CN112446038B - Access strategy intelligent generation method based on matrix decomposition - Google Patents

Abstract

The invention discloses an access strategy intelligentized generation method based on matrix decomposition, which constructs a user-file access matrix through an authorized data set; randomly permuting rows and columns of the access matrix; randomly generating an attribute matrix and a strategy matrix and setting various parameters; training an attribute matrix and a strategy matrix by using a small-batch gradient descent method, calculating the absolute value of the difference between the objective functions after training before and after training, and judging whether to stop training by using a threshold method; calculating a prediction matrix according to the attribute matrix and the strategy matrix; calculating a safety threshold for each file vector of the prediction matrix; and finally, formulating a corresponding access strategy according to the strategy matrix and the security threshold value, and constructing an intelligent access strategy generation method through learning the existing authorized data set, thereby greatly reducing the labor cost required for formulating the access strategy and being beneficial to popularization and application of the ABE ciphertext access control mechanism in a large-scale network scene.

Description

Access strategy intelligent generation method based on matrix decomposition

Technical Field

The invention relates to the technical field of attribute encryption, in particular to an access strategy intelligent generation method based on matrix decomposition.

Background

An attribute-based encryption (ABE) mechanism is to associate a ciphertext and a user private key with an attribute as a public key. Ciphertext-policy ABE (CP-ABE) is a type of scheme commonly used in ABE. In the CP-ABE, the access authority can be flexibly represented by an access strategy, and fine-granularity access control can be realized. So the CP-ABE has wide application prospect in the field of fine granularity access control.

Existing ABE-based fine-grained access control mechanisms require the data owner to manually formulate a corresponding access policy for each data unit. However, in a mass data storage system such as cloud storage, making an access policy for each data unit can take a great amount of labor overhead, which is not beneficial to popularization and application of the ABE ciphertext access control mechanism in a large-scale network scene.

Disclosure of Invention

The invention aims to provide an access strategy intelligent generation method based on matrix decomposition, which is beneficial to popularization and application of an ABE ciphertext access control mechanism in a large-scale network scene.

In order to achieve the above purpose, the present invention provides an access policy intelligentized generation method based on matrix decomposition, comprising the following steps:

acquiring authorization data to construct a user file access matrix, and randomly replacing rows and columns in the access matrix;

decomposing the access matrix based on the decomposition dimension, and training the attribute matrix and the strategy matrix by utilizing a small batch gradient descent method;

judging the difference value of the objective function of the attribute matrix and the strategy matrix after training by using a threshold method;

and calculating a prediction matrix according to the trained attribute matrix and the trained strategy matrix, and obtaining a corresponding access strategy according to the obtained safety threshold.

The method for acquiring the authorization data to construct the user file access matrix and randomly replacing the rows and the columns in the access matrix comprises the following steps:

and constructing a user file access matrix according to the acquired authorization data, setting a corresponding matrix value, randomly replacing pi for columns in the access matrix, and randomly replacing pi for rows in the replaced matrix.

The method comprises the steps of decomposing the access matrix based on a decomposition dimension, training an attribute matrix and a strategy matrix by utilizing a small-batch gradient descent method, and comprises the following steps:

based on the decomposition dimension, randomly decomposing the access matrix after the rank replacement into an attribute matrix and a strategy matrix, constructing an objective function at the same time, and setting a missing value weight, a regular term coefficient, a learning rate, a gradient descent threshold value and a batch size.

The method comprises the steps of decomposing the access matrix based on a decomposition dimension, training the attribute matrix and the strategy matrix by utilizing a small-batch gradient descent method, and further comprises the following steps:

training the attribute matrix by using a small-batch gradient descent method, calculating the attribute matrix threshold value, and binarizing the attribute matrix according to the attribute threshold value.

The method for judging the objective function difference value of the attribute matrix and the strategy matrix after training by using a threshold method comprises the following steps:

and calculating the absolute value of the difference between the trained attribute matrix and the objective function of the strategy matrix, and if the absolute value is larger than a set threshold value, continuing to train the attribute matrix and the strategy matrix.

The method comprises the steps of calculating a prediction matrix according to the trained attribute matrix and the trained strategy matrix, and obtaining a corresponding access strategy according to an obtained safety threshold, wherein the method comprises the following steps:

and calculating a corresponding prediction matrix according to the trained attribute matrix and the trained strategy matrix, and after any column element of the prediction matrix is arranged in a descending order, calculating all potential thresholds of the corresponding column.

The method comprises the steps of calculating a prediction matrix according to the trained attribute matrix and the trained strategy matrix, obtaining a corresponding access strategy according to the obtained safety threshold, and further comprising:

and (3) binarizing the elements in the corresponding columns by utilizing the potential threshold value, and then calculating a corresponding mean square error value and a safety threshold value until all columns of the prediction matrix are calculated.

The invention relates to an access strategy intelligentized generation method based on matrix decomposition, which constructs a user-file access matrix through the existing authorized data set; randomly permuting rows and columns of the access matrix; randomly generating an attribute matrix and a strategy matrix; setting an objective function, a missing value weight, a regular term coefficient, a learning rate, a gradient descent threshold value and a batch size; training an attribute matrix by using a small-batch gradient descent method, calculating an attribute matrix threshold value and binarizing the attribute matrix, training a strategy matrix by using the small-batch gradient descent method, calculating the absolute value of the difference between the objective functions after training before and after twice, and if the absolute value is larger than a given threshold value, continuing training the attribute matrix, calculating the attribute matrix threshold value and training the strategy matrix, otherwise stopping training; calculating a prediction matrix according to the attribute matrix and the strategy matrix; calculating a threshold value for each file vector of the prediction matrix, wherein the threshold value is a safety threshold value; and finally, formulating a corresponding access strategy according to the strategy matrix and the safety threshold. According to the invention, through learning the existing authorized data set, an intelligent access strategy generation method is constructed, so that the labor cost required for formulating the access strategy is greatly reduced, and the popularization and application of the ABE ciphertext access control mechanism in a large-scale network scene are facilitated.

Drawings

In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic step diagram of an access policy intelligentized generation method based on matrix decomposition.

Fig. 2 is a flow chart of an intelligent generation method of an access strategy based on matrix decomposition.

FIG. 3 is an exemplary diagram of a user-file matrix provided by the present invention.

FIG. 4 is a schematic diagram of the user-file access matrix broken down into an attribute matrix and a policy matrix provided by the present invention.

FIG. 5 is a flow chart of training an attribute matrix provided by the present invention.

FIG. 6 is a flow chart for calculating attribute matrix thresholds provided by the present invention.

Fig. 7 is a flow chart of a training strategy matrix provided by the present invention.

Fig. 8 is a flow chart of calculating a security threshold provided by the present invention.

FIG. 9 is an exemplary diagram of an access tree generated according to policy vectors and security thresholds provided by the present invention.

FIG. 10 is a line graph of recall as a function of learning rate provided by the present invention.

FIG. 11 is a line graph of recall provided by the present invention as a function of resolution dimensions.

Fig. 12 is a line graph of recall as a function of batch size provided by the present invention.

FIG. 13 is a line graph of recall provided by the present invention as a function of regularization term coefficients.

FIG. 14 is a line graph of training time as a function of decomposition dimension provided by the present invention.

Fig. 15 is a plot of mean square error as a function of training sample duty cycle provided by the present invention.

Detailed Description

Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative and intended to explain the present invention and should not be construed as limiting the invention.

In the description of the present invention, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.

Referring to fig. 1 and 2, the invention provides an access policy intelligentized generation method based on matrix decomposition, which comprises the following steps:

s101, acquiring authorization data to construct a user file access matrix, and randomly replacing rows and columns in the access matrix.

Specifically, as shown in fig. 3, a user-file access matrix r= (R) is constructed from the authorization data set_ui )_m×n The rows of matrix R represent users and the columns represent files. Then setting corresponding matrix values: if the user successfully accesses a certain file, the corresponding position of the matrix is 1; the user cannot access and is set to 0; the record is set to NULL if no access is made.

The random permutation accesses the rows and columns of matrix R.

1.1 random permutations of 1, …, n pi (1, 2, n) = (x₁ ,x₂ ,...,x_n )。

1.2 let R' = (R_x1 ,R_x2 ,...,R_xn ) Wherein R is_xi (1.ltoreq.i.ltoreq.n) is the x < th > of the matrix R_i Columns.

1.3 random permutations of 1, …, m pi (1, 2,..m) = (y₁ ,y₂ ...,y_m )。

1.4 ream

Wherein R 'is'_yi (1. Ltoreq.i.ltoreq.m) the y-th of the matrix R_i And (3) row.

1.5 let r=r%

S102, decomposing the access matrix based on the decomposition dimension, and training the attribute matrix and the strategy matrix by using a small-batch gradient descent method.

Specifically, as shown in fig. 4, the dimension f required for matrix decomposition is determined, and the attribute matrix p= (P) is randomly generated_uj )_m×f (0≤p_uj Less than or equal to 1) and a policy matrix q= (Q)_ji )_f×n (0≤q_ji And is less than or equal to 1). The rows of the attribute matrix P represent users, and the columns represent attributes; the rows of the policy matrix Q represent attributes and the columns represent files.

Setting an objective function:

wherein w is_ui R is_ui Lambda is the regularized term coefficient, r_ui To access the ith column element of the ith row, p, of matrix R_uj Is the jth column element, q of the ith row of the attribute matrix P_ji For the j-th row and i-th column element of the policy matrix Q, f represents the decomposition dimension.

Setting a regularization term coefficient lambda, a learning rate gamma, a gradient descent threshold value theta, a batch size b and a missing value weight w_ui If r_ui =1 or r_ui Let w=0_ui Otherwise, a smaller weight value is set.

Grouping the rows and columns of the access matrix:

set_l ＝{i|i＝l′modn,(l-1)b+1≤l′≤lb}

set′_l ＝{i|i＝l′modm,(l-1)b+1≤l′≤lb}

wherein set is_l For grouping rows, set'_l For column grouping, l is the iteration number, b is the batch size, and m and n are the number of rows and columns of the access matrix, respectively.

Let l=1.

As shown in fig. 5, an attribute matrix, a policy matrix, an access matrix, and a weight w are input_ui Learning rate, regularization term coefficients, and line grouping, and initializing k=1, u=1.

Training an attribute matrix P:

wherein, gamma is learning rate, w_ui R is_ui Lambda is the regularized term coefficient, r_ui To access the ith column element of the ith row, p, of matrix R_uk Is the kth column element of the ith row, q of the attribute matrix P_ki For the kth row and ith column element of the policy matrix Q, f represents the decomposition dimension.

If k is smaller than f, let k=k+1 and continue training attribute matrix P, otherwise go to the next step.

If u < m, u=u+1, k=k+1, and continuing training the attribute matrix P, otherwise, proceeding to the next step.

And outputting an attribute matrix P.

As shown in fig. 6, the training attribute matrix threshold v= (v)₁ ,v₂ ,...,v_f ) Wherein v is_i (1.ltoreq.i.ltoreq.f) represents the attribute threshold of the ith column of the attribute matrix P.

Let k=1.

Column k P of the attribute matrix P_k Obtaining a from the big to small arrangement_k ＝(a_k1 ,a_k2 ,...,a_km )。

Calculation of P_k All potential threshold v_kt ：

According to different v_kt (1. Ltoreq.t. Ltoreq.m-1) P_k Binarization to obtain

Wherein,

calculating an objective function value:

1≤t≤m-1

wherein v is_kt Representing P_k T potential threshold, w_ui R is_ui Lambda is the regularized term coefficient, r_ui To access the ith column element of the ith row, p, of matrix R_uj Is the jth column element, q of the ith row of the attribute matrix P_ji As the jth row and ith column elements of the policy matrix Q,representing P_k^(t) F represents the decomposition dimension.

Selecting a threshold valueMake->

Let k=k+1 if k < f, and let k+1 column P of the attribute matrix P_k+1 Ranging from large to small; otherwise, the next step is carried out.

According to the threshold v= (v₁ ,v₂ ,...,v_f ) Binarizing the attribute matrix P to obtain P '= (P'_uj )_m×f 。

Let p=p'

As shown in fig. 7, an attribute matrix, a policy matrix, an access matrix, and a weight w are input_ui Learning rate, regularization term coefficients, and batch grouping, and initializing k=1, i=1.

Training a strategy matrix Q:

wherein, gamma is learning rate, w_ui R is_ui Lambda is the regularized term coefficient, r_ui To access the ith column element of the ith row, p, of matrix R_uk Is the kth column element of the ith row, q of the attribute matrix P_ki For the kth row and ith column element of the policy matrix Q, f represents the decomposition dimension.

If k is less than f, let k=k+1 and continue training the strategy matrix Q, otherwise go to the next step.

If i < n, i=i+1, k=k+1, and continuing training the strategy matrix Q, otherwise, proceeding to the next step.

And outputting a matrix Q.

S103, judging the objective function difference value of the attribute matrix and the strategy matrix after training by using a threshold method.

Specifically, the objective function value L is calculated₂ . If l=1, let L₁ ＝L₂ Continuing training the attribute matrix P; otherwise, the next step is carried out.

Wherein w is_ui R is_ui Lambda is the regularized term coefficient, r_ui To access the ith column element of the ith row, p, of matrix R_uj Is the jth column element, q of the ith row of the attribute matrix P_ji For the j-th row and i-th column element of the policy matrix Q, f represents the decomposition dimension.

Calculating the absolute value of the difference between the trained attribute matrix and the objective function of the strategy matrix, and if the absolute value is larger than a set threshold value, continuing to train the attribute matrix and the strategy matrix; i.e. calculate |L₁ -L₂ I, if I L₁ -L₂ And if the I is more than theta, continuing training the attribute matrix P, otherwise stopping training.

S104, calculating a prediction matrix according to the trained attribute matrix and the trained strategy matrix, and obtaining a corresponding access strategy according to the obtained safety threshold.

Specifically, a prediction matrix is calculated according to the attribute matrix P and the strategy matrix Q

Wherein,r is the ith column element of the ith row of the prediction matrix_ui To access the ith column element of the ith row, p, of matrix R_uj Is the jth column element, q of the ith row of the attribute matrix P_ji For the j-th row and i-th column element of the policy matrix Q, f represents the decomposition dimension.

As shown in fig. 8, a security parameter s=(s)₁ ,s₂ ,...,s_n ) Wherein s is₁ (1. Ltoreq.i.ltoreq.n) represents a prediction matrixThe threshold of column i, the security threshold of file i.

Let k=1.

Matrix is formedK < th >>Obtaining a from the big to small arrangement_k ＝(a_k1 ,a_k2 ,...,a_km )。

Calculation ofAll potential threshold s_kt ：

According to different s_kt (1.ltoreq.t.ltoreq.m-1) willBinarization to obtain

Calculating a mean square error value:

wherein s is_kt Representation ofT potential threshold, w_ui R is_ui Weights of r_ui For accessing the ith column element of the ith row of matrix R +.>Representation->Is the u-th element of (2).

Selecting a safety thresholdMake->

If k < n, let k=k+1, then matrixK+1 column->Ranging from large to small; otherwise, the next step is carried out.

According to the policy matrix Q and the security threshold s=(s)₁ ,s₂ ,...,s_n ) And (5) formulating an access strategy. An authorized access set is generated from the policy vector and the security threshold of the file, and further an access tree may be generated. For example, user u has an attribute vector p_u The policy vector and the security threshold of the file i are q respectively_i Sum s_i If p_u q_i ＞s_i User u may access file i, otherwise not.

The authorization attribute set and access tree of the file can be generated based on the attribute vector and security threshold of the file, as shown in fig. 9, assuming that the system has A, B, C three attributes, attribute vector p₁ = (0, 1, 0) means that the attribute set of user 1 is { B }. Policy vector q according to File 1₁ = (0.3,0.7,0.5), safety threshold s₁ =0.5, all authorized access sets for file 1 are available as { { B }, { a, C }, { a, B }, { B, C }, { a, B, C }, and further access trees can be generated.

As shown in fig. 10, the abscissa is the learning rate and the ordinate is the recall rate. When the learning rate is more than or equal to 0.007 and less than or equal to 0.009, the recall ratio of all three data sets exceeds 90%. The recall for dataset 2 reached a maximum of 96.5% at a learning rate of 0.007.

As shown in fig. 11, the abscissa is the matrix factorization dimension and the ordinate is the recall. The recall of all three data sets exceeds 90% when the decomposition dimension is 3, and the recall of data set 1 can reach a maximum of 95.8%.

As shown in FIG. 12, the abscissa is the batch size and the ordinate is the recall. When the batch size b is more than or equal to 5 and less than or equal to 25, the recall ratio of all three data sets can exceed 90 percent. The recall for dataset 1 reached a maximum of 97.3% at a batch size of 10.

As shown in fig. 13, the abscissa is the regular term coefficient, and the ordinate is the recall. When the regular term system is 0.01-0.02, the recall ratio of the three data sets is more than 90%. The data set 3 can reach a maximum of 96.8% when the regularization term coefficient is 0.01.

As shown in fig. 14, the abscissa is the decomposition dimension, and the ordinate is the training time. From the figure, training time increases as the dimension of decomposition increases.

As shown in fig. 15, the abscissa represents the proportion of training samples in the data set, and the ordinate represents the mean square error. From the figure, the mean square error decreases as the proportion of training samples in the data set increases. The mean square error of data set 1 reached a minimum of 0.017 when the duty cycle of the training samples in the data set was 95%.

The invention relates to an access strategy intelligentized generation method based on matrix decomposition, which constructs a user-file access matrix through the existing authorized data set; randomly permuting rows and columns of the access matrix; randomly generating an attribute matrix and a strategy matrix; setting an objective function, a missing value weight, a regular term coefficient, a learning rate, a gradient descent threshold value and a batch size; training an attribute matrix by using a small-batch gradient descent method, calculating an attribute matrix threshold value and binarizing the attribute matrix, training a strategy matrix by using the small-batch gradient descent method, calculating the absolute value of the difference between the objective functions after training before and after twice, and if the absolute value is larger than a given threshold value, continuing training the attribute matrix, calculating the attribute matrix threshold value and training the strategy matrix, otherwise stopping training; calculating a prediction matrix according to the attribute matrix and the strategy matrix; calculating a threshold value for each file vector of the prediction matrix, wherein the threshold value is a safety threshold value; and finally, formulating a corresponding access strategy according to the strategy matrix and the safety threshold. According to the invention, through learning the existing authorized data set, an intelligent access strategy generation method is constructed, so that the labor cost required for formulating the access strategy is greatly reduced, and the popularization and application of the ABE ciphertext access control mechanism in a large-scale network scene are facilitated.

The above disclosure is only a preferred embodiment of the present invention, and it should be understood that the scope of the invention is not limited thereto, and those skilled in the art will appreciate that all or part of the procedures described above can be performed according to the equivalent changes of the claims, and still fall within the scope of the present invention.

Claims (2)

1. An access strategy intelligent generation method based on matrix decomposition is characterized by comprising the following steps:

acquiring authorization data to construct a user file access matrix, and randomly replacing rows and columns in the access matrix;

decomposing the access matrix based on the decomposition dimension, and training the attribute matrix and the strategy matrix by utilizing a small batch gradient descent method;

judging the difference value of the objective function of the attribute matrix and the strategy matrix after training by using a threshold method;

calculating a prediction matrix according to the trained attribute matrix and the trained strategy matrix, and obtaining a corresponding access strategy according to the obtained safety threshold;

decomposing the access matrix based on the decomposition dimension, and training the attribute matrix and the strategy matrix by using a small-batch gradient descent method, wherein the method comprises the following steps of:

randomly decomposing the access matrix subjected to row-column replacement into an attribute matrix and a strategy matrix based on a decomposition dimension, constructing an objective function at the same time, and setting a missing value weight, a regular term coefficient, a learning rate, a gradient descent threshold value and a batch size;

training the attribute matrix by using a small-batch gradient descent method, then calculating the attribute matrix threshold value, and binarizing the attribute matrix according to the attribute threshold value;

judging the target function difference value of the attribute matrix and the strategy matrix after training by using a threshold method, wherein the method comprises the following steps:

calculating the absolute value of the difference between the target function of the attribute matrix and the target function of the strategy matrix after training, and if the absolute value is larger than a set threshold value, continuing to train the attribute matrix and the strategy matrix;

calculating a prediction matrix according to the trained attribute matrix and the trained strategy matrix, and obtaining a corresponding access strategy according to the obtained safety threshold, wherein the method comprises the following steps:

calculating a corresponding prediction matrix according to the trained attribute matrix and the trained strategy matrix, arranging any column element of the prediction matrix in a descending order, and calculating all potential thresholds of the corresponding column;

and (3) binarizing the elements in the corresponding columns by utilizing the potential threshold value, and then calculating a corresponding mean square error value and a safety threshold value until all columns of the prediction matrix are calculated.

2. The method for intelligently generating an access policy based on matrix factorization according to claim 1, wherein obtaining authorization data to construct a user file access matrix and randomly permuting rows and columns in the access matrix comprises:

and constructing a user file access matrix according to the acquired authorization data, setting a corresponding matrix value, randomly replacing pi for columns in the access matrix, and randomly replacing pi for rows in the replaced matrix.