CN116962091B

CN116962091B - Dynamic authorization method and system for accurate access

Info

Publication number: CN116962091B
Application number: CN202311220485.0A
Authority: CN
Inventors: 吴健; 李栋梁; 刘晓雨; 谢鹏飞; 孙飞飞
Original assignee: Huaneng Information Technology Co Ltd
Current assignee: Huaneng Information Technology Co Ltd
Priority date: 2023-09-21
Filing date: 2023-09-21
Publication date: 2024-02-27
Anticipated expiration: 2043-09-21
Also published as: CN116962091A

Abstract

The invention discloses a dynamic authorization method and a system for accurate access, which relate to the technical field of data processing and comprise the steps of defining access attributes according to access requests and an initiator of the access requests; establishing a trust evaluation model based on the first related data, thereby obtaining a first trust level of the access request initiator; determining a second trust level of the access request initiator based on the second correlation data; determining the trust level of the access request initiator according to the first trust level and the second trust level of the access request initiator; different authorization policy ranges are preset based on an access request initiator, authorization policies are matched according to each access attribute, and the current access request risk is evaluated according to the authorization policies and the trust level; and monitoring a subsequent access process and an access result, and adjusting an authorization strategy of subsequent access of the access request initiator according to the current access request risk. The adaptability of the permission grant is improved, the reliability of trust level evaluation is guaranteed, and the flexibility of the permission grant is improved.

Description

Dynamic authorization method and system for accurate access

Technical Field

The present disclosure relates to the field of data processing technologies, and in particular, to a method and system for dynamic authorization of accurate access.

Background

The dynamic authorization of accurate access is a modern access control method, and aims to solve the limitation of the traditional access control mode, so that the access authorization is more intelligent, flexible and safe. The core idea of this approach is to manage and control the user's access rights to system resources at a finer granularity based on multidimensional attributes and real-time trust evaluation.

In the prior art, the traditional access control method is often based on static rules and authority one-time grant, cannot meet complex and changeable environmental requirements, and has low flexibility of authority grant, and cannot give consideration to most of attributes, so that the adaptability of authority grant is poor.

Therefore, how to improve the flexibility and adaptability of the permission grant is a technical problem to be solved at present.

Disclosure of Invention

The invention provides a dynamic authorization method for accurate access, which is used for solving the technical problems of low flexibility and adaptability of authority grant in the prior art. The method comprises the following steps:

receiving an access request, and defining access attributes according to the access request and an initiator of the access request;

collecting first related data of an access request initiator, and establishing a trust evaluation model based on the first related data so as to obtain a first trust level of the access request initiator;

Collecting second related data of the access request initiator, and determining a second trust level of the access request initiator based on the second related data;

determining the trust level of the access request initiator according to the first trust level and the second trust level of the access request initiator;

different authorization policy ranges are preset based on an access request initiator, authorization policies are matched according to each access attribute, and the current access request risk is evaluated according to the authorization policies and the trust level;

and monitoring a subsequent access process and an access result to obtain an access effect, and adjusting an authorization strategy of subsequent access of the access request initiator according to the current access request risk.

In some embodiments of the present application, and according to an access request and an initiator of the access request, defining an access attribute includes:

the access attributes include a subject attribute, a guest attribute, an environment attribute, and a behavior attribute;

defining attribute information corresponding to the subject attribute, the object attribute, the environment attribute and the behavior attribute in advance, and respectively determining a subject attribute set, an object attribute set, an environment attribute set and a behavior attribute set according to the attribute information types;

respectively constructing corresponding attribute data matrixes according to the subject attribute set, the object attribute set, the environment attribute set and the behavior attribute set, carrying out mean centering on the attribute data matrixes, calculating covariance matrixes among attributes in the attribute data matrixes, and carrying out eigenvalue decomposition on the covariance matrixes to obtain eigenvalues and eigenvectors;

Determining respective corresponding sorting values according to the number of the respective attribute information types in the subject attribute set, the object attribute set, the environment attribute set and the behavior attribute set;

sorting according to the size of the characteristic values, and selecting characteristic vectors in a corresponding sequence as main components according to the sorting values;

and constructing a feature vector matrix through the main components, so as to reduce the dimension of the original subject attribute set, the object attribute set, the environment attribute set and the behavior attribute set, wherein the dimension-reduced data attribute is the defined access attribute.

In some embodiments of the present application, collecting first related data of an access request initiator includes:

acquiring all relevant data of an access request party initiator, wherein all relevant data comprise access attributes and context information;

calculating the correlation degree of each data in all the related data and the trust index, wherein the data with the correlation degree larger than a first correlation degree threshold value is used as first data;

taking the data with the correlation degree larger than the second correlation degree threshold and not larger than the first correlation degree threshold as fuzzy correlation data;

taking the data which is larger than the third correlation degree threshold value in the fuzzy correlation data as second data, and taking the data which is not larger than the third correlation degree threshold value in the fuzzy correlation data as third data;

Respectively calculating average correlation degrees corresponding to the first data, the second data and the third data, and respectively giving different weights according to the average correlation degrees, so that the first data, the second data and the third data are used as first correlation data;

the first correlation degree threshold is larger than the second correlation degree threshold, and the third correlation degree threshold is larger than the second correlation degree threshold and smaller than the first correlation degree threshold.

In some embodiments of the present application, a trust evaluation model is established based on the first related data, thereby obtaining a first trust level of an access request initiator, including:

carrying out data preprocessing on the first related data, extracting corresponding characteristic data, and respectively recording the corresponding characteristic data as first characteristic data, second characteristic data and third characteristic data;

determining proportions of the first feature data, the second feature data and the third feature data in the training set, the verification set and the test set according to weights respectively corresponding to the first feature data, the second feature data and the third feature data;

performing hierarchical sampling according to the proportion, so that the proportion of the first characteristic data, the second characteristic data and the third characteristic data in the training set, the verification set and the test set is similar to a preset degree;

Determining a neural network model architecture, performing model training through a training set, evaluating model performance through a verification set, evaluating model generalization performance through a test set, thereby establishing a trust evaluation neural network model, and obtaining a first trust level.

In some embodiments of the present application, determining a neural network model architecture includes:

determining a trust calculation difficulty based on the access request and the access request initiator, and determining an initial neural network complexity based on the trust calculation difficulty;

calculating data dimensions of the first feature data, the second feature data and the third feature data, and determining the number of neurons of the input layer;

learning curves on a training set and a verification set of the prediction model in the complexity range of the preset neural network are respectively recorded as a training curve and a verification curve;

determining under-fitting and over-fitting critical points based on the training curve and the verification curve, and obtaining a fitting neural network complexity interval;

calculating data quantity of the first feature data, the second feature data and the third feature data, and adjusting the complexity of the initial neural network according to the data quantity to obtain the complexity of the first neural network;

if the first neural network complexity is within the fitted neural network complexity interval, determining a neural network complexity interval according to the midpoint value and the first neural network complexity, and constructing a neural network model architecture according to the number of neurons of the input layer and the neural network complexity interval;

Otherwise, determining a neural network complexity interval according to the midpoint value and the preset distance, and constructing a neural network model architecture according to the number of neurons of the input layer and the neural network complexity interval;

the midpoint value is the middle value of the complexity interval of the fitting neural network.

In some embodiments of the present application, collecting second related data of an access request initiator, determining a second trust level of the access request initiator based on the second related data includes:

calculating the correlation degree of each data in all the correlated data and the trust index, wherein the data with the correlation degree larger than a fourth correlation degree threshold value is used as fourth data, and the fourth correlation degree threshold value is larger than the first correlation degree threshold value;

determining a second trust level based on the fourth data and the first data;

；

wherein P is the second trust level, n is the number of data types in the fourth data,weight corresponding to the ith fourth data, +.>For parameters corresponding to the ith fourth data, < >>For the first constant exp is an exponential function, m is the number of data types in the first data,/->For the correction weight corresponding to the j-th first data,/for the first data>For the parameter corresponding to the j-th first data, < > >Is a second constant []To round the symbol.

In some embodiments of the present application, determining a trust level of an access request initiator according to a first trust level and a second trust level of the access request initiator includes:

if the difference between the first trust level and the second trust level does not exceed the preset level threshold, the first trust level is used as the trust level of the access request initiator;

otherwise, selecting a corresponding level as the trust level of the access request initiator according to the level number between the first trust level and the second trust level;

if the number of the levels between the first trust level and the second trust level is odd, selecting an intermediate level between the first trust level and the second trust level as the trust level of the access request initiator;

and if the number of the levels between the first trust level and the second trust level is even, selecting an intermediate level between the first trust level and the second trust level and close to the second trust level as the trust level of the access request initiator.

