CN110474870B - Block chain-based network active defense method and system and computer readable storage medium - Google Patents
Block chain-based network active defense method and system and computer readable storage medium Download PDFInfo
- Publication number
- CN110474870B CN110474870B CN201910598895.6A CN201910598895A CN110474870B CN 110474870 B CN110474870 B CN 110474870B CN 201910598895 A CN201910598895 A CN 201910598895A CN 110474870 B CN110474870 B CN 110474870B
- Authority
- CN
- China
- Prior art keywords
- contract
- defense
- abnormal
- block chain
- active defense
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention relates to the field of application of block chain processing technology, and provides a network active defense method and system based on a block chain and a computer readable storage medium. The client is provided with an intelligent contract recorded with the screening standard and used for inquiring the analysis node of the background control end and carrying out coverage perception on the intelligent contract, so that abnormal intelligent calling, cross-contract attack, overflow attack and other behaviors are automatically monitored. Once the abnormal behavior is found, the system automatically calls the analysis node immediately to acquire crawler logic in the storage contract, recursively captures the abnormal calling node, collects data of an attacker to trace the source of information of the attacker, and calls a pre-stored defense contract matched with the information of the attacker according to the acquired information of the attacker to realize active defense. The network active defense method is established on the block chain, so that the network active defense method has higher stability under the condition of easy updating.
Description
Technical Field
The invention relates to the field of application of block chain processing technology, in particular to a computer readable storage medium and a system.
Background
The active defense technology is proactive defense, mainly implements defense measures in advance, prevents an attacker from reaching an attack target, and can also be understood as well as prevent the system without artificial passive response, so as to avoid threatening the database of the safety computer. Today, computers are widely popularized and deeply applied, and the application of an active defense technology enables network security protection to enter a brand new stage and is also an important means and development trend for maintaining network security in the future. However, with the development of network defense systems, more and more decompilation technologies for cracking the network defense systems make network attack technologies more and more diverse, and in order to cope with complex and diverse network attacks, network security systems are often as large and complex, and need to be updated frequently, so that the stability of the network security systems is difficult to guarantee, and hidden dangers are brought to network security.
Disclosure of Invention
The inventors thought that the blockchain technique is widely applied due to the reduction of trust cost by realizing the guarantee of the security of the transaction based on the information interaction between the nodes. If the network security defense system can be constructed on the basis of the block chain technology, the stability of the network security system can be improved.
The invention aims to: the defects in the prior art are avoided, and the block chain-based network active defense method is provided, so that the stability of network defense can be improved.
The purpose of the invention is realized by the following technical scheme:
the method for providing the network active defense based on the block chain comprises the following steps:
a situation awareness intelligent contract construction step, wherein the dynamic state of analysis nodes of a background control end is inquired based on the situation awareness intelligent contract, so that whether perception trigger conditions exist in the analysis nodes is judged, and the node intelligent contract on the analysis nodes with the judgment result of existence is subjected to coverage perception;
a sensing data recording step, recording the data obtained by the coverage sensing;
an abnormal behavior processing step, namely judging whether the data has abnormal behaviors or not, if so, calling a pre-stored storage contract to capture abnormal data, and reading source information and attack statements in the abnormal data;
and a security defense step, namely invoking a pre-stored defense contract matched with the acquired abnormal data according to the acquired abnormal data.
Preferably, in the situation-aware intelligent contract construction step, the sensing trigger condition means that the intelligent contract is in an active state.
Preferably, in the situation-aware intelligent contract construction step, the overlay-aware action is enforced without being limited by a protection protocol of the node intelligent contract of the overlaid analysis node.
Preferably, in the abnormal behavior step, the abnormal behavior comprises intelligent invocation and/or cross-contract attack and/or overflow attack behavior beyond the intelligent contract agreement of the analysis node.
Preferably, in the abnormal behavior step, tracing the information of the attacking party refers to: and recursively capturing abnormal calling nodes and a server behind the abnormal calling nodes through crawler logic preset in the storage contract, and collecting data of an attacker.
Preferably, the pre-stored defense contracts in the security defense step are placed on different backbones of the despun chain.
Preferably, each main chain is provided with a cross-chain wake-up contract respectively, and the cross-chain wake-up contracts are used for activating defense contract codes on each main chain or restarting self defense contracts.
Preferably, the abnormal behavior processing step further includes a counterattack step, after the information of the attacker is obtained, the attacker is prevented from continuously carrying out illegal calling and/or injecting attacks on the network through one or more defense modes of source tracing investigation, deep crawler and cross-contract blocking communication.
The processor of the system can realize the network active defense method based on the block chain.
A computer-readable storage medium is also provided, which stores an executable computer program, and when the computer program is executed by a controller, the method for network active defense based on block chains can be implemented.
The invention has the beneficial effects that: according to the block chain-based network active defense method, an intelligent contract recorded with a screening standard is established at a port of a client for connecting a block chain, and is used for inquiring an analysis node of a background control end and carrying out coverage perception on the intelligent contract, so that abnormal intelligent calling, cross-contract attack, overflow attack and other behaviors are automatically monitored. Once the abnormal behavior is found, the system automatically calls the analysis node immediately to acquire crawler logic in the storage contract, recursively captures the abnormal calling node, collects data of an attacker to trace the source of information of the attacker, and calls a pre-stored defense contract matched with the information of the attacker according to the acquired information of the attacker to realize active defense. Because the coverage perception behavior in the network active defense method is established on a block chain, the non-falsifiable logic and the credible verifiable execution capacity of the network active defense method are ensured by an intelligent contract, and the specific algorithm of the analysis node and the crawler algorithm are born by centralization/decentralization, so that the network active defense method is ensured to have higher stability under the condition of easy updating.
Drawings
The invention is further illustrated by means of the attached drawings, but the embodiments in the drawings do not constitute any limitation to the invention, and for a person skilled in the art, other drawings can be obtained on the basis of the following drawings without inventive effort.
Fig. 1 is an architecture diagram of the active defense system of the network based on the block chain.
Detailed Description
The invention is further described with reference to the following examples.
As shown in fig. 1, the block chain based active defense system has a background control end (Voyager Server) and a plurality of clients (Game Server1,2 …), through which a payment application (Wallet), a Game application (Player), and the like are respectively connected to a Genesis platform (Genesis Interface), so as to be managed by Smart contracts (Smart contracts) from a plurality of block chains (e.g., ETH, TRON, NAS). The system mainly comprises a block chain situation perception module, a multi-chain active defense module, an intelligently upgraded storage contract module, a cross-chain interaction and communication system, an external monitoring contract module, a permanent backup and a cross-chain awakening module.
The block chain situation perception module works at a background control end and a client respectively, and an intelligent contract recorded with screening standards is established at a port of the client for connecting the block chain and is used for inquiring the analysis nodes of the background control end so as to confirm that the intelligent contract of which analysis node addresses is subjected to coverage perception. Also, the aware action may be enforced without being limited by the protection protocol of the intelligent contract that analyzes the node address being covered. And the client collects and counts data obtained by covering and sensing at the background control end and records the data. The specific means of coverage perception comprises an algorithm for calling a storage contract through analysis nodes on different block chains, and behaviors such as abnormal intelligent calling, cross-contract attack, overflow attack and the like are automatically monitored. Once the abnormal behavior is found, the system automatically calls the analysis node immediately to acquire crawler logic in the storage contract, recursively captures the abnormal calling node and a server behind the abnormal calling node, and collects data of an attacker.
Because the coverage perception behavior is established on a block chain, the non-falsifiable logic and the credible verifiable execution capacity of the whole set of system are ensured by an intelligent contract, and the algorithm and the crawler algorithm of a specific analysis node are assumed by centralization/decentralization. Therefore, under the condition of ensuring that the algorithm and the crawler are easy to update, the logic of automatic forced execution of the whole set of system is ensured, and better situation perception effect and three-dimensional monitoring are realized.
The multi-chain active defense module is mainly used for respectively placing intelligent contracts on the basis of different main chains to ensure that an active defense system is automatically executed. The server of the background control end adopts a Periodic Synchronization rule (Periodic Synchronization) to perform interactive processing on defense contracts on different block chain main chains at regular intervals, and in combination with the block chain situation perception module, once the server locks the contracts of an attacking party, intelligent contracts on different main chains are automatically mobilized, different sub-servers are arranged to perform coordinated defense, and active counterattack is developed. Different counterattack methods which can be intelligently upgraded based on the storage contract are included in counterattack modules, such as traceability investigation, deep crawler and cross-contract blocking communication, so that an attacker can be prevented from continuously carrying out illegal calling and injection attack on the intelligent contract and the back end of the system.
The intelligent upgrading storage contract is a whole set of decentralized database which can be permanently stored and intelligently upgraded. All algorithm data, crawler data, injection prevention data, cross-link protocols and active defense schemes in the active defense are permanently stored by storage contracts, and intelligent upgrading is realized. The intelligent upgrade means that once a server/contract is attacked by injected data or by cross-authority, attack statements and similar statements are automatically inserted into the intelligent contract, and the statements are used for active defense until the data in the library is used as logic next time, namely, the upgrade process of the storage contract is automatically completed. Because the whole process is ensured by the intelligent contract, the whole storage contract is irreversible, the data of the database of the active defense system is more and more comprehensive along with the long-term operation of the system, and the defense logic is more and more complete.
The intelligent contracts among different main chains are synchronized and coordinated by realizing intelligent contract synchronization information on different chains, and the higher the decentralization degree of the whole system is, the more stable the whole defense system is. The cross-chain interaction and communication system is realized through a cross-chain middleware which is not attached to a centralized server for storage, specifically, a node cluster is built at a background control end, the node cluster is provided with a program programming interface facing each client and a plurality of public chain interfaces corresponding to different block chains, the node cluster adopts a scalable cluster architecture, and client loads are distributed by sequencing among the clusters according to response time percentiles. And constructing a bottom-layer consensus contract for format data in the node cluster, talking with the client through a programming interface, and writing the data to be transmitted into a preset data format on the public link of the client by using the language of the block chain to which the public link belongs. And constructing a cross-chain information synchronization framework for realizing cross-chain interaction in the node cluster, grouping the data compiled by the bottom layer consensus contract according to the block chains corresponding to the data to obtain a plurality of user groups, executing point-to-point information transmission of the intelligent contract in each user group, and connecting the user groups to different block chains by taking the user groups as carriers. Specifically, data are grouped in a UUID grouping mode according to respective corresponding languages of the block chains, detailed information of the data transmitted by the client is stored in a query table randomly distributed through the UUIDs through the uniqueness of the UUIDs, the data are submitted to the server through a Form, and the UUIDs and key fields are stored in an index table and used for user group interaction. With more servers added, the stability of the cross-chain and the interaction speed of the information are faster, and the information sharing can be realized more conveniently in a multi-chain active defense system, so that the purpose of joint defense is achieved.
In addition, when the user group is used for bearing the cross-link function, the cross-link bearing function of the alliance chain can be formed through grouping and authority control functions, and therefore the adjustment of the performance and the stability of data is achieved. When a large amount of data is subjected to chain crossing by a user group, a new intelligent contract is constructed to distribute chain crossing tasks to users in different segments in a segmented manner, or when chain crossing information bears too much for a single-point user, a paging result bearing (paged results) link can be used to reduce the load of the single cluster, and the joint debugging method of multiple public chains is optimized.
Although the intelligent contracts can be enforced, the stability and the timeliness of communication of different main chains are different, and the more centralized main chain is slower to execute. Therefore, the active defense system is also provided with a monitoring contract for externally detecting the state of the block chain, and is used for checking whether an attacker has or not to block attacks, node attacks and the movement of closing the block chain on the block chain defense contract per se.
The active defense system is also provided with a permanent backup and cross-chain awakening module, provides a scheme capable of reactivating the original contract codes, and can be continuously activated by a back hand when a single chain of the system is broken. Specifically, similar to decentralized disaster recovery contracts, the persistent backup and cross-chain wake-up module issues multiple contracts on a chain, or adds a restart function to a contract, thereby achieving the effect of secondary startup. By combining the chain crossing technology, chain crossing awakening can be achieved, and the stability and the durability of the defense system are greatly improved.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the protection scope of the present invention, although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions can be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.
Claims (10)
1. The network active defense method based on the block chain is characterized by comprising the following steps:
a situation awareness intelligent contract construction step, wherein an intelligent contract recorded with a screening standard is built at a port of a client for connecting a block chain, the dynamic state of analysis nodes of a background control end is inquired based on the situation awareness intelligent contract, so that whether perception trigger conditions exist in the analysis nodes is judged, and the coverage awareness is carried out on the node intelligent contracts on the analysis nodes with the judgment results existing, and comprises an algorithm for calling storage contracts through the analysis nodes on different block chains;
a sensing data recording step, recording the data obtained by the coverage sensing;
processing abnormal behaviors, namely judging whether the data has abnormal behaviors or not, if so, calling a pre-stored storage contract according to the algorithm of the called storage contract to capture abnormal data, and reading source information and an attack statement in the abnormal data;
and a security defense step, namely invoking a pre-stored defense contract matched with the acquired abnormal data according to the acquired abnormal data.
2. The method for proactive defense of a blockchain-based network according to claim 1, wherein in the situation-aware smart contract construction step, the awareness trigger condition means that the smart contract is in an active state.
3. The blockchain-based network active defense method according to claim 1, wherein in the situation-aware intelligent contract construction step, the overlay-aware actions are not enforced by protection protocol restrictions of node intelligent contracts of the overlaid analysis nodes.
4. The blockchain-based network active defense method according to claim 1, wherein in the abnormal behavior step, the abnormal behavior comprises intelligent invocation beyond the analysis node intelligent contract protocol and/or cross contract attack and/or overflow attack behavior.
5. The active defense method for network based on block chain as claimed in claim 4, wherein in the abnormal behavior step, tracing the information of the aggressor refers to: and recursively capturing abnormal calling nodes and a server behind the abnormal calling nodes through crawler logic preset in the storage contract, and collecting data of an attacker.
6. The blockchain-based network active defense method according to claim 1, wherein the defense contracts pre-stored in the security defense step are placed on different backbones of the despan chain.
7. The method for block chain based network active defense according to claim 6, wherein cross-chain wake-up contracts are respectively provided on each main chain for activating defense contract codes on each main chain or restarting self defense contracts.
8. The active defense method for network based on block chain as claimed in claim 1, wherein the abnormal behavior processing step further comprises a counterattack step of preventing the attacker from continuously making illegal calls and/or injecting attacks to the network by one or more defense modes of tracing survey, deep crawler and cross-contract blocking communication after the attacker information is acquired.
9. A blockchain-based network active defense system, characterized in that the system comprises a processor capable of performing the method of any of claims 1 to 8.
10. Computer-readable storage medium, in which a computer program is stored, which computer program, when being executed by a controller, is adapted to carry out the method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910598895.6A CN110474870B (en) | 2019-07-04 | 2019-07-04 | Block chain-based network active defense method and system and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910598895.6A CN110474870B (en) | 2019-07-04 | 2019-07-04 | Block chain-based network active defense method and system and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110474870A CN110474870A (en) | 2019-11-19 |
| CN110474870B true CN110474870B (en) | 2022-02-25 |
Family
ID=68506855
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910598895.6A Active CN110474870B (en) | 2019-07-04 | 2019-07-04 | Block chain-based network active defense method and system and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110474870B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111310191B (en) * | 2020-02-12 | 2022-12-23 | 广州大学 | Block chain intelligent contract vulnerability detection method based on deep learning |
| GB202004748D0 (en) * | 2020-03-30 | 2020-05-13 | British Telecomm | Method of analysing anomalous network traffic |
| CN113783901B (en) * | 2021-11-15 | 2022-02-08 | 湖南宸瀚信息科技有限责任公司 | Multi-communication-node cooperative anti-attack network system based on block chain |
| CN115065562B (en) * | 2022-08-17 | 2022-11-22 | 湖南红普创新科技发展有限公司 | Block chain-based injection determination method, device, equipment and storage medium |
| CN116506104B (en) * | 2023-06-25 | 2023-08-29 | 天津市城市规划设计研究总院有限公司 | Method and system for information security interaction of different departments based on cross-chain blockchain |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107172085A (en) * | 2017-06-30 | 2017-09-15 | 江苏华信区块链产业研究院有限公司 | Active defense method and node based on the intelligent contract of block chain |
| CN108616534A (en) * | 2018-04-28 | 2018-10-02 | 中国科学院信息工程研究所 | A kind of method and system for protecting internet of things equipment ddos attack based on block chain |
| WO2019032864A1 (en) * | 2017-08-10 | 2019-02-14 | Patroness, LLC | System and methods for sensor integration in support of situational awareness for a motorized mobile system |
-
2019
- 2019-07-04 CN CN201910598895.6A patent/CN110474870B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107172085A (en) * | 2017-06-30 | 2017-09-15 | 江苏华信区块链产业研究院有限公司 | Active defense method and node based on the intelligent contract of block chain |
| WO2019032864A1 (en) * | 2017-08-10 | 2019-02-14 | Patroness, LLC | System and methods for sensor integration in support of situational awareness for a motorized mobile system |
| CN108616534A (en) * | 2018-04-28 | 2018-10-02 | 中国科学院信息工程研究所 | A kind of method and system for protecting internet of things equipment ddos attack based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110474870A (en) | 2019-11-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110474870B (en) | Block chain-based network active defense method and system and computer readable storage medium | |
| EP2987090B1 (en) | Distributed event correlation system | |
| CN110912876A (en) | Mimicry defense system, method and medium for information system | |
| CN105074718A (en) | On-line behavioral analysis engine in mobile device with multiple analyzer model providers | |
| KR101969481B1 (en) | Method and apparatus for generating Dynamic Secure Module | |
| CN108022090B (en) | Virtual account management method, device, system and readable storage medium | |
| CN103685304A (en) | Method and system for sharing session information | |
| CN104753861A (en) | Security event handling method and device | |
| EP4033349A1 (en) | Method and apparatus for generating mirror image file, and computer-readable storage medium | |
| CN103646198A (en) | Method, system and device for locking working region of mobile terminal | |
| CN104871171A (en) | Distributed pattern discovery | |
| US9330266B2 (en) | Safe data storage method and device | |
| Gupta et al. | NoSQL security | |
| CN115174279A (en) | Real-time detection method, terminal and storage medium for intelligent Ether house contract vulnerability | |
| CN112528296B (en) | Vulnerability detection method and device, storage medium and electronic equipment | |
| US11170108B2 (en) | Blockchain technique for immutable source control | |
| Ritzdorf | Analyzing covert channels on mobile devices | |
| CN109241783A (en) | Mobile terminal manages implementation of strategies method and device | |
| WO2017080362A1 (en) | Data managing method and device | |
| CN113626850B (en) | Request processing method, device, equipment and storage medium based on alliance chain | |
| CN107015787B (en) | Method and device for designing interactive application framework | |
| Yang et al. | Research on detection and prevention of mobile device botnet in cloud service systems | |
| CN106485104B (en) | Automatic restoration method, device and system for terminal security policy | |
| CN103761473A (en) | Application management system and method for mobile terminal | |
| CN114944964B (en) | Network security event processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |