网络与信息安全学报 (Oct 2022)
Access control relationship prediction method based on GNN dual source learning
Abstract
With the rapid development and wide application of big data technology, users’ unauthorized access to resources becomes one of the main problems that restrict the secure sharing and controlled access to big data resources.The ReBAC (Relationship-Based Access Control) model uses the relationship between entities to formulate access control rules, which enhances the logical expression of policies and realizes dynamic access control.However, It still faces the problems of missing entity relationship data and complex relationship paths of rules.To overcome these problems, a link prediction model LPMDLG based on GNN dual-source learning was proposed to transform the big data entity-relationship prediction problem into a link prediction problem with directed multiple graphs.A topology learning method based on directed enclosing subgraphs was designed in this modeled.And a directed dual-radius node labeling algorithm was proposed to learn the topological structure features of nodes and subgraphs from entity relationship graphs through three segments, including directed enclosing subgraph extraction, subgraph node labeling calculation and topological structure feature learning.A node embedding feature learning method based on directed neighbor subgraph was proposed, which incorporated elements such as attention coefficients and relationship types, and learned its node embedding features through the sessions of directed neighbor subgraph extraction and node embedding feature learning.A two-source fusion scoring network was designed to jointly calculate the edge scores by topology and node embedding to obtain the link prediction results of entity-relationship graphs.The experiment results of link prediction show that the proposed model obtains better prediction results under the evaluation metrics of AUC-PR, MRR and Hits@N compared with the baseline models such as R-GCN, SEAL, GraIL and TACT.The ablation experiment results illustrate that the model’s dual-source learning scheme outperforms the link prediction effect of a single scheme.The rule matching experiment results verify that the model achieves automatic authorization of some entities and compression of the relational path of rules.The model effectively improves the effect of link prediction and it can meet the demand of big data access control relationship prediction.