In some embodiments of the present application, different authorization policy ranges are preset based on an access request initiator, an authorization policy is matched according to each access attribute, and a current access request risk is evaluated according to the authorization policy and a trust level, including:

Each authorization policy scope comprises a subject attribute scope, an object attribute scope, an environment attribute scope and a behavior attribute scope, and different authorization policy scopes correspond to different access rights;

respectively calculating the matching degree of the current subject attribute, object attribute, environment attribute and behavior attribute with the subject attribute range, object attribute range, environment attribute range and behavior attribute range, thereby determining the comprehensive matching degree;

the access right corresponding to the authorization strategy with the highest comprehensive matching degree is endowed with the access right of the current access request;

and determining the current access request risk level according to the access authority and the trust level.

In some embodiments of the present application, monitoring a subsequent access process and an access result to obtain an access effect, and adjusting an authorization policy of a subsequent access of an access request initiator according to a current access request risk, including:

the access effect is various access indexes;

determining a comprehensive access index according to the multiple access indexes, and determining a comprehensive access index threshold according to the current access request risk;

if the comprehensive access index exceeds the comprehensive access index threshold, adjusting the authorization policy range according to the difference between the comprehensive access index and the comprehensive access index threshold;

Otherwise, the scope of the authorization policy is not adjusted.

Correspondingly, the application also provides a dynamic authorization system with accurate access, and the system comprises:

the definition module is used for receiving the access request and defining access attributes according to the access request and an initiator of the access request;

the first determining module is used for collecting first related data of the access request initiator, and establishing a trust evaluation model based on the first related data so as to obtain a first trust level of the access request initiator;

the second determining module is used for collecting second related data of the access request initiator and determining a second trust level of the access request initiator based on the second related data;

the third determining module is used for determining the trust level of the access request initiator according to the first trust level and the second trust level of the access request initiator;

the evaluation module is used for presetting different authorization policy ranges based on an access request initiator, matching the authorization policies according to each access attribute, and evaluating the current access request risk according to the authorization policies and the trust level;

the adjustment module is used for monitoring the subsequent access process and the access result, obtaining the access effect, and adjusting the authorization strategy of the subsequent access of the access request initiator according to the current access request risk.

By applying the technical scheme, the access request is received, and the access attribute is defined according to the access request and the initiator of the access request; collecting first related data of an access request initiator, and establishing a trust evaluation model based on the first related data so as to obtain a first trust level of the access request initiator; collecting second related data of the access request initiator, and determining a second trust level of the access request initiator based on the second related data; determining the trust level of the access request initiator according to the first trust level and the second trust level of the access request initiator; different authorization policy ranges are preset based on an access request initiator, authorization policies are matched according to each access attribute, and the current access request risk is evaluated according to the authorization policies and the trust level; and monitoring a subsequent access process and an access result to obtain an access effect, and adjusting an authorization strategy of subsequent access of the access request initiator according to the current access request risk. The access attribute is defined to give consideration to the multidimensional attribute, so that the adaptability of permission grant is improved. And finally, the trust level is determined through the first trust level and the second trust level, so that the reliability of trust level evaluation is ensured. And matching each access attribute with the authorization policy, and evaluating the current access request risk according to the authorization policy and the trust level, so that the authorization policy is adjusted, and the flexibility of permission grant is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 shows a flow diagram of a method for dynamic authorization of accurate access according to an embodiment of the present invention;

fig. 2 shows a schematic structural diagram of a dynamic authorization system with accurate access according to an embodiment of the present invention.

Detailed Description

The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.

The embodiment of the application provides a dynamic authorization method for accurate access, as shown in fig. 1, the method comprises the following steps:

Step S101, receiving an access request, and defining access attributes according to the access request and an initiator of the access request.

In this embodiment, the access attribute is defined according to the case of the access request and the case of the initiator (user or program, etc.).

