Access control technology is critical to the safe and reliable operation of information systems. However, owing to the massive policy scale and number of access control entities in open distributed information systems, such as big data, the Internet of Things, and cloud computing, existing access control permission decision methods suffer from a performance bottleneck. Consequently, the large access control time overhead affects the normal operation of business services. To overcome the above-mentioned problem, this paper proposes an efficient permission decision engine scheme based on machine learning (EPDE-ML). The proposed scheme converts the attribute-based access control request into a permission decision vector, and the access control permission decision problem is transformed into a binary classification problem that allows or denies access. The random forest algorithm is used to construct a vector decision classifier in order to establish an efficient permission decision engine. Experimental results show that the proposed method can achieve a permission decision accuracy of around 92.6% on a test dataset, and its permission decision efficiency is significantly higher than that of the benchmark method. In addition, its performance improvement becomes more obvious as the scale of policy increases.

中文翻译：

---

基于机器学习的高效访问控制权限决策引擎

访问控制技术对于信息系统的安全可靠运行至关重要。但是，由于开放式分布式信息系统（例如大数据，物联网和云计算）中庞大的策略规模和访问控制实体的数量，现有的访问控制权限决策方法存在性能瓶颈。因此，大量的访问控制时间开销会影响业务服务的正常运行。为了克服上述问题，本文提出了一种基于机器学习的高效权限决策引擎方案（EPDE-ML）。所提出的方案将基于属性的访问控制请求转换为许可决定向量，并且将访问控制许可决定问题转换为允许或拒绝访问的二进制分类问题。随机森林算法用于构造矢量决策分类器，以建立有效的权限决策引擎。实验结果表明，该方法在测试数据集上可以达到约92.6％的权限决策精度，其权限决策效率明显高于基准方法。此外，随着策略规模的增加，其性能改进也变得更加明显。