Research On Dynamic Access Control Multiple Decision Method Based On Zero Trust Framework

Traditional security models are typically based on boundary defense and aim to prevent attackers from entering from outside.However,with more and more organizations adopting distributed computing and mobile devices,traditional boundary security models can no longer meet security needs.Zero-trust framework protects network resources through continuous evaluation and dynamic access control.However,existing trust models often use trust evaluation based on a single attribute,and the accuracy of the evaluation results differs from the actual situation in scenarios with a large number of mobile devices and complex subject attributes.Therefore,this article focuses on the research of the diversity of trust calculation in trust models.The main research results are as follows:(1)A fusion traffic detection model based on C-LSTM is proposed to meet the needs of considering the spatio-temporal characteristics of flow data in calculating user behavior trust using flow data.It integrates the spatial learning ability of CNN and the time learning ability of LSTM to adapt to the massive flow data in the Io T.Experimental results show that this approach can achieve high evaluation indicators on a shallow model and perform better than deep learning methods without model fusion.(2)To solve the problem of non-sequentialization of logs and the ignorance of contextual information in calculating user historical trust using log data,this article studies methods such as log parsing and feature extraction,log data modeling,and proposes a bidirectional LSTM log detection model based on attention mechanism.The attention mechanism is used in the model architecture to allow the model to automatically select and focus on important log entries in the input sequence.Experimental results show that this approach improves the performance and robustness of the model and performs well in handling unstable log sequences.(3)Based on the above methods,a multi-dimensional trust calculation method based on a time decay function is proposed,combined with the calculation of user behavior trust using flow data and user historical trust using log data.A dynamic access control scheme based on user trust is designed,which consists of switches,controllers,resource servers,etc.The use of fuzzy mathematics and the combination of time decay functions weight behavior trust and historical trust to obtain the final trust value,ensuring the spatio-temporal sensitivity of trust calculation.