CN111600871A - Attack prevention method and device - Google Patents

Attack prevention method and device Download PDF

Info

Publication number
CN111600871A
CN111600871A CN202010402325.8A CN202010402325A CN111600871A CN 111600871 A CN111600871 A CN 111600871A CN 202010402325 A CN202010402325 A CN 202010402325A CN 111600871 A CN111600871 A CN 111600871A
Authority
CN
China
Prior art keywords
node
message
product
guarantee
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010402325.8A
Other languages
Chinese (zh)
Other versions
CN111600871B (en
Inventor
田新雪
万刚
严斌峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202010402325.8A priority Critical patent/CN111600871B/en
Publication of CN111600871A publication Critical patent/CN111600871A/en
Application granted granted Critical
Publication of CN111600871B publication Critical patent/CN111600871B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a device for preventing attack, and belongs to the technical field of communication. The attack prevention method comprises the following steps: receiving a computing capability proving message and/or an identity guarantee message broadcast by a neighboring node in a blockchain network; receiving routing information recommended by adjacent nodes; judging whether the adjacent node is credible or not according to the adding time length and the computing capacity certification message of the adjacent node added to the block chain network and/or the identity guarantee message; when the adjacent nodes are credible, the routing table of the current node is modified according to the routing information, so that an attacker can be prevented from maliciously tampering the routing information of the block chain network node through the false nodes, the external contact control of the block chain network node is avoided, the safety of a block chain network user is guaranteed, and the use experience of the user is improved.

Description

Attack prevention method and device
Technical Field
The invention relates to the technical field of communication, in particular to a method and a device for preventing attacks.
Background
Any network node can be added into the block chain network to become a node of the block chain network on the basis of following the related protocol of the block chain network. An attacker utilizes the characteristic to add the false nodes into the block chain network, influences the routing of real nodes in the block chain network through the false nodes, thereby controlling the external contact of the real nodes and releasing false resources in the block chain network. For example, in a blockchain network, a dummy node periodically announces its online condition to its neighboring real nodes, so that the neighboring real nodes are added to its routing table. And the attacker continuously sends routing table updating messages to the real nodes through the false nodes, so that the routing tables of the real nodes are full of the false nodes. When the number of the false nodes in the block chain network is enough, a large number of false nodes isolate the real nodes from the block chain network, so that the external contact of the real nodes is controlled, an attacker can further implement attack behaviors such as route cheating, storage pollution, service denial, ID hijacking and the like, and can also freely release false resources in the block chain network. Both the attack behavior aiming at the blockchain network and the false resources released in the blockchain network threaten the security of the user, thereby inevitably causing the reduction of the user experience.
Therefore, how to prevent an attacker from maliciously tampering the routing information of the blockchain network node through the false node to control the external contact of the blockchain network node becomes a problem to be solved in the field.
Disclosure of Invention
Therefore, the invention provides an attack prevention method and device, which are used for solving the problem that an attacker maliciously tampers with the routing information of the blockchain network node through a false node, so as to control the outward contact of the blockchain network node.
In order to achieve the above object, a first aspect of the present invention provides an attack prevention method, including:
receiving a computing capability proving message and/or an identity guarantee message broadcast by a neighboring node in a blockchain network;
receiving the routing information recommended by the adjacent node;
judging whether the adjacent node is credible or not according to the adding time of the adjacent node into the block chain network and the computing capacity proving message and/or according to the identity guaranteeing message;
and when the adjacent node is credible, modifying the routing table of the current node according to the routing information.
Further, the determining whether the neighboring node is trusted according to the joining duration of the neighboring node joining the blockchain network and the calculation capability certification message and/or according to the identity guaranty message includes:
acquiring the computing capability value of the adjacent node according to the computing capability proving message, and computing the credible product of the adjacent node according to the computing capability value and the adding duration; and/or, obtaining the guarantee product components of the adjacent nodes according to the identity guarantee message, and calculating the sum of the guarantee products of the adjacent nodes based on the guarantee product components;
and judging whether the adjacent node is credible or not based on a preset credible component threshold value and at least one of the calculation capacity value, the adding duration, the credible product and the sum of the guarantee products.
Further, the obtaining the computing power of the neighboring node according to the computing power certification message, and calculating the trusted product of the neighboring node according to the computing power and the join duration includes:
acquiring the computing capability value of the adjacent node from the computing capability proving message of the adjacent node; the computing capacity proving message is a workload proving message issued when the adjacent node applies for joining the blockchain network, the computing capacity proving message comprises a blockchain identifier, a public key and computing capacity proving materials of the adjacent node, and the computing capacity proving materials are messages which are audited by an originator node of the blockchain network and are signed by a private key of the originator node;
determining the joining time length of the adjacent node according to the joining time length identification corresponding to the adjacent node;
and multiplying the order of magnitude corresponding to the calculation capability value by the adding duration to obtain the credible product of the adjacent node.
Further, the obtaining the guaranteed product components of the neighboring nodes according to the identity guarantee message and calculating the sum of the guaranteed products of the neighboring nodes based on the guaranteed product components comprises:
extracting said vouching product component from said identity vouching message of said neighboring node; the identity guarantee message is an identity guarantee certificate issued when the adjacent node applies for joining the blockchain network, the identity guarantee message comprises a blockchain identifier of the adjacent node, a public key and a guarantee product component, the guarantee product component is obtained based on joining duration, computing capacity and number of guaranteed nodes of the guaranteed nodes, and the guarantee product component is a message signed by a corresponding private key of the guaranteed node;
and adding the guarantee product components to obtain the sum of the guarantee products of the adjacent nodes.
