CN109862037B - Block chain-based data equipment management method, device, medium and electronic equipment - Google Patents
Block chain-based data equipment management method, device, medium and electronic equipment Download PDFInfo
- Publication number
- CN109862037B CN109862037B CN201910221656.9A CN201910221656A CN109862037B CN 109862037 B CN109862037 B CN 109862037B CN 201910221656 A CN201910221656 A CN 201910221656A CN 109862037 B CN109862037 B CN 109862037B
- Authority
- CN
- China
- Prior art keywords
- attack
- data
- attacked
- identified
- intrusion
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention provides a data equipment management method, a device, a medium and electronic equipment based on a block chain, wherein the data equipment management method based on the block chain comprises the following steps: acquiring historical attacked data in a blockchain network, and classifying the historical attacked data to obtain a classification result; performing machine learning on the classification result to obtain a classifier, and identifying the intrusion attack to be identified, which is obtained from the blockchain network, according to the classifier to obtain an attack type; judging whether prompting needs to be carried out on data equipment corresponding to the intrusion attack to be identified or not according to the attack type; and if the data equipment needs to be prompted, generating prompt information of the attack type and storing the prompt information into the block chain network so that the data equipment can acquire the prompt information from the block chain network and process the intrusion attack to be identified according to the prompt information. The technical scheme of the embodiment of the invention improves the identification efficiency of the intrusion attack to be identified and saves the labor cost at the same time.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a block chain-based data equipment management method, a block chain-based data equipment management device, a block chain-based data equipment management medium and electronic equipment.
Background
Currently, in a risk management scheme of a data device, after a risk affects security of the data device (for example, a trojan horse invades the data device), the risk can be manually handled. However, this method cannot prompt for potential risks in time, so that security holes may exist in the data device, and the security of the data device is reduced. Moreover, the method is not only low in efficiency, but also occupies more labor cost. And the problems of missed processing and untimely processing of risks caused by human factors are inevitable.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present invention and therefore may include information that does not constitute prior art known to a person of ordinary skill in the art.
Disclosure of Invention
Embodiments of the present invention provide a method, an apparatus, a medium, and an electronic device for managing a data device based on a block chain, so as to overcome the problems of low security of the data device, missed processing of risks, and untimely processing, at least to a certain extent.
Additional features and advantages of the invention will be set forth in the detailed description which follows, or may be learned by practice of the invention.
According to a first aspect of the embodiments of the present invention, there is provided a block chain-based data device management method, including:
acquiring historical attacked data in a blockchain network, and classifying the historical attacked data to obtain a classification result;
performing machine learning on the classification result to obtain a classifier, and identifying the intrusion attack to be identified, which is obtained from the block chain network, according to the classifier to obtain an attack type;
judging whether prompting needs to be carried out on the data equipment corresponding to the intrusion attack to be identified or not according to the attack type;
and if the data equipment needs to be prompted, generating prompt information of the attack type and storing the prompt information into the block chain network so that the data equipment can acquire the prompt information from the block chain network and process the intrusion attack to be identified according to the prompt information.
In some embodiments of the present invention, based on the foregoing scheme, classifying the historical attacked data to obtain a classification result includes:
extracting attack features in the historical attacked data; the attack characteristics comprise one or more of system operation environment conditions, attack time, attack duration, data equipment names, attack intrusion traces and leakage information contents;
generating a first feature vector according to the attack features, and generating a feature matrix according to the feature vector;
and performing labeling processing on the feature matrix according to a preset category to obtain a label vector of the feature matrix.
In some embodiments of the present invention, based on the foregoing solution, performing machine learning on the classification result to obtain a classifier includes:
taking the feature matrix as the input of a model, taking the label vector of the feature matrix as the output of the model, and performing machine learning on the model to obtain the classifier;
the model comprises one or more of an SVM model, a Logistic model, a decision tree model, a naive Bayes model and a linear regression model.
In some embodiments of the present invention, based on the foregoing scheme, identifying an intrusion attack to be identified, which is obtained from the blockchain network, according to the classifier, and obtaining an attack type includes:
extracting features to be identified in the intrusion attack to be identified, which are acquired from the blockchain network;
generating a second feature vector according to the feature to be identified;
inputting the second feature vector into the classifier to obtain the attack type of the intrusion attack to be identified;
the characteristics to be identified comprise one or more of system operation environment conditions, attacked time, data equipment names, attack invasion traces and leaked information contents.
In some embodiments of the present invention, based on the foregoing solution, after the processing the intrusion attack to be identified according to the prompt, the method for managing data devices based on a blockchain further includes:
acquiring a processing result of the data equipment in the block chain network on the intrusion attack to be identified;
establishing a dynamic association lookup table according to the attack type of the intrusion attack to be identified and the processing result;
and storing the dynamic association lookup table into the block chain network.
In some embodiments of the present invention, based on the foregoing solution, after storing the dynamic association lookup table in the blockchain network, the method for managing a data device based on a blockchain further includes:
inquiring whether a newly added data device in the block chain network has a processing result of the intrusion attack to be identified at intervals of preset time;
if the newly added processing result exists, acquiring the dynamic association query table, and updating the dynamic association query table by using the newly added processing result;
and storing the updated dynamic association lookup table into the block chain network.
In some embodiments of the present invention, based on the foregoing scheme, storing the hint in the blockchain network comprises:
acquiring the dynamic association query table, and querying whether the dynamic association query table comprises a processing result corresponding to the attack type;
and if the processing result corresponding to the attack type is included, uploading the processing result with the highest association degree with the attack type and the prompt to the block chain network.
According to a second aspect of the embodiments of the present invention, there is provided a block chain-based data device management apparatus, including:
the classification module is used for acquiring historical attacked data in the blockchain network and classifying the historical attacked data to obtain a classification result;
the identification module is used for carrying out machine learning on the classification result to obtain a classifier and then identifying the intrusion attack to be identified, which is obtained from the block chain network, according to the classifier to obtain an attack type;
the judging module is used for judging whether the data equipment corresponding to the intrusion attack to be identified needs to be prompted or not according to the attack type;
and the first storage module is used for generating prompt information of the attack type and storing the prompt information into the block chain network if the data equipment needs to be prompted, so that the data equipment acquires the prompt information from the block chain network and processes the intrusion attack to be identified according to the prompt information.
In some embodiments of the invention, based on the foregoing, the classification module is configured to:
extracting attack features in the historical attacked data; the attack characteristics comprise one or more of system operation environment conditions, attack time, attack duration, data equipment names, attack intrusion traces and leakage information contents;
generating a first feature vector according to the attack features, and generating a feature matrix according to the feature vector;
and performing labeling processing on the feature matrix according to a preset category to obtain a label vector of the feature matrix.
In some embodiments of the present invention, based on the foregoing, the identification module is configured to:
taking the feature matrix as the input of a model, taking the label vector of the feature matrix as the output of the model, and performing machine learning on the model to obtain the classifier;
the model comprises one or more of an SVM model, a Logistic model, a decision tree model, a naive Bayes model and a linear regression model.
In some embodiments of the present invention, based on the foregoing, the identification module is further configured to:
extracting features to be identified in the intrusion attack to be identified, which are acquired from the blockchain network;
generating a second feature vector according to the feature to be identified;
inputting the second feature vector into the classifier to obtain the attack type of the intrusion attack to be identified;
the characteristics to be identified comprise one or more of system operation environment conditions, attacked time, data equipment names, attack invasion traces and leaked information contents.
In some embodiments of the present invention, based on the foregoing solution, the apparatus for block chain-based data device management further includes:
a first obtaining module, configured to obtain a processing result of the data device in the blockchain network on the intrusion attack to be identified;
the association query table establishing module is used for establishing a dynamic association query table according to the attack type of the intrusion attack to be identified and the processing result;
and the second storage module is used for storing the dynamic association lookup table into the block chain network.
In some embodiments of the present invention, based on the foregoing solution, the block chain-based data device management further includes:
the first query module is used for querying whether a processing result of newly added data equipment on the intrusion attack to be identified exists in the block chain network at intervals of preset time;
the updating module is used for acquiring the dynamic association query table if the newly added processing result exists, and updating the dynamic association query table by using the newly added processing result;
and the third storage module is used for storing the updated dynamic association lookup table into the block chain network.
In some embodiments of the present invention, based on the foregoing solution, the first storage module is configured to:
acquiring the dynamic association query table, and querying whether the dynamic association query table comprises a processing result corresponding to the attack type;
and if the processing result corresponding to the attack type is included, uploading the processing result with the highest association degree with the attack type and the prompt to the block chain network.
According to a third aspect of embodiments of the present invention, there is provided a computer-readable medium, on which a computer program is stored, which when executed by a processor, implements the method for block chain based data device management as described in the first aspect of the embodiments above.
According to a fourth aspect of embodiments of the present invention, there is provided an electronic apparatus, including: one or more processors; storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the method for blockchain-based data device management as described in the first aspect of the embodiments above.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
in the technical solutions provided by some embodiments of the present invention, on one hand, a classification result is obtained by obtaining historical attacked data in a blockchain network and classifying the historical attacked data; identifying the intrusion attacks to be identified, which are acquired from the block chain network, according to the classifier to obtain attack types; when the data equipment is judged to need to be prompted, the prompt is stored in the block chain network; historical attacked data, intrusion attacks to be identified and prompts of data equipment can be stored through a blockchain network, so that the historical attacked data, the intrusion attacks to be identified and the prompts of the data equipment can be prevented from being tampered, traceability of the historical attacked data, the intrusion attacks to be identified and the prompts of the data equipment can be realized, and the problems of omission processing and untimely processing of risks in the prior art are solved; on the other hand, a classifier is obtained by performing machine learning on the classification result, and the intrusion attack to be identified is identified according to the classifier to obtain the attack type of the intrusion attack to be identified; judging whether the data equipment corresponding to the intrusion attack to be identified needs to be prompted according to the attack type, and when the data equipment needs to be prompted, generating prompt information by the attack type and storing the prompt information into the block chain network so that the data equipment acquires the prompt information from the block chain network and processes the intrusion attack to be identified according to the prompt information, so that the automatic identification of the intrusion attack to be identified can be realized, the identification efficiency of the intrusion attack to be identified is improved, and the labor cost is saved; on the other hand, when the data equipment needs to be prompted, the attack type generation prompting information is stored in the block chain network, so that the data equipment obtains the prompting information from the block chain network, and the intrusion attack to be identified is processed according to the prompting information, so that the data equipment can process risks in time, and the safety of the data equipment is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
fig. 1 schematically shows a flow chart of a block chain based data device management method according to an embodiment of the present invention;
FIG. 2 schematically illustrates a flow diagram of another blockchain based data device management method according to one embodiment of the present invention;
fig. 3 schematically shows a flow chart of another block chain based data device management method according to a second embodiment of the invention;
FIG. 4 schematically illustrates a flow chart of another block chain based data device management method according to an embodiment of the present invention;
FIG. 5 schematically illustrates a block diagram of a system for implementing self-service management of data devices in a blockchain network, in accordance with an embodiment of the present invention;
fig. 6 schematically shows a block diagram of a block chain based data device management apparatus according to an embodiment of the present invention;
FIG. 7 illustrates a schematic structural diagram of a computer system suitable for use with the electronic device to implement an embodiment of the invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations or operations have not been shown or described in detail to avoid obscuring aspects of the invention.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
Fig. 1 schematically shows a flowchart of a block chain-based data device management method according to an embodiment of the present invention, and an execution subject of the management method may be a server or a terminal device, etc.
As shown in fig. 1, the block chain based data device management method according to an embodiment of the present invention includes the following steps S110, S120, S130, and S140, which are described in detail below:
in step S110, historical attacked data in the blockchain network is obtained, and the historical attacked data is classified to obtain a classification result.
In the present exemplary embodiment, the historical attacked data may be, for example, cases of attacked intrusion of related data devices uploaded by enterprises or individuals registered in the system, system operating environment conditions (software system, CPU, cache, communication, etc.), attacked types, attacked times, attacked durations, system correction schemes, attacked operation traces, expert identification, data device names, data device software version numbers, information leakage situations caused by the attack, and other information uploaded to the blockchain, and audio, video, image, system reconnaissance diagnosis record information, and the like of related materials may be certified.
In the present exemplary embodiment, first, attack features in the historical attacked data are extracted; the attack characteristics comprise system operation environment conditions, attack time, attack duration, data equipment names, attack invasion traces, information content leakage and the like; then, generating a first feature vector according to the attack features, and generating a feature matrix according to the feature vector; and finally, performing labeling processing on the feature matrix according to a preset category to obtain a label vector of the feature matrix.
For example, first, all attack intrusion cases can be collected from the blockchain, and variable values such as system operating environment conditions F1, attacked time F2, attacked duration F3, data device name F4, attack intrusion trace F5, leakage information content F6 and the like in each case are extracted to form a plurality of characteristics of each intrusion case; then, labeling the non-quantitatively described features to form a feature vector F ═ F1, F2.., F6; then, the feature vectors of all attack cases form a feature matrix M; and finally, dividing attack types into 4 types such as denial of service attack, utilization type attack, information collection type attack (scanning), deception attack and the like, and labeling the attack types, namely representing the four attack types by 0,1,2 and 3 respectively to obtain corresponding label vectors label.
In step S120, machine learning is performed on the classification result to obtain a classifier, and then the intrusion attack to be identified, which is obtained from the blockchain network, is identified according to the classifier to obtain an attack type.
In this exemplary embodiment, first, the feature matrix may be used as an input of a model, and a label vector of the feature matrix may be used as an output of the model, and the classifier may be obtained by performing machine learning on the model; the model comprises an SVM model, a Logistic model, a decision tree model, a naive Bayes model, a linear regression model and the like; and then, identifying the intrusion attack to be identified, which is acquired from the block chain network, according to the classifier to obtain the attack type of the intrusion attack to be identified.
Further, in the present exemplary embodiment, first, a feature to be identified in the intrusion attack to be identified, which is acquired from the blockchain network, is extracted; secondly, generating a second feature vector according to the feature to be identified; then, inputting the second feature vector into the classifier to obtain the attack type of the intrusion attack to be identified; the characteristics to be identified comprise system operating environment conditions, attacked time, data equipment names, attack invasion traces, leaked information content and the like. For example, firstly, an SVM model can be selected as a classifier, a feature matrix M is used as model input, a corresponding label vector label is used as model output, the model is trained, and model parameters are learned; and then, for the intrusion attack to be identified, collecting the name of the current data equipment, the operating environment, the attacked time, the attack duration, the attack intrusion trace and the leakage information to form an identification characteristic vector Tr, inputting the trained classifier, wherein the output of the classifier is the identified attack type with the maximum probability.
In step S130, it is determined whether or not the data device corresponding to the intrusion attack to be identified needs to be prompted according to the attack type.
In the present example embodiment, the attack types may include denial of service attacks, exploitation attacks, information gathering attacks (scanning), spoofing attacks; if the attack type of the intrusion attack to be identified is a utilization type attack or an information collection type attack (scanning) or a spoofing attack, it can be determined that the intrusion attack to be identified needs to prompt a data device corresponding to the intrusion attack to be identified.
In step S140, if the data device needs to be prompted, the attack type generation prompting information is stored in the blockchain network, so that the data device obtains the prompting information from the blockchain network, and processes the intrusion attack to be identified according to the prompting information.
In the technical scheme of the embodiment shown in fig. 1, on one hand, historical attacked data, intrusion attacks to be identified, and prompts to data devices can be stored through a blockchain network, so that the historical attacked data, the intrusion attacks to be identified, and the prompts to the data devices can be guaranteed not to be tampered, traceability of the historical attacked data, the intrusion attacks to be identified, and the prompts to the data devices can be realized, and problems of missed processing and untimely processing of risks in the prior art are solved; on the other hand, the automatic identification of the intrusion attack to be identified can be realized, the identification efficiency of the intrusion attack to be identified is improved, and meanwhile, the labor cost is saved; on the other hand, the data equipment can process risks in time, and the safety of the data equipment is improved.
Fig. 2 is a flow chart schematically illustrating another block chain-based data device management method according to an embodiment of the present invention. Referring to fig. 2, the management method of a data device based on a block chain may include steps S210, S220, and S230, which will be described in detail below.
In step S210, a processing result of the data device in the blockchain network on the intrusion attack to be identified is obtained.
In step S220, a dynamic association lookup table is established according to the attack type of the intrusion attack to be identified and the processing result.
In step S230, the dynamic association lookup table is stored in the blockchain network.
Next, steps S210 to S230 are explained and explained. Firstly, a processing result of the data equipment on the intrusion attack to be identified, which needs to be prompted, can be obtained from the blockchain network; and then establishing a dynamic association lookup table according to the attack type of the intrusion attack to be identified and the processing result, and storing the dynamic association lookup table into the block chain network. For example, when the attack type is a spoofing attack, the processing result of the spoofing attack by the data device is to perform system defense on the intrusion attack and generate a specific defense scheme; then, a dynamic association lookup table between the spoofing attack and the defense scheme can be established, and the dynamic association lookup table is stored in the blockchain network, so that other users can conveniently query. It should be added here that one type of intrusion attack may include a plurality of processing results, and may also include one processing result; when a plurality of processing results are included, the types of the data equipment can be added to the processing results for distinguishing, so that a user can obtain more accurate processing results according to the types of the data equipment.
Fig. 3 is a flow chart schematically illustrating another block chain-based data device management method according to an embodiment of the present invention. Referring to fig. 3, the management method of a data device based on a block chain may include steps S310, S320, and S330, which will be described in detail below.
In step S310, at preset time intervals, it is queried whether there is a processing result of the newly added data device on the intrusion attack to be identified in the block chain network.
In step S320, if there is a new processing result, the dynamic association lookup table is obtained, and the dynamic association lookup table is updated by using the new processing result.
In step S330, the updated dynamic association lookup table is stored in the blockchain network.
Next, steps S210 to S230 are explained and explained. Firstly, inquiring whether a newly added data device exists in a block chain network or not at intervals of preset time to obtain a processing result of intrusion attacks to be identified; whether the new processing result is added or not may be determined according to the update time of the processing result, and other manners may also be used, for example, whether the processing result is read or checked or not may be used, which is not limited in this example; further, the preset time may be, for example, a day or a week, etc., and this example is not particularly limited thereto. Then, if a newly added processing result exists, a dynamic association query table can be obtained, and then the dynamic association query table is updated by using the newly added processing result; and then the updated dynamic association look-up table is stored in the block chain network, so that other users can conveniently inquire.
Furthermore, in order to facilitate the user to timely process the intrusion attack which needs to be prompted, the processing result and the prompt can be stored in the blockchain network together. The method specifically comprises the following steps: acquiring the dynamic association query table, and querying whether the dynamic association query table comprises a processing result corresponding to the attack type; and if the processing result corresponding to the attack type is included, uploading the processing result with the highest association degree with the attack type and the prompt to the block chain network.
The implementation details of the embodiment of the present invention are described in detail below with reference to fig. 4 to 5:
as shown in fig. 4, the block chain-based data device management method according to an embodiment of the present invention includes the following steps:
step S410, building a blockchain node and a blockchain network.
In this example embodiment, after the blockchain node is selected, a blockchain network may be constructed based on the selected blockchain node. For example, a blockchain network may be constructed with insurance company base offices as the smallest nodes and based on the participation of one or more groups/companies.
Step S420, storing the related information of the data device based on the data structure and the storage manner in the embodiment of the present invention.
In the present exemplary embodiment, the relevant attacked information of the data device can be stored in the blockchain network in the form of transaction information. The input of the transaction information can be information such as an attacked invasion case of the related data equipment, system operation environment conditions (such as a software system, a CPU (Central processing Unit), a cache and communication), attacked types, attacked time, attacked duration, a system correction scheme, attacked operation record traces, expert identification, data equipment names, data equipment software version numbers and caused information leakage conditions, and related materials such as audio, video, images and system investigation diagnosis record information of the related materials can be proved to be also transmitted to a block chain and the like; the method can also comprise the personal of the passerby, the updated time information, the public key and signature of the personal of the passerby, and the like; the output of the transaction information may be: other material storage links (history of data equipment hacked intrusion detection knowledge management information and the like), automatic system finding and identifying the data equipment possibly facing the problem of hacked intrusion, giving a prompt about system improvement, public keys of information access personnel and the like. Alternatively, the above transaction information may be stored by a data structure as shown in table 1 to ensure high efficiency of information storage and information processing:
TABLE 1
In the data structure shown in table 1, since the related information material and other materials usually include some information with a relatively large data size, such as images and documents, in order to improve storage efficiency and solve the problem of excessive tile information, in an embodiment of the present invention, the relatively large material, such as an image, may be stored in a tile in a linked form, where the linked value is a hash value obtained by encrypting the material through a hash function, such as SHA1, and the way of obtaining pointer links through the hash function can ensure that the content is not tampered. The actual materials can be stored in local storage equipment of the block chain nodes and can also be stored in a cloud storage mode. Meanwhile, in order to ensure high reliability of material storage, the material may be stored by using a redundant coding method, such as RS coding (Reed-Solomon codes, which is a forward error correction channel coding that is effective for a polynomial generated by correcting oversampled data) or LDPC (Low Density Parity Check Code) coding.
In the present exemplary embodiment, the enterprise or individual registered in the system may upload related materials such as audio, video, image, system scout diagnosis record information, etc. which may prove the related materials, such as cases of hacking and intrusion of the related data device, system operating environment conditions (software system, CPU, cache, communication, etc.), hacked types, hacked time, hacked duration, system correction schemes, hacked operation records, expert identification, data device names, data device software version numbers, and resulting information leakage, to the blockchain according to the format of table 1.
Step S430, performing data device management according to the information stored in the blockchain network.
In the exemplary embodiment, according to the historical data of the data device hacked intrusion detection knowledge management information in the blockchain, the system can automatically search and identify the problem of hacked intrusion which the data device may face and give a prompt for improving the relevant system, thereby powerfully promoting the effective popularization of the blockchain technology in the aspect of data device hacked intrusion detection knowledge management.
For example, first, all attack intrusion cases are collected from a block chain, variable values such as system operating environment conditions F1, attack duration F2, attack duration F3, data device name F4, attack intrusion trace F5, leakage information content F6 and the like in each case are extracted to form a plurality of features of each intrusion case, and the features which are not quantitatively described are labeled to form a feature vector F ═ F1, F2. The feature vectors of all attack cases constitute a feature matrix M. The attack types are divided into 4 types such as denial of service attack, utilization type attack, information collection type attack (scanning), deception attack and the like, and the types are labeled, namely the four attack types are respectively represented by 0,1,2 and 3, and corresponding label vectors label are obtained. Selecting an SVM model as a classifier, taking the feature matrix M as model input, taking the corresponding label vector label as model output, training the model and learning model parameters.
And then, for the intrusion attack to be identified, collecting the name of the current data equipment, the operating environment, the attacked time, the attack duration, the attack intrusion trace and the leakage information to form an identification characteristic vector Tr, inputting the trained classifier, wherein the output of the classifier is the identified attack type with the maximum probability.
And finally, collecting the attack types of all the attack intrusion cases and the corresponding system correction schemes from the block chain, establishing a dynamic association query list, and automatically updating the list by the system when new attack types and solutions appear. When the possible attack category is identified, all the solutions associated with the possible attack category are inquired in the association list, the solution with the highest association degree (the most frequent occurrence frequency) is output, and a prompt for system improvement is given.
Step S440, updating and optimizing system parameters based on the system performance.
In the exemplary embodiment, the timeliness, the effectiveness and the accuracy of the data equipment attacked intrusion investigation knowledge management system can be evaluated, and the system parameters are continuously adjusted and optimized based on the data equipment type, the system operating environment condition and the comprehensive investigation analysis method of the system attacked intrusion case classification and dynamic association, so that the data equipment attacked intrusion investigation knowledge management is effectively realized in the blockchain network, and the effective popularization of the blockchain technology applied to the data equipment attacked intrusion investigation knowledge management aspect is promoted.
Embodiments of the apparatus of the present invention are described below with reference to the accompanying drawings.
FIG. 5 schematically shows a block diagram of a system for implementing self-service management of personal data devices in a blockchain network, according to an embodiment of the invention.
Referring to fig. 5, a system for implementing self-service management of data devices in a blockchain network according to an embodiment of the present invention includes: a blockchain network building subsystem 510, a data format definition subsystem 520, a data device information storage subsystem 530, a data device management subsystem 540, and a system performance evaluation subsystem 550.
The blockchain network building subsystem 510 is responsible for building, updating, and maintaining the blockchain nodes and the blockchain network. For example, a blockchain network may be constructed with insurance company base business as a minimum node and based on the participation of one or more insurance groups/companies.
Data format definition subsystem 520 may store data device transaction information according to the data structures shown in table 1 above to ensure high efficiency in information storage and information processing. The input of the transaction information can be information such as an attacked invasion case of the related data equipment, system operation environment conditions (such as a software system, a CPU (Central processing Unit), a cache and communication), attacked types, attacked time, attacked duration, a system correction scheme, attacked operation record traces, expert identification, data equipment names, data equipment software version numbers and caused information leakage conditions, and related materials such as audio, video, images and system investigation diagnosis record information of the related materials can be proved to be also transmitted to a block chain and the like; the method can also comprise the personal of the passerby, the updated time information, the public key and signature of the personal of the passerby, and the like; the output of the transaction information may be: other material storage links (history of data equipment hacked intrusion detection knowledge management information and the like), automatic system finding and identifying the data equipment possibly facing the problem of hacked intrusion, giving a prompt about system improvement, public keys of information access personnel and the like.
Data device information storage subsystem 530 may be used to store information about data devices. Specifically, the enterprise or the individual registered in the system may upload information such as an attacked intrusion case, system operating environment conditions (software system, CPU, cache, communication, etc.), attacked type, attacked time, attacked duration, system correction scheme, attacked operation record trace, expert identification, data device name, data device software version number, and information leakage caused by the attacked intrusion case, the system operating environment conditions, the attacked type, the attacked time, the attacked duration, the system correction scheme, and related materials such as audio, video, image, system scout diagnosis record information, which can prove the related materials, to the blockchain according to the format of table 1.
The data device management subsystem 540 may be configured to manage whether the intrusion attack to be identified needs to be prompted according to information stored in the blockchain network.
In the exemplary embodiment, according to the historical data of the data device hacked intrusion detection knowledge management information in the blockchain, the system can automatically search and identify the problem of hacked intrusion which the data device may face and give a prompt for improving the relevant system, thereby powerfully promoting the effective popularization of the blockchain technology in the aspect of data device hacked intrusion detection knowledge management.
The system performance evaluation subsystem 550 can evaluate timeliness, effectiveness and accuracy of the data device attacked intrusion detection knowledge management system, and continuously adjusts and optimizes system parameters based on a data device type, system operating environment conditions and a comprehensive detection analysis method of system attacked intrusion case classification and dynamic association, so as to effectively realize data device attacked intrusion detection knowledge management in a blockchain network, thereby effectively promoting effective popularization of the blockchain technology in the aspect of data device attacked intrusion detection knowledge management.
Fig. 6 schematically shows a block diagram of a block chain based data device management apparatus according to an embodiment of the present invention.
Referring to fig. 6, the apparatus for human resources management based on block chain may include a classification module 610, an identification module 620, a determination module 630, and a first storage module 640. Wherein:
the classification module 610 may be configured to obtain historical attacked data in a blockchain network, and classify the historical attacked data to obtain a classification result.
The identifying module 620 may be configured to perform machine learning on the classification result to obtain a classifier, and then identify an intrusion attack to be identified, which is obtained from the blockchain network, according to the classifier to obtain an attack type.
The determining module 630 may be configured to determine whether to prompt the data device corresponding to the intrusion attack to be identified according to the attack type.
The first storage module 640 may be configured to, if the data device needs to be prompted, generate a prompt message for the attack type, store the prompt message in the blockchain network, so that the data device obtains the prompt message from the blockchain network, and process the intrusion attack to be identified according to the prompt message.
In one embodiment of the invention, the classification module 610 may be configured to:
extracting attack features in the historical attacked data; the attack characteristics comprise one or more of system operation environment conditions, attack time, attack duration, data equipment names, attack intrusion traces and leakage information contents; generating a first feature vector according to the attack features, and generating a feature matrix according to the feature vector; and performing labeling processing on the feature matrix according to a preset category to obtain a label vector of the feature matrix.
In one embodiment of the invention, the identification module 620 may be configured to:
taking the feature matrix as the input of a model, taking the label vector of the feature matrix as the output of the model, and performing machine learning on the model to obtain the classifier; the model comprises one or more of an SVM model, a Logistic model, a decision tree model, a naive Bayes model and a linear regression model.
In one embodiment of the invention, the identification module 620 may be further configured to:
extracting features to be identified in the intrusion attack to be identified, which are acquired from the blockchain network; generating a second feature vector according to the feature to be identified; inputting the second feature vector into the classifier to obtain the attack type of the intrusion attack to be identified; the characteristics to be identified comprise one or more of system operation environment conditions, attacked time, data equipment names, attack invasion traces and leaked information contents.
In an embodiment of the present invention, the apparatus for block chain-based data device management further includes:
a first obtaining module, configured to obtain a processing result of the data device in the blockchain network on the intrusion attack to be identified;
the association query table establishing module is used for establishing a dynamic association query table according to the attack type of the intrusion attack to be identified and the processing result;
and the second storage module is used for storing the dynamic association lookup table into the block chain network.
In one embodiment of the present invention, the block chain-based data device management further comprises:
the first query module is used for querying whether a processing result of newly added data equipment on the intrusion attack to be identified exists in the block chain network at intervals of preset time;
the updating module is used for acquiring the dynamic association query table if the newly added processing result exists, and updating the dynamic association query table by using the newly added processing result;
and the third storage module is used for storing the updated dynamic association lookup table into the block chain network.
In one embodiment of the present invention, the first storage module 640 may be configured to:
acquiring the dynamic association query table, and querying whether the dynamic association query table comprises a processing result corresponding to the attack type;
and if the processing result corresponding to the attack type is included, uploading the processing result with the highest association degree with the attack type and the prompt to the block chain network.
Referring now to FIG. 7, shown is a block diagram of a computer system 700 suitable for use with the electronic device implementing an embodiment of the present invention. The computer system 700 of the electronic device shown in fig. 7 is only an example, and should not bring any limitation to the function and the scope of use of the embodiments of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU)701, which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for system operation are also stored. The CPU 701, the ROM 702, and the RAM 703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the invention include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program executes the above-described functions defined in the system of the present application when executed by the Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
As another aspect, the present application also provides a computer-readable medium, which may be contained in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to implement the method for managing data devices based on a block chain as described in the above embodiments.
For example, the electronic device may implement the following as shown in fig. 1: step S110, acquiring historical attacked data in a block chain network, and classifying the historical attacked data to obtain a classification result; step S120, machine learning is carried out on the classification result to obtain a classifier, and then the intrusion attack to be identified, which is obtained from the block chain network, is identified according to the classifier to obtain an attack type; step S130, judging whether prompting needs to be carried out on the data equipment corresponding to the intrusion attack to be identified or not according to the attack type; step S140, if the data device needs to be prompted, generating prompt information of the attack type and storing the prompt information into the block chain network, so that the data device obtains the prompt information from the block chain network and processes the intrusion attack to be identified according to the prompt information.
As another example, the electronic device may implement the steps shown in fig. 2 to 4.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the invention. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which can be a personal computer, a server, a touch terminal, or a network device, etc.) to execute the method according to the embodiment of the present invention.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
Claims (9)
1. A block chain-based data device management method is characterized by comprising the following steps:
acquiring historical attacked data in a blockchain network, and classifying the historical attacked data to obtain a classification result; the historical attacked data comprises various cases of attacked invasion of the data equipment, system operating environment conditions, attacked types, attacked time, attacked duration, system correction schemes, attacked operation record traces, expert identification, data equipment names, data equipment software version numbers and caused information leakage conditions;
performing machine learning on the classification result to obtain a classifier, and identifying the intrusion attack to be identified, which is obtained from the block chain network, according to the classifier to obtain an attack type;
judging whether prompting needs to be carried out on the data equipment corresponding to the intrusion attack to be identified or not according to the attack type;
if the data equipment needs to be prompted, generating prompt information of the attack type and storing the prompt information into the block chain network so that the data equipment can acquire the prompt information from the block chain network and process the intrusion attack to be identified according to the prompt information;
the step of classifying the historical attacked data to obtain a classification result comprises the following steps:
extracting attack features in the historical attacked data; the attack characteristics comprise one or more of system operation environment conditions, attack time, attack duration, data equipment names, attack intrusion traces and leakage information contents;
generating a first feature vector according to the attack features, and generating a feature matrix according to the feature vector;
performing labeling processing on the feature matrix according to a preset category to obtain a label vector of the feature matrix; wherein the predetermined category includes one or more of a denial of service attack, a exploitation attack, an information gathering attack, and a spoofing attack.
2. The method according to claim 1, wherein performing machine learning on the classification result to obtain a classifier comprises:
taking the feature matrix as the input of a model, taking the label vector of the feature matrix as the output of the model, and performing machine learning on the model to obtain the classifier;
the model comprises one or more of an SVM model, a Logistic model, a decision tree model, a naive Bayes model and a linear regression model.
3. The blockchain-based data device management method according to claim 2, wherein identifying the intrusion attack to be identified, which is acquired from the blockchain network, according to the classifier, and obtaining the attack type includes:
extracting features to be identified in the intrusion attack to be identified, which are acquired from the blockchain network;
generating a second feature vector according to the feature to be identified;
inputting the second feature vector into the classifier to obtain the attack type of the intrusion attack to be identified;
the characteristics to be identified comprise one or more of system operation environment conditions, attacked time, data equipment names, attack invasion traces and leaked information contents.
4. The blockchain-based data device management method according to claim 1, wherein after the intrusion attack to be identified is processed according to the hint, the blockchain-based data device management method further comprises:
acquiring a processing result of the data equipment in the block chain network on the intrusion attack to be identified;
establishing a dynamic association lookup table according to the attack type of the intrusion attack to be identified and the processing result;
and storing the dynamic association lookup table into the block chain network.
5. The blockchain-based data device management method according to claim 4, wherein after storing the dynamic association lookup table into the blockchain network, the blockchain-based data device management method further comprises:
inquiring whether a newly added data device in the block chain network has a processing result of the intrusion attack to be identified at intervals of preset time;
if the newly added processing result exists, acquiring the dynamic association query table, and updating the dynamic association query table by using the newly added processing result;
and storing the updated dynamic association lookup table into the block chain network.
6. The blockchain-based data device management method of claim 4, wherein storing the hint in the blockchain network comprises:
acquiring the dynamic association query table, and querying whether the dynamic association query table comprises a processing result corresponding to the attack type;
and if the processing result corresponding to the attack type is included, uploading the processing result with the highest association degree with the attack type and the prompt to the block chain network.
7. A block chain-based data device management apparatus, comprising:
the classification module is used for acquiring historical attacked data in the blockchain network and classifying the historical attacked data to obtain a classification result; the historical attacked data comprises one or more of attacked invasion cases of the data equipment, system operating environment conditions, attacked types, attacked time, attacked duration, system correction schemes, attacked operation record traces, expert identification, data equipment names, data equipment software version numbers and caused information leakage conditions;
the identification module is used for carrying out machine learning on the classification result to obtain a classifier and then identifying the intrusion attack to be identified, which is obtained from the block chain network, according to the classifier to obtain an attack type;
the judging module is used for judging whether the data equipment corresponding to the intrusion attack to be identified needs to be prompted or not according to the attack type;
the first storage module is used for generating prompt information of the attack type and storing the prompt information into the block chain network if the data equipment needs to be prompted, so that the data equipment can acquire the prompt information from the block chain network and process the intrusion attack to be identified according to the prompt information;
the step of classifying the historical attacked data to obtain a classification result comprises the following steps:
extracting attack features in the historical attacked data; the attack characteristics comprise various system operation environment conditions, attack time, attack duration, data equipment names, attack invasion traces and leakage information contents;
generating a first feature vector according to the attack features, and generating a feature matrix according to the feature vector;
performing labeling processing on the feature matrix according to a preset category to obtain a label vector of the feature matrix; wherein the predetermined category includes one or more of a denial of service attack, a exploitation attack, an information gathering attack, and a spoofing attack.
8. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out a method for blockchain-based data device management according to any one of claims 1 to 6.
9. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the blockchain based data device management method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910221656.9A CN109862037B (en) | 2019-03-22 | 2019-03-22 | Block chain-based data equipment management method, device, medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910221656.9A CN109862037B (en) | 2019-03-22 | 2019-03-22 | Block chain-based data equipment management method, device, medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109862037A CN109862037A (en) | 2019-06-07 |
| CN109862037B true CN109862037B (en) | 2021-08-10 |
Family
ID=66901620
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910221656.9A Active CN109862037B (en) | 2019-03-22 | 2019-03-22 | Block chain-based data equipment management method, device, medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109862037B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111260219A (en) * | 2020-01-16 | 2020-06-09 | 泰康保险集团股份有限公司 | Asset class identification method, device, equipment and computer readable storage medium |
| CN114095186A (en) * | 2020-07-30 | 2022-02-25 | 中国移动通信有限公司研究院 | Threat information emergency response method and device |
| CN115065562B (en) * | 2022-08-17 | 2022-11-22 | 湖南红普创新科技发展有限公司 | Block chain-based injection determination method, device, equipment and storage medium |
| CN116828087B (en) * | 2023-06-25 | 2024-01-16 | 北京中科网芯科技有限公司 | Information security system based on block chain connection |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107682317A (en) * | 2017-09-06 | 2018-02-09 | 中国科学院计算机网络信息中心 | Establish method, data detection method and the equipment of Data Detection model |
| CN108429753A (en) * | 2018-03-16 | 2018-08-21 | 重庆邮电大学 | A kind of matched industrial network DDoS intrusion detection methods of swift nature |
| CN108737336A (en) * | 2017-04-18 | 2018-11-02 | 中国移动通信有限公司研究院 | Threat behavior processing method and processing device, equipment and storage medium based on block chain |
| CN108881265A (en) * | 2018-06-29 | 2018-11-23 | 北京奇虎科技有限公司 | A kind of network attack detecting method and system based on artificial intelligence |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140244998A1 (en) * | 2010-11-09 | 2014-08-28 | Secure64 Software Corporation | Secure publishing of public-key certificates |
| CN108764906A (en) * | 2018-05-30 | 2018-11-06 | 深圳市元征科技股份有限公司 | A kind of server and its block chain transaction confirmation method, device, storage medium |
-
2019
- 2019-03-22 CN CN201910221656.9A patent/CN109862037B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108737336A (en) * | 2017-04-18 | 2018-11-02 | 中国移动通信有限公司研究院 | Threat behavior processing method and processing device, equipment and storage medium based on block chain |
| CN107682317A (en) * | 2017-09-06 | 2018-02-09 | 中国科学院计算机网络信息中心 | Establish method, data detection method and the equipment of Data Detection model |
| CN108429753A (en) * | 2018-03-16 | 2018-08-21 | 重庆邮电大学 | A kind of matched industrial network DDoS intrusion detection methods of swift nature |
| CN108881265A (en) * | 2018-06-29 | 2018-11-23 | 北京奇虎科技有限公司 | A kind of network attack detecting method and system based on artificial intelligence |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109862037A (en) | 2019-06-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109862037B (en) | Block chain-based data equipment management method, device, medium and electronic equipment | |
| US11516248B2 (en) | Security system for detection and mitigation of malicious communications | |
| CN109558748B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN106992994B (en) | Automatic monitoring method and system for cloud service | |
| US12019740B2 (en) | Automated cybersecurity threat detection with aggregation and analysis | |
| CN110177114B (en) | Network security threat indicator identification method, equipment, device and computer readable storage medium | |
| US11159556B2 (en) | Predicting vulnerabilities affecting assets of an enterprise system | |
| KR20190109427A (en) | Ongoing Learning for Intrusion Detection | |
| US20220245472A1 (en) | Data processing method and apparatus, and non-transitory computer readable storage medium | |
| RU2601190C2 (en) | System and methods for spam detection using frequency spectra of character strings | |
| CN111178410A (en) | Illegal picture identification method and device | |
| US11636212B2 (en) | Predicting exploitability of software vulnerabilities and recommending alternate software packages | |
| CN113486350B (en) | Method, device, equipment and storage medium for identifying malicious software | |
| CN108563697B (en) | Data processing method, device and storage medium | |
| CN104980407A (en) | Misinformation detecting method and device | |
| CN110505289B (en) | File downloading method and device, computer readable medium and wireless communication equipment | |
| CN116738369A (en) | Traffic data classification method, device, equipment and storage medium | |
| CN111198882A (en) | Data processing method and device, storage medium and electronic equipment | |
| US11831672B2 (en) | Malware detection and mitigation system and method | |
| CN112287952A (en) | Virus clustering method, virus clustering device, storage medium and electronic device | |
| CN115858320A (en) | Operation log recording method, apparatus, medium and product | |
| CN115495740A (en) | Virus detection method and device | |
| CN114581219A (en) | Anti-telecommunication network fraud early warning method and system | |
| CN116107991A (en) | Container label database construction method and device, storage medium and electronic equipment | |
| CN111507734B (en) | Method and device for identifying cheating request, electronic equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |