Department of Information Systems Security, PLA Information Engineering University, Zhengzhou, China.
Big Data. 2024 Oct;12(5):390-411. doi: 10.1089/big.2021.0473. Epub 2023 Aug 1.
Context information is the key element to realizing dynamic access control of big data. However, existing context-aware access control (CAAC) methods do not support automatic context awareness and cannot automatically model and reason about context relationships. To solve these problems, this article proposes a weighted GraphSAGE-based context-aware approach for big data access control. First, graph modeling is performed on the access record data set and transforms the access control context-awareness problem into a graph neural network (GNN) node learning problem. Then, a GNN model WGraphSAGE is proposed to achieve automatic context awareness and automatic generation of CAAC rules. Finally, weighted neighbor sampling and weighted aggregation algorithms are designed for the model to realize automatic modeling and reasoning of node relationships and relationship strengths simultaneously in the graph node learning process. The experiment results show that the proposed method has obvious advantages in context awareness and context relationship reasoning compared with similar GNN models. Meanwhile, it obtains better results in dynamic access control decisions than the existing CAAC models.
上下文信息是实现大数据动态访问控制的关键要素。然而,现有的上下文感知访问控制(CAAC)方法不支持自动上下文感知,也无法自动对上下文关系进行建模和推理。针对这些问题,本文提出了一种基于加权图抽样的大数据访问控制的上下文感知方法。首先,对访问记录数据集进行图建模,将访问控制上下文感知问题转化为图神经网络(GNN)节点学习问题。然后,提出了一个 GNN 模型 WGraphSAGE,以实现自动上下文感知和自动生成 CAAC 规则。最后,为模型设计了加权邻居采样和加权聚合算法,以实现在图节点学习过程中自动对节点关系和关系强度进行建模和推理。实验结果表明,与类似的 GNN 模型相比,所提出的方法在上下文感知和上下文关系推理方面具有明显的优势。同时,它在动态访问控制决策方面比现有的 CAAC 模型取得了更好的效果。