Further, the preset credible component threshold comprises a computing power component threshold, a joining duration component threshold and a credible product component threshold;
the determining whether the neighboring node is trusted based on a preset trusted component threshold and at least one of comparing the calculation capability value, the joining duration, the trusted product, and the sum of the guaranty products includes:
comparing the computing power value to the computing power component threshold;
comparing the joining duration with the joining duration component threshold;
comparing the trusted product to the trusted product component threshold;
and when the computing capability value is greater than the computing capability component threshold, the adding duration is greater than the adding duration component threshold, and the credible product is greater than the credible product component threshold, judging that the adjacent node is credible.
Further, the preset credible component threshold comprises a sum component threshold of guaranteed products;
the determining whether the neighboring node is trusted based on a preset trusted component threshold and at least one of comparing the calculation capability value, the joining duration, the trusted product, and the sum of the guaranty products includes:
comparing said guaranteed product sum to said guaranteed product sum component threshold;
and when the sum of the guarantee products is larger than the sum of the guarantee products component threshold value, judging that the adjacent node is credible.
Further, before the obtaining the guarantee product components of the neighboring nodes according to the identity guarantee message and calculating the sum of the guarantee products of the neighboring nodes based on the guarantee product components, the method further includes:
verifying the identity vouching message.
Further, said verifying said identity assurance message comprises:
performing signature verification on the identity guarantee message;
extracting the vouching product component from the identity vouching message when the identity vouching message passes signature verification; wherein the guaranteed product component comprises one or more;
performing signature verification on the vouched product component;
and when all the guarantee product components pass the signature verification, determining that the identity guarantee message passes the verification.
Further, the method for preventing attacks further comprises:
receiving a guarantee product acquisition request sent by a node applying for joining;
judging whether the current node has a remaining guarantee product according to the adding duration of the current node, the calculation capacity value and the guaranteed product;
when the current node has the remaining guarantee product, calculating the guarantee product component according to the adding duration, the calculating capacity value and the number of guaranteed nodes;
providing said guaranteed product component to said application joining node.
In order to achieve the above object, a second aspect of the present invention provides an attack prevention apparatus comprising:
a receiving module, configured to receive a computing capability proving message and/or an identity guaranty message broadcast by a neighboring node in a blockchain network; receiving the routing information recommended by the adjacent node;
a judging module, configured to judge whether the neighboring node is trusted according to a joining duration of the neighboring node joining the blockchain network and the computing capability proving message and/or according to the identity guaranty message;
and the modification module is used for modifying the routing table of the current node according to the routing information when the adjacent node is credible.
The invention has the following advantages:
the method for preventing the attack provided by the invention receives the computing power proving message and/or the identity guaranteeing message broadcast by the adjacent node in the block chain network; receiving routing information recommended by adjacent nodes; judging whether the adjacent node is credible or not according to the adding time length and the computing capacity certification message of the adjacent node added to the block chain network and/or the identity guarantee message; when the adjacent nodes are credible, the routing table of the current node is modified according to the routing information, so that an attacker can be prevented from maliciously tampering the routing information of the block chain network node through the false nodes, the external contact control of the block chain network node is avoided, the safety of a block chain network user is guaranteed, and the use experience of the user is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
Fig. 1 is a flowchart of a method for preventing attacks according to a first embodiment of the present invention;
fig. 2 is a flowchart of a method for preventing attacks according to a second embodiment of the present invention;
fig. 3 is a flowchart of a method for preventing attacks according to a third embodiment of the present invention;
fig. 4 is a flowchart of a method for preventing attacks according to a fourth embodiment of the present invention;
fig. 5 is a flowchart of a method for preventing attacks according to a fifth embodiment of the present invention;
fig. 6 is a schematic block diagram of an attack prevention apparatus according to a sixth embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
The method and the device for preventing the attack, which are provided by the embodiment of the invention, consider that an attacker can utilize the false nodes to influence the routing of the real nodes in the block chain network, and when the number of dummy nodes in the blockchain network is large enough, the large number of dummy nodes can "isolate" the real nodes from the blockchain network, thereby controlling the external contact of the real nodes, further implementing the attack behaviors of route cheating, storage pollution, denial of service, ID hijack and the like by an attacker, and issues false resources randomly in the blockchain network, therefore, a method and device for preventing attack is proposed, the routing information of the blockchain network nodes can be prevented from being maliciously tampered by an attacker through the false nodes, the external contact control of the blockchain network nodes is avoided, the safety of users of the blockchain network is guaranteed, and therefore the use experience of the users is improved.
Fig. 1 is a flowchart of a method for preventing attacks according to a first embodiment of the present invention. As shown in fig. 1, the method for preventing attacks may include the following steps:
step S101, receiving a computing capability proving message and/or an identity guaranty message broadcast by a neighboring node in a blockchain network.
The computing capacity certification message is a workload certification of the adjacent node, and the identity guarantee message is an identity certification of the adjacent node. In some embodiments, the computing power attestation message includes a blockchain identification of the neighboring node, a public key, and computing power attestation material, the computing power attestation material being a message that is audited by the blockchain network originator node and signed by the originator node private key; the identity guarantee message comprises a block chain identifier of an adjacent node, a public key and a guarantee product component, wherein the guarantee product component is obtained based on the adding duration, the calculating capacity and the number of guaranteed nodes of the guarantee node, and the guarantee product component is a message signed by a corresponding guarantee node private key.
In the blockchain network, any network node can be added into the blockchain network to become a node of the blockchain network on the basis of following a blockchain network related protocol. The attacker utilizes the characteristic to add the false node into the block chain network and utilizes the false node to launch the attack on the block chain network. For example, an attacker can influence the routing of a real node in the blockchain network through the dummy node, thereby controlling the external contact of the real node and publishing the dummy resource in the blockchain network. To avoid this, a verification operation is added to a network node newly joining a blockchain network, that is, if the network node is to join a blockchain network and is authorized by the blockchain network, the network node needs to broadcast a computing capability proving message and/or an identity guarantee message in the blockchain network in addition to joining the blockchain network according to the relevant protocol of the blockchain network, so as to prove that the network node is a real node, rather than just a false node for changing the routing table of the neighboring node. It is to be understood that the computing capability attestation message and/or the identity guaranty message is a message with a certain authority, which enables a node in the blockchain network to authorize a network node sending the computing capability attestation message and/or the identity guaranty message after receiving the computing capability attestation message and/or the identity guaranty message.
In a first embodiment, after a network node requests to join a blockchain network and become a node of the blockchain network, the network node broadcasts a computing capability attestation message in the blockchain network in order to obtain approval of other nodes in the blockchain network. For the current node, it receives a computing power attestation message broadcast by a neighbor node in the blockchain network to determine that the neighbor node is a real node, rather than a dummy node merely to change the current node routing table. Specifically, the network node (i.e., the neighboring node, at which point the neighboring node has not obtained approval of the current node and other blockchain nodes) submits its own computing capability attestation material to the originator node of the blockchain network in a blockchain-down manner. And after the originator node receives the computing capacity proving material, auditing the computing capacity proving material. When the computing power proving material passes the audit of the originator node, the originator node signs the computing power proving material by using a private key of the originator node, and sends the signed computing power proving material to the network node in a block chain mode. After receiving the computing power proving material signed by the originator node, the network node generates a computing power proving message based on the blockchain identifier of the network node, the public key and the computing power proving material, and broadcasts the computing power proving message in the blockchain network to verify that the network node is a real node. For other nodes (including the current node and other nodes in the blockchain network) in the blockchain network, the other nodes receive the computing capacity proving message sent by the network node, verify the computing capacity proving message, and after the verification is passed, determine that the network node is a real node.
In a second embodiment, after the network node obtains the approval of the node in the blockchain network based on the security node, that is, the network node applies for joining the blockchain network to become a node of the blockchain network, the network node broadcasts the identity security message in the blockchain network in order to obtain the approval of other nodes in the blockchain network. For the current node, it receives the identity vouching message broadcast by the neighboring node in the blockchain network to determine that the neighboring node is a real node, rather than a false node merely to change the current node routing table. Specifically, a network node (i.e., a neighboring node, at which point the neighboring node has not obtained approval of the current node and other blockchain nodes) obtains a vouch-for product component from one or more vouch-for nodes, generates an identity vouch-for message based on the blockchain identifier of the network node, the public key, and the vouch-for product component, and broadcasts the identity vouch-for message in the blockchain network to verify that it is a real node. The guarantee node is a third-party reliable node, the guarantee product component is a message signed by a private key of the corresponding guarantee node, and the guarantee product component is obtained based on the adding duration, the computing capacity and the number of the guaranteed nodes of the guarantee node. For other nodes (including the current node and other nodes in the blockchain network) in the blockchain network, the identity guarantee message sent by the network node is received, the identity guarantee message is verified, and after the identity guarantee message passes the verification, the network node can be determined to be a real node. Wherein the process of obtaining the vouching product component from the vouching node with respect to the network node comprises: assume that a network node obtains a vouch-for product component from a first vouching node and a second vouching node. The joining time of the first guarantee node joining the blockchain network is T1, the computing capacity is C1, the number of guaranteed nodes is N (including the current network node), the joining time of the second guarantee node joining the blockchain network is T2, the computing capacity is C2, and the number of guaranteed nodes is M (including the current network node). Thus, the network node obtains a guaranteed product component from the first guaranteed node as P1 and a guaranteed product component from the second guaranteed node as P2; wherein, P1 ═ T1 ═ C1/N, P2 ═ T2 ═ C2/M.
Step S102, receiving the route information recommended by the adjacent node.
The routing information of the adjacent node comprises a destination node which can be reached by the adjacent node and a corresponding distance. In the block chain network, the current node periodically broadcasts the routing information of the current node to the adjacent nodes, receives the routing information broadcast by the adjacent nodes, and maintains and updates the routing information of the current node according to the routing information of the adjacent nodes. By adopting the mechanism, each node in the block chain network maintains a routing table containing routing information reaching other nodes, and the routing table is updated at any time along with the change of the block chain network topological structure so as to accurately reflect the topological structure of the block chain network, so that when the node receives the information, the information can be quickly and accurately sent to a target node based on the routing table.
In one embodiment, the neighboring nodes broadcast the routing information in the blockchain network according to the preset period timing, and the routing information comprises destination nodes which can be reached by the neighboring nodes and required hop counts. The current node receives the routing information broadcast by the neighboring nodes.
And step S103, judging whether the adjacent node is credible or not according to the adding time length and the computing capacity certification message of the adjacent node added to the block chain network and/or the identity guarantee message.
The computing power attestation message and the identity vouch-for message are messages that are broadcast by neighboring nodes in the blockchain network for attesting to identity. If the messages for proving the identity provided by the adjacent nodes are different, the method for judging whether the adjacent nodes are credible is also different. In this embodiment, a corresponding method for determining whether the neighboring node is trusted is provided for the computing capability attestation message and the identity guarantee message, respectively.
In a first embodiment, a neighbor node broadcasts a computing power attestation message in a blockchain network to attest to identity. After receiving the routing information recommended by the adjacent node, the current node needs to judge whether the adjacent node is credible according to the computing capability proving message in order to prevent the adjacent node from being a false node and maliciously influencing the routing selection of the current node. The specific judging method comprises the following steps: firstly, the calculation capacity value of the adjacent node is obtained from the calculation capacity proving message, then the order of magnitude corresponding to the calculation capacity value is multiplied by the adding time of the adjacent node into the block chain network, and the obtained product is the credible product of the adjacent node. Secondly, assuming that the preset credible component threshold comprises an adding time length component threshold, a computing capacity component threshold and a credible product component threshold, respectively comparing the computing capacity value of the adjacent node with the computing capacity component threshold, comparing the adding time length of the adjacent node with the adding time length component threshold, comparing the credible product of the adjacent node with the credible product component threshold, and obtaining a comparison result. And finally, judging whether the adjacent nodes are credible according to the comparison result. Specifically, when the calculation capacity value is greater than the calculation capacity component threshold, the adding duration is greater than the adding duration component threshold, and the credible product is greater than the credible product component threshold, the adjacent node is judged to be credible.
In a second embodiment, a neighboring node broadcasts an identity assurance message in a blockchain network to prove identity. After receiving the routing information recommended by the adjacent node, the current node needs to judge whether the adjacent node is credible according to the identity guarantee message in order to prevent the adjacent node from being a false node and maliciously influencing the routing selection of the current node. The specific judging method comprises the following steps: first, the guarantee product components are extracted from the identity guarantee message, and then the guarantee product components are added, and the obtained sum is the sum of the guarantee products. And secondly, if the preset credible component threshold is a guarantee product sum threshold, comparing the guarantee product sum with the guarantee product sum threshold to obtain a comparison result. And finally, judging whether the adjacent node is credible according to the comparison result, namely judging that the adjacent node is credible when the sum of the guarantee products is greater than the sum threshold of the guarantee products.
And step S104, when the adjacent node is credible, modifying the routing table of the current node according to the routing information.
The routing table, also called routing domain information base, stores the path of the current node pointing to a specific network address (in some cases, the routing metric of the path is also recorded). The main goal of routing table establishment is to implement routing protocols and static routing, i.e., a node can send information to a designated destination node according to a routing table.
In one embodiment, it is assumed that the routing information of the neighboring node is a temporary routing table. And when the current node determines that the adjacent node is credible, modifying the routing table of the current node according to the temporary routing table. Specifically, comparing the routing table of the current node with the temporary routing table recommended by the adjacent node, and if a new destination address appears in the temporary routing table, adding the corresponding routing table entry into the routing table of the current node; and if the destination addresses corresponding to the table entries in the routing table of the current node and the temporary routing table are the same, further comparing the hop count, and updating the routing table entry corresponding to the smaller hop count into the routing table of the current node.
Fig. 2 is a flowchart of an attack prevention method according to a second embodiment of the present invention, which is substantially the same as the first embodiment of the present invention except that: and judging whether the adjacent node is credible or not according to the computing capacity proving message. As shown in fig. 2, the method for preventing attacks may include the following steps:
step S201, receiving a computing capability proving message broadcast by a neighboring node in a blockchain network.
Step S201 in this embodiment is the same as step S101 in the first embodiment of the present invention, and is not described herein again.
Step S202, obtaining the calculation capability value of the adjacent node according to the calculation capability proving message, and calculating the credible product of the adjacent node according to the calculation capability value and the adding duration.
Wherein the computing power attestation message includes a blockchain identification of the neighboring node, a public key, and computing power attestation material. The computing power values of the neighboring nodes can be obtained from the computing power proving material.
In one embodiment, obtaining the computing power value of the neighboring node according to the computing power certification message, and calculating the trusted product of the neighboring node according to the computing power value and the joining duration includes:
first, the calculation capability value of the neighboring node is acquired from the calculation capability certification message of the neighboring node.
Specifically, computing power proving materials are extracted from computing power proving messages of adjacent nodes, and computing power values are obtained according to the computing power proving materials.
And secondly, determining the adding time length of the adjacent node according to the adding time length identification corresponding to the adjacent node.
The adding duration identification is an identification set for the adjacent node after the current node receives the computing capacity proving message broadcast by the adjacent node, and is used for determining the duration for the adjacent node to be added into the block chain network. According to the adding time length identification, the current node can determine the adding time length of the adjacent node to the block chain network. It is understood that the join duration of the neighboring node may also be obtained in other manners.
And finally, multiplying the order of magnitude corresponding to the calculation capability value by the adding duration to obtain the credible product of the adjacent node.
Where an order of magnitude refers to a number of scales or levels of size, with a fixed ratio maintained between each level. The ratios typically used are 10, 2, 1000, 1024 and e (base of natural logarithm), etc. In actual use, the proportion can be selected according to application scenes and the technical field.
For example, the computing power proving message broadcast by the neighboring node is MCThe adding duration corresponding to the adjacent node is marked as IT. First, D is extracted from the computing power proving messageCThen according to DCThus obtaining C; wherein D isCFor calculation ability proving materials, C is a calculation ability value. In addition, the time length for the adjacent node to join the block chain is determined to be T according to the joining time length identification. Assuming that the order of magnitude of the calculation ability value is 2 as a ratio, the order of magnitude of the calculation ability value is Q, and Q is log2 C. Then, the order of magnitude corresponding to the calculation capability value is multiplied by the adding duration to obtain the DP. Wherein DP is the trusted product, and DP ═ Q × T.
Step S203, judging whether the adjacent node is credible or not based on a preset credible component threshold value and at least one of a comparative calculation capacity value, a adding duration and a credible product.
The preset trusted component threshold may be one or more, and needs to be set according to the number of the trusted components to be compared. Generally, if the number of the preset trusted component thresholds is more (in this embodiment, the maximum number of the preset trusted component thresholds is 3), the more times the comparison needs to be performed, which indicates that the criterion for determining whether the adjacent node is trusted is higher; if the number of the preset trusted component thresholds is smaller (in this embodiment, the minimum number of the preset trusted component thresholds is 1), the smaller the number of times of comparison is, the lower the criterion for determining whether the adjacent node is trusted is.
It should be noted that the value of the preset trusted component threshold may be set according to business requirements and/or experience and/or statistical data. It can be understood that, if the value corresponding to the preset trusted component threshold is higher, the higher the criterion is, the higher the adjacent node is determined to be trusted.
In one embodiment, it is assumed that the preset trusted component threshold includes a computing power component threshold, a join duration component threshold, and a trusted product component threshold. Firstly, comparing a computing capability value with a computing capability component threshold value; secondly, comparing the adding duration with a adding duration component threshold; and thirdly, comparing the credible product with the credible product component threshold to finally obtain a comparison result, and then judging whether the adjacent node is credible according to the comparison result. Specifically, the adjacent node is judged to be trustworthy only if the computing power value is greater than the computing power component threshold, the joining duration is greater than the joining duration component threshold, and the trustworthy product is greater than the trustworthy product component threshold. Other comparison results are judged that the adjacent nodes are not credible.
And step S204, when the adjacent node is credible, modifying the routing table of the current node according to the routing information.
Step S204 in this embodiment is the same as step S104 in the first embodiment of the present invention, and is not described herein again.
Fig. 3 is a flowchart of an attack prevention method according to a third embodiment of the present invention, which is substantially the same as the first embodiment of the present invention except that: and judging whether the adjacent node is credible or not according to the identity guarantee message. As shown in fig. 3, the method for preventing attacks may include the following steps:
step S301 receives an identity guarantee message broadcast by a neighboring node in a blockchain network.
Step S301 in this embodiment is the same as step S101 in the first embodiment of the present invention, and is not described herein again.
Step S302, according to the identity guarantee information, the guarantee product components of the adjacent nodes are obtained, and the sum of the guarantee products of the adjacent nodes is calculated based on the guarantee product components.
The identity guarantee message is an identity guarantee certificate issued when the adjacent node applies for joining the blockchain network, the identity guarantee message comprises a blockchain identifier of the adjacent node, a public key and a guarantee product component, the guarantee product component is obtained based on the joining duration, the computing capacity and the number of guaranteed nodes of the guarantee node, the guarantee product component is a message signed by a corresponding guarantee node private key, and the guarantee node is a third-party trusted node.
In one embodiment, obtaining the guaranteed product components of the neighboring nodes from the identity guarantee message and calculating the sum of the guaranteed products of the neighboring nodes based on the guaranteed product components comprises:
first, a vouch-for product component is extracted from the identity vouching message of the neighboring node.
The identity vouching message includes one or more vouching product components that can be extracted from the identity vouching message.
Secondly, the guarantee product components are added to obtain the sum of the guarantee products of the adjacent nodes.
The extracted guaranteed product components are accumulated to obtain a sum of guaranteed products.
Step S303, comparing the sum of the guaranteed products based on a preset credible component threshold value, and judging whether the adjacent node is credible.
The preset trusted component threshold may be one or more, and needs to be set according to the number of the trusted components to be compared. In this embodiment, since the confidence component is only the sum of the guaranteed products, only one preset confidence component threshold is the sum of guaranteed products component threshold.
In one embodiment, the predetermined trusted component threshold is a sum component threshold of the guaranteed products. First, the sum of the guaranteed products is compared to a guaranteed product sum component threshold. When the sum of the guarantee products is larger than the sum component threshold of the guarantee products, judging that the adjacent node is credible; when the sum of the guaranteed products is less than or equal to the guaranteed products sum component threshold, the neighboring node is determined to be untrusted.
And step S304, when the adjacent node is credible, modifying the routing table of the current node according to the routing information.
Step S304 in this embodiment is the same as step S104 in the first embodiment of the present invention, and is not described herein again.
Fig. 4 is a flowchart of an attack prevention method according to a fourth embodiment of the present invention, which is substantially the same as the third embodiment of the present invention, except that: before judging whether the adjacent node is credible according to the identity guarantee message, the identity guarantee message is verified. As shown in fig. 4, the method for preventing attacks may include the following steps:
step S401 receives an identity guarantee message broadcast by a neighboring node in a blockchain network.
Step S401 in this embodiment is the same as step S301 in the first embodiment of the present invention, and is not described herein again.
Step S402, the identity assurance message is verified.
Before the identity guarantee message is used for judging whether the adjacent node is credible, the identity guarantee message is verified to determine the safety and reliability of the identity guarantee message, so that the reliability of the credible result of the adjacent node judged based on the identity guarantee message can be ensured.
In one embodiment, verifying the identity vouching message comprises:
first, the identity vouching message is signed and verified.
Since the identity guarantee message is a message signed by the private key of the adjacent node, the public key of the adjacent node is used for signature verification of the identity guarantee message.
Second, when the identity vouching message passes the signature verification, a vouching product component is extracted from the identity vouching message.
Wherein the guaranteed product component comprises one or more.
Again, the vouching product component is signature verified.
The guaranteed product component is a message signed by the private key of the corresponding guaranteed node, so that signature verification is performed on each guaranteed product component by using the public key of the corresponding guaranteed node.
And finally, when all the guarantee product components pass the signature verification, determining that the identity guarantee message passes the verification.
Only when all the vouching product components pass the signature verification can the identity vouching message be determined to pass the verification, and the identity vouching message can be determined to be authentic.
Step S403, obtaining the guarantee product components of the adjacent nodes according to the identity guarantee message, and calculating the sum of the guarantee products of the adjacent nodes based on the guarantee product components.
Step S403 in this embodiment is the same as step S302 in the first embodiment of the present invention, and is not described herein again.
Step S404, comparing the sum of the guaranteed products based on a preset credible component threshold value, and judging whether the adjacent nodes are credible.
Step S404 in this embodiment is the same as step S303 in the first embodiment of the present invention, and is not described herein again.
And step S405, when the adjacent node is credible, modifying the routing table of the current node according to the routing information.
Step S405 in this embodiment is the same as step S304 in the first embodiment of the present invention, and is not described herein again.
It should be noted that, if the neighboring node broadcasts the computing capability attestation message in the blockchain network, after the current node receives the computing capability attestation message broadcast by the neighboring node, before the current node uses the computing capability attestation message to determine whether the neighboring node is trusted, the computing capability attestation message may also be verified to determine the security and reliability of the computing capability attestation message, so as to ensure the reliability of the trusted result of the neighboring node determined based on the computing capability attestation message.
Fig. 5 is a flowchart of a method for preventing attacks according to a first embodiment of the present invention. As shown in fig. 5, the method for preventing attacks may include the following steps:
step S501, receiving a request for obtaining a guarantee product sent by a node applying for joining.
When a node applying for joining the blockchain network obtains the computing power certification material signed by the private key of the blockchain originator node without a mode under the blockchain to join the blockchain network, the node can obtain a guarantee product component from a guarantee node, generate an identity guarantee message based on the guarantee product component, the blockchain identifier and the public key, and then broadcast the identity guarantee message in the blockchain network to obtain the trust of the nodes in the blockchain network. The current node, as a trusted node of the blockchain network, may provide a guaranteed product component to the joining-applying node.
In one embodiment, a node applying for joining a blockchain network uses a current node as a trusted node and sends a guarantee product acquisition request to the current node to acquire a guarantee product component provided by the current node. The current node receives a request for obtaining the guarantee product sent by the node applying for joining.
It will be appreciated that the application joining node may send a get vouch-for product request to one or more trusted nodes (vouching nodes) to obtain more vouch-for product components.
Step S502, according to the adding duration of the current node, the calculation capability value and the guaranteed product, judging whether the current node has the remaining guaranteed product.
Wherein the guaranteed product is the sum of guaranteed products which are provided by the current node for other application joining nodes. As the join duration for the current node to join the blockchain network increases and/or the computational power of the current node increases, the current node will have a remaining guaranteed product available.
In one embodiment, determining whether the current node has a remaining guaranteed product according to the join duration, the calculation capability value, and the guaranteed product of the current node includes:
and multiplying the adding duration of the current node by the calculation capacity value to obtain a guarantee total product, then subtracting the guarantee total product of the current node from the guarantee total product, if the obtained result is greater than zero, indicating that the current node still has a residual guarantee product, and if the obtained result is equal to zero, indicating that the current node does not have the residual guarantee product to provide.
If the adding time length of the current node is T, the computing capability value is C, and the guaranteed product is Ma. Obtaining M according to the adding duration and the calculation capacity value; wherein, M is the guarantee total product, and M ═ T × C. Then, the guaranteed product is subtracted from the guaranteed total product to obtain Mb(ii) a Wherein M isbIs the remaining guaranteed product, and Mb=M-Ma. When M isbWhen the number is more than zero, the current node is also shownThe remaining guaranteed product may be provided; when M isbAnd when the value is equal to zero, the current node has no residual guarantee product.
In step S503, when the current node has the remaining guaranteed product, the guaranteed product component is calculated according to the adding duration, the calculation capability value and the number of guaranteed nodes.
In one embodiment, calculating the vouch-for product component based on the join duration, the calculation capability value, and the number of vouched nodes comprises:
the method comprises the steps of multiplying the adding duration with the calculation capacity value to obtain a guarantee total product, and dividing the guarantee total product by the number of guaranteed nodes (the number of guaranteed nodes comprises the current application adding node) to obtain a guarantee product component.
If the joining time of the current node is T, the calculation capability value is C, and the number of the guaranteed nodes is N (the number of the guaranteed nodes is also counted by the current joining application node). Firstly, multiplying the adding duration by the calculation capacity value to obtain M; wherein M is the guaranteed total product, and M ═ T × C. Then, the total product of the guarantee is divided by the number of guaranteed nodes to obtain MP(ii) a Wherein M isPIs a guaranteed product component, and MP=M/N。
Step S504, provide the guarantee product component to the application joining node.
