CN110309657A - The safety risk estimating method of block chain - Google Patents
The safety risk estimating method of block chain Download PDFInfo
- Publication number
- CN110309657A CN110309657A CN201910535959.8A CN201910535959A CN110309657A CN 110309657 A CN110309657 A CN 110309657A CN 201910535959 A CN201910535959 A CN 201910535959A CN 110309657 A CN110309657 A CN 110309657A
- Authority
- CN
- China
- Prior art keywords
- security
- block chain
- chain
- value
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Abstract
The invention proposes the safety risk estimating method of a block chain, the security risk of block for coefficient chain in terms of Technical Architecture and liveness two.We establish block chain trusted computing base (BTCB according to block chain technical system framework first, Blockchain Trusted Computing Base) model, then it designs one kind and combines step analysis (AHP, Analytic Hierarchy Process) and paired comparisons security-sensitive analysis method, security sensitive weight is distributed for each security risk influence factor, finally constructs the security risk score function of a block chain.In experimental section, we use this method for 30 instantly important publicly-owned chain block chain project marking, and encrypt currency grading comparative analysis with the publicly-owned chain technology evaluation index of sadie, Weiss, the experimental results showed that our method has certain feasibility.
Description
Technical field
The present invention relates to the application fields such as finance, finance, answer more particularly, to block chain technology in fields such as finance, finances
Safety-related problem.
Background technique
Block chain originates from bit coin, by the security advantages such as trust, anti-tamper, traceable are gone, becomes the following finance, wealth
The important application technology in the fields such as political affairs.Application field economic benefit behind is substantially improved and is hidden in computer computation ability
The increasing of benefit, the safety problem increasingly significant of block chain technology.Therefore, the security risk research of block chain is just becoming both domestic and external
Research hotspot.
Recent years, a variety of methods have been proposed for the security risk of testing and evaluation block chain.Currently, most of
Research uses each shadow for attacking (such as 51% attack, solar eclipse attack and physical attacks etc.) in mathematical method analysis block chain
Power is rung, to assess the safety of block chain.Attack type and quantity in block chain are various, are not found completely also so far,
Therefore, the effect of each attack of independent analysis is incomplete.In order to comprehensively assess the safety of block chain, Ye Congcong et al.
Document --- the safety detection model of block chain proposes a kind of safety evaluation method based on block chain state, analysis is each
State becomes success attack shape probability of state, to judge security of system.According to Literature Consult, existing method is not from technology
The security risk of architectural framework and the angle research block chain of calculation power, and technical combinations and calculation power can be to the security risks of block chain
It has a huge impact.Therefore, a kind of assessment block chain safety wind is proposed from the angle of technical system framework and calculation power herein
The new method of danger.
This method is codetermined by quantitative effect factor and qualitative effect factor, and quantitative effect factor includes that block chain is calculated
Power, block chain bifurcated depth etc..The qualitative effect factors composition foundation for security of block chain, such as various based on digital signature plus
Close algorithm, hash function, common recognition mechanism, intelligent contract etc..We establish block chain according to block chain technical system framework first
Trusted computing base (BTCB), and then propose the security sensitive of a kind of binding hierarchy analysis two methods of (AHP) and paired comparisons
Property analysis method, for it is each influence block chain security risk factor distribute security sensitive weight, finally devise a block
The safety risk estimating method of chain.
Summary of the invention
1) block chain trusted computing base
The core of our appraisal procedures is that the peace of block chain project to be appraised is sufficiently disclosed from the angle of block chain Technical Architecture
Full blast danger, for this reason, it may be necessary to be analyzed the various technologies for influencing block chain security risk comprehensively.Basic ideas are from safety wind
The intension triggering of danger, using the safety of technology as foothold, fully considers data model, Encryption Algorithm, the common recognition machine of block chain
The Safety Influence Factors such as system, network design, decentralization degree, incentive mechanism and intelligent contract.The development and evolution of block chain
It substantially experienced 3.0 three phases of block chain 1.0, block chain 2.0 and block chain, although upper different in specific implementation,
There are many general character for integral system framework.The document of Shao Qifeng et al. --- block chain technology: framework and progress think the system
Framework can be divided into five levels: network layer, common recognition layer, data Layer, intelligent contract layer and application layer, multiple technologies one on the whole
It rises and constitutes block catenary system, see Fig. 1.
In order to provide the analytic process of strict logic to the qualitative evaluation of hereafter block chain security risk, we are according to block
The Technical Architecture of chain establishes block chain trusted computing base --- BTCB, as shown in Figure 2.BTCB, which is contained, influences block chain safety
All elements, and by function difference by their hierarchical classifications, to analyze the potential security risk or safety of statistics block chain
Protection mechanism.
Define the institute of 1 (block chain trusted computing base --- BTCB) block chain trust computing basis representation safety zone block catenary system
There are the set of safety protecting mechanism, including the storage of data structure, data pattern, data, Encryption Algorithm, hash function, network knot
The various block chain security factors such as structure, network protocol, common recognition mechanism, intelligent contract.
Compared with block chain Technical Architecture, the content of BTCB is more extensive, and other than the security factor of technology class, BTCB is also wrapped
The enterprise externals security factors such as the industry environment of chain containing block, development trend, policy and Supervision Measures, Enterprise Project, team composition,
The enterprises such as technical strength, capital input and operation maintenance security factor and other specific safety elements.But the emphasis of this paper
It is from the security risk of the angular quantification block chain project of Technical Architecture, therefore, we only discuss that the technology class of BTCB is wanted safely
Element, and as the content of block chain security risk assessment.
(1) data Layer.Principal concern of the appraisal procedure to data Layer security risk analysis: (a) information attack;(b) add
Close algorithm attack.Corresponding safety protecting mechanism is that the data based on Merkle tree store [10] and based on digital signature respectively
Encryption Algorithm.Data storage is realized by block mode and chain structure, realizes persistence in the form of KV database mostly.Base
In a variety of cryptographic algorithms, hash function and the asymmetric encryption techniques of digital signature, it ensure that the safety of account and transaction is real
It is existing.
(2) network layer.Principal concern of the appraisal procedure to IP Security risk analysis: (a) P2P network risks;(b)
Broadcast mechanism risk;(c) authentication mechanism risk.Block chain utilizes the mechanism such as the propagation of P2P network settings, verifying, P2P mode
Information is propagated, and the information comprising own IP address can be sent to adjacent node, is easy by solar eclipse attack, eavesdropping attack, BGP
The attacks such as hijack attack, node client loophole, refusal service (DDoS).Common attack pattern has honeysuckle in broadcast mechanism
Attack and transaction extension sexual assault.There is verifying easily around phenomenon in authentication mechanism renewal process, will lead to number once going wrong
According to confusion, and bifurcation problem can be related to.Safety protecting mechanism mainly include the network protocol continuously improved, safety it is rigorous
Network structure.
(3) common recognition layer.In BTCB, common recognition layer is located on network layer, is made of rich and varied common recognition mechanism.Assessment
Principal concern of the method to common recognition layer security risk analysis: the reliability for mechanism of knowing together.Common recognition mechanism is to a time window
The algorithm that affairs sequencing in mouthful is reached common understanding.Block chain can support different common recognition mechanism, the common recognition machine having at present
It is formed with PoW, PoS, DPoS, Pool verifying pond mechanism and PBFT etc., the attack faced includes that Sybil attack, short-range are attacked
It hits, long-range attack, coin age accumulative public product, precomputation attack etc..
(4) excitation layer.Principal concern of the appraisal procedure to excitation layer security risk analysis: (a) issuing mechanism risk;
(b) distribution mechanism risk.At present there is no the exposures of security risk event, but are not excluded for existing in excitation layer issuing mechanism safe hidden
Suffer from.A large amount of small calculation power nodes are concentrated and mine pond are added by distribution mechanism, easily threaten to decentralization trend.
(5) alternation of bed is applied.A practical landing scene using alternation of bed as block chain technology, is current all areas
A most frequent level of security events occurs in the framework of block chain industry.Appraisal procedure is to application alternation of bed security risk point
The principal concern of analysis: (a) application extension risk;(b) application environment risk;(c) Market Feedback.Application extension risk refers mainly to
Attack to all kinds of scripts, algorithm and intelligent contract.Current potential security threat mainly includes Solidity loophole, escape leakage
Hole, short address loophole, stack overflow loophole, reenterability attack, trading order dependent attack, timestamp dependent attack, integer
Flooding etc..Application environment risk includes the brings safety winds such as economic situation, monetary policy, team, enterprise background and capital
Danger.Market Feedback is concentrated mainly on field relevant to cryptographic assets, such as in user node, digital asset wallet and transaction
Among platform, actual loss brought by security incident each time is up to ten million to billions of dollars.
2) paired comparisons
Paired comparisons can help domain expert to better describe sensibility rank, and the content compared includes Sensitive Attributes pair
With particular community probable value pair, Fig. 3 is the paired comparisons example of Sensitive Attributes and particular community probable value.We have selected level
Analytic approach (AHP), this method infer preference based on the set of paired comparisons, are a kind of decision support tools, in concordance rate
(CR) less than 0.1 effective when.Paired comparisons method weighs weight of each probable value relative to other probable values in same rank
The property wanted, may then pass through by the weight in tree in same paths it is tired multiply extract the importance in path in tree.
In our example, the design definition of security-sensitive score function is 3 grades of AHP problems by we.See
Fig. 4, top layer define the problem of lookup gives security sensitive attribute probable value weight, only one option of the layer and weight are 1,
Next layer includes security sensitive attribute, and the leaf node of AHP tree indicates security sensitive attribute probable value.We use with comparison
Compared with allowing expert's first more each attribute pair, then the probable value pair of more same attribute, weight on last each probable value path
It is tired multiply be exactly its security-sensitive scoring.For example, using the AHP tree in Fig. 4, if it is desired to infer the safety wind of " privately owned chain "
Danger scoring, only needs to calculate:
Security risk scores (privately owned chain)=weight (weight for searching security sensitive attribute value)
* weight (network structure) * weight (privately owned chain)=1*0.4*0.1=0.04
Hierarchical structure in Fig. 4 has some interesting characteristics.The sum of weight of all nodes is 1 in same layer, father node
Weight is equal to the sum of the security-sensitive score of child node, and the security-sensitive score summation of all probable values is in hierarchical structure
1, the i.e. weight of root node.If a susceptibility attributes have n different probable values, expert needs to compare (n (n-1)/2)
The secondary weight that could obtain attribute value.BTCB has hierarchy, and is multi-level hierarchical structure, it is desirable to rely on BTCB comprehensively, close
Reason ground assessment block chain security risk, it would be desirable to analyze all properties and attribute value of same sublayer one by one according to level.Herein
In can be accepted or rejected for enumerating for block chain security risk association attributes, but do not influence the reasonability of derivation process, method
The understanding of feasibility and reader.
3) derivation of security risk score function
In order to measure the security risk of block chain, we have proposed a kind of new methods --- power and skill are calculated based on block chain
The measurement method of art architectural framework, and the functional relation of quantitative safety risk score and the scoring of qualitative security risk has been determined, with
Show the potential degree of security risk of block catenary system.It is worth noting that, security risk score function value is higher, block chain
Degree of risk is lower.The primary symbols and its definition that this section is related to are listed below.(description item --- symbol)
Block chain security risk scoring --- S
Block chain quantitative safety risk score --- S-quanti
The qualitative security risk scoring of block chain --- S-quali
3.1 formal definition
In this section, we will provide the formal definition of this paper.Without loss of generality, it will be assumed that only
One block catenary system exists, and this method can easily be extended to handle the combined system of multiple block chains.
The attribute that 2 (the security sensitive attributes of block chain) of definition can influence block chain degree of security risk is known as block chain
Security sensitive attribute.Security sensitive attribute is mutually exclusive and can be layered by class, positioned at the n omicronn-leaf child node of AHP structure tree.
According to BTCB, in the second layer of the AHP structure tree of block chain security risk analysis, the security sensitive for having five classes different
Attribute --- data Layer, network layer, common recognition layer, excitation layer and apply alternation of bed, wherein data Layer can be divided into again data structure,
Data pattern and data store three attributes.We indicate all safety of block chain with set A=(A1 ..., Ai ..., An)
Sensitive Attributes, Ai indicate one of attribute.
Define 3 (probable values of security sensitive attribute) define security sensitive attribute special characteristic or parameter be known as safety it is quick
Feel the probable value of attribute.
One security sensitive attribute Ai indicates that wherein pij indicates attribute Ai with set pi=(pi1 ..., pi2 ..., pin)
J-th of probable value.The probable value of security sensitive attribute is mutually exclusive and is located at least significant end --- the leaf knot of AHP structure tree
Point.For example, " privately owned chain ", " alliance's chain " and " publicly-owned chain " is block chain attribute " network structure " in our AHP structure tree
Probable value, see Fig. 4.
4 (security-sensitive score function) security-sensitive score function f [pij]: A*pij ∈ [0,1] are defined according to category
Property security-sensitive distributed to each probable value of attribute to the influence power size of block chain security risk, function from
Variable includes attribute Ai and attribute probable value pij.
We illustrate the calculating process of security-sensitive score function using the information of Fig. 4:
F [privately owned chain]=security risk scores (privately owned chain)=weight (weight for searching security sensitive attribute value)
* weight (network structure) * weight (privately owned chain)=1*0.4*0.1=0.04;
F [alliance's chain]=security risk scores (alliance's chain)=weight (weight for searching security sensitive attribute value)
* weight (network structure) * weight (alliance's chain)=1*0.4*0.3=0.12.
3.2S-quanti function solves
Middle acute hearing proposes the principle of bit coin, and the competition between honest chain and attack chain is described as binomial and is swum at random
It walks, i.e., success events are that honest chain is extended a block, its leading degree is increased by 1, and turkey is the chain extension of attacker
Gap is reduced 1, and calculates the probability of attacker's successful attack under different attack dynamics by one block.One attack chain energy
Shown in the probability such as formula (1) for enough catching up with honest chain:
P is the probability that honest node produces next block, and q is the probability that attacker produces next block, p+q
=1, qz are that finally prevent z block of attacker falls behind gap and change the probability of current block transaction content.According to middle acute hearing
51% attack viewpoint, as q > 0.5, attacker can centainly pull up to honest person because the calculation power of attacker be greater than honesty
The calculation power of node.As soon as assuming that honest node, which will expend the average expectancy time, generates a block, then the potential progress of attacker
It is a Poisson distribution, the desired value of distribution are as follows: λ=z × (q/p).We make progress attacker the Poisson of number of blocks k
The probability density of distribution, multiplied by the probability that attacker can still pull up under the quantity, final summation obtains attacker and chases after
Catch up with the total probability of z block:
From probability level analysis, if attacker goes out, block likelihood ratio honesty miner is high, and attacker can centainly change some
The transaction content of block.In order to avoid summing to unlimited ordered series of numbers, formula (2) can be converted into the form of formula (3):
Inversely, therefore S-quanti function can be designed as the safety of block chain and successful attack probability:
Algorithm 1 is the algorithm for calculating S-quanti functional value:
Algorithm 1 calculates S-quanti functional value
Input: honest miner successfully digs mine Probability p, and attack chain block falls behind gap z
Output: S-quanti functional value
1. calculating attacker successfully digs mine probability q, q=1-p
2. calculating lambda=z* (q/p)
3. enabling sum=0
4.for attacker makes progress number of blocks k=0 to z
5. calculating poisson=pow (lambda, k) * exp (- lambda)
6. if k≤1, mul_k=1;Otherwise mul_k*=k
7.poisson=poisson/mul_k
8.sum+=poisson* (1-pow (q/p, z-k))
9. returning to sum
It is worth noting that, as q > 0.5, attacker can centainly pull up to honest person from probability level analysis, because
This, we only discuss the S-quanti value changing rule of q≤0.5 (i.e. p >=0.5).According to Fig. 5 we have found that fixed p value, S-
Quanti value indicates that attack chain is remoter from the target of success attack with the non-linear increase of z value, and block chain is safer at this time, so
Score is higher;Fixed z value, S-quanti value is with the non-linear increase of p value, because honest chain is calculated, power is bigger, and block chain is more pacified at this time
Entirely, so score is higher.
3.3 sincere function dig block Probability estimate
According to the design feature of block chain, the percentage generation of all mine machines occupied area block chain the whole network that miner is grasped power at long last
Table he successfully dig the probability of mine.For example, if it is 100 that the present the whole network of bit coin, which calculates power, and some miner possesses 10
Power is calculated, then it is exactly 0.1 that he competes the successful probability of book keeping operation every time.Assuming that block chain the whole network before the addition of known attack node
Calculation power is M, and the calculation power for attacking node is A, then the probability that honest node successfully digs block isAttack node is successfully dug
Mine probabilityThe mine machine of mainstream is the calculating magnitude of 14T or so at present, and each mine machine is per second at least
14 are done to collide multiplied by the Hash of 2 20 powers, we can say that, the mine machine of this 14T specification just has the calculation power of 14T.If
Lay spy's coin mine machine that power is 14T, which is calculated, with one digs Lay spy coin (the whole network of Lay spy coin calculates power and is about 390TH/s at present), at this point,
The successful probability of mine machine isIt is worth noting that, the calculation power between unused currency type, is
There is no any relationship, for example Lay spy's coin mine machine cannot dig bit coin, mine algorithm is different, he will not Xie Laite coin because digging
Function topic.
3.4 qualitative analysis
Existing common recognition algorithm can partially solve the problems, such as 51% attack, such as PoS, DPoS, this explanation is only from quantitatively
Analysis block chain security risk be it is insufficient, we also need the security risk of qualitative analysis block chain.Hereinbefore we
Technical system framework is defined as the qualitative effect factor of block chain security risk to the influence factor of block chain security risk, and builds
Found BTCB, for comprehensively, reasonably analyze block chain security risk.In addition, we are again according to AHP analytic approach, it is qualitative shadow
Ring factor scores.
The needs that definition and function based on security sensitive attribute structure tree derive, we first do following hypothesis and definition:
(1) the security sensitive number of attributes of penultimate stage is p, therefore security sensitive attribute probable value can be divided into p group;
(2) quantity of every group of security sensitive attribute probable value be q1, q2, q3 ..., qp;
(3) height of every group of security sensitive attribute probable value is respectively n1, n2, n3 ..., np;
(4) every group of security sensitive attribute probable value indicates are as follows::
First group of security sensitive attribute probable value is respectively as follows:
Second group of security sensitive attribute probable value is respectively as follows:
……
Pth group security sensitive attribute probable value is respectively as follows:
Note
It (5) will setIt is fixed
Justice is the security-sensitive score of security sensitive attribute probable value;
(6) path weight value of security sensitive attribute probable value are as follows:
The path weight value of s11:
The path weight value of s12:
……
Path weight value:
The path weight value of s21:
……
Path weight value:
Note
(7) set of input variable is indicated with X, is remembered If the block chain includes
Sij, i ∈ [1, p], j ∈ [1, max (q1, q2 ... ... qp)], then otherwise it is 0 that the xij value of same index, which is 1,.
We sum input and the product of its path weight value to obtain formula (5),
And because
So formula (6) can be write as the form of formula (7):
The calculating of 3.5 security risk score functions
As described above, block chain quantitative safety risk score (S-quanti) and qualitative security risk scoring (S-quali)
Joint effect block chain security risk scoring (S), adjusts the impact factor of the former two, it is made to meet following limitation:
Alpha+beta=1 (8)
α, β >=0.We design the functional relation of S and S-quanti, S-quali are as follows:
S=α × S-quanti+ β × S-quali, S ∈ [0,1] (9)
3.6 analysis of complexity
We analyze the complexity of block chain security risk score function calculating.It is fallen for this purpose, z is expressed as attacker by us
Block number afterwards, n are expressed as the AHP level quantity of security sensitive attribute, and p is expressed as the quantity of security sensitive attribute, and q is indicated
The quantity of each security sensitive attribute probable value.
The complexity that theorem block chain security risk score function calculates is O (max (z, n × p × q)).
The complexity for proving that block chain security risk score function calculates mainly is influenced by three factors: quantitative safety
Risk score S-quanti;The security-sensitive score w [xij] of each security sensitive attribute probable value;Qualitative security risk is commented
Divide S-quali.
According to the algorithm for calculating S-quanti functional value, we use variable storage k-1 times calculated result, then follow each time
The computation complexity of ring is O (1), is recycled z times, therefore the computation complexity of S-quanti function is O (z).It calculates w [xij], i.e.,
It is the security-sensitive score function f [xij] for calculating each security sensitive attribute probable value, sees definition 4.The set sizes of attribute
It is p, the set sizes of attribute probable value are q, and the computation complexity of w [xij] is O (n), and the safety of each security sensitive attribute is quick
The computation complexity of perceptual score function f [Ai] is O (n × q) (the security-sensitive score of attribute Ai probable value and), last
The computation complexity of qualitative security risk scoring S-quali is O (n × p × q) (the security-sensitive score of each attribute Ai and).
However, can be extracted in O (1) every if block chain security sensitive attribute probable value is pre-processed and counted in advance
The calculating of the security-sensitive score w [xij] of a security sensitive attribute probable value, the qualitative security risk score function of block chain are real
It can be carried out in O (p × q) on border.According to the addition rule T (n, m) of time complexity=T1 (n)+T2 (m)=O (max (T1
(n), T2 (m)), the complexity that block chain security risk score function calculates is O (max (z, n × p × q)).
Detailed description of the invention
Fig. 1 describes block chain technical system framework
Fig. 2 describes block chain trusted computing base
Fig. 3 describes the paired comparisons of attribute and attribute probable value
Fig. 4 describes the three-decker example of AHP tree
Fig. 5 describes S-quanti value with z value variation tendency
Fig. 6 describes S-quanti value with p value variation tendency
Fig. 7 describes security sensitive weight questionnaire sample
Fig. 8 describes the comparative analysis of experimental result and RatingToken scoring
Specific embodiment
Below with reference to example, the present invention is further illustrated:
1) experimental situation describes
Up to the present, only there are two authoritative institutions to the progress technical security risk assessment of block chain and open number in the whole world
According to one is Development of China's IT Industry center --- sadie block chain research institute, assessment object is publicly-owned chain, assession number 31
, assessment content includes realizing function, basic property, safety and centralization degree;The machine the other is U.S. independently grades
Structure --- Weiss Ratings, assessment object is publicly-owned chain, assession number 93, assessment content include function, basic property,
Safety and energy consumption processing.In order to verify the feasibility of this model, this experiment has chosen 30 instantly famous publicly-owned catenary systems
As experimental subjects.
2) experimental data describes
The model calculation encrypts currency as experimental group data, the publicly-owned chain technology evaluation index in the sadie whole world and Weiss
The control group graded as experiment, the mean absolute deviation that sadie and the scoring of Weiss two systems is calculated is 0.1632, is put down
Equal relative deviation is the visualization comparative analysis that 20.1278%, Fig. 7 is two systems scoring, in conjunction with calculated result and map analysis,
We have found that the appraisal result deviation of two different assessment systems is larger but still has relatively uniform place, and Weiss scores
Generally higher than sadie scores.
In an experiment, we attempt to answer following study a question:
1. the quantified goal that block chain safety risk estimating method realizes block chain security risk?
2. is the security sensitive weight of block chain security sensitive attribute and attribute value from He Erlai?
We explain the process of experiment, and give used questionnaire sample.For simplicity, we carry out reality
It just look like that there are single context is the same when testing, it is believed that, method provided by us can be readily extended to handle
Multiple contexts (i.e. by obtaining the data in relation to context from domain expert there, and create and are suitable for each context
Appraisal procedure), however, this problem has left following work for.
3) experimental diagrams describe
Fig. 1 describes block chain technical system framework
Fig. 2 describes block chain trusted computing base
Fig. 3 describes the paired comparisons of attribute and attribute probable value
Fig. 4 describes the three-decker example of AHP tree
Fig. 5 describes S-quanti value with z value variation tendency
Fig. 6 describes S-quanti value with p value variation tendency
Fig. 7 describes security sensitive weight questionnaire sample
Fig. 8 describes the comparative analysis of experimental result and RatingToken scoring
4) analysis of experimental results
We are according to the S-quanti value of formula (4) calculation block catenary system, according to formula (7) calculation block catenary system
S-quali value, according to the S value of formula (9) calculation block catenary system.Statistical check is concluded that
(1) most of rating organization grades to Bitcoin, Ethereum and Litecoin higher, and four mechanisms all think
Ethereum safety is high, this is consistent with our model evaluation result;
(2) most of rating organization all thinks that Decred, Bitcoin SV and Sia safety are lower, and our model
Think that its safety is moderate, power is larger to cause its quantitative safety risk score higher this is because their the whole network is calculated;
(3) most of rating organization all thinks that Bytecoin, Bitcore and ETN safety are lower, the model of this and we
Assessment result is consistent;
(4) our model evaluation result is generally lower than market and has evaluation and test data, this is because we only analyze 12
The evaluation result of a index does not evaluate and test the processing of item meter zero, causes our evaluation and test data relatively low, but evaluates and tests rank and have evaluation and test
Data are unanimous on the whole, this can illustrate the feasibility of the model to a certain extent.
Fig. 8 is the graphical comparative analysis of experimental calculation result and RatingToken scoring, it is observed that we have found that two
The result that a different Rating Model calculates is unanimous on the whole in the rank of security risk.We are by taking Dash project as an example, in detail
Introduce the Computing Principle of our appraisal procedures.The qualitative security risk scoring S-quali of Dash project is 0.5, in this 15 areas
Belong to relatively low rank in block chain project, but his the whole network calculation power is higher, is 3190.88T H/s, occupies the 4th.According to being situated between above
The honest mine Probability p of digging of the honest digging mine probability calculation formula to continue, Dash is (3190.88T H/s)/(3190.88T H/s+7
× 14T H/s)=0.97 (attack of this experiment calculates power and is uniformly set as 7 × 14TH/s), and then calculate quantitative safety risk
Score S-quanti is 1.Comprehensive assessment show that the security risk score S of Dash project is 0.55, belongs to intermediate security level, this
It is consistent with objective fact.
Claims (1)
1. a kind of safety risk estimating method based on block chain, it is characterised in that as follows:
A, block chain trusted computing base
The core of our appraisal procedures is that the safety wind of block chain project to be appraised is sufficiently disclosed from the angle of block chain Technical Architecture
Danger, for this reason, it may be necessary to be analyzed the various technologies for influencing block chain security risk comprehensively;Basic ideas are from security risk
Intension triggering, using the safety of technology as foothold, fully considers data model, the Encryption Algorithm, common recognition mechanism, net of block chain
The Safety Influence Factors such as network design, decentralization degree, incentive mechanism and intelligent contract;The development of block chain is substantially passed through with evolution
3.0 three phases of block chain 1.0, block chain 2.0 and block chain have been gone through, although upper different in specific implementation, whole body
There are many general character for system structure;The document of Shao Qifeng et al. --- block chain technology: framework and progress think that the architectural framework is whole
Five levels can be divided on body: network layer, common recognition layer, data Layer, intelligent contract layer and application layer, multiple technologies are constituted together
Block catenary system, is shown in Fig. 1;
In order to provide the analytic process of strict logic to the qualitative evaluation of hereafter block chain security risk, we are according to block chain
Technical Architecture establishes block chain trusted computing base --- BTCB, as shown in Figure 2;BTCB contains the institute for influencing block chain safety
There is element, and by function difference by their hierarchical classifications, to analyze the potential security risk or safeguard protection of statistics block chain
Mechanism;
Define all peaces of 1 (block chain trusted computing base --- BTCB) block chain trust computing basis representation safety zone block catenary system
The set of all risk insurance protection mechanism, including the storage of data structure, data pattern, data, Encryption Algorithm, hash function, network structure, net
The various block chain security factors such as network agreement, common recognition mechanism, intelligent contract;
Compared with block chain Technical Architecture, the content of BTCB is more extensive, and other than the security factor of technology class, BTCB also includes area
The enterprise externals security factors such as block chain industry environment, development trend, policy and Supervision Measures,
The enterprises security factors such as Enterprise Project, team's composition, technical strength, capital input and operation maintenance and other spies
Different security factor;But the emphasis of this paper is from the security risk of the angular quantification block chain project of Technical Architecture, and therefore, we are only
The technology class security factor of BTCB is discussed, and as the content of block chain security risk assessment;
1) data Layer;Principal concern of the appraisal procedure to data Layer security risk analysis: (a) information attack;(b) Encryption Algorithm
Attack;Corresponding safety protecting mechanism is that the data storage [10] based on Merkle tree and the encryption based on digital signature are calculated respectively
Method;Data storage is realized by block mode and chain structure, realizes persistence in the form of KV database mostly;Based on number
A variety of cryptographic algorithms, hash function and the asymmetric encryption techniques of signature, ensure that the application solutions of account and transaction;
2) network layer;Principal concern of the appraisal procedure to IP Security risk analysis:
P2P network risks;
Broadcast mechanism risk;
Authentication mechanism risk;
Mechanism, the information of P2P mode such as block chain propagated using P2P network settings, verifying are propagated, can will comprising itself IP
The information of location is sent to adjacent node, be easy by solar eclipse attack, eavesdropping attack, BGP hijack attack, node client loophole,
The attack such as refusal service (DDoS);Common attack pattern has honeysuckle attack and transaction extension sexual assault in broadcast mechanism;It tests
There is verifying easily around phenomenon in card new mechanism process, will lead to data corruption once going wrong, and can be related to bifurcated
Problem;Safety protecting mechanism mainly includes the network protocol continuously improved, safe rigorous network structure;
3) common recognition layer;In BTCB, common recognition layer is located on network layer, is made of rich and varied common recognition mechanism;Appraisal procedure
To the principal concern of common recognition layer security risk analysis: the reliability for mechanism of knowing together;Common recognition mechanism is in a time window
The algorithm reached common understanding of affairs sequencing;Block chain can support different common recognition mechanism, and the common recognition mechanism having at present has
PoW, PoS, DPoS, Pool verify pond mechanism and PBFT etc., the attack faced include Sybil attack, short-range attack,
Long-range attack, coin age accumulative public product, precomputation attack etc.;
4) excitation layer;Principal concern of the appraisal procedure to excitation layer security risk analysis: (a) issuing mechanism risk;(b) it distributes
Mechanism risk;At present there is no the exposures of security risk event, but are not excluded in excitation layer issuing mechanism that there are security risks;Dispenser
A large amount of small calculation power nodes are concentrated and mine pond are added by system, easily threaten to decentralization trend;
5) alternation of bed is applied;A practical landing scene using alternation of bed as block chain technology, is current all block chains
A most frequent level of security events occurs in the framework of industry;Appraisal procedure is to application alternation of bed security risk analysis
Principal concern:
Application extension risk;
Application environment risk;
Market Feedback;
Application extension risk refers mainly to the attack to all kinds of scripts, algorithm and intelligent contract;Current potential security threat is main
It is attacked including Solidity loophole, escape loophole, short address loophole, stack overflow loophole, reenterability attack, trading order dependence
Hit, timestamp dependent attack, integer overflow attack etc.;Application environment risk includes economic situation, monetary policy, team, enterprise back
The brings security risk such as scape and capital;Market Feedback is concentrated mainly on field relevant to cryptographic assets, such as saves in user
Among point, digital asset wallet and transaction platform, actual loss brought by security incident each time is supreme up to ten million
Hundred million dollars;
B, paired comparisons
Paired comparisons can help domain expert to better describe sensibility rank, the content compared include Sensitive Attributes to and it is special
Determine attribute probable value pair, Fig. 3 is the paired comparisons example of Sensitive Attributes and particular community probable value;We have selected step analysis
Method (AHP), this method infer preference based on the set of paired comparisons, are a kind of decision support tools, small in concordance rate (CR)
It is effective when 0.1;Paired comparisons method weighs importance of each probable value relative to other probable values in same rank, so
It can be tired out afterwards by the weight in same paths in setting and be multiplied to extract the importance in path in tree;
In our example, the design definition of security-sensitive score function is 3 grades of AHP problems by we;See Fig. 4,
Top layer defines the problem of lookup gives security sensitive attribute probable value weight, only one option of the layer and weight are 1, next
Layer includes security sensitive attribute, and the leaf node of AHP tree indicates security sensitive attribute probable value;We use paired comparisons, allow
The first more each attribute pair of expert, the then probable value pair of more same attribute, weight is tired on last each probable value path
Multiplying is exactly the scoring of its security-sensitive;For example, using the AHP tree in Fig. 4, if it is desired to infer that the security risk of " privately owned chain " is commented
Point, it only needs to calculate:
Security risk scores (privately owned chain)=weight (weight for searching security sensitive attribute value)
* weight (network structure) * weight (privately owned chain)=1*0.4*0.1=0.04
Hierarchical structure in Fig. 4 has some interesting characteristics;The sum of weight of all nodes is 1 in same layer, father node weight
Equal to the sum of the security-sensitive score of child node, the security-sensitive score summation of all probable values is 1 in hierarchical structure, i.e.,
The weight of root node;If a susceptibility attributes have n different probable values, expert needs to compare (n (n-1)/2) secondary
The weight of attribute value can be obtained;BTCB has hierarchy, and is multi-level hierarchical structure, it is desirable to rely on BTCB comprehensively, reasonably
Assess block chain security risk, it would be desirable to analyze all properties and attribute value of same sublayer one by one according to level;Needle herein
Enumerating and can be accepted or rejected to block chain security risk association attributes, but do not influence the reasonability of derivation process, method it is feasible
The understanding of property and reader;
C, the derivation of security risk score function
In order to measure the security risk of block chain, we have proposed a kind of new methods --- power and technology body are calculated based on block chain
The measurement method of system structure, and the functional relation of quantitative safety risk score and the scoring of qualitative security risk has been determined, to show
The potential degree of security risk of block catenary system;It is worth noting that, security risk score function value is higher, the risk of block chain
Degree is lower;The primary symbols and its definition that this section is related to are listed below;(description item --- symbol)
Block chain security risk scoring --- S
Block chain quantitative safety risk score --- S-quanti
The qualitative security risk scoring of block chain --- S-quali
1) formal definition
In this section, we will provide the formal definition of this paper;Without loss of generality, it will be assumed that only one
Block catenary system exists, and this method can easily be extended to handle the combined system of multiple block chains;
The attribute that 2 (the security sensitive attributes of block chain) of definition can influence block chain degree of security risk is known as the safety of block chain
Sensitive Attributes;Security sensitive attribute is mutually exclusive and can be layered by class, positioned at the n omicronn-leaf child node of AHP structure tree;
There is the security sensitive category that five classes are different in the second layer of the AHP structure tree of block chain security risk analysis according to BTCB
Property --- data Layer, network layer, common recognition layer, excitation layer and apply alternation of bed, wherein data Layer can be divided into data structure, number again
Three attributes are stored according to mode and data;We indicate that all safety of block chain are quick with set A=(A1 ..., Ai ..., An)
Feel attribute, Ai indicates one of attribute;
3 (probable values of security sensitive attribute) of definition define the special characteristic of security sensitive attribute or parameter is known as security sensitive category
The probable value of property;
One security sensitive attribute Ai indicates with set pi=(pi1 ..., pi2 ..., pin), wherein the of pij expression attribute Ai
J probable value;The probable value of security sensitive attribute is mutually exclusive and is located at least significant end --- the leaf node of AHP structure tree;Than
Such as, in our AHP structure tree, " privately owned chain ", " alliance's chain " and " publicly-owned chain " be block chain attribute " network structure " can
It can be worth, see Fig. 4;
4 (security-sensitive score function) security-sensitive score function f [pij]: A*pij ∈ [0,1] are defined according to attribute pair
Security-sensitive is distributed to each probable value of attribute, argument of function by the influence power size of block chain security risk
Including attribute Ai and attribute probable value pij;
We illustrate the calculating process of security-sensitive score function using the information of Fig. 4:
F [privately owned chain]=security risk scores (privately owned chain)=weight (weight for searching security sensitive attribute value)
* weight (network structure) * weight (privately owned chain)=1*0.4*0.1=0.04;
F [alliance's chain]=security risk scores (alliance's chain)=weight (weight for searching security sensitive attribute value)
* weight (network structure) * weight (alliance's chain)=1*0.4*0.3=0.12;
2) S-quanti function solves
Middle acute hearing proposes the principle of bit coin, the competition between honest chain and attack chain is described as binomial random walk, i.e.,
Success events are that honest chain is extended a block, its leading degree is increased by 1, and the chain that turkey is attacker extends one
Gap is reduced 1, and calculates the probability of attacker's successful attack under different attack dynamics by block;One attack chain can chase after
Shown in the probability such as formula (1) of upper honesty chain:
P is the probability that honest node produces next block, and q is the probability that attacker produces next block, p+q=1,
Qz is that finally prevent z block of attacker falls behind gap and change the probability of current block transaction content;It is clever according to middle
51% attack viewpoint, as q > 0.5, attacker can centainly pull up to honest person, because the calculation power of attacker is greater than honest section
The calculation power of point;Assuming that honest node, which will expend the average expectancy time, generates a block, then the potential progress of attacker is exactly
One Poisson distribution, the desired value of distribution are as follows: λ=z × (q/p);We make progress attacker the Poisson point of number of blocks k
The probability density of cloth, multiplied by the probability that attacker can still pull up under the quantity, final summation obtains attacker's pursuit
The total probability of upper z block:
From probability level analysis, if attacker goes out, block likelihood ratio honesty miner is high, and attacker can centainly change some block
Transaction content;In order to avoid summing to unlimited ordered series of numbers, formula (2) can be converted into the form of formula (3):
Inversely, therefore S-quanti function can be designed as the safety of block chain and successful attack probability:
Algorithm 1 is the algorithm for calculating S-quanti functional value:
Algorithm 1 calculates S-quanti functional value
Input: honest miner successfully digs mine Probability p, and attack chain block falls behind gap z
Output: S-quanti functional value
It is as follows:
It calculates attacker and successfully digs mine probability q, q=1-p
It calculates lambda=z* (q/p)
Enable sum=0
For attacker makes progress number of blocks k=0 to z
Calculate poisson=pow (lambda, k) * exp (- lambda)
If k≤1, mul_k=1;Otherwise mul_k*=k
Poisson=poisson/mul_k
Sum+=poisson* (1-pow (q/p, z-k))
Return to sum
It is worth noting that, as q > 0.5, attacker can centainly pull up to honest person from probability level analysis, therefore, I
Only discuss q≤0.5 (i.e. p >=0.5) S-quanti value changing rule;According to Fig. 5 we have found that fixed p value, S-quanti
Value indicates that attack chain is remoter from the target of success attack, block chain is safer at this time, so score is got over the non-linear increase of z value
It is high;Fixed z value, S-quanti value is with the non-linear increase of p value, because honest chain is calculated, power is bigger, and block chain is safer at this time, so
Score is higher;
3) really function digs block Probability estimate
According to the design feature of block chain, the percentage of all mine machines occupied area block chain the whole network that miner is grasped power at long last is represent
He successfully digs the probability of mine;For example, if it is 100 that the present the whole network of bit coin, which calculates power, and some miner possesses 10 calculation power,
It is exactly 0.1 that so he competes the successful probability of book keeping operation every time;Assuming that block chain the whole network before known attack node is added calculates power
For M, the calculation power for attacking node is A, then the probability that honest node successfully digs block isIt is general that attack node successfully digs mine
RateThe mine machine of mainstream is the calculating magnitude of 14T or so at present, and each mine machine be per second at least to be done 14 and multiply
It is collided with the Hash of 2 20 powers, we can say that, the mine machine of this 14T specification just has the calculation power of 14T;If with one
It calculates Lay spy's coin mine machine that power is 14T and digs Lay spy coin (the whole network of Lay spy coin calculates power and is about 390TH/s at present), at this point, the mine machine
Successfully probability isIt is worth noting that, the calculation power between unused currency type, is not appoint
What relationship, for example Lay spy's coin mine machine cannot dig bit coin because digging, mine algorithm is different, he will not Xie Laite coin function
Topic;
4) qualitative analysis
Existing common recognition algorithm can partially solve the problems, such as 51% attack, such as PoS, DPoS, this explanation is only from quantitatively upper analysis
The security risk of block chain be it is insufficient, we also need the security risk of qualitative analysis block chain;Hereinbefore we are technology
Architectural framework is defined as the qualitative effect factor of block chain security risk to the influence factor of block chain security risk, and establishes
BTCB, for comprehensively, reasonably analyze block chain security risk;In addition, we again according to AHP analytic approach, be qualitative effect because
Element scoring;
The needs that definition and function based on security sensitive attribute structure tree derive, we first do following hypothesis and definition:
The security sensitive number of attributes of penultimate stage is p, therefore security sensitive attribute probable value can be divided into p group;
The quantity of every group of security sensitive attribute probable value be q1, q2, q3 ..., qp;
The height of every group of security sensitive attribute probable value is respectively n1, n2, n3 ..., np;
Every group of security sensitive attribute probable value indicates are as follows::
First group of security sensitive attribute probable value is respectively as follows:
Second group of security sensitive attribute probable value is respectively as follows:
……
Pth group security sensitive attribute probable value is respectively as follows:
Note
It will setIt is defined as pacifying
The security-sensitive score of full Sensitive Attributes probable value;
The path weight value of security sensitive attribute probable value are as follows:
The path weight value of s11:
The path weight value of s12:
……
Path weight value:
The path weight value of s21:
……
Path weight value:
Note
The set of input variable is indicated with X, is remembered
If the block chain includes sij, i ∈ [1, p], j ∈ [1, max (q1, q2 ... ... qp)], then
The xij value of same index is 1, is otherwise 0;
We sum input and the product of its path weight value to obtain formula (5),
And because
So formula (6) can be write as the form of formula (7):
5) calculating of security risk score function
As described above, block chain quantitative safety risk score (S-quanti) and qualitative security risk scoring (S-quali) are common
Block chain security risk scoring (S) is affected, the impact factor of the former two is adjusted, it is made to meet following limitation:
Alpha+beta=1 (8)
α, β >=0;We design the functional relation of S and S-quanti, S-quali are as follows:
S=α × S-quanti+ β × S-quali, S ∈ [0,1] (9).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910535959.8A CN110309657A (en) | 2019-06-20 | 2019-06-20 | The safety risk estimating method of block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910535959.8A CN110309657A (en) | 2019-06-20 | 2019-06-20 | The safety risk estimating method of block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110309657A true CN110309657A (en) | 2019-10-08 |
Family
ID=68076063
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910535959.8A Pending CN110309657A (en) | 2019-06-20 | 2019-06-20 | The safety risk estimating method of block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110309657A (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111400277A (en) * | 2020-03-06 | 2020-07-10 | 安徽中科智链信息科技有限公司 | Block chain health state evaluation method and block chain dynamic anchoring system and method |
CN111695770A (en) * | 2020-05-07 | 2020-09-22 | 北京华云安信息技术有限公司 | Asset vulnerability risk assessment method, equipment and storage medium |
CN111709049A (en) * | 2020-05-18 | 2020-09-25 | 杜晓楠 | Method for preventing time stamp attack in blockchain system, computer readable storage medium and blockchain system |
CN111754122A (en) * | 2020-06-28 | 2020-10-09 | 灏冉舟网络有限公司 | Block chain service evaluation method and system |
CN111858105A (en) * | 2020-08-26 | 2020-10-30 | 电子科技大学 | Personal archive permission chain management system and method based on improved multi-layer PBFT |
CN112070373A (en) * | 2020-08-25 | 2020-12-11 | 深圳信息职业技术学院 | Method and system for grading quality of block chain item |
CN112116350A (en) * | 2020-09-07 | 2020-12-22 | 陈建芸 | Payment network environment detection method applied to block chain payment and network server |
CN112468565A (en) * | 2020-11-19 | 2021-03-09 | 江苏省测绘资料档案馆 | System for managing space data integrity and tracking shared flow based on block chain |
CN112787890A (en) * | 2021-01-19 | 2021-05-11 | 北京笔新互联网科技有限公司 | Block chain monitoring system |
CN113742194A (en) * | 2021-09-17 | 2021-12-03 | 北京航空航天大学 | Block chain system environment three-dimensional scoring method based on analytic hierarchy process |
CN113806799A (en) * | 2021-08-27 | 2021-12-17 | 北京邮电大学 | Block chain platform safety intensity assessment method and device |
CN114721703A (en) * | 2022-05-26 | 2022-07-08 | 青服(深圳)技术研究有限公司 | Software maintenance method and system based on big data |
CN115065509A (en) * | 2022-05-27 | 2022-09-16 | 中电长城网际系统应用有限公司 | Method and device for identifying risk of statistical inference attack based on deviation function |
CN115543754A (en) * | 2022-11-23 | 2022-12-30 | 中国信息通信研究院 | Evaluation method and device for block chain running state, electronic equipment and storage medium |
CN115941291A (en) * | 2022-11-16 | 2023-04-07 | 西南科技大学 | Analysis system and method for security situation awareness of DPoS (distributed denial of service) block chain network |
CN116862513A (en) * | 2023-08-30 | 2023-10-10 | 环球数科集团有限公司 | High-safety public payment system based on PoS consensus |
CN117034361A (en) * | 2023-07-31 | 2023-11-10 | 广州承启医学检验有限公司 | Gene detection and inspection laboratory information management method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107085807A (en) * | 2017-04-19 | 2017-08-22 | 迅鳐成都科技有限公司 | A kind of data assets method of commerce based on block chain |
CN109117651A (en) * | 2018-07-27 | 2019-01-01 | 国网重庆市电力公司电力科学研究院 | A kind of continuous data safety protecting method |
CN109472596A (en) * | 2018-10-16 | 2019-03-15 | 中国传媒大学 | Alliance's chain common recognition method and system based on transaction assessment |
AU2019100380A4 (en) * | 2019-04-07 | 2019-06-06 | Edduus Pty Ltd | Education ecosystem utilising blockchain technology for learning block assessment and evaluation. |
-
2019
- 2019-06-20 CN CN201910535959.8A patent/CN110309657A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107085807A (en) * | 2017-04-19 | 2017-08-22 | 迅鳐成都科技有限公司 | A kind of data assets method of commerce based on block chain |
CN109117651A (en) * | 2018-07-27 | 2019-01-01 | 国网重庆市电力公司电力科学研究院 | A kind of continuous data safety protecting method |
CN109472596A (en) * | 2018-10-16 | 2019-03-15 | 中国传媒大学 | Alliance's chain common recognition method and system based on transaction assessment |
AU2019100380A4 (en) * | 2019-04-07 | 2019-06-06 | Edduus Pty Ltd | Education ecosystem utilising blockchain technology for learning block assessment and evaluation. |
Non-Patent Citations (3)
Title |
---|
区块链的作坊: "比特币:一种点对点的电子现金系统(三)", 《HTTP://BLOG.SINA.COM.CN/S/BLOG_D66494300102WZ99.HTML》 * |
国家互联网金融安全技术专家委员会与上海圳链公司联合发布: "2018区块链技术安全概述", 《HTTPS://WENKU.BAIDU.COM/VIEW/635E58ACEC630B1C59EEF8C75FBFC77DA3699766.HTML#》 * |
徐晓飞: "区块链金融的风险评估与管理", 《现代管理科学》 * |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111400277B (en) * | 2020-03-06 | 2020-10-16 | 安徽中科智链信息科技有限公司 | Block chain health state evaluation method and block chain dynamic anchoring system and method |
CN111400277A (en) * | 2020-03-06 | 2020-07-10 | 安徽中科智链信息科技有限公司 | Block chain health state evaluation method and block chain dynamic anchoring system and method |
CN111695770A (en) * | 2020-05-07 | 2020-09-22 | 北京华云安信息技术有限公司 | Asset vulnerability risk assessment method, equipment and storage medium |
CN111709049B (en) * | 2020-05-18 | 2023-06-06 | 杜晓楠 | Method for preventing timestamp attack in blockchain system, computer readable storage medium and blockchain system |
CN111709049A (en) * | 2020-05-18 | 2020-09-25 | 杜晓楠 | Method for preventing time stamp attack in blockchain system, computer readable storage medium and blockchain system |
CN111754122A (en) * | 2020-06-28 | 2020-10-09 | 灏冉舟网络有限公司 | Block chain service evaluation method and system |
CN112070373A (en) * | 2020-08-25 | 2020-12-11 | 深圳信息职业技术学院 | Method and system for grading quality of block chain item |
CN111858105B (en) * | 2020-08-26 | 2021-03-16 | 电子科技大学 | Personal archive permission chain management system and method based on improved multi-layer PBFT |
CN111858105A (en) * | 2020-08-26 | 2020-10-30 | 电子科技大学 | Personal archive permission chain management system and method based on improved multi-layer PBFT |
CN112116350A (en) * | 2020-09-07 | 2020-12-22 | 陈建芸 | Payment network environment detection method applied to block chain payment and network server |
CN112468565A (en) * | 2020-11-19 | 2021-03-09 | 江苏省测绘资料档案馆 | System for managing space data integrity and tracking shared flow based on block chain |
CN112787890A (en) * | 2021-01-19 | 2021-05-11 | 北京笔新互联网科技有限公司 | Block chain monitoring system |
CN112787890B (en) * | 2021-01-19 | 2022-09-27 | 北京笔新互联网科技有限公司 | Block chain monitoring system |
CN113806799A (en) * | 2021-08-27 | 2021-12-17 | 北京邮电大学 | Block chain platform safety intensity assessment method and device |
CN113806799B (en) * | 2021-08-27 | 2022-06-07 | 北京邮电大学 | Block chain platform safety intensity assessment method and device |
CN113742194A (en) * | 2021-09-17 | 2021-12-03 | 北京航空航天大学 | Block chain system environment three-dimensional scoring method based on analytic hierarchy process |
CN114721703A (en) * | 2022-05-26 | 2022-07-08 | 青服(深圳)技术研究有限公司 | Software maintenance method and system based on big data |
CN114721703B (en) * | 2022-05-26 | 2024-02-23 | 青服(深圳)技术研究有限公司 | Software maintenance method and system based on big data |
CN115065509A (en) * | 2022-05-27 | 2022-09-16 | 中电长城网际系统应用有限公司 | Method and device for identifying risk of statistical inference attack based on deviation function |
CN115065509B (en) * | 2022-05-27 | 2024-04-02 | 中电长城网际系统应用有限公司 | Risk identification method and device for statistical inference attack based on deviation function |
CN115941291A (en) * | 2022-11-16 | 2023-04-07 | 西南科技大学 | Analysis system and method for security situation awareness of DPoS (distributed denial of service) block chain network |
CN115543754A (en) * | 2022-11-23 | 2022-12-30 | 中国信息通信研究院 | Evaluation method and device for block chain running state, electronic equipment and storage medium |
CN115543754B (en) * | 2022-11-23 | 2023-03-24 | 中国信息通信研究院 | Evaluation method and device for block chain running state, electronic equipment and storage medium |
CN117034361A (en) * | 2023-07-31 | 2023-11-10 | 广州承启医学检验有限公司 | Gene detection and inspection laboratory information management method and system |
CN116862513A (en) * | 2023-08-30 | 2023-10-10 | 环球数科集团有限公司 | High-safety public payment system based on PoS consensus |
CN116862513B (en) * | 2023-08-30 | 2023-11-07 | 环球数科集团有限公司 | High-safety public payment system based on PoS consensus |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110309657A (en) | The safety risk estimating method of block chain | |
Dupont | The cyber-resilience of financial institutions: significance and applicability | |
Chatterjee et al. | Prevention of cybercrimes in smart cities of India: from a citizen’s perspective | |
Montazer et al. | Detection of phishing attacks in Iranian e-banking using a fuzzy–rough hybrid system | |
CN106341414B (en) | A kind of multi-step attack safety situation evaluation method based on Bayesian network | |
Chen et al. | A survey on blockchain systems: Attacks, defenses, and privacy preservation | |
CN108683664A (en) | A kind of network risk analysis based on multi-level betting model and optimal active defense method | |
CN110099045B (en) | Network security threat early warning method and device based on qualitative differential gaming and evolutionary gaming | |
CN108881110A (en) | A kind of safety situation evaluation and defence policies joint decision method and system | |
Bugday et al. | Creating consensus group using online learning based reputation in blockchain networks | |
CN110191120A (en) | A kind of network system loophole methods of risk assessment and device | |
Hughes et al. | From playing games to committing crimes: A multi-technique approach to predicting key actors on an online gaming forum | |
He et al. | An immune-based risk assessment method for digital virtual assets | |
CN114785580A (en) | Cloud computing data security processing system | |
Vistro et al. | Smart application based blockchain consensus protocols: A systematic mapping study | |
He et al. | A model and method of information system security risk assessment based on MITRE ATT&CK | |
CN108322478A (en) | A kind of website defence policies choosing method based on attacking and defending game | |
CN108712436B (en) | Network space security measurement method based on differential manifold | |
He et al. | Group password strength meter based on attention mechanism | |
Zhao et al. | Fuzzy risk assessment of the network security | |
Parish et al. | Password guessers under a microscope: an in-depth analysis to inform deployments | |
Arazzi et al. | Turning privacy-preserving mechanisms against federated learning | |
Zhao et al. | Construction and Security Measurement of Cybersecurity Metrics Framework Based on Network Behavior | |
Hwang et al. | North Korean cyber attacks and policy responses: an interdisciplinary theoretical framework | |
Wang et al. | Optimal network defense strategy selection based on Bayesian game |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191008 |