您所在的位置:首页 > EDA与制造 > 设计应用 > 基于贝叶斯网络的多方关联数据访问安全风险识别模型研究
1.沈阳工业大学 电气工程学院;2.国网辽宁省电力有限公司信息通信分公司; 3.国网辽宁省电力有限公司;4.北京邮电大学 计算机学院
摘要: 对于现代电力系统的数据中台而言,识别用户访问数据过程中的数据推断风险尤为关键。特别是多个用户合谋窃取数据的行为,可能会造成从非敏感数据推断出敏感数据,导致敏感数据泄露,严重威胁电力调度和国家安全。传统的访问控制机制无法识别这种风险。为此,提出一种基于贝叶斯网络的多方关联数据安全风险识别模型MPA-BN,综合考虑用户访问行为、时间模式、接口类型和数据交互方式,利用贝叶斯网络分析用户与服务接口之间的访问关系,深入挖掘数据之间的依赖关系和概率特征,识别数据中台对外服务接口的相关性以及用户组合的潜在风险。本研究使用的数据集来自电力公司数据中台的脱敏日志, 其中包含10 000个访问用户,生成日志的条目约100万。实验结果表明,该模型能够有效识别多用户合谋窃取敏感数据的风险,为电力系统数据安全提供更有力的保障。
中图分类号:TP309 文献标志码:A DOI: 10.16157/j.issn.0258-7998.245390
中文引用格式: 齐俊,周小明,许超,等. 基于贝叶斯网络的多方关联数据访问安全风险识别模型研究[J]. 电子技术应用,2024,50(9):9-17.
英文引用格式: Qi Jun,Zhou Xiaoming,Xu Chao,et al. Research on multi-party associated data access security risk identification model based on Bayesian network[J]. Application of Electronic Technique,2024,50(9):9-17.
Research on multi-party associated data access security risk identification model based on Bayesian network
Qi Jun1,2,Zhou Xiaoming3,Xu Chao2,Zhao Jinghong2,Liu Dahe4
1.School of Electrical Engineering, Shenyang University of Technology; 2.Information and Communication Branch of State Grid Liaoning Electric Power Co., Ltd.; 3.State Grid Liaoning Electric Power Co., Ltd.; 4.School of Computer Science, Beijing University of Posts and Telecommunications
Abstract: For the data center of modern power systems, identifying data inference risks during user access to data is particularly crucial. Especially when multiple users collude to steal data, it may lead to the inference of sensitive data from non sensitive data, resulting in sensitive data leakage and posing a serious threat to power dispatch and national security. Traditional access control mechanisms cannot identify this risk. Therefore, this article proposes a multi-party association data security risk identification model MPA-BN based on Bayesian networks, which comprehensively considers user access behavior, time patterns, interface types, and data interaction methods. Bayesian networks are used to analyze the access relationship between users and service interfaces, deeply explore the dependency relationship and probability characteristics between data, identify the correlation between external service interfaces in data, and potential risks of user combinations. The dataset used in this study is from the desensitization logs of the power company's data center, which includes 10 000 visiting users and generates approximately 1 million log entries. The experimental results show that the model can effectively identify the risk of multiple users colluding to steal sensitive data, providing stronger protection for the security of power system data.
Key words : data middle platform;data inference risk;Bayesian network;privacy protection




为了解决这个问题,本文提出了一个基于贝叶斯网络[10]的多方关联数据访问安全风险识别模型(Multi-Party Associated based on Bayesian Network, MPA-BN)。该模型通过分析用户与数据之间的依赖性和不确定性,有效地识别了潜在的数据推断风险。本文的主要贡献包括:

(1) 提出了用户行为和多用户合谋行为的概念,对数据中台访问行为进行了形式化描述,为区分正常行为和合谋行为提供了基础。

(2) 创新性地提出了一种多用户合谋概率模型,定义了推理风险概率计算公式,为定量评估数据推断风险提供了新的解决方案。

(3) 提出了一种新颖的网络结构模型MPA-BN,专门针对数据中台背景进行了适配,提高了处理效率和准确性。

(4) 在真实数据集上验证了MPA-BN模型的有效性,实验结果显示其具有良好的准确性和稳定性。





(1.沈阳工业大学 电气工程学院,辽宁 沈阳110000;

2.国网辽宁省电力有限公司信息通信分公司,辽宁 沈阳110000;

3.国网辽宁省电力有限公司,辽宁 沈阳 110000;

4.北京邮电大学 计算机学院,北京100876)

