网络与信息安全学报 (Apr 2022)
Trust evaluation optimization mechanism for cloud user behavior based on FANP
Abstract
The open cloud computing environment is facing security challenges and the traditional user behavior evaluation mechanism cannot guarantee the security of the cloud.In order to scientifically and quantitatively evaluate the user’s behavior trust, ensure the scientific and reasonable weight assignment, improve the security and credibility of user behavior under the cloud platform, a trust evaluation optimization mechanism combined with fuzzy analytic network process (FANP) was designed.In the proposal, user behavior trust evaluation based on one control target was extended to include two control target modules which were historical access behavior and current access environment.At the same time, the historical access behavior module was divided into two aspects: conventional behavior and gray behavior, and the current access environment module was divided into two directions: information integrity and access security.The corresponding control criteria was divided to construct the analytic network process (ANP) model under different control objectives.The limit hypermatrix under each target module was calculated to obtain the final stability weight of each element with the help of network analytic hierarchy process software.And the real user behavior data under the development platform was selected to comprehensively calculate the trust degree under different modules as the final behavior evaluation result.The expansion of the user behavior evaluation module refined the evaluation granularity, which makes the evaluation results more objective and accurate.In the cloud environment with the same malicious ratio, the optimization mechanism has better recognition effect, and it can identify cloud users with low trust efficiently and effectively, so as to improve the security and legitimacy of the cloud.At the same time, it also provids new research direction for solving the problem of user security and credibility, and effective risk control in the cloud environment.
