Xiaoqiang Di

Access Control Model Based on Role and Attribute and Its Implementation

Combining the role-based access control (RBAC) model with the attribute-based access control (ABAC) model is a popular direction of current research on access control models. At present, many RABAC (RBAC + ABAC) models have been proposed. On the basis of RBAC model, these models dynamically apply ABAC rules to user-role mapping, role-permission mapping and user-permission mapping, thus realizing the usability and flexibility of access control models to some extent. But these models still have some insufficiencies in access control granularity and flexibility. This paper analyzes the defects of existing RABAC models and their causes, proposes a more fine-grained, flexible and efficient RABAC model, and realizes an access control system based on this model. Through the well-designed ABAC rules and their application modes, the system has achieved the goal of the RABAC model proposed by this paper and facilitated the administrators management of access control rules.

Improved K-Means Algorithm and Its Application to Vehicle Steering Identification

K-means is a very common clustering algorithm, whose performance depends largely on the initially selected cluster center. The K-means algorithm proposed by this paper uses a new strategy to select the initial cluster center. It works by calculating the minimum and maximum distances from data to the origin, dividing this range into several equal ranges, and then adjusting every range according to the data distribution to equate the number of data contained in the ranges as much as possible, and finally calculating the average of data in every range and taking it as initial cluster center. The theoretical analysis shows that despite linear time complexity of initialization process, this algorithm has the features of an superlinear initialization method. The application of this algorithm to the analysis of GPS data when vehicle is moving shows that it can effectively increase the clustering speed and finally achieve better vehicle steering identification.

Access control model based on role and attribute and its applications on space-ground integration networks

After years of development, role-based access control model (RBAC) is already and gradually perfect and has been widely used because of its excellent security and ease of use. But the model is difficult to meet the dynamic access control requirements. For this reason, people put forward the attribute-based access control model (ABAC). The model realizes flexible access control by introducing attributes, solving the problem of RBAC. But in a large environment with many attributes it has the problem of poor usability. In this paper, combining the above-mentioned models, we propose an access control model based on role and attribute, in which RBAC is used to manage static attributes, while ABAC is used to manage dynamic attributes. This model can effectively reduce the number of roles and access control rules, making access control more flexible and easy to use. In addition, we apply this model to the space-ground integration network environment and design distributed access control framework according to the characteristics of this network. This provides ideas for the research and construction of the space-ground integration network.

Formal definition and analysis of access control model based on role and attribute

Abstract Integration of role-based access control model (RBAC) and attribute-based access control model (ABAC) has become a hot area of access control research recently. A lot of access control models based on role and attribute (RABAC) have been proposed so far. These models use RBAC to establish static relationships between users, roles and permissions, and then dynamically apply attribute-based access control rules to user-role mappings, role-permission mappings and user-permission mappings, which to some extent makes access control model easy to use and flexible. However, these models still have some shortcomings in terms of access control granularity, flexibility and decision efficiency. This paper studies the defects of the current RABAC models and the causes, proposes more fine-grained, flexible and efficient RABAC model, extends the evaluation indicators of access control model and analyzes the access control granularity, flexibility and decision efficiency of RABAC model theoretically.

Social Network Recommendation Algorithm Based on ICIP

The recent years has witnessed rapid development of social network platforms. To enable timely and effective selection of information that is valuable and raises interests, a variety of personalized recommendation algorithms have been put into practice. The improved clustering based on the Isolation Point (ICIP) algorithm is presented based on clustering. In order to overcome the shortcomings of the traditional clustering, the process of Isolation Point has been included in the ICIP algorithm. In this paper, the ICIP algorithm is used for topic extraction of WeChat articles. According to the characteristics of the social network platform, the data noise reduction and modeling is adopted first and then text classification is achieved based on the similarity. The ICIP is applied to remove isolated points, improve clustering accuracy and reduce noise. Compared with other clustering algorithms, the ICIP algorithm has higher accuracy and efficiency.

Sentence Similarity Learning Method based on Attention Hybrid Model

Sentence similarity learning is a vital task in Natural Language Processing (NLP) such as document summarization and question answering. In this paper, we propose a method to compute semantic similarity between sentences which is based on the attention hybrid model. Our method utilizes Bidirectional Long Short-Term Memory Networks (BLSTM) and Convolutional Neural Networks (CNN) to extract the semantic features of a sentence. And it learns the representation of each sentence with word-level attention. Then the attentive representations are concatenated and fed into the output layer to compute the score of sentences similarity. Finally, the public datasets of the Quora is used to test the proposed method and experiment results show that our method is effective and outperforms other methods.

Anomaly Detection for Application Layer User Browsing Behavior Based on Attributes and Features

Application layer distributed denial of service (App-DDoS) attacks has posed a great threat to the security of the Internet. Since these attacks occur in the application layer, they can easily evade traditional network layer and transport layer detection methods. In this paper, we extract a group of user behavior attributes from our intercept program instead of web server logs and construct a behavior feature matrix based on nine user behavior features to characterize user behavior. Subsequently, principal component analysis (PCA) is applied to profile the user browsing behavior pattern in the feature matrix and outliers from the pattern are used to recognize normal users and attackers. Experiment results show that the proposed method is good to distinguish normal users and attackers. Finally, we implement three machine learning algorithms (K-means, DBSCAN and SVM) to further validate the effectiveness of the proposed attributes and features.

An Auction-Gaming Based Routing Model for LEO Satellite Networks

Characteristics of LEO satellite networks, like dynamically changed topological structures, limited on-board resources, and longer communication delay, have brought new challenges to the construction of satellite networks. By analyzing existing routing models for satellite networks, this paper proposes an auction-gaming-based routing model for LEO satellite networks, based on the DTN protocol and against such characteristics. By making use of an auction model, it takes space propagation loss, residual storage space of a node, and routing hop counts as important bases for routing selection. Analysis shows that besides the routing function, this model also plays an active role in avoiding “selfish” satellite nodes, as well as in relieving network congestion.

Research on the Routing Algorithm of LEO-Satellite DTN Network Based on Multi-Attribute Decision Making

Space information network is an important development direction of future information network, and LEO-satellite DTN network is an important part of space information network. As LEO (low earth orbit) satellite network is characterized by big delay, frequent interruption and highly variable topological structure, the issue of routing has become the bottleneck constraint to the development of this network. To facilitate the solving of routing issue, this paper proposes a routing algorithm based on multiple-attribute decision making (MADM), which uses five important indicators, namely satellite network link bandwidth, link establishment delay, free storage space at nodes, network BER (bit error ratio) and data forwarding rate at nodes, as the basis of routing, and decides on the data-forwarding route in accordance with the calculated attribute proportions to realize the DTN routing. Meanwhile, through the adjustment of attribute preference, this algorithm can optimize the paths of various service networks so as to adapt to the multi-service needs of space information network. The result of simulation experiment shows that, compared with Epidemic and PROPHET routing algorithm, this algorithm is significantly advantageous in terms of data transmission success rate and average network delay.

A semi-symmetric image encryption scheme based on the function projective synchronization of two hyperchaotic systems

Both symmetric and asymmetric color image encryption have advantages and disadvantages. In order to combine their advantages and try to overcome their disadvantages, chaos synchronization is used to avoid the key transmission for the proposed semi-symmetric image encryption scheme. Our scheme is a hybrid chaotic encryption algorithm, and it consists of a scrambling stage and a diffusion stage. The control law and the update rule of function projective synchronization between the 3-cell quantum cellular neural networks (QCNN) response system and the 6th-order cellular neural network (CNN) drive system are formulated. Since the function projective synchronization is used to synchronize the response system and drive system, Alice and Bob got the key by two different chaotic systems independently and avoid the key transmission by some extra security links, which prevents security key leakage during the transmission. Both numerical simulations and security analyses such as information entropy analysis, differential attack are conducted to verify the feasibility, security, and efficiency of the proposed scheme.