The current node provides the guarantee product component obtained by calculation to the application joining node so that the application joining node can obtain the trust of the network node of the block chain.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
Fig. 6 is a schematic block diagram of an attack prevention apparatus according to a sixth embodiment of the present invention. As shown in fig. 6, the attack preventing apparatus includes: a receiving module 601, a judging module 602 and a modifying module 603.
A receiving module 601, configured to receive a computing capability proving message and/or an identity guaranty message broadcast by a neighboring node in a blockchain network; and receiving the routing information recommended by the adjacent node.
Wherein, the computing capacity proving message is the workload proving of the adjacent node; the identity guarantee message is the identity certificate of the adjacent node; the routing information of the neighboring node includes destination nodes that can be reached by the neighboring node and corresponding distances.
In some embodiments, the computing power attestation message includes a blockchain identification of the neighboring node, a public key, and computing power attestation material, the computing power attestation material being a message that is audited by the blockchain network originator node and signed by the originator node private key; the identity guarantee message comprises a block chain identifier of an adjacent node, a public key and a guarantee product component, wherein the guarantee product component is obtained based on the adding duration, the calculating capacity and the number of guaranteed nodes of the guarantee node, and the guarantee product component is a message signed by a corresponding guarantee node private key.
In a first embodiment, the receiving module 601 receives a computing capability attestation message broadcast by a neighboring node in a blockchain network, including:
after a network node applies for joining the blockchain network and becomes a node of the blockchain network, the network node broadcasts a computing capability certification message in the blockchain network in order to obtain the approval of other nodes in the blockchain network. For the current node, it receives the computing capability proving message broadcast by the neighboring node in the blockchain network through the receiving module 601 to determine that the neighboring node is a real node, not just a false node for changing the routing table of the current node. Specifically, the network node (i.e., the neighboring node, at which point the neighboring node has not obtained approval of the current node and other blockchain nodes) submits its own computing capability attestation material to the originator node of the blockchain network in a blockchain-down manner. And after the originator node receives the computing capacity proving material, auditing the computing capacity proving material. When the computing power proving material passes the audit of the originator node, the originator node signs the computing power proving material by using a private key of the originator node, and sends the signed computing power proving material to the network node in a block chain mode. After receiving the computing power proving material signed by the originator node, the network node generates a computing power proving message based on the blockchain identifier of the network node, the public key and the computing power proving material, and broadcasts the computing power proving message in the blockchain network to verify that the network node is a real node. For other nodes (including the current node and other nodes in the blockchain network) in the blockchain network, the other nodes receive the computing capacity proving message sent by the network node, verify the computing capacity proving message, and after the verification is passed, determine that the network node is a real node.
In a second embodiment, the receiving module 601 receives an identity guaranty message broadcast by a neighboring node in a blockchain network, and includes:
the network node obtains approval of the nodes in the blockchain network based on the guarantee node, namely the network node applies for joining the blockchain network to become a node of the blockchain network, and in order to obtain approval of other nodes in the blockchain network, the network node broadcasts the identity guarantee message in the blockchain network. For the current node, it receives the identity guaranty message broadcast by the neighboring node in the blockchain network through the receiving module 601 to determine that the neighboring node is a real node, not just a false node for changing the current node routing table. Specifically, a network node (i.e., a neighboring node, at which point the neighboring node has not obtained approval of the current node and other blockchain nodes) obtains a vouch-for product component from one or more vouch-for nodes, generates an identity vouch-for message based on the blockchain identifier of the network node, the public key, and the vouch-for product component, and broadcasts the identity vouch-for message in the blockchain network to verify that it is a real node. The guarantee node is a third-party reliable node, the guarantee product component is a message signed by a private key of the corresponding guarantee node, and the guarantee product component is obtained based on the adding duration, the computing capacity and the number of the guaranteed nodes of the guarantee node. For other nodes (including the current node and other nodes in the blockchain network) in the blockchain network, the identity guarantee message sent by the network node is received, the identity guarantee message is verified, and after the identity guarantee message passes the verification, the network node can be determined to be a real node.
In a third embodiment, the receiving module 601 receives the routing information recommended by the neighboring node, including:
and the adjacent nodes broadcast routing information in the block chain network at regular time according to a preset period, wherein the routing information comprises destination nodes which can be reached by the adjacent nodes and required hop counts. The current node receives the routing information broadcast by the neighboring node through the receiving module 601.
The determining module 602 is configured to determine whether the neighboring node is trusted according to a join duration and a calculation capability certification message when the neighboring node joins the blockchain network and/or according to an identity guarantee message.
The computing power attestation message and the identity vouch-for message are messages that are broadcast by neighboring nodes in the blockchain network for attesting to identity. If the identity-certifying messages provided by the neighboring nodes are different, the method for determining whether the neighboring nodes are trusted by the determining module 602 is also different. In this embodiment, the determination module 602 is provided for the computing capability attestation message and the identity assurance message, respectively, to determine whether the neighboring node is authentic.
In a first embodiment, the determining module 602 determines whether the neighboring node is trusted according to the join duration and the computing capability certification message of the neighboring node joining the blockchain network, including:
the neighboring nodes broadcast a computing power attestation message in the blockchain network to attest to identity. After receiving the routing information recommended by the neighboring node, the current node needs to judge whether the neighboring node is trusted through the judgment module 602 according to the computing capability proving message in order to prevent the neighboring node from being a false node and maliciously affecting its routing. The method for the determining module 602 to determine includes: firstly, the calculation capacity value of the adjacent node is obtained from the calculation capacity proving message, then the order of magnitude corresponding to the calculation capacity value is multiplied by the adding time of the adjacent node into the block chain network, and the obtained product is the credible product of the adjacent node. Secondly, assuming that the preset credible component threshold comprises an adding time length component threshold, a computing capacity component threshold and a credible product component threshold, respectively comparing the computing capacity value of the adjacent node with the computing capacity component threshold, comparing the adding time length of the adjacent node with the adding time length component threshold, comparing the credible product of the adjacent node with the credible product component threshold, and obtaining a comparison result. And finally, judging whether the adjacent nodes are credible according to the comparison result. Specifically, when the calculation capacity value is greater than the calculation capacity component threshold, the adding duration is greater than the adding duration component threshold, and the credible product is greater than the credible product component threshold, the adjacent node is judged to be credible.