In this embodiment, the main body attribute: identity, role, permission level, etc. of the user or program. Different users may have different access requirements and rights. Object properties: characteristics of the requested resource, data, service, etc. Including resource type, sensitivity level, data classification, etc. Environmental attributes: the environmental conditions under which the access request occurs include time, place, network connection status, etc. Different environments may affect the rationality of the access. Behavior attributes: including access frequency, time distribution, data interaction pattern, etc. Abnormal patterns of behavior may indicate risk.

In this embodiment, these attribute data may have larger data dimensions, which is inconvenient for the subsequent model to build and affects the processing time, so that the dimension reduction process is required, and here, the dimension reduction is performed by adopting a principal component analysis method.

In this embodiment, the following is a basic procedure for performing dimension reduction by Principal Component Analysis (PCA):

data preparation: the collected attribute data is organized into a matrix, where each row represents a sample (data point) and each column represents an attribute.

Centering the mean value: and (3) carrying out mean centering on each attribute, namely subtracting the mean value of each attribute to ensure that the mean value of the data is zero.

Calculating a covariance matrix: a covariance matrix between the attributes is calculated. The covariance matrix describes the linear relationship between the attributes.

Calculating eigenvalues and eigenvectors: and carrying out eigenvalue decomposition on the covariance matrix to obtain eigenvalues and corresponding eigenvectors. The eigenvector represents the direction of projection of the data on the new coordinate axis, and the eigenvalue represents the variance of the data in this direction.

And selecting main components: the most important feature vector (principal component) is selected according to the magnitude of the feature value. Typically, the first few principal components, which can capture the variance of most of the data, are selected in a large-to-small order of eigenvalues.

Constructing a new feature space: the selected principal components constitute a new feature vector matrix, which will become a new low-dimensional feature space.

Projection: and projecting the original data into a new low-dimensional feature space to obtain the reduced-dimension data.

In this embodiment, different ranking values are corresponding to the number of respective attribute information categories in the subject attribute set, the object attribute set, the environment attribute set, and the behavior attribute set.

Step S102, collecting first related data of an access request initiator, and building a trust evaluation model based on the first related data so as to obtain a first trust level of the access request initiator.

In this embodiment, the trust evaluation model refers to a neural network model. The evaluation is performed by constructing a model according to the general and strong correlation degree.

In this embodiment, the context information is related information (time, place, device information, etc.) of the previous request.

In this embodiment, the data preprocessing includes data cleaning, missing value filling, normalization, standardization, and the like, so as to ensure the quality and consistency of the data.

In this embodiment, the data set has multiple categories or labels (first data, second data, and third data), and hierarchical sampling may be performed to ensure that the proportion of each category in the different sets (test set, validation set, and training set) is similar.

In this embodiment, model training is performed by a training set, and model training is performed by using the training set. The model weight and deviation are continuously updated through a back propagation algorithm, so that the model gradually fits the data. And evaluating the performance of the model through the verification set, and using the verification set to evaluate the performance of the model, and adjusting the super parameters, the layer number, the neuron number and the like of the model to optimize the performance of the model. Evaluating the generalization performance of the model through the test set, calculating the performance of the model on unseen data, and judging whether the requirements of trust evaluation are met.

It should be noted that the construction steps of the rest neural network model belong to the conventional technology in the art, and are not described herein.

In this embodiment, the trust computation difficulty refers to the difficulty of the trust computation process for the access request and the access request initiator.

In this embodiment, the prediction model trains the learning curves on the set and the verification set within the range of the complexity of the preset neural network, and draws the learning curves of the model on the training set and the verification set. As the number of training iterations increases, performance changes on the training set and the validation set are observed. The abscissa of the curve is the neural network complexity and the ordinate is the model performance. Overfitting may occur when the performance of the training set continues to increase while the performance of the validation set stops increasing or decreasing, recording the node. If the training error (loss) is high, indicating that the model is not well fitting the training data, there may be a lack of fit, and the node is recorded.

In this embodiment, the dimensions and the number of features of the input data affect the number of neurons of the input layer. The amount of data affects the generalization ability of the network. Larger data sets may require larger networks to learn complex patterns, while smaller data sets may require smaller networks to avoid overfitting.

In this embodiment, the complexity of the initial neural network is adjusted according to the data amounts, so as to obtain the complexity of the first neural network, each data amount corresponds to a correction coefficient, and the adjustment is completed by the product of the correction coefficient and the complexity of the initial neural network.

Step S103, collecting second related data of the access request initiator, and determining a second trust level of the access request initiator based on the second related data.

In this embodiment, the second correlation data is data with a high degree of correlation, so as to determine the second trust level.

determining a second trust level based on the fourth data and the first data;

；

wherein P is the second trust level, n is the number of data types in the fourth data,weight corresponding to the ith fourth data, +. >For parameters corresponding to the ith fourth data, < >>For the first constant exp is an exponential function, m is the number of data types in the first data,/->For the correction weight corresponding to the j-th first data,/for the first data>For the parameter corresponding to the j-th first data, < >>Is a second constant []To round the symbol.

In the present embodiment of the present invention,representing the first data influence quantity to the fourthData affects correction of the influence quantity. And correcting the fourth data with the highest degree of correlation by taking the first data with the higher degree of correlation as an auxiliary.

Step S104, the trust level of the access request initiator is determined according to the first trust level and the second trust level of the access request initiator.

In this embodiment, the trust level is determined comprehensively from two angles, one is a neural network model established by data with a general and high correlation degree, and the other is an influence quantity with a very high correlation degree, and the trust level determined from the two angles is considered comprehensively.

In this embodiment, if the number of levels between the first trust level and the second trust level is an odd number, an intermediate level between the first trust level and the second trust level is selected as the trust level of the access request initiator. For example, if the first trust level and the second trust level are 1 and 5, respectively, the intermediate level between the first trust level and the second trust level includes 2, 3 and 4, and the intermediate level of 3 is regarded as the trust level. And if the number of the levels between the first trust level and the second trust level is even, selecting an intermediate level between the first trust level and the second trust level and close to the second trust level as the trust level of the access request initiator. For example, if the first trust level and the second trust level are 1 and 4, respectively, the intermediate level between the first trust level and the second trust level includes 2 and 3, and the intermediate level near the second trust level is 3, and 3 is taken as the trust level.

Step S105, different authorization policy ranges are preset based on the access request initiator, the authorization policies are matched according to each access attribute, and the current access request risk is evaluated according to the authorization policies and the trust level.

In this embodiment, each authorization policy scope corresponds to a subject attribute scope, an object attribute scope, an environment attribute scope, and a behavior attribute scope, so as to correspond to an access right.

Some of these properties may be dynamically changed, and are not fixed.

In this embodiment, the access rights may be level quantized, and different levels of rights may be different.

In this embodiment, the access right level and the trust level correspond together to a risk level or class.

And S106, monitoring a subsequent access process and an access result to obtain an access effect, and adjusting an authorization strategy of subsequent access of the access request initiator according to the current access request risk.

the access effect is various access indexes;

otherwise, the scope of the authorization policy is not adjusted.

In this embodiment, the access index includes the following:

access success rate (accesssuccess rate): the proportion of successful completion of the access request is measured. A high access success rate may indicate that the access control and trust evaluation mechanism of the system is valid and a low may suggest a problem.

Error rate (error): the error proportion in the processing process of the access request is measured, wherein the error proportion comprises authorization errors, authentication errors and the like. A high error rate may mean that the system has vulnerabilities or configuration issues.

Rejection rate (DenialRate): the proportion of access requests that are denied is measured. A high rejection rate may indicate that the system is too conservative or that there is misbehavior, requiring proper adjustment of the authorization policy.

Access latency (AccessLatency): the time required for an access request to be initiated to complete is measured. Too high access latency may affect the user experience and require optimization of system performance.

In this embodiment, the risk of the current access request determines a comprehensive access index threshold, and each risk level corresponds to a different comprehensive access index threshold.

In this embodiment, the authorization policy range is adjusted according to the difference between the comprehensive access index and the threshold value of the comprehensive access index, the difference corresponds to different adjustment coefficients, and the main attribute range, the object attribute range, the environment attribute range and the behavior attribute range are adjusted by the adjustment coefficients, so that the adjustment coefficients corresponding to different attributes have different correspondence.

From the above description of the embodiments, it will be clear to those skilled in the art that the present invention may be implemented in hardware, or may be implemented by means of software plus necessary general hardware platforms. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.), and includes several instructions for causing a computer device (may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective implementation scenario of the present invention.

Correspondingly, the application further provides a dynamic authorization system with accurate access, as shown in fig. 2, the system comprises:

a definition module 201, configured to receive an access request, and define an access attribute according to the access request and an initiator of the access request;

a first determining module 202, configured to collect first related data of an access request initiator, and establish a trust evaluation model based on the first related data, so as to obtain a first trust level of the access request initiator;

a second determining module 203, configured to collect second related data of the access request initiator, and determine a second trust level of the access request initiator based on the second related data;

A third determining module 204, configured to determine a trust level of the access request initiator according to the first trust level and the second trust level of the access request initiator;

the evaluation module 205 is configured to preset different authorization policy ranges based on the access request initiator, match an authorization policy according to each access attribute, and evaluate a current access request risk according to the authorization policy and the trust level;

and the adjustment module 206 is configured to monitor a subsequent access process and an access result, obtain an access effect, and adjust an authorization policy of a subsequent access of the access request initiator according to a current access request risk.

Those skilled in the art will appreciate that the modules in the system in the implementation scenario may be distributed in the system in the implementation scenario according to the implementation scenario description, or that corresponding changes may be located in one or more systems different from the implementation scenario. The modules of the implementation scenario may be combined into one module, or may be further split into a plurality of sub-modules.

Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and are not limiting thereof; although the present application has been described in detail with reference to the foregoing embodiments, one of ordinary skill in the art will appreciate that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not drive the essence of the corresponding technical solutions to depart from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims

1. A method for dynamic authorization of accurate access, the method comprising:

monitoring a subsequent access process and an access result to obtain an access effect, and adjusting an authorization strategy of subsequent access of an access request initiator according to the current access request risk;

wherein,

collecting first related data of an access request initiator, including:

the first correlation degree threshold is larger than the second correlation degree threshold, and the third correlation degree threshold is larger than the second correlation degree threshold and smaller than the first correlation degree threshold;

establishing a trust evaluation model based on the first related data to obtain a first trust level of the access request initiator, including:

determining a neural network model architecture, performing model training through a training set, evaluating model performance through a verification set, evaluating model generalization performance through a test set, thereby establishing a trust evaluation neural network model and obtaining a first trust level;

collecting second related data of the access request initiator, determining a second trust level of the access request initiator based on the second related data, comprising:

determining a second trust level based on the fourth data and the first data;

；

Wherein P is the second trust level, n is the number of data types in the fourth data,weight corresponding to the ith fourth data, +.>For parameters corresponding to the ith fourth data, < >>For the first constant exp is an exponential function, m is the number of data types in the first data,/->For the correction weight corresponding to the j-th first data,/for the first data>For the parameter corresponding to the j-th first data, < >>Is a second constant []Is a rounding symbol;

determining the trust level of the access request initiator according to the first trust level and the second trust level of the access request initiator comprises the following steps:

if the number of the levels between the first trust level and the second trust level is even, selecting an intermediate level between the first trust level and the second trust level, which is close to the second trust level, as the trust level of the access request initiator;

Based on different authorization policy ranges preset by an access request initiator, matching authorization policies according to each access attribute, and evaluating current access request risks according to the authorization policies and trust levels, wherein the method comprises the following steps:

determining the current access request risk level according to the access authority and the trust level;

wherein, the access effect is a plurality of access indexes.

2. The method for dynamic authorization of precise access of claim 1, wherein the defining access attributes according to the access request and the initiator of the access request comprises:

3. The method for dynamic authorization of precise access of claim 1, wherein determining a neural network model architecture comprises:

4. The method for dynamically authorizing precise access according to claim 1, wherein monitoring subsequent access processes and access results to obtain access effects, adjusting an authorization policy for subsequent access by the access request initiator according to a current access request risk, comprises:

otherwise, the scope of the authorization policy is not adjusted.

5. A dynamic authorization system for accurate access, the system comprising:

the adjustment module is used for monitoring the subsequent access process and the access result, obtaining the access effect, and adjusting the authorization strategy of the subsequent access of the access request initiator according to the current access request risk;

a first determining module, configured to:

A second determining module, configured to:

determining a second trust level based on the fourth data and the first data;

；

a third determining module, configured to:

an evaluation module for:

wherein, the access effect is a plurality of access indexes.