CN108306898A

CN108306898A - Cognitive method, device and the computing device of block chain attack

Info

Publication number: CN108306898A
Application number: CN201810367382.XA
Authority: CN
Inventors: 蒋劭捷; 王伟波; 李明政
Original assignee: Beijing Qihoo Technology Co Ltd
Current assignee: BEIJING QIBAO TECHNOLOGY Co.,Ltd.
Priority date: 2018-04-23
Filing date: 2018-04-23
Publication date: 2018-07-20
Anticipated expiration: 2038-04-23
Also published as: CN108306898B

Abstract

The invention discloses a kind of cognitive method, device and the computing devices of block chain attack, wherein method includes：Read the data content of each block in block chain；Security audit is carried out to the data content of each block according to one or more default audit strategies, obtains the auditing result for meeting at least one default audit strategy；The auditing result is analyzed, the sensing results of attack are obtained.Utilize scheme provided by the invention, by default audit strategy security audit can be carried out to the data content of each block automatically, find block chain attack in time according to auditing result, and then convenient for taking counter-measure for the block chain attack, to avoid the exclusive loss dug mine and cause other miners of attacker.

Description

Cognitive method, device and the computing device of block chain attack

Technical field

The present invention relates to block chain technical fields, and in particular to a kind of cognitive method of block chain attack, device and Computing device.

Background technology

For popular, block chain is exactly distributed account book system, the account Transaction Information in a period of time disclosed in one It is encrypted be packaged into a block, covers timestamp, the link of block sequence forms an account book one by one, and then forms a people Decentralization, the account book system safeguarded jointly of user in net, the account book system can solve the trust and safety problem of transaction.

Wherein, one by one block by miner by dig mine process obtain, and dig mine process nature be one find with The process of machine number, if the value after Hash operation, the cryptographic Hash than default difficulty value is small, then it is successful just to dig mine.With this Meanwhile there is also competitions between miner, effective Hash of current block is first calculated in who, who can first addition new block Into block chain, to enjoy whole incomes of this block.

However, there is some attackers using the calculation power advantage of oneself come " cheating " so that the digging mine disaster degree of oneself constantly drops It is low, it to ensure the advantage of most long-chain, and then is made a profit by exclusive mine of digging with realizing, serious loss is brought to other miners. Also, in the prior art also without it is a kind of can with automatic sensing it is this it is exclusive dig mine attack scheme.

Invention content

In view of the above problems, it is proposed that the present invention overcoming the above problem in order to provide one kind or solves at least partly State cognitive method, device and the computing device of the block chain attack of problem.

According to an aspect of the invention, there is provided a kind of cognitive method of block chain attack, including：

Read the data content of each block in block chain；

Security audit is carried out to the data content of each block according to one or more default audit strategies, obtain meeting to A kind of few auditing result of default audit strategy；

The auditing result is analyzed, the sensing results of attack are obtained.

According to another aspect of the present invention, a kind of sensing device of block chain attack is provided, including：

First read module is suitable for reading the data content of each block in block chain；

First Audit Module, suitable for pacifying to the data content of each block according to one or more default audit strategies Full audit, obtains the auditing result for meeting at least one default audit strategy；

First sensing module obtains the sensing results of attack suitable for analyzing the auditing result.

According to another aspect of the invention, a kind of computing device is provided, including：Processor, memory, communication interface and Communication bus, the processor, the memory and the communication interface complete mutual communication by the communication bus；

For the memory for storing an at least executable instruction, it is above-mentioned that the executable instruction makes the processor execute The corresponding operation of cognitive method of block chain attack.

In accordance with a further aspect of the present invention, provide a kind of computer storage media, be stored in the storage medium to A few executable instruction, the cognitive method that the executable instruction makes processor execute such as above-mentioned block chain attack are corresponding Operation.

Cognitive method, device and the computing device of block chain attack according to the present invention are read each in block chain The data content of block；Security audit is carried out to the data content of each block according to one or more default audit strategies, is obtained To the auditing result for meeting at least one default audit strategy；The auditing result is analyzed, the sense of attack is obtained Know result.Using scheme provided by the invention, the data content of each block can automatically be carried out by default audit strategy Security audit finds block chain attack according to auditing result in time, and then convenient for being taken for the block chain attack Counter-measure, to avoid the exclusive loss dug mine and cause other miners of attacker.

Above description is only the general introduction of technical solution of the present invention, in order to better understand the technical means of the present invention, And can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, below the special specific implementation mode for lifting the present invention.

Description of the drawings

By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit are common for this field Technical staff will become clear.Attached drawing only for the purpose of illustrating preferred embodiments, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings：

Fig. 1 a show the flow chart of the cognitive method of block chain attack according to an embodiment of the invention；

Fig. 1 b show the flow chart for the method that attack is perceived from algorithm types angle；

Fig. 1 c show the flow chart for the method that attack is perceived from timestamp angle；

Fig. 1 d show the flow chart for the method that attack is perceived from transaction stroke count angle；

Fig. 2 shows the in accordance with another embodiment of the present invention block chain attack cognitive method based on algorithm types Flow chart；

Fig. 3 is shown according to the block chain attack cognitive method based on timestamp of another of the invention embodiment Flow chart；

Fig. 4 shows the block chain attack cognitive method based on transaction stroke count according to further embodiment of the present invention Flow chart；

Fig. 5 shows the flow chart of the cognitive method of the block chain attack according to a still further embodiment of the present invention；

Fig. 6 shows the functional block diagram of the sensing device of the block chain attack of one embodiment of the invention；

Fig. 7 shows a kind of structural schematic diagram of computing device according to the ... of the embodiment of the present invention.

Specific implementation mode

The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure Completely it is communicated to those skilled in the art.

Fig. 1 a show the flow chart of the cognitive method of block chain attack according to an embodiment of the invention.Such as figure Shown in 1a, this approach includes the following steps：

Step S101：Read the data content of each block in block chain.

Wherein, block refers to the data storage cell being encrypted using rivest, shamir, adelman, and each block is by block Head and block body composition, what block head was used for recording the block illustrates information, specifically include version number, previous block cryptographic Hash, Merkel's root, timestamp, difficulty value and random number；And block body is used for recording Transaction Information.

Wherein, the data content of each block includes that can reflect relevant information, the correlation of Block Characteristic of digging mine process The content of the relevant information of the transaction of information, and/or block record, correspondingly, the data content is from arbitrarily including above-mentioned The position of the relevant information referred to, optionally, data content derive from block head and/or block body.

Specifically, by reading the data content of multiple continuous blocks in block chain, the above-mentioned correlation referred to can be obtained Information.For example, read access time stamp is distinguished from the block head of multiple continuous blocks, which, which can reflect, digs mine mistake Cheng Zhong, adjacent block go out block time interval.Then, in subsequent step, corresponding area is determined using these relevant informations The mode whether block is dug mine by malice is dug.It should be noted that mode of the present invention to the data content of each block of reading It is not especially limited, those skilled in the art can set according to physical condition, optionally, be read by block chain browser It takes.

Step S102：Security audit is carried out to the data content of each block according to one or more default audit strategies, Obtain the auditing result for meeting at least one default audit strategy.

Wherein, one or more default audit strategies are for determining whether the data content of each block is that malice digs mine The strategy of the corresponding data content of behavior, one or more default audit strategies can be set according to practice or empirical data It is fixed, alternatively, being set according to the feature of different form block chain.Still by it is above-mentioned go out block time interval for, corresponding different coin The block chain of kind form, block normally goes out block time interval difference, for example, the block chain of Verge (abbreviation XVG) coin form, It is 30 seconds normally to go out block time interval, the block chain of corresponding bit coin form, and it is 10 minutes normally to go out block time interval, therefore, It needs to preset audit strategy according to the block time interval setting that normally goes out of the corresponding block chain of different currency types.But the present invention is simultaneously It is not limited in a manner of the above-mentioned setting preset design strategy referred to, in the specific implementation, those skilled in the art can basis Actual demand is set.

Specifically, after the data content for reading each block, to the data content of each block according to corresponding Default audit strategy carries out security audit, and the data content for obtaining each block meets the audit of at least one default audit strategy As a result.For example, whether data content is timestamp, meet according to the timestamp of timestamp audit strategy audit adjacent block The abnormal feature dug mine behavior and correspond to out block time interval.

Step S103：Auditing result is analyzed, the sensing results of attack are obtained.

Under normal circumstances, if the data content of each block meets the auditing result of at least one default audit strategy, It can directly determine that there are attacks.But in other specific embodiments of the present invention, to keep sensing results more acurrate, into One step is come according to the quantity and/or the corresponding audit angle of at least one default audit strategy of at least one default audit strategy Determine whether there is attack.Optionally, if the quantity of at least one default audit strategy is more than default value, it is determined that deposit In attack；Alternatively, if at least one default audit strategy is particular audit strategy, it is determined that there are attacks, wherein Particular audit strategy can be set according to currency type.For example, the corresponding particular audit strategy of XVG coin is set as algorithm types Audit strategy can then be determined and be deposited then when at least one default audit strategy met includes algorithm types audit strategy In attack.

The cognitive method of block chain attack provided in this embodiment can be widely applied to automatic sensing block chain and attack It hits in the scene of event, to find block chain attack in time.And it is different by reading data content appropriate and setting Default audit strategy, then attack can be perceived from different angles, for ease of to perceiving attack from different angles The understanding of event chooses three kinds of more typical data contents to illustrate the implementation steps of the present embodiment separately below：

The first, algorithm types data.Fig. 1 b show the flow for the method that attack is perceived from algorithm types angle Figure.As shown in Figure 1 b, this method includes：

Step S101 in step S111, corresponding diagram 1a reads the algorithm types data of each block in block chain.Its In, algorithm types refer to dig mine algorithm (with hereinafter go out block algorithm) algorithm types, corresponding different currency type, the quantity of algorithm Exist with type different；And corresponding identical currency type, there is also differences for the algorithm that digging to different blocks uses.In this step In, by reading the algorithm types data of each block in block chain, can obtain multiple blocks for linking of sequence it is corresponding go out Block algorithm.

Step S102 in step S112, corresponding diagram 1a, judges whether the algorithm types data of each block meet algorithm Type audit strategy.Generally, for the block chain of the currency type form there are many algorithm types, sequence links under normal circumstances Block go out block algorithm should be it is alternate or more dispersed, be based on this, set algorithm type audit strategy, i.e.,： Setting identification malice digs the strategy of the feature of the corresponding algorithm types data of mine behavior.Then to the algorithm types number of each block According to auditing.

Step S103 in step S113, corresponding diagram 1a, if the algorithm types data fit algorithm types of each block are examined Stratagem is omited, then obtains the sensing results of attack, and then realize from algorithm types angle and perceive attack.

Second, time stamp data.Fig. 1 c show the flow chart for the method that attack is perceived from timestamp angle.Such as Shown in Fig. 1 c, this method includes：

Step S101 in step S121, corresponding diagram 1a reads the time stamp data of each block in block chain.Wherein, Timestamp records the time that each block generates, and be often born a new block, will be covered corresponding timestamp, and block Each block on chain is then chained up according to timestamps ordering.The timestamp of adjacent block can reflect the latter area Block goes out block time interval relative to previous block.

Step S102 in step S122, corresponding diagram 1a, judges whether the time stamp data of each block meets timestamp Audit strategy.In general, adjacent block actually goes out block time interval and resonable should find out in the zone of reasonableness of block time interval Fluctuation, and when the block time interval that actually goes out of the continuous block more than preset quantity exceeds the reasonable model that ideal goes out block time interval When enclosing, then it is considered as abnormal conditions, is based on this, setting time stabs audit strategy, i.e.,：When setting identification malice digging mine behavior is corresponding Between stamp data feature strategy.

Step S103 in step S123, corresponding diagram 1a, if the time stamp data of each block meets timestamp audit plan Slightly, then the sensing results of attack are obtained, and then realizes from timestamp angle and perceives attack.

The third, stroke count data of merchandising.Fig. 1 d show the flow for the method that attack is perceived from transaction stroke count angle Figure.As shown in Figure 1 d, this method includes：

Step S101 in step S131, corresponding diagram 1a reads the transaction stroke count data of each block in block chain.Its In, transaction stroke count refers to the number of transaction in the time for digging out each block, i.e.,：Sequence link next block timestamp with The number of transaction in time between the timestamp of a upper block, for the transaction stroke count of next block.

Step S102 in step S132, corresponding diagram 1a, judges whether the transaction stroke count data of each block meet transaction Stroke count audit strategy.The block dug by normally digging mine behavior, the first stroke transaction record are to the reward for digging the successful people of mine Transaction, in addition to this, there is also the transaction records generated in the more times for digging out the block under normal circumstances；And when more than one The transaction stroke count data of the continuous block of fixed number amount are extremely small or when even 1, then are considered as abnormal conditions, are based on this, if Surely transaction stroke count audit strategy, i.e.,：Setting malice digs the strategy of the feature of the corresponding transaction stroke count data of mine behavior.

Step S103 in step S133, corresponding diagram 1a, if the transaction stroke count data fit transaction stroke count of each block is examined Stratagem is omited, then obtains the sensing results of attack, and then is realized from transaction stroke count angle and perceived attack.

It, can be respectively from the class of algorithms by reading above-mentioned three kinds of data contents, and the corresponding default audit strategy of setting Type angle, timestamp angle and transaction stroke count angle perceive attack.However, it is desirable to described herein be, the present invention It is not limited thereto, in the specific implementation, other data contents can be read according to actual conditions, and setting others are in advance If audit strategy, to realize the effect for carrying out security audit to corresponding data content using the default audit strategy.In addition, not With malice dig mine mode and may lead to one or more different abnormal conditions, can be in order to comprehensively perceive attack A variety of in including but not limited to above-mentioned default audit strategy are combined, to carry out security audit.

According to the cognitive method of block chain attack provided in this embodiment, the data of each block in block chain are read Content；Security audit is carried out to the data content of each block according to one or more default audit strategies, obtains meeting at least A kind of auditing result of default audit strategy；The auditing result is analyzed, the sensing results of attack are obtained.It utilizes Scheme provided by the invention can carry out security audit, root automatically by default audit strategy to the data content of each block Find block chain attack in time according to auditing result, and then convenient for taking counter-measure for the block chain attack, with Avoid the exclusive loss dug mine and cause other miners of attacker.

Fig. 2 shows the in accordance with another embodiment of the present invention block chain attack cognitive method based on algorithm types Flow chart.The present embodiment is suitable for supporting a variety of currency types for digging mine algorithm.As shown in Fig. 2, this approach includes the following steps：

Step S201：The algorithm types for obtaining block chain describe data；Data life is described according to the algorithm types of block chain At algorithm types audit strategy.

Wherein, algorithm types describe many algorithms type of data record block chain support.By taking XVG as an example, XVG blocks The block algorithm that goes out include：Scrypt, X17, lyra2rev2, MYR groestl and blake2s, namely：Corresponding block chain The algorithm types of support have above 5 kinds.

Specifically, after many algorithms type for getting the support of block chain, the corresponding algorithm of mine behavior is dug according to normal The feature of type, and/or malice dig the feature generating algorithm type audit strategy of the corresponding algorithm types of mine behavior.In the present invention Some specific embodiments in, malice is dug the corresponding algorithm types of mine behavior and is characterized as：More than the continuous block of preset quantity The block algorithm that goes out be same algorithm types, correspondingly, algorithm types audit strategy is：If more than the continuum of preset quantity The block algorithm that goes out of block is same algorithm types, it is determined that there is malice and digs mine behavior.

And in other specific embodiments in the present invention, it is contemplated that dig the starting stage of mine in malice, may have just The block often dug is added to the situation in main chain, and therefore, the feature that malice digs the corresponding algorithm types of mine behavior may be： Continuous multiple blocks go out in block algorithm it is same go out block algorithm shared by ratio be more than pre-set ratio, correspondingly, algorithm types are examined Stratagem is slightly：If continuous multiple blocks go out in block algorithm it is same go out block algorithm shared by ratio be more than pre-set ratio, it is determined that Mine behavior is dug in the presence of malice, this algorithm types audit strategy can not can in time perceive to avoid the starting stage for digging mine in malice The case where to attack.Still by taking XVG as an example, if pre-set ratio is 90%, when correspondence goes out block algorithm in continuous 20 blocks When reaching 18 for the quantity of Scrypt, then it is assumed that there is malice and dig mine.But the present invention is not dug with the above-mentioned malice referred to The feature of the corresponding algorithm types of mine behavior is limited, and in the specific implementation, those skilled in the art can also refer to practical data Or the calculated results, and according to the feature generating algorithm type audit strategy of other algorithm types.

Step S202：Read the algorithm types data of each block in block chain.

During actually digging mine, either normally digs mine or malice digs mine, all need the algorithm supported by block chain A kind of algorithm in type is dug to a block, and therefore, each block dug out, all corresponding one goes out block algorithm.

Step S203：Judge whether the algorithm types data of each block meet algorithm types audit strategy.If so, holding Row step S204；If it is not, then this method terminates.

Specifically, corresponding algorithm types audit strategy is：If the block algorithm that goes out more than the continuous block of preset quantity is Same algorithm types, it is determined that there is malice and dig mine behavior, correspondingly, judging whether the algorithm types data of each block accord with Hop algorithm type audit strategy is：Judge that the algorithm types data in each block with the presence or absence of continuous n block are identical, Middle n is greater than or equal to preset value；If there are the algorithm types data of continuous n block are identical, judgement meets algorithm types Audit strategy thens follow the steps S204；If the algorithm types data there is no continuous n block are identical, judgement is not met Algorithm types audit strategy, then this method terminate.

Step S204：Obtain the sensing results of attack.

If it is determined that going out the algorithm types data fit algorithm types audit strategy of each block, then attack is perceived.

The above-mentioned steps S201 to step S204 of the present embodiment is by using algorithm types audit strategy to each block Algorithm types data audit, to perceive attack, at the same time, as an optional step of the present embodiment, examine Consider under normal digging mine mode, the frequency for lonely block occur is very low, usually general one day several lonely block, and is maliciously digging mine side Under formula, a large amount of mine ponds can not work normally, and start constantly to dig to lonely block, also, since bifurcated chain can not be the same as the longest of attacker Chain competes, and leading to block in bifurcated chain all becomes lonely block, it is seen then that malice is dug under mine mode, lonely number of blocks and appearance Frequency can all increase extremely, therefore, can carry out security audit by lonely block audit strategy, and perceive attack.Specifically, Read the data content that mine cell system provides；Safety is carried out according to lonely block audit strategy to the data content that mine cell system provides to examine Meter；If the data content that mine cell system provides meets lonely block audit strategy, the sensing results of attack are obtained.Wherein, mine pond Include the block message that goes out in preset time period in system, and the data content that mine cell system provides refers to the interior of the lonely block message of reflection Hold, for example, lonely number of blocks, the frequency etc. that lonely block occurs；Lonely block audit strategy can dig the corresponding lonely block message of mine according to normal It is set, alternatively, being set according to the corresponding practical data of malice digging mine or notional result, the present invention does not do this specifically He limits.Optionally, lonely block audit strategy is：If the frequency for occurring lonely block in preset period of time is more than m%, it is determined that exist Malice digs mine behavior.It is emphasized that the optional step can be held in step S201 to the arbitrary opportunity between step S204 Row, alternatively, being executed before step S201, alternatively, executing after step s 204, the present invention is not specifically limited this.

Step S205：Involved by analytical attack event one or more blocks record transaction data, obtain one or Multiple transaction addresses；It will be in the storage to preset address library of one or more transaction addresses.

Wherein, transaction data refers to the Transaction Details of each block, and which describe the side of producing of every transaction, receipt side, gold The information such as the digital signature of volume and the side of producing, and the first stroke transaction record is to the reward transaction for digging the successful people of mine, also referred to as To generate transaction.The block that mine is dug is dug for malice, the first stroke transaction record is then to the reward transaction of attacker, accordingly , receipt side is the gathering address of attacker.

Specifically, after perceiving attack, to avoid identical attacker again by the form of malice digging mine The reward of corresponding block is obtained, the transaction data of the one or more blocks record involved by attack is analyzed, Gathering address used when attacker makes a profit is obtained, i.e.,：One or more transaction addresses；Then, which is merchandised Address is stored as malice address into preset address library, to be monitored, to be inquired using the preset address library, and then is prevented More malice dig mine behavior or the generation of attack.

The present embodiment method can be realized in several ways, in some specific embodiments of the present invention, by block Chain browser realizes that the block chain browser can read algorithm types data, and judge whether algorithm types data accord with Hop algorithm type audit strategy, and then perceive attack；Alternatively, in other specific embodiments of the present invention, by inserting Part realizes that plug-in unit is communicated by being established between block chain browser, to read algorithm types data, then judged by plug-in unit Whether algorithm types data meet algorithm types audit strategy, and then perceive attack.

According to the block chain attack cognitive method provided in this embodiment based on algorithm types, the calculation of block chain is obtained Method type specification data；Data generating algorithm type audit strategy is described according to the algorithm types of block chain；It reads in block chain The algorithm types data of each block；Judge whether the algorithm types data of each block meet algorithm types audit strategy, if It is then to obtain the sensing results of attack；The transaction data of one or more blocks record involved by analytical attack event, Obtain one or more transaction addresses；It will be in the storage to preset address library of one or more transaction addresses.Utilize the present embodiment side Case can carry out security audit automatically from the angle of algorithm types, as the spy for finding the corresponding algorithm types of malice digging mine behavior When sign, then attack is perceived, and then convenient for taking counter-measure for the attack, mine is dug to avoid attacker is exclusive Cause the loss of other miners.

Fig. 3 is shown according to the block chain attack cognitive method based on timestamp of another of the invention embodiment Flow chart.As shown in figure 3, this approach includes the following steps：

Step S301：The block time interval that goes out for obtaining block chain describes data；It is retouched according to the block time interval that goes out of block chain State data generated time stamp audit strategy.

Wherein, for block chain network, by adjusting difficulty value the block time can be controlled out, and different currency type forms Block chain, the adjusting of difficulty algorithm used due to it is different, and going out block time interval accordingly, to describe data also different.For example, XVG The block chain of form, it is corresponding go out block time interval be 30 seconds.Its adjusting of difficulty algorithm is：Forward trace takes identical algorithms 12 The difficulty average value of block calculates, if actually going out block time interval is less than the one third that ideal goes out block time interval, adjusts Whole difficulty is three times of mean value；If actually going out block time interval is more than three times that ideal goes out block time interval, adjustment difficulty is The one third of mean value can actually go out block time interval by comparison in this way and ideal goes out block time interval into Mobile state difficulty Adjustment.For another example, the block chain of bit coin form, it is corresponding go out block time interval then be 10 minutes.

During malice digs mine, attacker is stabbed by modification time, and the block that other miners dig is allowed to pass through not Timestamp scope verifies, and becomes lonely block.This, which has resulted in only attacker, can dig on main chain to block, and other normal miners It cannot then be dug on the main chain that attacker controls and arrive block.Specifically, the form of attacker's modification time stamp has following three kinds：First Kind makes the block time interval that goes out of continuous multiple blocks be much larger than normally in the starting stage for maliciously digging mine by modification time stamp Go out block time interval (go out block time interval and describe data).Under this mode, block chain network can pass through adjusting of difficulty algorithm Reduce difficulty so that dig mine disaster degree and substantially reduce.Simultaneously because attacker has modified timestamp so that the block that normal time stabs out Timestamp scope verification is cannot be satisfied, to be added on the main chain that attacker digs.Second, when by alternately changing Between stab, control difficulty decline speed.By the starting stage, attacker can monopolize substantially digs mine, and difficulty also has declined Very much, hereafter attacker has not needed the digging mine that prodigious calculation power can be interference-free.In this stage, in order to make difficulty It is unlikely to decline too fast, is found so as to cause other miners and other problems occur, attacker replaces modification time stamp, and then makes It digs mine disaster degree and is in fluctuation status.The third makes several continuous blocks every certain amount of block by modification time stamp Go out block time interval much smaller than normally go out block time interval (go out block time interval and describe data).This mode greatly promotes Go out the speed of block, it equally can also the speed that declines of control difficulty.

Specifically, when going out the feature of block time interval according to caused by the mode of above-mentioned three kinds of modification times stamp, and going out block Between interval description data (normally going out block time interval) generated time stamp audit strategy.Optionally, timestamp audit strategy is： If the interval of timestamps of continuous m block is less than or equal to first time interval threshold value；And/or continuous n block when Between stamp interval be greater than or equal to the second time interval threshold value, it is determined that exist malice dig mine behavior.Need it is described herein be, on The form for stating modification time stamp is exemplary only, and the present invention is not limited thereto, can also basis during actual implementation The feature for going out block time interval caused by the mode of other modification times stamp, to generate timestamp audit strategy.

Step S302：Read the time stamp data of each block in block chain.

Step S303：Judge whether the time stamp data of each block meets timestamp audit strategy.If so, executing step Rapid S304；If it is not, then this method terminates.

Specifically, judge that the interval of timestamps in each block with the presence or absence of continuous m block is less than or equal to first Time interval threshold value, and if it exists, then think to there is a situation where continuous m block go out block time interval extremely changed it is small, in turn Judgement meets timestamp audit strategy.Alternatively, judging that the interval of timestamps in each block with the presence or absence of continuous n block is big In or equal to the second time interval threshold value, and if it exists, then think that the block time interval that goes out there are continuous n block is changed greatly by extreme The case where, and then judge to meet timestamp audit strategy.Wherein, m is greater than or equal to the first preset value, and n is greater than or equal to second Preset value；First time interval threshold value and the second time interval threshold value foundation go out block time interval and set.

For example, the block time interval that goes out of XVG is 30 seconds, if first time interval threshold value is 1 second, the first preset value is 3, then when being less than or equal to 1 second there are the interval of timestamps of continuous 3 and the above block, then judgement meets timestamp audit plan Slightly.Alternatively, if the second time interval threshold value is 5 minutes, the second preset value is 9, then when there are continuous 9 and the above block Between stamp interval be greater than or equal to 5 minutes when, then judgement meet timestamp audit strategy.

Step S304：Obtain the sensing results of attack.

If it is determined that the time stamp data for going out each block meets timestamp audit strategy, then attack is perceived.

Embodiment corresponding with Fig. 2 is identical, as an optional step of the present embodiment, can further can be examined by lonely block Stratagem slightly carries out security audit and perceives attack, specifically：Read the data content that mine cell system provides；According to lonely block Audit strategy carries out security audit to the data content that mine cell system provides；If the data content that mine cell system provides meets lonely block Audit strategy obtains the sensing results of attack.The related content that can be found in the corresponding embodiments of Fig. 2 is specifically described, This is repeated no more.

Step S305：Involved by analytical attack event one or more blocks record transaction data, obtain one or Multiple transaction addresses；It will be in the storage to preset address library of one or more transaction addresses.

For details, reference can be made to the descriptions of step S205, and details are not described herein.

Embodiment corresponding with Fig. 2 is identical, and the present embodiment method can also be realized by block chain browser or plug-in unit.

According to the block chain attack cognitive method provided in this embodiment based on timestamp, obtain block chain goes out block Time interval describes data；Data generated time stamp audit strategy is described according to the block time interval that goes out of block chain；Read block The time stamp data of each block in chain；Judge whether the time stamp data of each block meets timestamp audit strategy, if so, Obtain the sensing results of attack；The transaction data of one or more blocks record involved by analytical attack event, obtains One or more transaction addresses；It will be in the storage to preset address library of one or more transaction addresses.It, can using this embodiment scheme To carry out security audit automatically from the angle of timestamp, when find malice dig mine behavior it is corresponding go out block time interval feature When, then attack is perceived, and then convenient for taking counter-measure for the attack, is made to avoid the exclusive mine of digging of attacker At the loss of other miners.

Fig. 4 shows the block chain attack cognitive method based on transaction stroke count according to further embodiment of the present invention Flow chart.As shown in figure 4, this approach includes the following steps：

Step S401：Read the transaction stroke count data of each block in block chain.

Can be recorded in each block block go out block timestamp and this block go out between block timestamp when Interior Transaction Information, including the transaction stroke count data recorded in transaction counter.

Step S402：Judge whether the transaction stroke count data of each block meet transaction stroke count audit strategy.If so, holding Row step S403；If it is not, this method terminates.

In general, the block dug out by normally digging mine mode, is not in the transaction stroke count data of continuous multiple blocks It is very small or the case where even 1；And the block that digs out of mine mode is dug by malice, due to modification time stamp or some Other abnormal causes, can lead in continuous multiple blocks that there is only extremely a small amount of transaction, or even there was only one generate should The generation of the case where transaction of block.

Specifically, judge that the transaction stroke count in each block with the presence or absence of continuous n block is less than or equal to transaction pen Number threshold value, and if it exists, be then considered that malice digs stroke count data exception of merchandising caused by mine, and then judge to meet transaction stroke count audit Strategy；Wherein, n is greater than or equal to preset value.

Step S403：Obtain the sensing results of attack.

If it is determined that going out the transaction stroke count data fit transaction stroke count audit strategy of each block, then attack is perceived.

Step S404：Involved by analytical attack event one or more blocks record transaction data, obtain one or Multiple transaction addresses；It will be in the storage to preset address library of one or more transaction addresses.

According to the block chain attack cognitive method provided in this embodiment based on transaction stroke count, read each in block chain The transaction stroke count data of a block；Judge whether the transaction stroke count data of each block meet transaction stroke count audit strategy, if so, Obtain the sensing results of attack；The transaction data of one or more blocks record involved by analytical attack event, obtains One or more transaction addresses；It will be in the storage to preset address library of one or more transaction addresses.It, can using this embodiment scheme To carry out security audit automatically from the angle of transaction stroke count, when finding transaction stroke count data exception, then attack is perceived, And then convenient for taking counter-measure for the attack, to avoid the exclusive loss dug mine and cause other miners of attacker.

Fig. 5 shows the flow chart of the cognitive method of the block chain attack according to a still further embodiment of the present invention.This Embodiment is suitable for the case where carrying out security audit to data content using a variety of default audit strategies.As shown in figure 5, this method Include the following steps：

Step S501：The feature description data for obtaining block chain generate a variety of pre- according to the feature description data of block chain If audit strategy.

Wherein, the feature description data of block chain are the normal data for the feature that can arbitrarily characterize block chain, the standard Data correspond to the normal parameter for digging the block that mine behavior is dug out.Optionally, in some specific embodiments of the present invention, block The feature description data of chain include：Go out block time interval and/or algorithm types.But the present invention is not limited thereto, this field Technical staff should be understood that every difference malice that can be used in digs mine behavior and the normal number for digging the block that mine behavior is dug out According to can be chosen to be the feature description data of block chain.

Specifically, the block chain of corresponding different currency type forms generates different pre- according to the feature description data of block chain If audit strategy, and then the situation for avoiding attack perception inaccurate occurs.For example, the block chain of bit coin form It digs mine algorithm and there was only one kind, correspondingly, the block algorithm that goes out of all blocks in block chain is a kind of algorithm, such case Under, use " if continuous multiple blocks go out in block algorithm it is same go out block algorithm shared by ratio be more than pre-set ratio, it is determined that deposit In malice dig mine behavior " algorithm audit strategy carry out security audit, then can when there is no attack mistake Perceive attack.Therefore, the block chain of bit coin is unsuitable for carrying out security audit using algorithm types audit strategy.

Step S502：Read the data content of each block in block chain.

Read the data content of each block in block chain, wherein the data content includes the correlation that mine process is dug in reflection Information, for example, algorithm types data；The relevant information of Block Characteristic, for example, time stamp data；And/or the transaction of block record Relevant information, for example, transaction stroke count data.But the present invention is not limited with above-mentioned example, those skilled in the art should Understand, can arbitrarily reflect that the data content of the above-mentioned relevant information referred to can be as in real data of the invention Hold.

Step S503：Security audit is carried out to the data content of each block according to a variety of default audit strategies, is accorded with Close the auditing result of at least one default audit strategy.

Specifically, it audits to corresponding data content according to a variety of default audit strategies, wherein can use simultaneously more The default audit strategy of kind distinguishes the corresponding data content of parallel audit, alternatively, can also be according to preset sequence, every time with one The corresponding data content of the default audit strategy audit of kind.Optionally, while with timestamp audit strategy, algorithm types audit strategy And transaction stroke count audit strategy is audited time stamp data, algorithm types data and transaction stroke count data respectively, and then can be with It is quickly obtained auditing result.

After carrying out security audit, auditing result is obtained, specifically, meets the audit knot of at least one default audit strategy Fruit has following three kinds：There is a kind of data content to meet default audit strategy accordingly；Alternatively, meeting accordingly there are many data content Default audit strategy；Alternatively, all data contents meet default audit strategy accordingly.

Step S504：Auditing result is analyzed, the sensing results of attack are obtained.

In the specific implementation, different analysis rules can be set according to actual demand, then according to the analysis rule, Obtain sensing results.Wherein, analysis rule can be examined from the quantity of at least one default audit strategy, or at least one preset The two the aspect settings of the audit angle of stratagem slightly.Specifically, it sets in quantity, analysis rule includes but not limited to next Kind is a variety of：If there is a kind of data content to meet a kind of corresponding default audit strategy, it is determined that there are attacks；Alternatively, If there are many data contents to correspond with corresponding a variety of default audit strategies, it is determined that there are attacks；If alternatively, all Data content respectively meet corresponding all default audit strategies, it is determined that there are attacks.It is set from audit angle It is fixed, if at least one default audit strategy is particular audit strategy, it is determined that there are attacks, wherein particular audit strategy It can be set according to currency type.

The above-mentioned steps S501 to step S504 of the present embodiment be by the data content to each block in block chain into Row audit, to perceive attack, at the same time, an optional step as the present embodiment, it is contemplated that normal to dig mine mode Under, the frequency for lonely block occur is very low, usually general one day several lonely block, and in the case where malice digs mine mode, a large amount of mine ponds without Method works normally, and starts constantly to dig to lonely block, also, since bifurcated chain can not be competed with the most long-chain of attacker, causes point Block in fork chain all becomes lonely block, it is seen then that malice is dug under mine mode, and the frequency of lonely number of blocks and appearance can all increase extremely Greatly, therefore, security audit can be carried out by lonely block audit strategy, and perceives attack.Specifically, mine cell system is read to carry The data content of confession；Security audit is carried out to the data content that mine cell system provides according to lonely block audit strategy；If mine cell system The data content of offer meets lonely block audit strategy, obtains the sensing results of attack.Wherein, include pre- in mine cell system If going out block message in the period, and the data content that mine cell system provides refers to the content of the lonely block message of reflection, for example, lonely block number Amount, the frequency etc. that lonely block occurs；Lonely block audit strategy can be set according to the normal corresponding lonely block message of mine that digs, alternatively, The corresponding practical data of mine is dug according to malice or notional result is set, and the present invention does not do this specifically his restriction.Optionally, Lonely block audit strategy is：If the frequency for occurring lonely block in preset period of time is more than m%, it is determined that there is malice and dig mine behavior. It is emphasized that the optional step can be executed in step S501 to the arbitrary opportunity between step S504, alternatively, in step It is executed before S501, alternatively, being executed after step S504, the present invention is not specifically limited this.

Step S505：Involved by analytical attack event one or more blocks record transaction data, obtain one or Multiple transaction addresses；It will be in the storage to preset address library of one or more transaction addresses.

The present embodiment method can be realized in several ways, in some specific embodiments of the present invention, this implementation Example method is realized that the block chain browser can read data content, and judge that data content is by block chain browser It is no to meet default audit strategy, and then perceive attack；Alternatively, in other specific embodiments of the present invention, this reality A method is applied by plug-in unit to realize, plug-in unit is communicated by being established between block chain browser, to read data content, then by Plug-in unit judges whether data content meets default audit strategy, and then perceives attack.

According to the cognitive method of block chain attack provided in this embodiment, the feature description data of block chain are obtained, A variety of default audit strategies are generated according to the feature description data of block chain；Read the block head number of each block in block chain According to；Security audit is carried out to the data content of each block according to a variety of default audit strategies, obtains meeting at least one default The auditing result of audit strategy；Auditing result is analyzed, the sensing results of attack are obtained；Involved by analytical attack event And one or more blocks record transaction data, obtain one or more transaction addresses；By one or more transaction addresses It stores in preset address library.It, can be by using multiple default audit strategies to corresponding data using this embodiment scheme Content carries out security audit, achievees the effect that carry out security audit from multiple angles；When in the data for meeting default audit strategy When appearance meets analysis rule, then attack is perceived, increases the flexibility of perception attack；Meanwhile perceiving attack Event can take counter-measure in order to be directed to the attack, to avoid the exclusive damage dug mine and cause other miners of attacker It loses.

Fig. 6 shows the functional block diagram of the sensing device of the block chain attack of one embodiment of the invention.Such as Fig. 6 institutes Show, which includes：First read module 601, the first Audit Module 602, the first sensing module 603, acquisition module 604, life At module 605, analysis module 606, memory module 607, the second read module 608, the perception of the second Audit Module 609 and second Module 610.

First read module 601 is suitable for reading the data content of each block in block chain；

First Audit Module 602, be suitable for according to one or more default audit strategies to the data content of each block into Row security audit obtains the auditing result for meeting at least one default audit strategy；

First sensing module 603 obtains the sensing results of attack suitable for analyzing the auditing result.

Wherein, the data content includes the one or more of following data：Time stamp data, algorithm types data and Transaction stroke count data.

Wherein, one or more default audit strategies include：Timestamp audit strategy, algorithm types audit strategy And/or transaction stroke count audit strategy.

Acquisition module 604 is suitable for obtaining the feature description data of block chain；

Generation module 605 is suitable for being generated according to the feature description data of the block chain described one or more default careful Stratagem is omited.

Wherein, the feature description data of the block chain include：Go out block time interval and/or algorithm types.

Analysis module 606 is suitable for analyzing the transaction data of one or more blocks record involved by the attack, Obtain one or more transaction addresses；

Memory module 607, being suitable for will be in the storage to preset address library of one or more of transaction addresses.

Second read module 608 is suitable for reading the data content that mine cell system provides；

Second Audit Module 609 is suitable for carrying out safety to the data content that mine cell system provides according to lonely block audit strategy Audit；

Second sensing module 610 obtains if meeting lonely block audit strategy suitable for the data content that the mine cell system provides The sensing results of attack.

Wherein, described device is realized by block chain browser；Alternatively, described device is realized by plug-in unit.

It can refer to the description of corresponding steps in embodiment of the method about the concrete structure and operation principle of above-mentioned modules, Details are not described herein again.

The embodiment of the present application provides a kind of nonvolatile computer storage media, and the computer storage media is stored with An at least executable instruction, the computer executable instructions can perform the block chain attack in above-mentioned any means embodiment Cognitive method.

Fig. 7 shows a kind of structural schematic diagram of computing device according to the ... of the embodiment of the present invention, the specific embodiment of the invention The specific implementation of computing device is not limited.

As shown in fig. 7, the computing device may include：Processor (processor) 702, communication interface (Communications Interface) 704, memory (memory) 706 and communication bus 708.

Wherein：

Processor 702, communication interface 704 and memory 706 complete mutual communication by communication bus 708.

Communication interface 704, for being communicated with the network element of miscellaneous equipment such as client or other servers etc..

Processor 702, for executing program 710, the cognitive method that can specifically execute above-mentioned block chain attack is real Apply the correlation step in example.

Specifically, program 710 may include program code, which includes computer-managed instruction.

Processor 702 may be central processor CPU or specific integrated circuit ASIC (Application Specific Integrated Circuit), or be arranged to implement the integrated electricity of one or more of the embodiment of the present invention Road.The one or more processors that computing device includes can be same type of processor, such as one or more CPU；Also may be used To be different types of processor, such as one or more CPU and one or more ASIC.

Memory 706, for storing program 710.Memory 706 may include high-speed RAM memory, it is also possible to further include Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.

Program 710 specifically can be used for so that processor 702 executes following operation：

Read the data content of each block in block chain；

The auditing result is analyzed, the sensing results of attack are obtained.

In a kind of optional mode, wherein the data content includes the one or more of following data：Timestamp number According to, algorithm types data and transaction stroke count data.

In a kind of optional mode：One or more default audit strategies include：Timestamp audit strategy, algorithm Type audit strategy and/or transaction stroke count audit strategy.

In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour Make：The feature description data for obtaining block chain generate described one or more pre- according to the feature description data of the block chain If audit strategy.

In a kind of optional mode：The feature description data of the block chain include：Go out block time interval and/or algorithm Type.

In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour Make：

The transaction data for analyzing one or more blocks record involved by the attack, obtains one or more friendships Easy address；

It will be in the storage to preset address library of one or more of transaction addresses.

Read the data content that mine cell system provides；

Security audit is carried out to the data content that mine cell system provides according to lonely block audit strategy；

If the data content that the mine cell system provides meets lonely block audit strategy, the sensing results of attack are obtained.

In a kind of optional mode：The method is realized by block chain browser.

In a kind of optional mode：The method is realized by plug-in unit.

Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together with teaching based on this.As described above, it constructs required by this kind of system Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that can utilize various Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair Bright preferred forms.

In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention Example can be put into practice without these specific details.In some instances, well known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this description.

Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of each inventive aspect, Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention：It is i.e. required to protect Shield the present invention claims the more features of feature than being expressly recited in each claim.More precisely, as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following specific implementation mode are expressly incorporated in the specific implementation mode, wherein each claim itself All as a separate embodiment of the present invention.

Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment Change and they are arranged in the one or more equipment different from the embodiment.It can be the module or list in embodiment Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it may be used any Combination is disclosed to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so to appoint Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power Profit requires, abstract and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation It replaces.

In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included certain features rather than other feature, but the combination of the feature of different embodiments means in of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed One of meaning mode can use in any combination.

The all parts embodiment of the present invention can be with hardware realization, or to run on one or more processors Software module realize, or realized with combination thereof.It will be understood by those of skill in the art that can use in practice Microprocessor or digital signal processor (DSP) realize the perception dress of block chain attack according to the ... of the embodiment of the present invention The some or all functions of some or all components in setting.The present invention is also implemented as described here for executing Method some or all equipment or program of device (for example, computer program and computer program product).This The program of the realization present invention of sample can may be stored on the computer-readable medium, or can be with one or more signal Form.Such signal can be downloaded from internet website and be obtained, and either be provided on carrier signal or with any other Form provides.

It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference mark between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real It is existing.In the unit claims listing several devices, several in these devices can be by the same hardware branch To embody.The use of word first, second, and third does not indicate that any sequence.These words can be explained and be run after fame Claim.

The invention discloses：A1. a kind of cognitive method of block chain attack, including：

Read the data content of each block in block chain；

The auditing result is analyzed, the sensing results of attack are obtained.

A2. the method according to A1, wherein the data content includes the one or more of following data：Timestamp Data, algorithm types data and transaction stroke count data.

A3. the method according to A2, wherein one or more default audit strategies include：Timestamp audit plan Slightly, algorithm types audit strategy and/or transaction stroke count audit strategy.

A4. the method according to any one of A1-A3, wherein the method further includes：The feature for obtaining block chain is retouched Data are stated, one or more default audit strategies are generated according to the feature description data of the block chain.

A5. the method according to A4, wherein the feature description data of the block chain include：Go out block time interval and/ Or algorithm types.

A6. the method according to any one of A1-A5, wherein it is described obtain the sensing results of attack after, The method further includes：

A7. the method according to any one of A1-A5, wherein the method further includes：

Read the data content that mine cell system provides；

A8. the method according to any one of A1-A6, wherein the method is realized by block chain browser.

A9. the method according to any one of A1-A6, wherein the method is realized by plug-in unit.

The invention also discloses：B10. a kind of sensing device of block chain attack, including：

B11. the device according to B10, wherein the data content includes the one or more of following data：Time Stab data, algorithm types data and transaction stroke count data.

B12. the device according to B11, wherein one or more default audit strategies include：Timestamp is audited Strategy, algorithm types audit strategy and/or transaction stroke count audit strategy.

B13. the device according to any one of B10-B12, wherein described device further includes：

Acquisition module is suitable for obtaining the feature description data of block chain；

Generation module is suitable for generating one or more default audit plans according to the feature description data of the block chain Slightly.

B14. the device according to B13, wherein the feature description data of the block chain include：Go out block time interval And/or algorithm types.

B15. the device according to any one of B10-B14, wherein described device further includes：

Analysis module is suitable for analyzing the transaction data of one or more blocks record involved by the attack, obtains To one or more transaction addresses；

Memory module, being suitable for will be in the storage to preset address library of one or more of transaction addresses.

B16. the device according to any one of B10-B14, wherein described device further includes：

Second read module is suitable for reading the data content that mine cell system provides；

Second Audit Module is suitable for carrying out safety to the data content that mine cell system provides according to lonely block audit strategy examining Meter；

Second sensing module is attacked if meeting lonely block audit strategy suitable for the data content that the mine cell system provides Hit the sensing results of event.

B17. the device according to any one of B10-B15, wherein described device is realized by block chain browser.

B18. the device according to any one of B10-B15, wherein described device is realized by plug-in unit.

The invention also discloses：C19. a kind of computing device, including：Processor, memory, communication interface and communication are total Line, the processor, the memory and the communication interface complete mutual communication by the communication bus；

The memory makes the processor execute such as storing an at least executable instruction, the executable instruction The corresponding operation of cognitive method of block chain attack described in any one of A1-A9.

The invention also discloses：D20. a kind of computer storage media, being stored at least one in the storage medium can hold Row instruction, the executable instruction make the perception side of block chain attack of the processor execution as described in any one of A1-A9 The corresponding operation of method.

Claims

1. a kind of cognitive method of block chain attack, including：

Read the data content of each block in block chain；

Security audit is carried out to the data content of each block according to one or more default audit strategies, obtains meeting at least one The auditing result of the default audit strategy of kind；

The auditing result is analyzed, the sensing results of attack are obtained.

2. according to the method described in claim 1, wherein, the data content includes the one or more of following data：Time Stab data, algorithm types data and transaction stroke count data.

3. according to the method described in claim 2, wherein, one or more default audit strategies include：Timestamp is audited Strategy, algorithm types audit strategy and/or transaction stroke count audit strategy.

4. method according to any one of claim 1-3, wherein the method further includes：Obtain the feature of block chain Data are described, one or more default audit strategies are generated according to the feature description data of the block chain.

5. according to the method described in claim 4, wherein, the feature description data of the block chain include：Go out block time interval And/or algorithm types.

6. method according to any one of claims 1-5, wherein the sensing results for obtaining attack it Afterwards, the method further includes：

The transaction data for analyzing one or more blocks record involved by the attack obtains one or more transaction ground Location；

7. method according to any one of claims 1-5, wherein the method further includes：

Read the data content that mine cell system provides；

8. a kind of sensing device of block chain attack, including：

First Audit Module is suitable for carrying out safety to the data content of each block according to one or more default audit strategies examining Meter, obtains the auditing result for meeting at least one default audit strategy；

9. a kind of computing device, including：Processor, memory, communication interface and communication bus, the processor, the storage Device and the communication interface complete mutual communication by the communication bus；

The memory makes the processor execute as right is wanted for storing an at least executable instruction, the executable instruction Ask the corresponding operation of cognitive method of the block chain attack described in any one of 1-7.

10. a kind of computer storage media, an at least executable instruction, the executable instruction are stored in the storage medium Make the corresponding operation of cognitive method of block chain attack of the processor execution as described in any one of claim 1-7.