CN113449107A - Distributed self-adaptive access control method facing to geographic big data - Google Patents

Distributed self-adaptive access control method facing to geographic big data Download PDF

Info

Publication number
CN113449107A
CN113449107A CN202110726411.9A CN202110726411A CN113449107A CN 113449107 A CN113449107 A CN 113449107A CN 202110726411 A CN202110726411 A CN 202110726411A CN 113449107 A CN113449107 A CN 113449107A
Authority
CN
China
Prior art keywords
attribute
big data
node
geographic
domain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110726411.9A
Other languages
Chinese (zh)
Other versions
CN113449107B (en
Inventor
杨乐婵
曾岳
闵建
陈文君
李莉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinling Institute of Technology
Original Assignee
Jinling Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinling Institute of Technology filed Critical Jinling Institute of Technology
Priority to CN202110726411.9A priority Critical patent/CN113449107B/en
Publication of CN113449107A publication Critical patent/CN113449107A/en
Application granted granted Critical
Publication of CN113449107B publication Critical patent/CN113449107B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/35Clustering; Classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/29Geographical information databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/36Creation of semantic tools, e.g. ontology or thesauri
    • G06F16/367Ontology
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/24323Tree-organised classifiers

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Artificial Intelligence (AREA)
  • Animal Behavior & Ethology (AREA)
  • Computational Linguistics (AREA)
  • Remote Sensing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明提出了面向地理大数据的分布式自适应访问控制方法,首先从地理空间实体的边界、内部和外部等层面基于交叉模型的拓扑关系分析方法来分析地理大数据空间实体的关系模型;其次,基于决策树来对不同时空关系、不同属性特征的空间大数据访问控制策略进行分类,形成有针对性的地理空间大数据访问控制策略分类模型;最后针对每一类地理空间大数据访问控制策略,结合BD-ABAC模型构建针对地理时空大数据分类分级的分布式自适应访问控制机制,实现开放共享环境下地理时空大数据的安全访问。

Figure 202110726411

The invention proposes a distributed adaptive access control method oriented to geographic big data. First, the relationship model of geographic big data spatial entities is analyzed from the boundary, internal and external aspects of geographic spatial entities based on a topological relationship analysis method based on a cross model; , based on the decision tree to classify the spatial big data access control strategies of different time-space relationships and different attribute characteristics, and form a targeted geospatial big data access control strategy classification model; finally, for each type of geospatial big data access control strategy , combined with the BD-ABAC model to build a distributed adaptive access control mechanism for the classification and grading of geographic spatiotemporal big data, to achieve secure access to geographic spatiotemporal big data in an open and shared environment.

Figure 202110726411

Description

Distributed self-adaptive access control method facing to geographic big data
Technical Field
The invention relates to the technical field of big data, in particular to a distributed self-adaptive access control method for geographical big data, which is mainly used for meeting the access control requirements of fine granularity and dynamic change in a geographical space-time big data environment.
Background
With the continuous development of advanced information communication technology, the geographic information space is being changed from a traditional closed centralized architecture to an open sharing system, and more terminal devices acquire, transmit and acquire geographic information data through a public network, which leads to an increasingly severe information security situation. Especially data in each row business system based on geographic information will face significant security protection challenges. The existing information safety protection means and laws and regulations for data safety in related geographical mapping fields are difficult to meet the safety protection of large geographic space data. Meanwhile, the characteristics of complicated network communication, diversified intelligent devices and frequent data interaction in the open shared geographic space make malicious attacks on the geographic space data inevitable, so that how to ensure the transmission and access of the geographic space data becomes a hot problem which needs to be solved urgently at present.
In recent years, technologies such as internet of things, pervasive computing, mobile internet and the like are continuously updated, geospatial data is increasingly convenient to acquire and share, and the problem of geospatial data security is highlighted. Although the traditional information field starts research on information security access control at the beginning of birth of a computer and has rich and mature theories and technologies, due to the particularity of geospatial data, such as characteristics of multiple scales, spatial relations, attributes and the like, the traditional access control theories and technologies cannot meet the special requirements of geospatial data access control, and therefore the theory of geospatial data access control models and the implementation technology thereof need to be researched according to the characteristics of geospatial data. Therefore, the invention provides a distributed self-adaptive access control method facing to geographic big data. The distributed self-adaptive access control of the geographic big data has extremely important significance to the field of geographic space big data security.
Distributed adaptive access control facing geographic big data mainly needs to consider two aspects of problems: (1) how to construct a geographic space-time big data self-adaptive access control strategy classification model (2) by using a decision tree algorithm and how to realize a BD-ABAC model-based distributed self-adaptive access control mechanism for classification and classification of geographic space-time big data, and realize the safe access of the geographic space-time big data in an open sharing environment.
Disclosure of Invention
In order to solve the problems, the invention provides a distributed self-adaptive access control method facing to geographic big data, and the method comprises the steps of firstly analyzing a relation model of a geographic big data space entity from the boundary, inside and outside of the geographic space entity and the like based on a topological relation analysis method of a cross model; secondly, classifying the spatial big data access control strategies with different space-time relationships and different attribute characteristics based on a decision tree to form a specific geographic spatial big data access control strategy classification model; and finally, constructing a distributed adaptive access control mechanism for classifying and grading the geographic spatiotemporal big data by combining a BD-ABAC model aiming at each type of geographic space big data access control strategy, and realizing the safe access of the geographic spatiotemporal big data under an open sharing environment.
To achieve the purpose, the invention provides a distributed adaptive access control method facing to geographic big data, which comprises the following specific steps:
step 1: firstly, initializing large-batch acquired geospatial data with wide dimensionality and complex composition, and entering a step 2;
step 2: the method comprises the steps of dividing a geographical big data entity into three characteristics of time, space and attributes by using a topological analysis method based on a cross model, representing the geographical big data entity by using a set { A, B,. }, { t, s, a } which respectively represents the characteristics of the time, space and attributes of the geographical big data entity, and using an incidence relation among { t, s, a }, wherein the incidence relation can be used
Figure BDA0003137727150000021
Expressing in a matrix form, and entering step 3;
and step 3: constructing a geographical big data entity in the Class option of a knowledge graph modeling tool Protege, then constructing three attribute objects of time, space and geographical big data attributes, and constructing a corresponding attribute objectSetting corresponding parameter names in the objects, and constructing an association relation prototype { { t) of the geographic big data entity on time, space and attribute characteristics1,t2,...,tn},{l1,l2,...,ln},{p11,p12,...,pnnStep 4, entering;
and 4, step 4: for data obtained in Protege { { t { (T) }1,t2,...,tn},{l1,l2,...,ln},{p11,p12,...,pnnDividing and classifying, and entering step 5;
and 5: setting a training set as U, wherein n sample sets are in total, an attribute set is C, and C different classes exist; the decision attribute set is D, the example training set is divided into D different classes, Di(i 1, 2.., d), the number of each class being niThen D isiThe probability of a class appearing in the set U is
Figure BDA0003137727150000022
Entering step 6;
step 6: according to the probability PiComputing the entropy of the information of d classes divided by the set U as
Figure BDA0003137727150000023
The information Gain of the attribute C relative to the example training sample set U is Gain (U, C) ═ H (U) — H (U, C), and the process proceeds to step 7;
and 7: and (3) using the information gain as a splitting measurement standard of the training sample set, selecting the attribute of the maximum value of the information gain as a node to generate a decision tree to split the training samples, wherein the attribute enables the information quantity required by the classification of the split samples to be minimum, and entering the step 8.
And 8: setting a desired error rate e(s) (N-N + K-1)/(N + K), wherein: s represents all training examples contained in the subtree; k is the number of classifications; n is the number of all training cases in S; c is the classification with the most proportion in S; n is the number of C in S, and the prepared error rate is error (node) min (E (node), sigma Pi*Error(Nodei) Go to step 9;
and step 9: starting from the second layer of the decision tree, each internal node of each layer is judged, if the sigma-delta P of the nodei*Error(Nodei) If the number of the leaf nodes is larger than E, the classification value with the largest proportion of the appearance in the subtree is used as a leaf node to replace the subtree, all the subtrees are pruned, then a node next to the same layer is considered, and if the sigma P of the node isi*Error(Nodei) If the value is smaller than E, each sub-node of the node is considered by the above method, and so on until the whole tree is checked, and the step 10 is entered;
step 10: establishing BD-ABAC model for access control strategy of geographic big data, and defining SAVt、RAVm、EAVn、AAVkRespectively setting a resource server for a main body attribute assignment set, a resource attribute assignment set, an environment attribute assignment set and an action attribute assignment set, and applying a security certificate to a security certification authority when a user accesses data resources for the first time, and entering step 11;
step 11: when an end user accesses a data resource, an access request Req (SAV)t,RAVm,EAVn,AAVk) The resource is forwarded to a domain positioning server, the domain positioning server analyzes the main body attribute and the resource attribute, and judges whether the access request of the resource is local domain access or cross-domain access, if the access request is cross-domain access request, a domain positioning module quickly searches a corresponding resource domain according to the resource attribute and forwards the access request, and the step 12 is entered;
step 12: access request Req (SAV) to end-user using attribute-based access control methodt,RAVm,EAVn,AAVk) Carrying out strategy judgment, sending a judgment result to a strategy execution point, providing a reliable basis for strategy judgment by each data resource domain according to a corresponding merging algorithm of the attribute strategy set, and entering step 13;
step 13: the domain positioning server forwards the access request to a corresponding resource domain, a decision mechanism of the resource domain judges the access request and returns the result to the terminal user, so that the safe access of the geographic space-time big data under the open sharing environment is realized, and the step 14 is entered;
step 14: the cycle ends.
Further, the control part of the distributed adaptive access control method facing the geographic big data comprises: a cross model analyzer, a decision tree classifier and a BD-ABAC model controller.
Furthermore, the cross model analyzer divides the geographic big data entities into three characteristics of time, space and attributes, considers the incidence relation among the time, space and attribute characteristics when describing the relation among the geographic big data entities, and simultaneously intends to utilize a knowledge graph modeling tool (Protege) to construct incidence relation prototypes of the geographic big data entities A and B on the time, space and attribute characteristics so as to clearly show the relation among different characteristics of each entity, and the specific flow is as follows:
firstly, dividing a geographical big data entity into three characteristics of time, space and attribute by a topological analysis method based on a cross model, dividing the geographical big data entity into three characteristics of time, space and attribute by the topological analysis method based on the cross model, wherein the geographical big data entity is represented by a set { A, B. }, and is represented by a set { t, s, a } which respectively represents the characteristics of time, space and attribute of the geographical big data entity, and the incidence relation among the { t, s, a } can be used
Figure BDA0003137727150000041
Expressed in matrix form;
then, constructing a geographical big data entity in a Class option of a knowledge graph modeling tool Protege, then constructing three attribute objects of time, space and geographical big data attributes, setting corresponding parameter names in the corresponding attribute objects, and constructing an incidence relation prototype { { t { (t) } of the geographical big data entity on the time, space and attribute characteristics1,t2,...,tn},{l1,l2,...,ln},{p11,p12,...,pnnAnd then classify the classification.
Furthermore, the decision tree classifier uses the time, space and attribute dimensions of the geographic big data as the attributes of the decision tree, constructs a geographic space-time big data adaptive access control strategy classification model based on a decision tree algorithm, uses the information gain as the metric value of the classification standard, selects the attribute with the maximum information gain as a node, and so on to obtain a complete decision tree, which may have excessive branches in the splitting process to cause excessive fitting, so that the decision tree is pruned, and the specific flow is as follows:
setting a training set as U, wherein n sample sets are in total, an attribute set is C, and C different classes exist; the decision attribute set is D, the example training set is divided into D different classes, Di(i 1, 2.., d), the number of each class being niThen D isiThe probability of a class appearing in the set U is
Figure BDA0003137727150000042
According to the probability PiComputing the entropy of the information of d classes divided by the set U as
Figure BDA0003137727150000043
The information Gain of the attribute C relative to the example training sample set U is Gain (U, C) ═ H (U) — H (U, C), the information Gain is used as a splitting metric of the training sample set, the attribute with the maximum value of the information Gain is selected as a node to generate a decision tree to divide the training samples, the attribute enables the information quantity required for dividing the sample classification to be minimum, and the expected error rate E (S) (N-N + K-1)/(N + K) is set, wherein: s represents all training examples contained in the subtree; k is the number of classifications; n is the number of all training cases in S; c is the classification with the most proportion in S; n is the number of C in S. The prepared error rate is error (node) min (e (node), Σ Pi*Error(Nodei) Starting from the second layer of the decision tree, each internal node of each layer is judged. If sigma-P of the nodei*Error(Nodei) If the number of the leaf nodes is larger than E, the classification value with the largest proportion of the appearance in the subtree is used as a leaf node to replace the subtree, all the subtrees are pruned, then a node next to the same layer is considered, and if the sigma P of the node isi*Error(Nodei) If the value is less than E, each sub-node of the node is considered by the above method, and so on until the whole tree is detectedAnd (6) checking.
Further, the BD-ABAC model controller implements multi-domain fine-grained access control by using a multi-domain attribute table synchronization technology through an attribute-based fine-grained access control method, and the BD-ABAC model can perform attribute-based fine-grained authorization decision, and in order to implement this objective, the BD-ABAC defines a fine-grained flexible authorization method, which can adapt to cross-domain access of resources and dynamic change of entity attributes in a geographic large data environment, and has the following specific procedures:
establishing BD-ABAC model for access control strategy of geographic big data, and defining SAVt、RAVm、EAVn、AAVkAnd respectively assigning a main body attribute assignment set, a resource attribute assignment set, an environment attribute assignment set and an action attribute assignment set. Setting a resource server, applying a security certificate to a security certification authority when a user accesses a data resource for the first time, and accessing a request Req (SAV) when an end user accesses the data resourcet,RAVm,EAVn,AAVk) Is forwarded to the domain-location server. The domain positioning server analyzes the main body attribute and the resource attribute, judges whether the access request of the resource is local domain access or cross-domain access, and if the access request is cross-domain access, the domain positioning module quickly searches a corresponding resource domain according to the resource attribute and forwards the access request. Access request Req (SAV) to end-user using attribute-based access control methodt,RAVm,EAVn,AAVk) And the domain positioning server forwards the access request to the corresponding resource domain, and a decision mechanism of the resource domain judges the access request and returns the result to the terminal user, thereby realizing the safe access of the geographic space-time big data under the open sharing environment.
The distributed self-adaptive access control method facing to the geographic big data has the beneficial effects that: the distributed self-adaptive access control method facing to the geographic big data improves the safety sharing capability of the geographic space-time data through a quantitative calculation and data mining method. By using the method provided by the invention, theoretical methods such as topology analysis, UML modeling, decision tree and BD-ABAC model can be combined, so that the distributed adaptive access control mechanism of geographic space-time big data classification and classification is realized.
Drawings
FIG. 1 is a block diagram of a distributed adaptive access control architecture for geographic big data;
FIG. 2 is a reference architecture diagram;
FIG. 3 is a schematic flow diagram of the method of the present invention.
Detailed Description
The invention is described in further detail below with reference to the following detailed description and accompanying drawings:
the invention provides a distributed self-adaptive access control method facing geographic big data, which is used for solving the problem of multi-dimensional and high-precision security access of the geographic space-time big data.
As shown in fig. 1, the structure diagram of the distributed adaptive access control for geographic big data mainly includes: a cross model analyzer, a decision tree classifier and a BD-ABAC model controller; referring to the architectural diagram figure 2 illustrates the components involved in the method of the present invention; the flow diagram of the process of the invention is shown in FIG. 3.
As a specific embodiment of the present invention, for convenience of description, we assume the following application examples:
now, suppose that a user accesses a large geographic database, the system reaction mechanism is as follows: the method comprises the steps of firstly analyzing a relation model of a geographical big data space entity through a topological relation analysis method of a cross model, then constructing the relation among space, time and attributes of the geographical data entity by using a project, secondly classifying space big data access control strategies with different time-space relations and different attribute characteristics based on a decision tree, and finally constructing a distributed adaptive access control mechanism aiming at geographical space-time big data classification and classification by combining a BD-ABAC model to realize the safe access of the geographical space-time big data under an open sharing environment.
The specific implementation scheme is as follows:
(1) initializing large quantities of acquired geographic space data with wide dimensionality and complex composition, analyzing a relational model of a geographic big data space entity from the boundary, inside and outside layers of the geographic space entity based on a topological relational analysis method of a cross model, and on the basis, constructing the relation among space, time and attributes of the geographic data entity through a knowledge graph modeling tool.
(2) The method comprises the steps of classifying space big data access control strategies with different time-space relationships and different attribute characteristics based on a decision tree to form a pointed geographic space big data access control strategy classification model, wherein excessive branches may occur in the splitting process to cause excessive fitting, pruning the decision tree, and mainly setting an expected error rate function and a prepared error rate function for comparison to prune redundant branches.
(3) And establishing a BD-ABAC model aiming at each type of geospatial big data access control strategy, and applying a security certificate to a security certification authority when a user accesses data resources for the first time. When the end user accesses the data resource, the access request is forwarded to the domain-locating server. And the domain positioning server analyzes the main body attribute and the resource attribute, judges and forwards the access request. And carrying out strategy judgment on the access request of the terminal user, sending a judgment result to a strategy execution point, and providing a reliable basis for the strategy judgment by each data resource domain according to a corresponding merging algorithm of the attribute strategy set. And the domain positioning server forwards the access request to a corresponding resource domain, and a decision mechanism of the resource domain judges the access request and returns the result to the terminal user, so that the safe access of the geographic space-time big data under the open sharing environment is realized.
The main work flow is as follows:
(1) firstly, initialization processing is carried out on large quantities of acquired geospatial data with wide dimensionality and complex composition. Topology analysis method based on cross modelThe geographic big data entity is divided into three characteristics of time, space and attribute, and the incidence relation among the three characteristics can be used
Figure BDA0003137727150000061
Expressed in matrix form.
(2) Constructing three attribute objects of a geographic big data entity, time, space and geographic big data attributes and corresponding attribute objects in a Class option of a knowledge graph modeling tool Protege to obtain an incidence relation prototype { { t ] of the geographic big data entity on time, space and attribute characteristics1,t2,...,tn},{l1,l2,...,ln},{p11,p12,...,pnn}}. And carrying out division and classification on the association relation prototype.
(3) Setting a training set U and an attribute set by adopting a decision tree algorithm, and solving the probability of the class of the decision attribute set appearing in the training set as
Figure BDA0003137727150000071
According to the probability PiComputing the entropy of the information of d classes divided by the set U as
Figure BDA0003137727150000072
The information Gain of the attribute C relative to the example training sample set U is Gain (U, C) ═ H (U) -H (U, C). And using the information gain as a splitting measurement standard of the training sample set, and selecting the attribute of the maximum value of the information gain as a node to generate a decision tree to split the training samples, wherein the attribute enables the information quantity required by the classification of the split samples to be minimum.
(4) Subtrees with the same attribute are pruned through a pruning function, and the scale of the decision tree is reduced. Setting the expected error rate function E (S) (N-N + K-1)/(N + K), and setting the prepared error rate function as error (node) ((E) (node)), Sigma Pi*Error(Nodei)). Sigma P for judging nodes of each internal node of each layer of decision treei*Error(Nodei) And E, pruning. And so on until the entire tree has been checked.
(5) Access control to geographic big dataThe policy making establishes a BD-ABAC model, a resource server is arranged, and a user applies a security certificate to a security certification authority when accessing data resources for the first time. When an end user accesses a data resource, an access request Req (SAV)t,RAVm,EAVn,AAVk) Is forwarded to the domain-location server. The domain positioning server analyzes the main body attribute and the resource attribute and judges whether the access request of the resource is local domain access or cross-domain access. If the access request is a cross-domain access request, the domain positioning module quickly searches the corresponding resource domain according to the resource attribute and forwards the access request.
(6) Access request Req (SAV) to end-user using attribute-based access control methodt,RAVm,EAVn,AAVk) And carrying out strategy judgment and sending a judgment result to a strategy execution point. And each data resource domain provides reliable basis for strategy judgment according to the corresponding merging algorithm of the attribute strategy set. And the domain positioning server forwards the access request to a corresponding resource domain, and a decision mechanism of the resource domain judges the access request and returns the result to the terminal user, so that the safe access of the geographic space-time big data under the open sharing environment is realized.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, but any modifications or equivalent variations made according to the technical spirit of the present invention are within the scope of the present invention as claimed.

Claims (5)

1. The distributed self-adaptive access control method facing to the geographic big data comprises the following specific steps:
step 1: firstly, initializing large-batch acquired geospatial data with wide dimensionality and complex composition, and entering a step 2;
step 2: the method comprises the steps of dividing a geographical big data entity into three characteristics of time, space and attributes by using a topological analysis method based on a cross model, representing the geographical big data entity by using a set { A, B,. }, { t, s, a } to respectively represent the time, space and attribute characteristics of the geographical big data entity, and enabling incidence relations among { t, s, a } to be capable ofUse of
Figure FDA0003137727140000011
Expressed in matrix form, wherein At,As,AaAnd Bt,Bs,BaRespectively representing the temporal, spatial and attribute characteristics of the geobig data entities a and B. Entering the step 3;
and step 3: constructing a geographic big data entity in a Class option of a knowledge graph modeling tool Protege, then constructing three attribute objects of time, space and geographic big data attributes, setting corresponding parameter names in the corresponding attribute objects, and constructing an incidence relation prototype { { t { (t) } of the geographic big data entity on time, space and attribute characteristics1,t2,...,tn},{l1,l2,...,ln},{p11,p12,...,pnnStep 4, entering;
and 4, step 4: for data obtained in Protege { { t { (T) }1,t2,...,tn},{l1,l2,...,ln},{p11,p12,...,pnnDividing and classifying, and entering step 5;
and 5: setting a training set as U, wherein n sample sets are in total, an attribute set is C, and C different classes exist; the decision attribute set is D, the example training set is divided into D different classes, Di(i 1, 2.., d), the number of each class being niThen D isiThe probability of a class appearing in the set U is
Figure FDA0003137727140000012
Entering step 6;
step 6: according to the probability PiComputing the entropy of the information of d classes divided by the set U as
Figure FDA0003137727140000013
The information Gain of the attribute C relative to the example training sample set U is Gain (U, C) ═ H (U) — H (U, C), and the process proceeds to step 7;
and 7: and (3) using the information gain as a splitting measurement standard of the training sample set, selecting the attribute of the maximum value of the information gain as a node to generate a decision tree to split the training samples, wherein the attribute enables the information quantity required by the classification of the split samples to be minimum, and entering the step 8.
And 8: setting a desired error rate e(s) (N-N + K-1)/(N + K), wherein: s represents all training examples contained in the subtree; k is the number of classifications; n is the number of all training cases in S; c is the classification with the most proportion in S; n is the number of C in S, and the prepared error rate is error (node) min (E (node), sigma Pi*Error(Nodei) Go to step 9;
and step 9: starting from the second layer of the decision tree, each internal node of each layer is judged, if the sigma-delta P of the nodei*Error(Nodei) If the number of the leaf nodes is larger than E, the classification value with the largest proportion of the appearance in the subtree is used as a leaf node to replace the subtree, all the subtrees are pruned, then a node next to the same layer is considered, and if the sigma P of the node isi*Error(Nodei) If the value is smaller than E, each sub-node of the node is considered by the above method, and so on until the whole tree is checked, and the step 10 is entered;
step 10: establishing BD-ABAC model for access control strategy of geographic big data, and defining SAVt、RAVm、EAVn、AAVkRespectively setting a resource server for a main body attribute assignment set, a resource attribute assignment set, an environment attribute assignment set and an action attribute assignment set, and applying a security certificate to a security certification authority when a user accesses data resources for the first time, and entering step 11;
step 11: when an end user accesses a data resource, an access request Req (SAV)t,RAVm,EAVn,AAVk) The resource is forwarded to a domain positioning server, the domain positioning server analyzes the main body attribute and the resource attribute, and judges whether the access request of the resource is local domain access or cross-domain access, if the access request is cross-domain access request, a domain positioning module quickly searches a corresponding resource domain according to the resource attribute and forwards the access request, and the step 12 is entered;
step 12: by usingAttribute-based access control method for access requests Req (SAV) to end userst,RAVm,EAVn,AAVk) Carrying out strategy judgment, sending a judgment result to a strategy execution point, providing a reliable basis for strategy judgment by each data resource domain according to a corresponding merging algorithm of the attribute strategy set, and entering step 13;
step 13: the domain positioning server forwards the access request to a corresponding resource domain, a decision mechanism of the resource domain judges the access request and returns the result to the terminal user, so that the safe access of the geographic space-time big data under the open sharing environment is realized, and the step 14 is entered;
step 14: the cycle ends.
2. The distributed adaptive access control method for geographic big data according to claim 1, characterized in that: the control part of the distributed self-adaptive access control method facing the geographic big data comprises the following steps: a cross model analyzer, a decision tree classifier and a BD-ABAC model controller.
3. The distributed adaptive access control method for geographic big data according to claim 2, characterized in that: the cross model analyzer divides the geographic big data entities into three characteristics of time, space and attributes, considers the incidence relation among the time, space and attribute characteristics when describing the relation among the geographic big data entities, and simultaneously intends to utilize a knowledge graph modeling tool project to construct incidence relation prototypes of the geographic big data entities A and B on the time, space and attribute characteristics, and the specific flow is as follows:
firstly, dividing a geographical big data entity into three characteristics of time, space and attribute by a topological analysis method based on a cross model, dividing the geographical big data entity into three characteristics of time, space and attribute by the topological analysis method based on the cross model, wherein the geographical big data entity is represented by a set { A, B. }, and is represented by a set { t, s, a } which respectively represents the characteristics of time, space and attribute of the geographical big data entity, and the incidence relation among the { t, s, a } can be used
Figure FDA0003137727140000031
Expressed in matrix form;
then, constructing a geographical big data entity in a Class option of a knowledge graph modeling tool Protege, then constructing three attribute objects of time, space and geographical big data attributes, setting corresponding parameter names in the corresponding attribute objects, and constructing an incidence relation prototype { { t { (t) } of the geographical big data entity on the time, space and attribute characteristics1,t2,...,tn},{l1,l2,...,ln},{p11,p12,...,pnnAnd then classify the classification.
4. The distributed adaptive access control method for geographic big data according to claim 2, characterized in that: the decision tree classifier uses the time, space and attribute dimensions of geographic big data as attributes of a decision tree, constructs a geographic space-time big data self-adaptive access control strategy classification model based on a decision tree algorithm, uses information gain as a metric value of a classification standard, selects the attribute with the maximum information gain as a node, and so on to obtain a complete decision tree, and branches are possibly excessive in the splitting process to cause the condition of excessive fitting, so that the decision tree is pruned, and the specific flow is as follows:
setting a training set as U, wherein n sample sets are in total, an attribute set is C, and C different classes exist; the decision attribute set is D, the example training set is divided into D different classes, Di(i 1, 2.., d), the number of each class being niThen D isiThe probability of a class appearing in the set U is
Figure FDA0003137727140000032
According to the probability PiComputing the entropy of the information of d classes divided by the set U as
Figure FDA0003137727140000033
The information Gain of the attribute C relative to the example training sample set U is Gain (U, C) ═ H (U) -H (U,C) using the information gain as a splitting metric of the training sample set, selecting an attribute of the maximum value of the information gain as a node to generate a decision tree to divide the training samples, wherein the attribute minimizes the information amount required for dividing the classification of the samples, and setting an expected error rate e(s) (N-N + K-1)/(N + K), wherein: s represents all training examples contained in the subtree; k is the number of classifications; n is the number of all training cases in S; c is the classification with the most proportion in S; n is the number of C in S. The prepared error rate is error (node) min (e (node), Σ Pi*Error(Nodei) Starting from the second layer of the decision tree, each internal node of each layer is judged. If sigma-P of the nodei*Error(Nodei) If the number of the leaf nodes is larger than E, the classification value with the largest proportion of the appearance in the subtree is used as a leaf node to replace the subtree, all the subtrees are pruned, then a node next to the same layer is considered, and if the sigma P of the node isi*Error(Nodei) Less than E, each child node of the node is considered in the above method, and so on until the entire tree has been checked.
5. The distributed adaptive access control method for geographic big data according to claim 2, characterized in that: the BD-ABAC model controller realizes multi-domain fine-grained access control by using a multi-domain attribute table synchronization technology through an attribute-based fine-grained access control method, and the BD-ABAC model can perform attribute-based fine-grained authorization decision, and defines a fine-grained flexible authorization method for realizing the goal, so that the BD-ABAC model controller can adapt to cross-domain access of resources and dynamic change of entity attributes under a geographic large data environment, and the specific flow is as follows:
establishing BD-ABAC model for access control strategy of geographic big data, and defining SAVt、RAVm、EAVn、AAVkAnd respectively assigning a main body attribute assignment set, a resource attribute assignment set, an environment attribute assignment set and an action attribute assignment set. Setting a resource server, applying a security certificate to a security certification authority when a user accesses data resources for the first time, and accessing the data resources by an end userSource time, access request Req (SAV)t,RAVm,EAVn,AAVk) Is forwarded to the domain-location server. The domain positioning server analyzes the main body attribute and the resource attribute, judges whether the access request of the resource is local domain access or cross-domain access, and if the access request is cross-domain access, the domain positioning module quickly searches a corresponding resource domain according to the resource attribute and forwards the access request. Access request Req (SAV) to end-user using attribute-based access control methodt,RAVm,EAVn,AAVk) And the domain positioning server forwards the access request to the corresponding resource domain, and a decision mechanism of the resource domain judges the access request and returns the result to the terminal user, thereby realizing the safe access of the geographic space-time big data under the open sharing environment.
CN202110726411.9A 2021-06-29 2021-06-29 Distributed self-adaptive access control method facing to geographic big data Active CN113449107B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110726411.9A CN113449107B (en) 2021-06-29 2021-06-29 Distributed self-adaptive access control method facing to geographic big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110726411.9A CN113449107B (en) 2021-06-29 2021-06-29 Distributed self-adaptive access control method facing to geographic big data

Publications (2)

Publication Number Publication Date
CN113449107A true CN113449107A (en) 2021-09-28
CN113449107B CN113449107B (en) 2022-03-18

Family

ID=77813901

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110726411.9A Active CN113449107B (en) 2021-06-29 2021-06-29 Distributed self-adaptive access control method facing to geographic big data

Country Status (1)

Country Link
CN (1) CN113449107B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553487A (en) * 2022-01-22 2022-05-27 郑州工程技术学院 Access control method and system based on map
CN118038869A (en) * 2024-04-11 2024-05-14 福建亿榕信息技术有限公司 Electric power intelligent interaction method and system based on improved voice recognition

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104252545A (en) * 2014-10-11 2014-12-31 南京国电南自美卓控制系统有限公司 Method for realizing object type attribute type lock of real-time memory database
CN104462239A (en) * 2014-11-18 2015-03-25 电信科学技术第十研究所 Customer relation discovery method based on data vectorization spatial analysis
CN106354891A (en) * 2016-11-28 2017-01-25 全国组织机构代码管理中心 TGIS-based geographic information service query method
CN106372959A (en) * 2016-08-22 2017-02-01 广州图灵科技有限公司 Internet-based user access behavior digital marketing system and method
CN106411878A (en) * 2016-09-23 2017-02-15 杭州华为数字技术有限公司 Method, apparatus and system for making access control strategy
CN109041079A (en) * 2017-06-12 2018-12-18 中国移动通信集团广东有限公司 A kind of method and device of subzone network inspection

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104252545A (en) * 2014-10-11 2014-12-31 南京国电南自美卓控制系统有限公司 Method for realizing object type attribute type lock of real-time memory database
CN104462239A (en) * 2014-11-18 2015-03-25 电信科学技术第十研究所 Customer relation discovery method based on data vectorization spatial analysis
CN106372959A (en) * 2016-08-22 2017-02-01 广州图灵科技有限公司 Internet-based user access behavior digital marketing system and method
CN106411878A (en) * 2016-09-23 2017-02-15 杭州华为数字技术有限公司 Method, apparatus and system for making access control strategy
CN106354891A (en) * 2016-11-28 2017-01-25 全国组织机构代码管理中心 TGIS-based geographic information service query method
CN109041079A (en) * 2017-06-12 2018-12-18 中国移动通信集团广东有限公司 A kind of method and device of subzone network inspection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李婷: "大数据资源优化在电网客户关系系统中的应用", 《电网与清洁能源》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553487A (en) * 2022-01-22 2022-05-27 郑州工程技术学院 Access control method and system based on map
CN118038869A (en) * 2024-04-11 2024-05-14 福建亿榕信息技术有限公司 Electric power intelligent interaction method and system based on improved voice recognition
CN118038869B (en) * 2024-04-11 2024-09-24 福建亿榕信息技术有限公司 Power intelligent interaction method and system based on improved speech recognition

Also Published As

Publication number Publication date
CN113449107B (en) 2022-03-18

Similar Documents

Publication Publication Date Title
Abdelmoniem et al. Refl: Resource-efficient federated learning
US20220021711A1 (en) Security Platform and Method for Efficient Access and Discovery
He et al. QoE-driven big data architecture for smart city
CN113449107B (en) Distributed self-adaptive access control method facing to geographic big data
US7831621B1 (en) System and method for summarizing and reporting impact of database statements
Jiang et al. Towards max-min fair resource allocation for stream big data analytics in shared clouds
US11651287B1 (en) Privacy-preserving multi-party machine learning using a database cleanroom
CN116679979A (en) Method for resource matching and parameter dynamic generation of simulation model
Nie et al. Differentially private tensor train decomposition in edge-cloud computing for SDN-based Internet of Things
Lv et al. Transfer Learning-powered resource optimization for green computing in 5G-Aided Industrial Internet of Things
CN117633828A (en) Data access control method, device and medium based on semantic support
Liu et al. A hierarchical blockchain-enabled security-threat assessment architecture for IoV
Ji et al. Network utility maximization with unknown utility functions: A distributed, data-driven bilevel optimization approach
CN111752539B (en) BI service cluster system and construction method thereof
Macocco et al. Intrinsic dimension as a multi-scale summary statistics in network modeling
Lopez-Novoa et al. Overcrowding detection in indoor events using scalable technologies
US20230359602A1 (en) K-d tree balanced splitting
Lashkaripour The era of big data: a thorough inspection in the building blocks of future generation data management
Wang et al. Intuitionistic fuzzy social network position and role analysis
Belcastro et al. Evaluation of large scale roi mining applications in edge computing environments
Lim et al. Intelligent access control mechanism for ubiquitous applications
Wang et al. A survey on federated analytics: Taxonomy, enabling techniques, applications and open issues
Zhang et al. RETRACTED ARTICLE: Research on smart city service system based on adaptive algorithm
Almutairi et al. A global local modeling of internet usage in large mobile societies
CN111190907A (en) Patented Grid Method and Earth Blockchain and Media Scheduling Node and Grid System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant