind of adaptive black and white lists access control method and system based on attribute according to claim 1, special
Sign is:Alarm and output method, specifically, system asks user according to intelligent identification Method in the letter that web site resource returns
Breath be made whether the action that user is allowed to access the resource;System decides whether according to the attribute-value ranges of request web site resource
Generate a warning information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611030448.3A CN108076027A (en) | 2016-11-16 | 2016-11-16 | A kind of adaptive black and white lists access control method and system based on attribute |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611030448.3A CN108076027A (en) | 2016-11-16 | 2016-11-16 | A kind of adaptive black and white lists access control method and system based on attribute |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108076027A true CN108076027A (en) | 2018-05-25 |
Family
ID=62161231
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611030448.3A Pending CN108076027A (en) | 2016-11-16 | 2016-11-16 | A kind of adaptive black and white lists access control method and system based on attribute |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108076027A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109617719A (en) * | 2018-12-07 | 2019-04-12 | 上海云屹信息技术有限公司 | A kind of method that the collaboration that mobile broadband network determines broadband network with net is managed |
CN109862025A (en) * | 2019-02-28 | 2019-06-07 | 北京安护环宇科技有限公司 | Access control method, apparatus and system based on black and white lists |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100017865A1 (en) * | 2004-06-30 | 2010-01-21 | Ebay Inc. | Method and system for preventing fraudulent activities |
CN101692639A (en) * | 2009-09-15 | 2010-04-07 | 西安交通大学 | Bad webpage recognition method based on URL |
CN102231745A (en) * | 2011-07-08 | 2011-11-02 | 盛大计算机(上海)有限公司 | Safety system and method for network application |
CN102299918A (en) * | 2011-07-08 | 2011-12-28 | 盛大计算机(上海)有限公司 | Network transaction safety system and method thereof |
CN102685145A (en) * | 2012-05-28 | 2012-09-19 | 西安交通大学 | Domain name server (DNS) data packet-based bot-net domain name discovery method |
CN103428196A (en) * | 2012-12-27 | 2013-12-04 | 北京安天电子设备有限公司 | URL white list-based WEB application intrusion detecting method and apparatus |
CN104021143A (en) * | 2014-05-14 | 2014-09-03 | 北京网康科技有限公司 | Method and device for recording webpage access behavior |
CN105897752A (en) * | 2016-06-03 | 2016-08-24 | 北京奇虎科技有限公司 | Safety detection method and device of unknown domain name |
WO2016173327A1 (en) * | 2015-04-28 | 2016-11-03 | 北京瀚思安信科技有限公司 | Method and device for detecting website attack |
-
2016
- 2016-11-16 CN CN201611030448.3A patent/CN108076027A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100017865A1 (en) * | 2004-06-30 | 2010-01-21 | Ebay Inc. | Method and system for preventing fraudulent activities |
CN101692639A (en) * | 2009-09-15 | 2010-04-07 | 西安交通大学 | Bad webpage recognition method based on URL |
CN102231745A (en) * | 2011-07-08 | 2011-11-02 | 盛大计算机(上海)有限公司 | Safety system and method for network application |
CN102299918A (en) * | 2011-07-08 | 2011-12-28 | 盛大计算机(上海)有限公司 | Network transaction safety system and method thereof |
CN102685145A (en) * | 2012-05-28 | 2012-09-19 | 西安交通大学 | Domain name server (DNS) data packet-based bot-net domain name discovery method |
CN103428196A (en) * | 2012-12-27 | 2013-12-04 | 北京安天电子设备有限公司 | URL white list-based WEB application intrusion detecting method and apparatus |
CN104021143A (en) * | 2014-05-14 | 2014-09-03 | 北京网康科技有限公司 | Method and device for recording webpage access behavior |
WO2016173327A1 (en) * | 2015-04-28 | 2016-11-03 | 北京瀚思安信科技有限公司 | Method and device for detecting website attack |
CN105897752A (en) * | 2016-06-03 | 2016-08-24 | 北京奇虎科技有限公司 | Safety detection method and device of unknown domain name |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109617719A (en) * | 2018-12-07 | 2019-04-12 | 上海云屹信息技术有限公司 | A kind of method that the collaboration that mobile broadband network determines broadband network with net is managed |
CN109617719B (en) * | 2018-12-07 | 2021-07-02 | 上海云屹信息技术有限公司 | Method for cooperative management and control of mobile broadband network and fixed broadband network |
CN109862025A (en) * | 2019-02-28 | 2019-06-07 | 北京安护环宇科技有限公司 | Access control method, apparatus and system based on black and white lists |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104735055B (en) | A kind of cross-domain safety access control method based on degree of belief | |
US8839440B2 (en) | Apparatus and method for forecasting security threat level of network | |
Namaki et al. | Discovering graph temporal association rules | |
KR101699653B1 (en) | Identifying and preventing leaks of sensitive information | |
CN111177743B (en) | Credit big data oriented risk control method and system thereof | |
CN109246064A (en) | Safe access control, the generation method of networkaccess rules, device and equipment | |
CN106572116A (en) | Role-and-attribute-based cross-domain secure switch access control method of integrated network | |
CN108769070A (en) | One kind is gone beyond one's commission leak detection method and device | |
CN105653725A (en) | MYSQL database mandatory access control self-adaptive optimization method based on conditional random fields | |
US20230281249A1 (en) | Computer-implemented methods, systems comprising computer-readable media, and electronic devices for enabled intervention into a network computing environment | |
US20230273959A1 (en) | Computer-implemented methods, systems comprising computer-readable media, and electronic devices for narrative representation of a network computing environment | |
US12105756B2 (en) | Computer-implemented methods, systems comprising computer-readable media, and electronic devices for narrative representation of a network computing environment | |
CN112016078A (en) | Method, device, server and storage medium for detecting forbidding of login equipment | |
CN108076027A (en) | A kind of adaptive black and white lists access control method and system based on attribute | |
Vörös et al. | Web content filtering through knowledge distillation of large language models | |
Yang et al. | Mathematical Problems in Engineering Decision‐Making Based on Improved Entropy Weighting Method: An Example of Passenger Comfort in a Smart Cockpit of a Car | |
US20200274753A1 (en) | Method for creating and managing permissions for accessing yang data in yang-based datastores | |
Jiang et al. | Tapchain: A rule chain recognition model based on multiple features | |
CN109409102B (en) | Data privacy protection method based on dynamic context | |
CN108366068A (en) | Cloud network resource management control system based on policy language under a kind of software defined network | |
CN112085369A (en) | Security detection method, device, equipment and system for rule model | |
CN105488390B (en) | A kind of apocrypha under Linux finds method and system | |
CN108377275B (en) | Network security protection method based on neural network algorithm | |
CN109670339A (en) | The access control method and device towards secret protection based on ontology | |
EP3334128B1 (en) | A method for automatic determining at time of registration whether a domain name registration is likely to be intended for use for malicious activity or not |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180525 |
|
WD01 | Invention patent application deemed withdrawn after publication |