CN110602090B - Block chain-based support attack detection method - Google Patents

Block chain-based support attack detection method Download PDF

Info

Publication number
CN110602090B
CN110602090B CN201910861321.3A CN201910861321A CN110602090B CN 110602090 B CN110602090 B CN 110602090B CN 201910861321 A CN201910861321 A CN 201910861321A CN 110602090 B CN110602090 B CN 110602090B
Authority
CN
China
Prior art keywords
suspicious
user
users
reported
voting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910861321.3A
Other languages
Chinese (zh)
Other versions
CN110602090A (en
Inventor
王春东
姬浩凯
莫秀良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University of Technology
Original Assignee
Tianjin University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University of Technology filed Critical Tianjin University of Technology
Priority to CN201910861321.3A priority Critical patent/CN110602090B/en
Publication of CN110602090A publication Critical patent/CN110602090A/en
Application granted granted Critical
Publication of CN110602090B publication Critical patent/CN110602090B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0609Buyer or seller confidence or verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem
    • H04L2209/463Electronic voting

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Marketing (AREA)
  • Mathematical Physics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Algebra (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A block chain-based attack detection method comprises the following steps: firstly, selecting a high-quality user set; secondly, the high-quality users can see the scores of various projects and the comment scores of other users in a scoring system in the block link environment, and classify a suspicious user set or a suspicious project set; thirdly, when the suspicious item or the suspicious user is reported, the scoring system carries out statistics and classifies the suspicious item or the suspicious user into a suspicious user set or a suspicious item set, and then a suspicious user or a suspicious item data set is screened out by utilizing a machine learning method through feature extraction; and fourthly, cross screening is carried out on the suspicious data set obtained by using the high-quality user voting report in the block chain and the suspicious data set of the traditional trusteeship attack detection, and a final trusteeship user set or a suspicious item set is obtained. The method can ensure that the data reported by the voting cannot be tampered, can ensure that the reported data can be traced and verified, can realize anonymous reporting, ensures the privacy of the reporting user, and has low false alarm rate and high efficiency.

Description

Block chain-based support attack detection method
Technical Field
The invention belongs to the field of trust attack detection, and particularly relates to a block chain-based trust attack detection method.
Background
With the rapid development of the internet in recent years, more and more people choose to purchase and consume on the internet. When people do online shopping, the grading ranking of commodities and virtual products or product comments written by other users are compared and referred, and as people depend on the grading and the comments, the problem of information overload is more serious, so that the development of a recommendation system for automation and personalization is promoted. However, because of the incentives of illicit competition or natural profit for businesses, there are generated extreme ratings that leave various biased online reviews for product competitions, resulting in so-called "trustee attacks". Malicious users exploit the self-openness of collaborative filtering in recommendation systems to produce recommendations that are favorable to them by injecting large numbers of false user profiles into the scoring system. For example, in an e-commerce application environment, some illegal merchants increase or decrease the frequency with which target products are recommended by the system by entrusting some gray organizations, scoring their products high or scoring their competitors low.
The existing attack detection is only a detection method based on machine learning and without artificial participation, generally, only a trained attack model can be responded to based on supervised learning, and because filtering and screening can be performed only according to known characteristics, a higher false alarm rate exists.
The blockchain is a brand-new decentralized infrastructure and distributed computing paradigm, is mainly applied to currency systems and financial systems at present, and the blockchain technology has the characteristics of decentralized, time sequence data, safety, credibility, maintainability and the like. The decentralized characteristic of the regional chain is that technical means such as time stamp, digital encryption, consensus mechanism and the like are utilized, but the existing centralized mechanism has the defects of high cost, poor data storage safety, high false alarm rate and low efficiency.
Disclosure of Invention
The invention aims to provide a block chain-based attack detection method, which can ensure that data reported by voting cannot be tampered, can ensure that the reported data can be traced and verified, can realize anonymous reporting, ensures the privacy of reporting users, and has low false alarm rate and high efficiency.
As conceived above, the technical scheme of the invention is as follows: a block chain-based attack detection method comprises the following steps:
firstly, selecting a high-quality user set, namely a high-quality voting reporting user set;
secondly, the high-quality users can see the scores of various projects and the comment scores of other users in a scoring system in the block link environment, and classify a suspicious user set or a suspicious project set;
thirdly, when the suspicious item or the suspicious user is reported, the scoring system carries out statistics and classifies the suspicious item or the suspicious user into a suspicious user set or a suspicious item set, and then a suspicious user or a suspicious item data set is screened out by utilizing a machine learning method through feature extraction;
and fourthly, cross screening is carried out on the suspicious data set obtained by using the high-quality user voting report in the block chain and the suspicious data set detected by the traditional trusteeship attack to obtain a final trusteeship user set or a suspicious item set.
The suspicious data set classifying algorithm is as follows: suspicious user set or suspicious item set to be reported and votingUsers can form an M × n two-dimensional matrix M, wherein u is positioned in the ith row and the jth columnij(u11,u12,…umn) The voting report condition of the ith voter to the jth user is shown, when a high-quality user judges that a certain user is a trusted user, the element value is set to be 1, if the user is not reported, the element value is automatically set to be 0,
Figure GDA0003197753240000021
and performing matrix decomposition on the two-dimensional matrix M to obtain a pseudo voting reporting matrix, namely optimizing the following cost function by using gradient descent to obtain a matrix optimal solution:
Figure GDA0003197753240000022
wherein u isiIndicating the reporting of the user by voting, ujThe user data set matrix is expressed by the number of reported users, and the number of reported users is expressed by the number of reported users.
The invention has the following advantages and positive effects:
1. the invention relates to a trusting attack detection method based on a block chain technology, wherein the block chain has the advantages of decentralization, distrust, non-falsification and the like, and is a non-falsification and true and credible distributed database, so that the block chain technology can ensure the safety and fairness of the voting reporting system, reduce the false alarm rate and improve the efficiency.
2. The invention utilizes the voting mechanism of the block chain to lead the high-credit user which meets the requirements to vote and report out a suspicious user or project set, then utilizes the machine learning method to screen out a suspicious user or project data set through characteristic extraction, and finally carries out cross screening on the suspicious data set obtained by utilizing the high-quality user voting report in the block chain and the suspicious data set detected by the traditional trust attack to obtain the final trust user set or the suspicious project set so as to achieve the aim of effectively detecting the trust attack. Therefore, the invention has three characteristics: firstly, the data reported by the voting can be ensured not to be falsified; secondly, reported data can be traced and verified; and anonymous reporting can be realized, and the privacy of reporting users is ensured.
Drawings
Fig. 1 is a flow chart of a user reporting a detection support for a suspicious user.
Fig. 2 is a user flow diagram through the reporting of a suspect item.
Fig. 3 is a block chain based internal functional architecture diagram of the present invention.
Fig. 4 is a graph of 100 good users reporting 500 users after they have voted for a report using the present invention.
Detailed Description
A block chain-based trust attack detection method is used for reporting a suspicious item or a suspicious user in trust attack by using a block chain voting mechanism, and comprises the following steps:
1. selecting a high-quality voting reporting user set, selecting and screening users meeting the requirements according to the credit degree, the academic calendar, the work and the salary income of the users to form a high-credit user set, and having the authority of reporting suspicious projects and suspicious users in a scoring system. For example, the credit degree is given by referring to the referential payable ant credit points, the academic is given by taking the academic greater than the academic as an example, the salary level is greater than 1 ten thousand yuan, and because the movie scoring item is taken as an example, the job related to the movie is mainly selected in professional selection, 100 users form a high-credit user set, and the users are endowed with the authority of reporting the movie item and other users.
2. In the scoring system under the block link environment, 100 good users can see scores of various items and comments of other users, and when the good users see abnormal comment scores of some users, suspicious users can be directly reported, and report reasons can be filled, such as the fact that the users are abnormal is written. If the user sees the suspicious project, the suspicious project can be reported, and after the project is reported, the user with higher score under the project is scanned, recorded and screened, so that a suspicious user set is classified. For example, a movie is a movie shot by a platform, and if the user determines that the movie is ranked high, the movie can be reported. When a high-grade and high-quality movie is rated and a user is maliciously commented and scored, a suspicious abnormal item or a suspicious user can be reported, and the reporting reason can be filled, such as the suspicious item or the abnormal part of the user is described. We assume that 500 users are reported by 100 users, and a suspicious user set of 50 people is classified through naive Bayes algorithm calculation.
3. When a suspicious project or a suspicious user is reported, the system performs statistics and marks the suspicious project or the suspicious user into a suspicious user or a suspicious project set so as to obtain a first suspicious data set, after reporting is finished, the obtained data form a sparse matrix according to the voting reporting data of the user, and a false voting reporting matrix can be obtained through matrix decomposition.
The classification algorithm of the suspicious data set comprises the following steps:
forming a two-dimensional matrix by the obtained suspicious users or the suspicious item sets and the voting reporting users, for example, taking the detection of the suspicious users as an example, forming an M × n two-dimensional matrix M by the reported users and the voting reporting users, wherein u is in the ith row and the jth columnij(u11,u12,…umn) And the voting report condition of the ith voter to the jth user is shown, when a high-quality user judges that a certain user is a trusted user, the element value is set to be 1, and if the user is not reported, the element value is automatically set to be 0.
Figure GDA0003197753240000041
Meanwhile, we find that voters cannot possibly contact all users or projects participating in scoring, so the constructed voting matrix is an extremely sparse matrix, for example, we use a real data set to perform experiments, simulate the voting reporting situation, construct a voting matrix, and we select 18924 users in total, wherein 108 high-quality users are selected to report 10500 suspicious users in total, and the sparsity is 99.9947%, so we cannot obtain all votes and scores of the high-quality users to all users in a short time, so the elements in the matrix have a large number of empty elements and we need to complete the element value, so we use a matrix decomposition algorithm to complete the elements of the matrix, and in the real situation, it is difficult for all the high-quality users to check and vote to each user participating in scoring, so that, here we also use matrix decomposition to make data prediction, resulting in the matrix data we need.
We use gradient descent to optimize the following cost function to obtain a matrix optimal solution:
Figure GDA0003197753240000042
wherein u isiIndicating the reporting of the user by voting, ujThe user data set matrix is expressed by the number of reported users, and the number of reported users is expressed by the number of reported users.
The matrix is the same as the original matrix in information content, the matrix data represents the suspicious index of each user, the index is used for measuring the reporting condition of the high-quality user to other users, the higher the index is, the higher the suspicion degree of the high-quality user to the user is, and the higher the possibility that the user is the entrusted user is. The suspicious indexes are arranged from large to small, and after 100 high-quality users vote and report 500 users, a curve graph shown in fig. 4 is obtained, and from the graph, people can find that the curve has a jump point, the data fluctuation at the jump point is large, people draw a detection line by using the jump point, and people can find about 50 users (U) through the detection line1,U2,U3,…U50) The index is extremely high, the numerical value decreases gradually backwards, and the user on the left side of the detection line is divided into suspicious data sets.
4. And cross screening the suspicious data set obtained by using the voting report of the high-quality users in the block chain and the suspicious data set detected by the traditional trusteeship attack to obtain a final trusteeship user set or a suspicious item set.
Although particular embodiments of the invention have been described and illustrated in detail, it should be understood that various equivalent changes and modifications could be made to the above-described embodiments in accordance with the spirit of the invention, and the resulting functional effects would still fall within the scope of the invention, without departing from the spirit of the description and the accompanying drawings.

Claims (1)

1. A block chain-based attack detection method is characterized in that: the method comprises the following steps:
firstly, selecting a high-quality user set, namely a high-quality voting reporting user set;
secondly, the high-quality users can see the scores of various projects and the comment scores of other users in a scoring system in the block link environment, and classify a suspicious user set or a suspicious project set;
thirdly, when the suspicious item or the suspicious user is reported, the scoring system carries out statistics and classifies the suspicious item or the suspicious user into a suspicious user set or a suspicious item set, and then a suspicious user or a suspicious item data set is screened out by utilizing a machine learning method through feature extraction;
cross screening the suspicious data set obtained by using the voting report of the high-quality users in the block chain and the suspicious data set detected by the traditional trusteeship attack to obtain a final trusteeship user set or a suspicious item set;
the suspicious data set classifying algorithm is as follows: the suspicious user set or the suspicious item set to be reported and the voting reporting user can form an M × n two-dimensional matrix M, wherein u in the ith row and the jth columnij(u11,u12,…umn) The voting report condition of the ith voter to the jth user is shown, when a high-quality user judges that a certain user is a trusted user, the element value is set to be 1, if the user is not reported, the element value is automatically set to be 0,
Figure FDA0003197753230000011
and performing matrix decomposition on the two-dimensional matrix M to obtain a pseudo voting reporting matrix, namely optimizing the following cost function by using gradient descent to obtain a matrix optimal solution:
Figure FDA0003197753230000012
wherein u isiIndicating the reporting of the user by voting, ujThe user data set matrix is expressed by the number of reported users, and the number of reported users is expressed by the number of reported users.
CN201910861321.3A 2019-09-12 2019-09-12 Block chain-based support attack detection method Active CN110602090B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910861321.3A CN110602090B (en) 2019-09-12 2019-09-12 Block chain-based support attack detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910861321.3A CN110602090B (en) 2019-09-12 2019-09-12 Block chain-based support attack detection method

Publications (2)

Publication Number Publication Date
CN110602090A CN110602090A (en) 2019-12-20
CN110602090B true CN110602090B (en) 2021-11-23

Family

ID=68859184

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910861321.3A Active CN110602090B (en) 2019-09-12 2019-09-12 Block chain-based support attack detection method

Country Status (1)

Country Link
CN (1) CN110602090B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102184364A (en) * 2011-05-26 2011-09-14 南京财经大学 Semi-supervised learning-based recommendation system shilling attack detection method
CN104809393B (en) * 2015-05-11 2017-07-04 重庆大学 A kind of support attack detecting algorithm based on popularity characteristic of division
US10375105B2 (en) * 2017-03-03 2019-08-06 International Business Machines Corporation Blockchain web browser interface
CN108154178A (en) * 2017-12-25 2018-06-12 北京工业大学 Semi-supervised support attack detection method based on improved SVM-KNN algorithms
CN108470052B (en) * 2018-03-12 2021-03-19 南京邮电大学 Anti-trust attack recommendation algorithm based on matrix completion
CN109785494B (en) * 2018-12-21 2021-02-05 暨南大学 Traceable anonymous electronic voting method based on block chain

Also Published As

Publication number Publication date
CN110602090A (en) 2019-12-20

Similar Documents

Publication Publication Date Title
Pacheco et al. Uncovering coordinated networks on social media: methods and case studies
Efthimion et al. Supervised machine learning bot detection techniques to identify social twitter bots
US20190132224A1 (en) Systems and methods for identifying and mitigating outlier network activity
CN107533698A (en) The detection and checking of social media event
Zhao et al. Extracting and reasoning about implicit behavioral evidences for detecting fraudulent online transactions in e-Commerce
Hurley Robustness of recommender systems
Gounaridis et al. The social anatomy of climate change denial in the United States
Tumminello et al. Insurance fraud detection: A statistically validated network approach
CN113609394A (en) Information flow-oriented safety recommendation system
Abbasi et al. A comparison of fraud cues and classification methods for fake escrow website detection
Zheng et al. [Retracted] Using an Optimized Learning Vector Quantization‐(LVQ‐) Based Neural Network in Accounting Fraud Recognition
Mentch On racial disparities in recent fatal police shootings
Vishnuprasad et al. Tracking fringe and coordinated activity on Twitter leading up to the US Capitol attack
Zhang et al. Criminal law regulation of cyber fraud crimes—from the perspective of citizens’ personal information protection in the era of edge computing
Cheong et al. The rise of accounting: Making accounting information relevant again with exogenous data
Cao et al. Fake reviewer group detection in online review systems
Suborna et al. An approach to improve the accuracy of detecting spam in online reviews
Wass et al. Prediction of cyber attacks during coronavirus pandemic by classification techniques and open source intelligence
Long et al. MS_HGNN: a hybrid online fraud detection model to alleviate graph-based data imbalance
Yu et al. Detecting group shilling attacks in recommender systems based on maximum dense subtensor mining
Tu et al. How to improve the rumor-confutation ability of official rumor-refuting account on social media: A Chinese case study
CN110602090B (en) Block chain-based support attack detection method
Yang et al. Multi-Head multimodal deep interest recommendation network
Li [Retracted] False Financial Statement Identification Based on Fuzzy C‐Means Algorithm
Gnoss et al. XAI in the audit domain-explaining an autoencoder model for anomaly detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant