CN108566398A - Block chain attack cognitive method based on timestamp and device - Google Patents
Block chain attack cognitive method based on timestamp and device Download PDFInfo
- Publication number
- CN108566398A CN108566398A CN201810367367.5A CN201810367367A CN108566398A CN 108566398 A CN108566398 A CN 108566398A CN 201810367367 A CN201810367367 A CN 201810367367A CN 108566398 A CN108566398 A CN 108566398A
- Authority
- CN
- China
- Prior art keywords
- block
- attack
- timestamp
- data
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/121—Timestamp
Abstract
The invention discloses a kind of block chain attack cognitive method and device based on timestamp, including:Read the time stamp data of each block in block chain;Judge whether the time stamp data of each block meets timestamp audit strategy;If meeting, the sensing results of attack are obtained.Utilize the present invention program, it is audited by timestamp audit strategy the time stamp data of each block, and then it realizes automatic from timestamp angle and timely perceives attack, counter-measure is taken convenient for being directed to the block chain attack, to avoid the exclusive loss dug mine and cause other miners of attacker.
Description
Technical field
The present invention relates to block chain technical fields, and in particular to a kind of block chain attack perception side based on timestamp
Method and device.
Background technology
For popular, block chain is exactly distributed account book system, the account Transaction Information in a period of time disclosed in one
It is encrypted be packaged into a block, covers timestamp, the link of block sequence forms an account book one by one, and then forms a people
Decentralization, the account book system safeguarded jointly of user in net, the account book system can solve the trust and safety problem of transaction.
Wherein, one by one block by miner by dig mine process obtain, and dig mine process nature be one find with
The process of machine number, if the value after Hash operation, the cryptographic Hash than default difficulty value is small, then it is successful just to dig mine.With this
Meanwhile there is also competitions between miner, effective Hash of current block is first calculated in who, who can first addition new block
Into block chain, to enjoy whole incomes of this block.
However, there is some attackers using the calculation power advantage of oneself come " cheating " so that the digging mine disaster degree of oneself constantly drops
It is low, it to ensure the advantage of most long-chain, and then is made a profit by exclusive mine of digging with realizing, serious loss is brought to other miners.
Also, in the prior art also without it is a kind of can with automatic sensing it is this it is exclusive dig mine attack scheme.
Invention content
In view of the above problems, it is proposed that the present invention overcoming the above problem in order to provide one kind or solves at least partly
State the block chain attack cognitive method and device based on timestamp of problem.
According to an aspect of the invention, there is provided a kind of block chain attack cognitive method based on timestamp, packet
It includes:
Read the time stamp data of each block in block chain;
Judge whether the time stamp data of each block meets timestamp audit strategy;
If meeting, the sensing results of attack are obtained.
According to another aspect of the present invention, a kind of block chain attack sensing device based on timestamp is provided, is wrapped
It includes:
First read module is suitable for reading the time stamp data of each block in block chain;
First Audit Module, suitable for judging whether the time stamp data of each block meets timestamp audit strategy;
First sensing module, suitable for if it is determined that go out to meet timestamp audit strategy, then obtaining the sensing results of attack.
According to another aspect of the invention, a kind of computing device is provided, including:Processor, memory, communication interface and
Communication bus, the processor, the memory and the communication interface complete mutual communication by the communication bus;
For the memory for storing an at least executable instruction, it is above-mentioned that the executable instruction makes the processor execute
The corresponding operation of block chain attack cognitive method based on timestamp.
In accordance with a further aspect of the present invention, provide a kind of computer storage media, be stored in the storage medium to
A few executable instruction, the executable instruction make processor execute the block chain attack perception based on timestamp as above-mentioned
The corresponding operation of method.
Block chain attack cognitive method and device according to the present invention based on timestamp are read each in block chain
The time stamp data of block;Judge whether the time stamp data of each block meets timestamp audit strategy;If meeting,
Obtain the sensing results of attack.Utilize the present invention program, the timestamp for each block of auditing by timestamp audit strategy
Data, and then realize automatic from timestamp angle and timely perceive attack, convenient for being directed to the block chain attack
Counter-measure is taken, to avoid the exclusive loss dug mine and cause other miners of attacker.
Above description is only the general introduction of technical solution of the present invention, in order to better understand the technical means of the present invention,
And can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, below the special specific implementation mode for lifting the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit are common for this field
Technical staff will become clear.Attached drawing only for the purpose of illustrating preferred embodiments, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 a show the flow chart of the cognitive method of block chain attack according to an embodiment of the invention;
Fig. 1 b show the flow chart for the method that attack is perceived from algorithm types angle;
Fig. 1 c show the flow chart for the method that attack is perceived from timestamp angle;
Fig. 1 d show the flow chart for the method that attack is perceived from transaction stroke count angle;
Fig. 2 shows the in accordance with another embodiment of the present invention block chain attack cognitive method based on algorithm types
Flow chart;
Fig. 3 is shown according to the block chain attack cognitive method based on timestamp of another of the invention embodiment
Flow chart;
Fig. 4 shows the block chain attack cognitive method based on transaction stroke count according to further embodiment of the present invention
Flow chart;
Fig. 5 shows the flow chart of the cognitive method of the block chain attack according to a still further embodiment of the present invention;
Fig. 6 shows the functional block of the block chain attack sensing device based on timestamp of one embodiment of the invention
Figure;
Fig. 7 shows a kind of structural schematic diagram of computing device according to the ... of the embodiment of the present invention.
Specific implementation mode
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
Fig. 1 a show the flow chart of the cognitive method of block chain attack according to an embodiment of the invention.Such as figure
Shown in 1a, this approach includes the following steps:
Step S101:Read the data content of each block in block chain.
Wherein, block refers to the data storage cell being encrypted using rivest, shamir, adelman, and each block is by block
Head and block body composition, what block head was used for recording the block illustrates information, specifically include version number, previous block cryptographic Hash,
Merkel's root, timestamp, difficulty value and random number;And block body is used for recording Transaction Information.
Wherein, the data content of each block includes that can reflect relevant information, the correlation of Block Characteristic of digging mine process
The content of the relevant information of the transaction of information, and/or block record, correspondingly, the data content is from arbitrarily including above-mentioned
The position of the relevant information referred to, optionally, data content derive from block head and/or block body.
Specifically, by reading the data content of multiple continuous blocks in block chain, the above-mentioned correlation referred to can be obtained
Information.For example, read access time stamp is distinguished from the block head of multiple continuous blocks, which, which can reflect, digs mine mistake
Cheng Zhong, adjacent block go out block time interval.Then, in subsequent step, corresponding area is determined using these relevant informations
The mode whether block is dug mine by malice is dug.It should be noted that mode of the present invention to the data content of each block of reading
It is not especially limited, those skilled in the art can set according to physical condition, optionally, be read by block chain browser
It takes.
Step S102:Security audit is carried out to the data content of each block according to one or more default audit strategies,
Obtain the auditing result for meeting at least one default audit strategy.
Wherein, one or more default audit strategies are for determining whether the data content of each block is that malice digs mine
The strategy of the corresponding data content of behavior, one or more default audit strategies can be set according to practice or empirical data
It is fixed, alternatively, being set according to the feature of different form block chain.Still by it is above-mentioned go out block time interval for, corresponding different coin
The block chain of kind form, block normally goes out block time interval difference, for example, the block chain of Verge (abbreviation XVG) coin form,
It is 30 seconds normally to go out block time interval, the block chain of corresponding bit coin form, and it is 10 minutes normally to go out block time interval, therefore,
It needs to preset audit strategy according to the block time interval setting that normally goes out of the corresponding block chain of different currency types.But the present invention is simultaneously
It is not limited in a manner of the above-mentioned setting preset design strategy referred to, in the specific implementation, those skilled in the art can basis
Actual demand is set.
Specifically, after the data content for reading each block, to the data content of each block according to corresponding
Default audit strategy carries out security audit, and the data content for obtaining each block meets the audit of at least one default audit strategy
As a result.For example, whether data content is timestamp, meet according to the timestamp of timestamp audit strategy audit adjacent block
The abnormal feature dug mine behavior and correspond to out block time interval.
Step S103:Auditing result is analyzed, the sensing results of attack are obtained.
Under normal circumstances, if the data content of each block meets the auditing result of at least one default audit strategy,
It can directly determine that there are attacks.But in other specific embodiments of the present invention, to keep sensing results more acurrate, into
One step is come according to the quantity and/or the corresponding audit angle of at least one default audit strategy of at least one default audit strategy
Determine whether there is attack.Optionally, if the quantity of at least one default audit strategy is more than default value, it is determined that deposit
In attack;Alternatively, if at least one default audit strategy is particular audit strategy, it is determined that there are attacks, wherein
Particular audit strategy can be set according to currency type.For example, the corresponding particular audit strategy of XVG coin is set as algorithm types
Audit strategy can then be determined and be deposited then when at least one default audit strategy met includes algorithm types audit strategy
In attack.
The cognitive method of block chain attack provided in this embodiment can be widely applied to automatic sensing block chain and attack
It hits in the scene of event, to find block chain attack in time.And it is different by reading data content appropriate and setting
Default audit strategy, then attack can be perceived from different angles, for ease of to perceiving attack from different angles
The understanding of event chooses three kinds of more typical data contents to illustrate the implementation steps of the present embodiment separately below:
The first, algorithm types data.Fig. 1 b show the flow for the method that attack is perceived from algorithm types angle
Figure.As shown in Figure 1 b, this method includes:
Step S101 in step S111, corresponding diagram 1a reads the algorithm types data of each block in block chain.Its
In, algorithm types refer to dig mine algorithm (with hereinafter go out block algorithm) algorithm types, corresponding different currency type, the quantity of algorithm
Exist with type different;And corresponding identical currency type, there is also differences for the algorithm that digging to different blocks uses.In this step
In, by reading the algorithm types data of each block in block chain, can obtain multiple blocks for linking of sequence it is corresponding go out
Block algorithm.
Step S102 in step S112, corresponding diagram 1a, judges whether the algorithm types data of each block meet algorithm
Type audit strategy.Generally, for the block chain of the currency type form there are many algorithm types, sequence links under normal circumstances
Block go out block algorithm should be it is alternate or more dispersed, be based on this, set algorithm type audit strategy, i.e.,:
Setting identification malice digs the strategy of the feature of the corresponding algorithm types data of mine behavior.Then to the algorithm types number of each block
According to auditing.
Step S103 in step S113, corresponding diagram 1a, if the algorithm types data fit algorithm types of each block are examined
Stratagem is omited, then obtains the sensing results of attack, and then realize from algorithm types angle and perceive attack.
Second, time stamp data.Fig. 1 c show the flow chart for the method that attack is perceived from timestamp angle.Such as
Shown in Fig. 1 c, this method includes:
Step S101 in step S121, corresponding diagram 1a reads the time stamp data of each block in block chain.Wherein,
Timestamp records the time that each block generates, and be often born a new block, will be covered corresponding timestamp, and block
Each block on chain is then chained up according to timestamps ordering.The timestamp of adjacent block can reflect the latter area
Block goes out block time interval relative to previous block.
Step S102 in step S122, corresponding diagram 1a, judges whether the time stamp data of each block meets timestamp
Audit strategy.In general, adjacent block actually goes out block time interval and resonable should find out in the zone of reasonableness of block time interval
Fluctuation, and when the block time interval that actually goes out of the continuous block more than preset quantity exceeds the reasonable model that ideal goes out block time interval
When enclosing, then it is considered as abnormal conditions, is based on this, setting time stabs audit strategy, i.e.,:When setting identification malice digging mine behavior is corresponding
Between stamp data feature strategy.
Step S103 in step S123, corresponding diagram 1a, if the time stamp data of each block meets timestamp audit plan
Slightly, then the sensing results of attack are obtained, and then realizes from timestamp angle and perceives attack.
The third, stroke count data of merchandising.Fig. 1 d show the flow for the method that attack is perceived from transaction stroke count angle
Figure.As shown in Figure 1 d, this method includes:
Step S101 in step S131, corresponding diagram 1a reads the transaction stroke count data of each block in block chain.Its
In, transaction stroke count refers to the number of transaction in the time for digging out each block, i.e.,:Sequence link next block timestamp with
The number of transaction in time between the timestamp of a upper block, for the transaction stroke count of next block.
Step S102 in step S132, corresponding diagram 1a, judges whether the transaction stroke count data of each block meet transaction
Stroke count audit strategy.The block dug by normally digging mine behavior, the first stroke transaction record are to the reward for digging the successful people of mine
Transaction, in addition to this, there is also the transaction records generated in the more times for digging out the block under normal circumstances;And when more than one
The transaction stroke count data of the continuous block of fixed number amount are extremely small or when even 1, then are considered as abnormal conditions, are based on this, if
Surely transaction stroke count audit strategy, i.e.,:Setting malice digs the strategy of the feature of the corresponding transaction stroke count data of mine behavior.
Step S103 in step S133, corresponding diagram 1a, if the transaction stroke count data fit transaction stroke count of each block is examined
Stratagem is omited, then obtains the sensing results of attack, and then is realized from transaction stroke count angle and perceived attack.
It, can be respectively from the class of algorithms by reading above-mentioned three kinds of data contents, and the corresponding default audit strategy of setting
Type angle, timestamp angle and transaction stroke count angle perceive attack.However, it is desirable to described herein be, the present invention
It is not limited thereto, in the specific implementation, other data contents can be read according to actual conditions, and setting others are in advance
If audit strategy, to realize the effect for carrying out security audit to corresponding data content using the default audit strategy.In addition, not
With malice dig mine mode and may lead to one or more different abnormal conditions, can be in order to comprehensively perceive attack
A variety of in including but not limited to above-mentioned default audit strategy are combined, to carry out security audit.
According to the cognitive method of block chain attack provided in this embodiment, the data of each block in block chain are read
Content;Security audit is carried out to the data content of each block according to one or more default audit strategies, obtains meeting at least
A kind of auditing result of default audit strategy;The auditing result is analyzed, the sensing results of attack are obtained.It utilizes
Scheme provided by the invention can carry out security audit, root automatically by default audit strategy to the data content of each block
Find block chain attack in time according to auditing result, and then convenient for taking counter-measure for the block chain attack, with
Avoid the exclusive loss dug mine and cause other miners of attacker.
Fig. 2 shows the in accordance with another embodiment of the present invention block chain attack cognitive method based on algorithm types
Flow chart.The present embodiment is suitable for supporting a variety of currency types for digging mine algorithm.As shown in Fig. 2, this approach includes the following steps:
Step S201:The algorithm types for obtaining block chain describe data;Data life is described according to the algorithm types of block chain
At algorithm types audit strategy.
Wherein, algorithm types describe many algorithms type of data record block chain support.By taking XVG as an example, XVG blocks
The block algorithm that goes out include:Scrypt, X17, lyra2rev2, MYR groestl and blake2s, namely:Corresponding block chain
The algorithm types of support have above 5 kinds.
Specifically, after many algorithms type for getting the support of block chain, the corresponding algorithm of mine behavior is dug according to normal
The feature of type, and/or malice dig the feature generating algorithm type audit strategy of the corresponding algorithm types of mine behavior.In the present invention
Some specific embodiments in, malice is dug the corresponding algorithm types of mine behavior and is characterized as:More than the continuous block of preset quantity
The block algorithm that goes out be same algorithm types, correspondingly, algorithm types audit strategy is:If more than the continuum of preset quantity
The block algorithm that goes out of block is same algorithm types, it is determined that there is malice and digs mine behavior.
And in other specific embodiments in the present invention, it is contemplated that dig the starting stage of mine in malice, may have just
The block often dug is added to the situation in main chain, and therefore, the feature that malice digs the corresponding algorithm types of mine behavior may be:
Continuous multiple blocks go out in block algorithm it is same go out block algorithm shared by ratio be more than pre-set ratio, correspondingly, algorithm types are examined
Stratagem is slightly:If continuous multiple blocks go out in block algorithm it is same go out block algorithm shared by ratio be more than pre-set ratio, it is determined that
Mine behavior is dug in the presence of malice, this algorithm types audit strategy can not can in time perceive to avoid the starting stage for digging mine in malice
The case where to attack.Still by taking XVG as an example, if pre-set ratio is 90%, when correspondence goes out block algorithm in continuous 20 blocks
When reaching 18 for the quantity of Scrypt, then it is assumed that there is malice and dig mine.But the present invention is not dug with the above-mentioned malice referred to
The feature of the corresponding algorithm types of mine behavior is limited, and in the specific implementation, those skilled in the art can also refer to practical data
Or the calculated results, and according to the feature generating algorithm type audit strategy of other algorithm types.
Step S202:Read the algorithm types data of each block in block chain.
During actually digging mine, either normally digs mine or malice digs mine, all need the algorithm supported by block chain
A kind of algorithm in type is dug to a block, and therefore, each block dug out, all corresponding one goes out block algorithm.
Step S203:Judge whether the algorithm types data of each block meet algorithm types audit strategy.If so, holding
Row step S204;If it is not, then this method terminates.
Specifically, corresponding algorithm types audit strategy is:If the block algorithm that goes out more than the continuous block of preset quantity is
Same algorithm types, it is determined that there is malice and dig mine behavior, correspondingly, judging whether the algorithm types data of each block accord with
Hop algorithm type audit strategy is:Judge that the algorithm types data in each block with the presence or absence of continuous n block are identical,
Middle n is greater than or equal to preset value;If there are the algorithm types data of continuous n block are identical, judgement meets algorithm types
Audit strategy thens follow the steps S204;If the algorithm types data there is no continuous n block are identical, judgement is not met
Algorithm types audit strategy, then this method terminate.
Step S204:Obtain the sensing results of attack.
If it is determined that going out the algorithm types data fit algorithm types audit strategy of each block, then attack is perceived.
The above-mentioned steps S201 to step S204 of the present embodiment is by using algorithm types audit strategy to each block
Algorithm types data audit, to perceive attack, at the same time, as an optional step of the present embodiment, examine
Consider under normal digging mine mode, the frequency for lonely block occur is very low, usually general one day several lonely block, and is maliciously digging mine side
Under formula, a large amount of mine ponds can not work normally, and start constantly to dig to lonely block, also, since bifurcated chain can not be the same as the longest of attacker
Chain competes, and leading to block in bifurcated chain all becomes lonely block, it is seen then that malice is dug under mine mode, lonely number of blocks and appearance
Frequency can all increase extremely, therefore, can carry out security audit by lonely block audit strategy, and perceive attack.Specifically,
Read the data content that mine cell system provides;Safety is carried out according to lonely block audit strategy to the data content that mine cell system provides to examine
Meter;If the data content that mine cell system provides meets lonely block audit strategy, the sensing results of attack are obtained.Wherein, mine pond
Include the block message that goes out in preset time period in system, and the data content that mine cell system provides refers to the interior of the lonely block message of reflection
Hold, for example, lonely number of blocks, the frequency etc. that lonely block occurs;Lonely block audit strategy can dig the corresponding lonely block message of mine according to normal
It is set, alternatively, being set according to the corresponding practical data of malice digging mine or notional result, the present invention does not do this specifically
He limits.Optionally, lonely block audit strategy is:If the frequency for occurring lonely block in preset period of time is more than m%, it is determined that exist
Malice digs mine behavior.It is emphasized that the optional step can be held in step S201 to the arbitrary opportunity between step S204
Row, alternatively, being executed before step S201, alternatively, executing after step s 204, the present invention is not specifically limited this.
Step S205:Involved by analytical attack event one or more blocks record transaction data, obtain one or
Multiple transaction addresses;It will be in the storage to preset address library of one or more transaction addresses.
Wherein, transaction data refers to the Transaction Details of each block, and which describe the side of producing of every transaction, receipt side, gold
The information such as the digital signature of volume and the side of producing, and the first stroke transaction record is to the reward transaction for digging the successful people of mine, also referred to as
To generate transaction.The block that mine is dug is dug for malice, the first stroke transaction record is then to the reward transaction of attacker, accordingly
, receipt side is the gathering address of attacker.
Specifically, after perceiving attack, to avoid identical attacker again by the form of malice digging mine
The reward of corresponding block is obtained, the transaction data of the one or more blocks record involved by attack is analyzed,
Gathering address used when attacker makes a profit is obtained, i.e.,:One or more transaction addresses;Then, which is merchandised
Address is stored as malice address into preset address library, to be monitored, to be inquired using the preset address library, and then is prevented
More malice dig mine behavior or the generation of attack.
The present embodiment method can be realized in several ways, in some specific embodiments of the present invention, by block
Chain browser realizes that the block chain browser can read algorithm types data, and judge whether algorithm types data accord with
Hop algorithm type audit strategy, and then perceive attack;Alternatively, in other specific embodiments of the present invention, by inserting
Part realizes that plug-in unit is communicated by being established between block chain browser, to read algorithm types data, then judged by plug-in unit
Whether algorithm types data meet algorithm types audit strategy, and then perceive attack.
According to the block chain attack cognitive method provided in this embodiment based on algorithm types, the calculation of block chain is obtained
Method type specification data;Data generating algorithm type audit strategy is described according to the algorithm types of block chain;It reads in block chain
The algorithm types data of each block;Judge whether the algorithm types data of each block meet algorithm types audit strategy, if
It is then to obtain the sensing results of attack;The transaction data of one or more blocks record involved by analytical attack event,
Obtain one or more transaction addresses;It will be in the storage to preset address library of one or more transaction addresses.Utilize the present embodiment side
Case can carry out security audit automatically from the angle of algorithm types, as the spy for finding the corresponding algorithm types of malice digging mine behavior
When sign, then attack is perceived, and then convenient for taking counter-measure for the attack, mine is dug to avoid attacker is exclusive
Cause the loss of other miners.
Fig. 3 is shown according to the block chain attack cognitive method based on timestamp of another of the invention embodiment
Flow chart.As shown in figure 3, this approach includes the following steps:
Step S301:The block time interval that goes out for obtaining block chain describes data;It is retouched according to the block time interval that goes out of block chain
State data generated time stamp audit strategy.
Wherein, for block chain network, by adjusting difficulty value the block time can be controlled out, and different currency type forms
Block chain, the adjusting of difficulty algorithm used due to it is different, and going out block time interval accordingly, to describe data also different.For example, XVG
The block chain of form, it is corresponding go out block time interval be 30 seconds.Its adjusting of difficulty algorithm is:Forward trace takes identical algorithms 12
The difficulty average value of block calculates, if actually going out block time interval is less than the one third that ideal goes out block time interval, adjusts
Whole difficulty is three times of mean value;If actually going out block time interval is more than three times that ideal goes out block time interval, adjustment difficulty is
The one third of mean value can actually go out block time interval by comparison in this way and ideal goes out block time interval into Mobile state difficulty
Adjustment.For another example, the block chain of bit coin form, it is corresponding go out block time interval then be 10 minutes.
During malice digs mine, attacker is stabbed by modification time, and the block that other miners dig is allowed to pass through not
Timestamp scope verifies, and becomes lonely block.This, which has resulted in only attacker, can dig on main chain to block, and other normal miners
It cannot then be dug on the main chain that attacker controls and arrive block.Specifically, the form of attacker's modification time stamp has following three kinds:First
Kind makes the block time interval that goes out of continuous multiple blocks be much larger than normally in the starting stage for maliciously digging mine by modification time stamp
Go out block time interval (go out block time interval and describe data).Under this mode, block chain network can pass through adjusting of difficulty algorithm
Reduce difficulty so that dig mine disaster degree and substantially reduce.Simultaneously because attacker has modified timestamp so that the block that normal time stabs out
Timestamp scope verification is cannot be satisfied, to be added on the main chain that attacker digs.Second, when by alternately changing
Between stab, control difficulty decline speed.By the starting stage, attacker can monopolize substantially digs mine, and difficulty also has declined
Very much, hereafter attacker has not needed the digging mine that prodigious calculation power can be interference-free.In this stage, in order to make difficulty
It is unlikely to decline too fast, is found so as to cause other miners and other problems occur, attacker replaces modification time stamp, and then makes
It digs mine disaster degree and is in fluctuation status.The third makes several continuous blocks every certain amount of block by modification time stamp
Go out block time interval much smaller than normally go out block time interval (go out block time interval and describe data).This mode greatly promotes
Go out the speed of block, it equally can also the speed that declines of control difficulty.
Specifically, when going out the feature of block time interval according to caused by the mode of above-mentioned three kinds of modification times stamp, and going out block
Between interval description data (normally going out block time interval) generated time stamp audit strategy.Optionally, timestamp audit strategy is:
If the interval of timestamps of continuous m block is less than or equal to first time interval threshold value;And/or continuous n block when
Between stamp interval be greater than or equal to the second time interval threshold value, it is determined that exist malice dig mine behavior.Need it is described herein be, on
The form for stating modification time stamp is exemplary only, and the present invention is not limited thereto, can also basis during actual implementation
The feature for going out block time interval caused by the mode of other modification times stamp, to generate timestamp audit strategy.
Step S302:Read the time stamp data of each block in block chain.
Step S303:Judge whether the time stamp data of each block meets timestamp audit strategy.If so, executing step
Rapid S304;If it is not, then this method terminates.
Specifically, judge that the interval of timestamps in each block with the presence or absence of continuous m block is less than or equal to first
Time interval threshold value, and if it exists, then think to there is a situation where continuous m block go out block time interval extremely changed it is small, in turn
Judgement meets timestamp audit strategy.Alternatively, judging that the interval of timestamps in each block with the presence or absence of continuous n block is big
In or equal to the second time interval threshold value, and if it exists, then think that the block time interval that goes out there are continuous n block is changed greatly by extreme
The case where, and then judge to meet timestamp audit strategy.Wherein, m is greater than or equal to the first preset value, and n is greater than or equal to second
Preset value;First time interval threshold value and the second time interval threshold value foundation go out block time interval and set.
For example, the block time interval that goes out of XVG is 30 seconds, if first time interval threshold value is 1 second, the first preset value is
3, then when being less than or equal to 1 second there are the interval of timestamps of continuous 3 and the above block, then judgement meets timestamp audit plan
Slightly.Alternatively, if the second time interval threshold value is 5 minutes, the second preset value is 9, then when there are continuous 9 and the above block
Between stamp interval be greater than or equal to 5 minutes when, then judgement meet timestamp audit strategy.
Step S304:Obtain the sensing results of attack.
If it is determined that the time stamp data for going out each block meets timestamp audit strategy, then attack is perceived.
Embodiment corresponding with Fig. 2 is identical, as an optional step of the present embodiment, can further can be examined by lonely block
Stratagem slightly carries out security audit and perceives attack, specifically:Read the data content that mine cell system provides;According to lonely block
Audit strategy carries out security audit to the data content that mine cell system provides;If the data content that mine cell system provides meets lonely block
Audit strategy obtains the sensing results of attack.The related content that can be found in the corresponding embodiments of Fig. 2 is specifically described,
This is repeated no more.
Step S305:Involved by analytical attack event one or more blocks record transaction data, obtain one or
Multiple transaction addresses;It will be in the storage to preset address library of one or more transaction addresses.
For details, reference can be made to the descriptions of step S205, and details are not described herein.
Embodiment corresponding with Fig. 2 is identical, and the present embodiment method can also be realized by block chain browser or plug-in unit.
According to the block chain attack cognitive method provided in this embodiment based on timestamp, obtain block chain goes out block
Time interval describes data;Data generated time stamp audit strategy is described according to the block time interval that goes out of block chain;Read block
The time stamp data of each block in chain;Judge whether the time stamp data of each block meets timestamp audit strategy, if so,
Obtain the sensing results of attack;The transaction data of one or more blocks record involved by analytical attack event, obtains
One or more transaction addresses;It will be in the storage to preset address library of one or more transaction addresses.It, can using this embodiment scheme
To carry out security audit automatically from the angle of timestamp, when find malice dig mine behavior it is corresponding go out block time interval feature
When, then attack is perceived, and then convenient for taking counter-measure for the attack, is made to avoid the exclusive mine of digging of attacker
At the loss of other miners.
Fig. 4 shows the block chain attack cognitive method based on transaction stroke count according to further embodiment of the present invention
Flow chart.As shown in figure 4, this approach includes the following steps:
Step S401:Read the transaction stroke count data of each block in block chain.
Can be recorded in each block block go out block timestamp and this block go out between block timestamp when
Interior Transaction Information, including the transaction stroke count data recorded in transaction counter.
Step S402:Judge whether the transaction stroke count data of each block meet transaction stroke count audit strategy.If so, holding
Row step S403;If it is not, this method terminates.
In general, the block dug out by normally digging mine mode, is not in the transaction stroke count data of continuous multiple blocks
It is very small or the case where even 1;And the block that digs out of mine mode is dug by malice, due to modification time stamp or some
Other abnormal causes, can lead in continuous multiple blocks that there is only extremely a small amount of transaction, or even there was only one generate should
The generation of the case where transaction of block.
Specifically, judge that the transaction stroke count in each block with the presence or absence of continuous n block is less than or equal to transaction pen
Number threshold value, and if it exists, be then considered that malice digs stroke count data exception of merchandising caused by mine, and then judge to meet transaction stroke count audit
Strategy;Wherein, n is greater than or equal to preset value.
Step S403:Obtain the sensing results of attack.
If it is determined that going out the transaction stroke count data fit transaction stroke count audit strategy of each block, then attack is perceived.
Embodiment corresponding with Fig. 2 is identical, as an optional step of the present embodiment, can further can be examined by lonely block
Stratagem slightly carries out security audit and perceives attack, specifically:Read the data content that mine cell system provides;According to lonely block
Audit strategy carries out security audit to the data content that mine cell system provides;If the data content that mine cell system provides meets lonely block
Audit strategy obtains the sensing results of attack.The related content that can be found in the corresponding embodiments of Fig. 2 is specifically described,
This is repeated no more.
Step S404:Involved by analytical attack event one or more blocks record transaction data, obtain one or
Multiple transaction addresses;It will be in the storage to preset address library of one or more transaction addresses.
For details, reference can be made to the descriptions of step S205, and details are not described herein.
Embodiment corresponding with Fig. 2 is identical, and the present embodiment method can also be realized by block chain browser or plug-in unit.
According to the block chain attack cognitive method provided in this embodiment based on transaction stroke count, read each in block chain
The transaction stroke count data of a block;Judge whether the transaction stroke count data of each block meet transaction stroke count audit strategy, if so,
Obtain the sensing results of attack;The transaction data of one or more blocks record involved by analytical attack event, obtains
One or more transaction addresses;It will be in the storage to preset address library of one or more transaction addresses.It, can using this embodiment scheme
To carry out security audit automatically from the angle of transaction stroke count, when finding transaction stroke count data exception, then attack is perceived,
And then convenient for taking counter-measure for the attack, to avoid the exclusive loss dug mine and cause other miners of attacker.
Fig. 5 shows the flow chart of the cognitive method of the block chain attack according to a still further embodiment of the present invention.This
Embodiment is suitable for the case where carrying out security audit to data content using a variety of default audit strategies.As shown in figure 5, this method
Include the following steps:
Step S501:The feature description data for obtaining block chain generate a variety of pre- according to the feature description data of block chain
If audit strategy.
Wherein, the feature description data of block chain are the normal data for the feature that can arbitrarily characterize block chain, the standard
Data correspond to the normal parameter for digging the block that mine behavior is dug out.Optionally, in some specific embodiments of the present invention, block
The feature description data of chain include:Go out block time interval and/or algorithm types.But the present invention is not limited thereto, this field
Technical staff should be understood that every difference malice that can be used in digs mine behavior and the normal number for digging the block that mine behavior is dug out
According to can be chosen to be the feature description data of block chain.
Specifically, the block chain of corresponding different currency type forms generates different pre- according to the feature description data of block chain
If audit strategy, and then the situation for avoiding attack perception inaccurate occurs.For example, the block chain of bit coin form
It digs mine algorithm and there was only one kind, correspondingly, the block algorithm that goes out of all blocks in block chain is a kind of algorithm, such case
Under, use " if continuous multiple blocks go out in block algorithm it is same go out block algorithm shared by ratio be more than pre-set ratio, it is determined that deposit
In malice dig mine behavior " algorithm audit strategy carry out security audit, then can when there is no attack mistake
Perceive attack.Therefore, the block chain of bit coin is unsuitable for carrying out security audit using algorithm types audit strategy.
Step S502:Read the data content of each block in block chain.
Read the data content of each block in block chain, wherein the data content includes the correlation that mine process is dug in reflection
Information, for example, algorithm types data;The relevant information of Block Characteristic, for example, time stamp data;And/or the transaction of block record
Relevant information, for example, transaction stroke count data.But the present invention is not limited with above-mentioned example, those skilled in the art should
Understand, can arbitrarily reflect that the data content of the above-mentioned relevant information referred to can be as in real data of the invention
Hold.
Step S503:Security audit is carried out to the data content of each block according to a variety of default audit strategies, is accorded with
Close the auditing result of at least one default audit strategy.
Specifically, it audits to corresponding data content according to a variety of default audit strategies, wherein can use simultaneously more
The default audit strategy of kind distinguishes the corresponding data content of parallel audit, alternatively, can also be according to preset sequence, every time with one
The corresponding data content of the default audit strategy audit of kind.Optionally, while with timestamp audit strategy, algorithm types audit strategy
And transaction stroke count audit strategy is audited time stamp data, algorithm types data and transaction stroke count data respectively, and then can be with
It is quickly obtained auditing result.
After carrying out security audit, auditing result is obtained, specifically, meets the audit knot of at least one default audit strategy
Fruit has following three kinds:There is a kind of data content to meet default audit strategy accordingly;Alternatively, meeting accordingly there are many data content
Default audit strategy;Alternatively, all data contents meet default audit strategy accordingly.
Step S504:Auditing result is analyzed, the sensing results of attack are obtained.
In the specific implementation, different analysis rules can be set according to actual demand, then according to the analysis rule,
Obtain sensing results.Wherein, analysis rule can be examined from the quantity of at least one default audit strategy, or at least one preset
The two the aspect settings of the audit angle of stratagem slightly.Specifically, it sets in quantity, analysis rule includes but not limited to next
Kind is a variety of:If there is a kind of data content to meet a kind of corresponding default audit strategy, it is determined that there are attacks;Alternatively,
If there are many data contents to correspond with corresponding a variety of default audit strategies, it is determined that there are attacks;If alternatively, all
Data content respectively meet corresponding all default audit strategies, it is determined that there are attacks.It is set from audit angle
It is fixed, if at least one default audit strategy is particular audit strategy, it is determined that there are attacks, wherein particular audit strategy
It can be set according to currency type.
The above-mentioned steps S501 to step S504 of the present embodiment be by the data content to each block in block chain into
Row audit, to perceive attack, at the same time, an optional step as the present embodiment, it is contemplated that normal to dig mine mode
Under, the frequency for lonely block occur is very low, usually general one day several lonely block, and in the case where malice digs mine mode, a large amount of mine ponds without
Method works normally, and starts constantly to dig to lonely block, also, since bifurcated chain can not be competed with the most long-chain of attacker, causes point
Block in fork chain all becomes lonely block, it is seen then that malice is dug under mine mode, and the frequency of lonely number of blocks and appearance can all increase extremely
Greatly, therefore, security audit can be carried out by lonely block audit strategy, and perceives attack.Specifically, mine cell system is read to carry
The data content of confession;Security audit is carried out to the data content that mine cell system provides according to lonely block audit strategy;If mine cell system
The data content of offer meets lonely block audit strategy, obtains the sensing results of attack.Wherein, include pre- in mine cell system
If going out block message in the period, and the data content that mine cell system provides refers to the content of the lonely block message of reflection, for example, lonely block number
Amount, the frequency etc. that lonely block occurs;Lonely block audit strategy can be set according to the normal corresponding lonely block message of mine that digs, alternatively,
The corresponding practical data of mine is dug according to malice or notional result is set, and the present invention does not do this specifically his restriction.Optionally,
Lonely block audit strategy is:If the frequency for occurring lonely block in preset period of time is more than m%, it is determined that there is malice and dig mine behavior.
It is emphasized that the optional step can be executed in step S501 to the arbitrary opportunity between step S504, alternatively, in step
It is executed before S501, alternatively, being executed after step S504, the present invention is not specifically limited this.
Step S505:Involved by analytical attack event one or more blocks record transaction data, obtain one or
Multiple transaction addresses;It will be in the storage to preset address library of one or more transaction addresses.
Wherein, transaction data refers to the Transaction Details of each block, and which describe the side of producing of every transaction, receipt side, gold
The information such as the digital signature of volume and the side of producing, and the first stroke transaction record is to the reward transaction for digging the successful people of mine, also referred to as
To generate transaction.The block that mine is dug is dug for malice, the first stroke transaction record is then to the reward transaction of attacker, accordingly
, receipt side is the gathering address of attacker.
Specifically, after perceiving attack, to avoid identical attacker again by the form of malice digging mine
The reward of corresponding block is obtained, the transaction data of the one or more blocks record involved by attack is analyzed,
Gathering address used when attacker makes a profit is obtained, i.e.,:One or more transaction addresses;Then, which is merchandised
Address is stored as malice address into preset address library, to be monitored, to be inquired using the preset address library, and then is prevented
More malice dig mine behavior or the generation of attack.
The present embodiment method can be realized in several ways, in some specific embodiments of the present invention, this implementation
Example method is realized that the block chain browser can read data content, and judge that data content is by block chain browser
It is no to meet default audit strategy, and then perceive attack;Alternatively, in other specific embodiments of the present invention, this reality
A method is applied by plug-in unit to realize, plug-in unit is communicated by being established between block chain browser, to read data content, then by
Plug-in unit judges whether data content meets default audit strategy, and then perceives attack.
According to the cognitive method of block chain attack provided in this embodiment, the feature description data of block chain are obtained,
A variety of default audit strategies are generated according to the feature description data of block chain;Read the block head number of each block in block chain
According to;Security audit is carried out to the data content of each block according to a variety of default audit strategies, obtains meeting at least one default
The auditing result of audit strategy;Auditing result is analyzed, the sensing results of attack are obtained;Involved by analytical attack event
And one or more blocks record transaction data, obtain one or more transaction addresses;By one or more transaction addresses
It stores in preset address library.It, can be by using multiple default audit strategies to corresponding data using this embodiment scheme
Content carries out security audit, achievees the effect that carry out security audit from multiple angles;When in the data for meeting default audit strategy
When appearance meets analysis rule, then attack is perceived, increases the flexibility of perception attack;Meanwhile perceiving attack
Event can take counter-measure in order to be directed to the attack, to avoid the exclusive damage dug mine and cause other miners of attacker
It loses.
Fig. 6 shows the functional block of the block chain attack sensing device based on timestamp of one embodiment of the invention
Figure.As shown in fig. 6, the device includes:First read module 601, the first sensing module 603, obtains first Audit Module 602
Module 604, generation module 605, analysis module 606, memory module 607, the second read module 608, the second Audit Module 609 with
And second sensing module 610.
First read module 601 is suitable for reading the time stamp data of each block in block chain;
First Audit Module 602, suitable for judging whether the time stamp data of each block meets timestamp audit plan
Slightly;
First sensing module 603, suitable for if it is determined that go out to meet timestamp audit strategy, then obtaining the perception knot of attack
Fruit.
Acquisition module 604, the block time interval that goes out suitable for obtaining block chain describe data;
Generation module 605, suitable for describing data and generating the timestamp to examine according to the block time interval that goes out of the block chain
Stratagem is omited.
First Audit Module 602 is further adapted for:
Judge that the interval of timestamps in each block with the presence or absence of continuous m block is less than or equal to first time interval
Threshold value;And/or judge that the interval of timestamps in each block with the presence or absence of continuous n block was greater than or equal to for the second time
Interval threshold, if so, judgement meets timestamp audit strategy;
Wherein, m is greater than or equal to the first preset value, and n is greater than or equal to the second preset value;The first time interval threshold value
Go out block time interval according to described in the second time interval threshold value and sets.
Analysis module 606 is suitable for analyzing the transaction data of one or more blocks record involved by the attack,
Obtain one or more transaction addresses;
Memory module 607, being suitable for will be in the storage to preset address library of one or more of transaction addresses.
Second read module 608 is suitable for reading the data content that mine cell system provides;
Second Audit Module 609 is suitable for carrying out safety to the data content that mine cell system provides according to lonely block audit strategy
Audit;
Second sensing module 610 obtains if meeting lonely block audit strategy suitable for the data content that the mine cell system provides
The sensing results of attack.
Wherein, described device is realized by block chain browser;Alternatively, described device is realized by plug-in unit.
It can refer to the description of corresponding steps in embodiment of the method about the concrete structure and operation principle of above-mentioned modules,
Details are not described herein again.
The embodiment of the present application provides a kind of nonvolatile computer storage media, and the computer storage media is stored with
An at least executable instruction, the computer executable instructions can perform the area based on timestamp in above-mentioned any means embodiment
Block chain attack cognitive method.
Fig. 7 shows a kind of structural schematic diagram of computing device according to the ... of the embodiment of the present invention, the specific embodiment of the invention
The specific implementation of computing device is not limited.
As shown in fig. 7, the computing device may include:Processor (processor) 702, communication interface
(Communications Interface) 704, memory (memory) 706 and communication bus 708.
Wherein:
Processor 702, communication interface 704 and memory 706 complete mutual communication by communication bus 708.
Communication interface 704, for being communicated with the network element of miscellaneous equipment such as client or other servers etc..
Processor 702 can specifically execute the above-mentioned block chain attack based on timestamp for executing program 710
Correlation step in cognitive method embodiment.
Specifically, program 710 may include program code, which includes computer-managed instruction.
Processor 702 may be central processor CPU or specific integrated circuit ASIC (Application
Specific Integrated Circuit), or be arranged to implement the integrated electricity of one or more of the embodiment of the present invention
Road.The one or more processors that computing device includes can be same type of processor, such as one or more CPU;Also may be used
To be different types of processor, such as one or more CPU and one or more ASIC.
Memory 706, for storing program 710.Memory 706 may include high-speed RAM memory, it is also possible to further include
Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.
Program 710 specifically can be used for so that processor 702 executes following operation:
Read the time stamp data of each block in block chain;
Judge whether the time stamp data of each block meets timestamp audit strategy;
If meeting, the sensing results of attack are obtained.
In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour
Make:The block time interval that goes out for obtaining block chain describes data;
The data generation timestamp audit strategy is described according to the block time interval that goes out of the block chain.
In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour
Make:
Judge that the interval of timestamps in each block with the presence or absence of continuous m block is less than or equal to first time interval
Threshold value;And/or judge that the interval of timestamps in each block with the presence or absence of continuous n block was greater than or equal to for the second time
Interval threshold, if so, judgement meets timestamp audit strategy;
Wherein, m is greater than or equal to the first preset value, and n is greater than or equal to the second preset value;The first time interval threshold value
Go out block time interval according to described in the second time interval threshold value and sets.
In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour
Make:
The transaction data for analyzing one or more blocks record involved by the attack, obtains one or more friendships
Easy address;
It will be in the storage to preset address library of one or more of transaction addresses.
In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour
Make:
Read the data content that mine cell system provides;
Security audit is carried out to the data content that mine cell system provides according to lonely block audit strategy;
If the data content that the mine cell system provides meets lonely block audit strategy, the sensing results of attack are obtained.
In a kind of optional mode, the method is realized by block chain browser.
In a kind of optional mode, the method is realized by plug-in unit.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with teaching based on this.As described above, it constructs required by this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that can utilize various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required to protect
Shield the present invention claims the more features of feature than being expressly recited in each claim.More precisely, as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific implementation mode are expressly incorporated in the specific implementation mode, wherein each claim itself
All as a separate embodiment of the present invention.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment
Change and they are arranged in the one or more equipment different from the embodiment.It can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it may be used any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit requires, abstract and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included certain features rather than other feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be with hardware realization, or to run on one or more processors
Software module realize, or realized with combination thereof.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (DSP) realize the block chain attack according to the ... of the embodiment of the present invention based on timestamp
The some or all functions of some or all components in event perception device.The present invention is also implemented as executing
Some or all equipment or program of device of method as described herein are (for example, computer program and computer journey
Sequence product).It is such realize the present invention program can may be stored on the computer-readable medium, can either have there are one or
The form of multiple signals.Such signal can be downloaded from internet website and be obtained, either provide on carrier signal or
It provides in any other forms.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference mark between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.In the unit claims listing several devices, several in these devices can be by the same hardware branch
To embody.The use of word first, second, and third does not indicate that any sequence.These words can be explained and be run after fame
Claim.
The invention discloses:A1. a kind of block chain attack cognitive method based on timestamp, including:
Read the time stamp data of each block in block chain;
Judge whether the time stamp data of each block meets timestamp audit strategy;
If meeting, the sensing results of attack are obtained.
A2. the method according to A1, wherein the method further includes:
The block time interval that goes out for obtaining block chain describes data;
The data generation timestamp audit strategy is described according to the block time interval that goes out of the block chain.
A3. the method according to A2, wherein whether the time stamp data for judging each block, which meets timestamp, is examined
Stratagem slightly further comprises:
Judge that the interval of timestamps in each block with the presence or absence of continuous m block is less than or equal to first time interval
Threshold value;And/or judge that the interval of timestamps in each block with the presence or absence of continuous n block was greater than or equal to for the second time
Interval threshold, if so, judgement meets timestamp audit strategy;
Wherein, m is greater than or equal to the first preset value, and n is greater than or equal to the second preset value;The first time interval threshold value
Go out block time interval according to described in the second time interval threshold value and sets.
A4. the method according to any one of A1-A3, wherein it is described obtain the sensing results of attack after,
The method further includes:
The transaction data for analyzing one or more blocks record involved by the attack, obtains one or more friendships
Easy address;
It will be in the storage to preset address library of one or more of transaction addresses.
A5. the method according to any one of A1-A3, wherein the method further includes:
Read the data content that mine cell system provides;
Security audit is carried out to the data content that mine cell system provides according to lonely block audit strategy;
If the data content that the mine cell system provides meets lonely block audit strategy, the sensing results of attack are obtained.
A6. the method according to any one of A1-A4, wherein the method is realized by block chain browser.
A7. the method according to any one of A1-A4, wherein the method is realized by plug-in unit.
The invention also discloses:B8. a kind of block chain attack sensing device based on timestamp, including:
First read module is suitable for reading the time stamp data of each block in block chain;
First Audit Module, suitable for judging whether the time stamp data of each block meets timestamp audit strategy;
First sensing module, suitable for if it is determined that go out to meet timestamp audit strategy, then obtaining the sensing results of attack.
B9. the device according to B8, wherein described device further includes:
Acquisition module, the block time interval that goes out suitable for obtaining block chain describe data;
Generation module, suitable for describing the data generation timestamp audit plan according to the block time interval that goes out of the block chain
Slightly.
B10. the device according to B9, wherein first Audit Module is further adapted for:
Judge that the interval of timestamps in each block with the presence or absence of continuous m block is less than or equal to first time interval
Threshold value;And/or judge that the interval of timestamps in each block with the presence or absence of continuous n block was greater than or equal to for the second time
Interval threshold, if so, judgement meets timestamp audit strategy;
Wherein, m is greater than or equal to the first preset value, and n is greater than or equal to the second preset value;The first time interval threshold value
Go out block time interval according to described in the second time interval threshold value and sets.
B11. the device according to any one of B8-B10, wherein described device further includes:
Analysis module is suitable for analyzing the transaction data of one or more blocks record involved by the attack, obtains
To one or more transaction addresses;
Memory module, being suitable for will be in the storage to preset address library of one or more of transaction addresses.
B12. the device according to any one of B8-B10, wherein described device further includes:
Second read module is suitable for reading the data content that mine cell system provides;
Second Audit Module is suitable for carrying out safety to the data content that mine cell system provides according to lonely block audit strategy examining
Meter;
Second sensing module is attacked if meeting lonely block audit strategy suitable for the data content that the mine cell system provides
Hit the sensing results of event.
B13. the device according to any one of B8-B11, wherein described device is realized by block chain browser.
B14. the device according to any one of B8-B11, wherein described device is realized by plug-in unit.
The invention also discloses:C15. a kind of computing device, including:Processor, memory, communication interface and communication are total
Line, the processor, the memory and the communication interface complete mutual communication by the communication bus;
The memory makes the processor execute such as storing an at least executable instruction, the executable instruction
The corresponding operation of block chain attack cognitive method based on timestamp described in any one of A1-A7.
The invention also discloses:D16. a kind of computer storage media, being stored at least one in the storage medium can hold
Row instruction, the executable instruction make processor execute the block chain attack based on timestamp as described in any one of A1-A7
The corresponding operation of event perception method.
Claims (10)
1. a kind of block chain attack cognitive method based on timestamp, including:
Read the time stamp data of each block in block chain;
Judge whether the time stamp data of each block meets timestamp audit strategy;
If meeting, the sensing results of attack are obtained.
2. according to the method described in claim 1, wherein, the method further includes:
The block time interval that goes out for obtaining block chain describes data;
The data generation timestamp audit strategy is described according to the block time interval that goes out of the block chain.
3. according to the method described in claim 2, wherein, whether the time stamp data for judging each block meets timestamp
Audit strategy further comprises:
Judge that the interval of timestamps in each block with the presence or absence of continuous m block is less than or equal to first time interval threshold
Value;And/or judge that the interval of timestamps in each block with the presence or absence of continuous n block was greater than or equal between the second time
Every threshold value, if so, judgement meets timestamp audit strategy;
Wherein, m is greater than or equal to the first preset value, and n is greater than or equal to the second preset value;The first time interval threshold value and
Two time interval threshold values go out block time interval and set according to described in.
4. method according to any one of claim 1-3, wherein the sensing results for obtaining attack it
Afterwards, the method further includes:
The transaction data for analyzing one or more blocks record involved by the attack obtains one or more transaction ground
Location;
It will be in the storage to preset address library of one or more of transaction addresses.
5. method according to any one of claim 1-3, wherein the method further includes:
Read the data content that mine cell system provides;
Security audit is carried out to the data content that mine cell system provides according to lonely block audit strategy;
If the data content that the mine cell system provides meets lonely block audit strategy, the sensing results of attack are obtained.
6. according to the described method of any one of claim 1-4, wherein the method is realized by block chain browser.
7. according to the described method of any one of claim 1-4, wherein the method is realized by plug-in unit.
8. a kind of block chain attack sensing device based on timestamp, including:
First read module is suitable for reading the time stamp data of each block in block chain;
First Audit Module, suitable for judging whether the time stamp data of each block meets timestamp audit strategy;
First sensing module, suitable for if it is determined that go out to meet timestamp audit strategy, then obtaining the sensing results of attack.
9. a kind of computing device, including:Processor, memory, communication interface and communication bus, the processor, the storage
Device and the communication interface complete mutual communication by the communication bus;
The memory makes the processor execute as right is wanted for storing an at least executable instruction, the executable instruction
Ask the corresponding operation of block chain attack cognitive method based on timestamp described in any one of 1-7.
10. a kind of computer storage media, an at least executable instruction, the executable instruction are stored in the storage medium
The block chain attack cognitive method based on timestamp that processor is executed as described in any one of claim 1-7 is set to correspond to
Operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810367367.5A CN108566398B (en) | 2018-04-23 | 2018-04-23 | Block chain attack event sensing method and device and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810367367.5A CN108566398B (en) | 2018-04-23 | 2018-04-23 | Block chain attack event sensing method and device and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108566398A true CN108566398A (en) | 2018-09-21 |
| CN108566398B CN108566398B (en) | 2020-10-27 |
Family
ID=63536077
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810367367.5A Active CN108566398B (en) | 2018-04-23 | 2018-04-23 | Block chain attack event sensing method and device and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108566398B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109787867A (en) * | 2019-02-28 | 2019-05-21 | 矩阵元技术(深圳)有限公司 | Block generation method, device, computer equipment and storage medium |
| CN110830260A (en) * | 2019-09-27 | 2020-02-21 | 电子科技大学 | Block chain-based digital signature timestamp generation method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106548397A (en) * | 2016-11-22 | 2017-03-29 | 天津米游科技有限公司 | A kind of block chain common recognition mechanism |
| WO2017082238A1 (en) * | 2015-11-09 | 2017-05-18 | 日本電信電話株式会社 | Block chain generation device, block chain generation method, block chain verification device, block chain verification method and program |
| CN107078903A (en) * | 2016-12-23 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Digging ore deposit method, device and the node device of block chain |
-
2018
- 2018-04-23 CN CN201810367367.5A patent/CN108566398B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017082238A1 (en) * | 2015-11-09 | 2017-05-18 | 日本電信電話株式会社 | Block chain generation device, block chain generation method, block chain verification device, block chain verification method and program |
| CN106548397A (en) * | 2016-11-22 | 2017-03-29 | 天津米游科技有限公司 | A kind of block chain common recognition mechanism |
| CN107078903A (en) * | 2016-12-23 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Digging ore deposit method, device and the node device of block chain |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109787867A (en) * | 2019-02-28 | 2019-05-21 | 矩阵元技术(深圳)有限公司 | Block generation method, device, computer equipment and storage medium |
| CN110830260A (en) * | 2019-09-27 | 2020-02-21 | 电子科技大学 | Block chain-based digital signature timestamp generation method |
| CN110830260B (en) * | 2019-09-27 | 2021-09-24 | 电子科技大学 | Block chain-based digital signature timestamp generation method |
| US11936799B2 (en) | 2019-09-27 | 2024-03-19 | University Of Electronic Science And Technology Of China | Blockchain-based time stamping method for digital signature |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108566398B (en) | 2020-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108306898A (en) | Cognitive method, device and the computing device of block chain attack | |
| CN108596617A (en) | Block chain attack cognitive method based on algorithm types and device | |
| Fielder et al. | Decision support approaches for cyber security investment | |
| ES2878135T3 (en) | Devices to provide a set of cryptographically classified, filtered and protected transaction data records of a link in a blockchain | |
| CN108551454A (en) | Block chain attack cognitive method and device based on transaction stroke count | |
| US20160044057A1 (en) | Cyber Security Posture Validation Platform | |
| CN109360091A (en) | A kind of arbitrary object choosing method and device based on block chain | |
| CN108475394A (en) | The system and method for providing finance data for the financial instrument into distributed ledger system | |
| CN108234470A (en) | Block packaging method and system, electronic equipment, storage medium in block chain network | |
| KR101534192B1 (en) | System for providing cybersecurity realtime training against attacks and method thereof | |
| CN108023896A (en) | Block synchronous method and system | |
| Conti et al. | Attacking information visualization system usability overloading and deceiving the human | |
| CN109286511A (en) | The method and device of data processing | |
| CN108566398A (en) | Block chain attack cognitive method based on timestamp and device | |
| CN108564416A (en) | The processing method of activity countdown in limited time, computing device, storage medium | |
| CN109447651A (en) | Business air control detection method, system, server and storage medium | |
| CN110147329A (en) | A kind of method, apparatus and terminal of dynamic detection simulator | |
| CN110008719A (en) | A kind of file process, file test method and device | |
| CN110365712A (en) | A kind of defence method and system of distributed denial of service attack | |
| Yang et al. | An effective and scalable VM migration strategy to mitigate cross-VM side-channel attacks in cloud | |
| CN105915556A (en) | Method and equipment for determining attack surfaces of terminals | |
| CN109948333A (en) | A kind of safety defense method and device of account attack | |
| EP3346666A1 (en) | A prediction system configured for modeling the expected number of attacks on a computer or communication network | |
| CN116545776B (en) | Data transmission method, device, computer equipment and storage medium | |
| CN108696530B (en) | Online encrypted data security assessment method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |