A Network Behavior-based Access Control Model

doi:10.3969/j.issn.1671-1122.2016.10.006

Abstract

Abstract:

Towards the problem that the separation between identity authentication and behavior authentication in open network environment, we focus on the rules and characteristics of users’ network behavior. Base on the traditional identity authentication, we put forward the action-based access control model. This paper makes clear the definition of users’ network behavior, take user’s glance time and access path as data source, compared the calculated value gotten from the algorithm with threshold, model it with temporal information and environment information, then realize user’s behavior verification. For new users, we check the behavior with Markov Chains; for existing users, we establish the directed tree of frequent access, using the mean-variance algorithm to detect the behavior. This model can adapt to the changes of user’s behavior automatically. Moreover, this framework can avoid the phenomenon like malicious misappropriate of user accounts, which has significant meanings toward network security.

Key words: network behavior, behavior authentication, identity authentication, access control

CLC Number:

TP393

Chang LIU, Jingsha HE. A Network Behavior-based Access Control Model[J]. Netinfo Security, 2016, 16(10): 34-39.

Figures/Tables 11

References 13

[1]	YAO H, HU H, HUANG B, et al.Dynamic Role and Context-based Access Control for Grid Applications[C]// IEEE. 6th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT 2005), December 5-8, 2005, Dalian, China. USA: IEEE, 2005:404-406.
[2]	ZHANG Yixuan, HE Jingsha, ZHAO Bin, et al.Towards More Pro-active Access Control Computer Systems and Networks[J]. Compuer Science, Information Systems, SCI Computer Science, 2015, 3(49):132-146.
[3]	XING L, LIU L.A Reputation-based Trust Model for Peer-to-peer Ecommerce Communities[C]//IEEE. IEEE International Conference on E-Commerce (CEC 2003), June 24-27, 2003, NEWPORT BEACH, CA. USA:IEEE, 2003:275-284.
[4]	李凤华,王巍,马建峰,等. 基于行为的访问控制模型及其行为管理[J]. 电子学报,2008(10):1881-1890.
[5]	牟琦,龚尚福. 基于用户行为模型的身份验证算法研究[J].西安科技大学学报,2006(3):376-378, 387.
[6]	FRIAS-MARTINEZ V, SHERRICK J, STOLFO S J, et al . A Network Access Control Mechanism Based on Behavior Profiles[C]// IEEE. 25th Annual Computer Security Applications Conference, December 7-11, 2009, Honolulu, HI. HI:IEEE, 2009:3-12.
[7]	SONG Xuejun, YOU Tiantong.A Network Access Control Mechanism Based on Role And Behavior[C]// IEEE.Proceedings - 2010 3rd IEEE International Conference on Broadband Network andMultimedia Technology, October 26-28, 2010, CHINA. CHINA:IEEE, 2010:95-99.
[8]	ZHU Xing Peng, HAO Feng, CHEN Hong.Access Control Policy Based on Behavior Patterns[C]// IEEE. 3rd International Conference on Genetic and Evolutionary Computing, WGEC 2009, October 14-17, 2009, China. New York: IEEE, 2009 : 557-560.
[9]	隋喆. 群体网络行为模型研究与应用[D]. 成都:四川大学,2006.
[10]	郑周,张大军,李运发. 云计算中面向数据存储的安全访问控制机制[J]. 信息网络安全,2015(9):221-226.
[11]	冯登国,张阳, 张玉清. 信息安全风险评估综述[J]. 通信学报, 2014(7):10-18.
[12]	王红凯,王志强,龚小刚. 移动互联网安全问题及防护措施探讨[J]. 信息网络安全,2014(9):207-210.
[13]	HAN J W 著. 范明,孟小峰,译. 数据挖掘:概念与技术[M]. 北京:机械工业出版社,2012.

[1]	Yifeng DU, Yuanbo GUO. A Dynamic Access Control Method for Fog Computing Based on Trust Value [J]. Netinfo Security, 2020, 20(4): 65-72.
[2]	Xiaofen LIU, Xiaofeng CHEN, Guiren LIAN, Song LIN. Authenticated Multiparty Quantum Secret Sharing Protocol with d-level Single Particle [J]. Netinfo Security, 2020, 20(3): 51-55.
[3]	Peng LIU, Qian HE, Wangyang LIU, Xu CHENG. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption [J]. Netinfo Security, 2020, 20(3): 90-97.
[4]	Lu YU, Senlin LUO. A Method of Internal Intrusion Detection of Database in RBAC Mode [J]. Netinfo Security, 2020, 20(2): 83-90.
[5]	Shengwei XU, Feijie WANG. Attribute-based Encryption Scheme Traced Under Multi-authority [J]. Netinfo Security, 2020, 20(1): 33-39.
[6]	Jinmiao WANG, Guowei WANG, Mei WANG, Ruijin ZHU. Achieving Privacy Preserving and Flexible Access Control in Fog Computing [J]. Netinfo Security, 2019, 19(9): 41-45.
[7]	Fuyou ZHANG, Qiongxiao WANG, Li SONG. Research on Unified Identity Authentication System Based on Biometrics [J]. Netinfo Security, 2019, 19(9): 86-90.
[8]	A-yong YE, Junlin JIN, Lingyu MENG, Ziwen ZHAO. Research on Access Control for Privacy Protection of Mobile Terminals [J]. Netinfo Security, 2019, 19(8): 51-60.
[9]	Zhongyuan QIN, Yin HAN, Qunfang ZHANG, Xuejin ZHU. An Improved Scheme of Multi-PKG Cloud Storage Access Control [J]. Netinfo Security, 2019, 19(6): 11-18.
[10]	Fangbo CAI, Jingsha HE, Nafei ZHU, Song HAN. Research on Cascading Failure of Nodes in Distributed Access Control Model [J]. Netinfo Security, 2019, 19(12): 47-52.
[11]	Shun ZHANG, Zhangkai CHEN, Fengyu LIANG, Runhua SHI. A Quantum Identity Authentication Based on Bell State [J]. Netinfo Security, 2019, 19(11): 43-48.
[12]	Xiangquan SHI, Jing TAO, Baokang ZHAO. A Network Access Control System in Virtualized Environments [J]. Netinfo Security, 2019, 19(10): 1-9.
[13]	Gang LU, Ronghua GUO, Ying ZHOU, Jun WANG. Review of Malicious Traffic Feature Extraction [J]. Netinfo Security, 2018, 18(9): 1-9.
[14]	Wei HU, Qiuhan WU, Shengli LIU, Wei FU. Design of Secure eID and Identity Authentication Agreement in Mobile Terminal Based on Guomi Algorithm and Blockchain [J]. Netinfo Security, 2018, 18(7): 7-9.
[15]	Lin YOU, Jiahao LIANG. Research on Secure Identity Authentication Based on Homomorphic Encryption and Biometric [J]. Netinfo Security, 2018, 18(4): 1-8.