In a second embodiment, the determining module 602 determines whether the neighboring node is trusted according to the identity assurance message, including:
the neighboring nodes broadcast identity assurance messages in the blockchain network to prove identity. After receiving the routing information recommended by the neighboring node, the current node needs to determine whether the neighboring node is trusted through the determining module 602 according to the identity guarantee message in order to prevent the neighboring node from being a false node and maliciously affecting its routing. The method for the determining module 602 to determine includes: first, the guarantee product components are extracted from the identity guarantee message, and then the guarantee product components are added, and the obtained sum is the sum of the guarantee products. And secondly, if the preset credible component threshold is a guarantee product sum threshold, comparing the guarantee product sum with the guarantee product sum threshold to obtain a comparison result. And finally, judging whether the adjacent node is credible according to the comparison result, namely judging that the adjacent node is credible when the sum of the guarantee products is greater than the sum threshold of the guarantee products.
A modifying module 603, configured to modify the routing table of the current node according to the routing information when the neighboring node is trusted.
The routing table, also called routing domain information base, stores the path of the current node pointing to a specific network address (in some cases, the routing metric of the path is also recorded). The main goal of routing table establishment is to implement routing protocols and static routing, i.e., a node can send information to a designated destination node according to a routing table.
In one embodiment, it is assumed that the routing information of the neighboring node is a temporary routing table. When the current node determines that the neighboring node is trusted, the current node modifies its own routing table through the modification module 603 according to the temporary routing table. Specifically, comparing the routing table of the current node with the temporary routing table recommended by the adjacent node, and if a new destination address appears in the temporary routing table, adding the corresponding routing table entry into the routing table of the current node; and if the destination addresses corresponding to the table entries in the routing table of the current node and the temporary routing table are the same, further comparing the hop count, and updating the routing table entry corresponding to the smaller hop count into the routing table of the current node.
It should be noted that each module referred to in this embodiment is a logical module, and in practical applications, one logical unit may be one physical unit, may be a part of one physical unit, and may be implemented by a combination of multiple physical units. In addition, in order to highlight the innovative part of the present invention, elements that are not so closely related to solving the technical problems proposed by the present invention are not introduced in the present embodiment, but this does not indicate that other elements are not present in the present embodiment.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.

Claims (10)

1. A method of preventing attacks, comprising:
receiving a computing capability proving message and/or an identity guarantee message broadcast by a neighboring node in a blockchain network;
receiving the routing information recommended by the adjacent node;
judging whether the adjacent node is credible or not according to the adding time of the adjacent node into the block chain network and the computing capacity proving message and/or according to the identity guaranteeing message;
and when the adjacent node is credible, modifying the routing table of the current node according to the routing information.
2. The method according to claim 1, wherein the determining whether the neighboring node is trusted according to the joining duration of the neighboring node joining the blockchain network and the computing capability attestation message and/or according to the identity guaranty message comprises:
acquiring the computing capability value of the adjacent node according to the computing capability proving message, and computing the credible product of the adjacent node according to the computing capability value and the adding duration; and/or, obtaining the guarantee product components of the adjacent nodes according to the identity guarantee message, and calculating the sum of the guarantee products of the adjacent nodes based on the guarantee product components;
and judging whether the adjacent node is credible or not based on a preset credible component threshold value and at least one of the calculation capacity value, the adding duration, the credible product and the sum of the guarantee products.
3. The method according to claim 2, wherein the obtaining the computing power of the neighboring node according to the computing power certification message and calculating the trusted product of the neighboring node according to the computing power and the joining duration includes:
acquiring the computing capability value of the adjacent node from the computing capability proving message of the adjacent node; the computing capacity proving message is a workload proving message issued when the adjacent node applies for joining the blockchain network, the computing capacity proving message comprises a blockchain identifier, a public key and computing capacity proving materials of the adjacent node, and the computing capacity proving materials are messages which are audited by an originator node of the blockchain network and are signed by a private key of the originator node;
determining the joining time length of the adjacent node according to the joining time length identification corresponding to the adjacent node;
and multiplying the order of magnitude corresponding to the calculation capability value by the adding duration to obtain the credible product of the adjacent node.
4. The method of claim 2, wherein obtaining the guaranteed product components of the neighboring nodes from the identity guaranty message and calculating the sum of the guaranteed products of the neighboring nodes based on the guaranteed product components comprises:
extracting said vouching product component from said identity vouching message of said neighboring node; the identity guarantee message is an identity guarantee certificate issued when the adjacent node applies for joining the blockchain network, the identity guarantee message comprises a blockchain identifier of the adjacent node, a public key and a guarantee product component, the guarantee product component is obtained based on joining duration, computing capacity and number of guaranteed nodes of the guaranteed nodes, and the guarantee product component is a message signed by a corresponding private key of the guaranteed node;
and adding the guarantee product components to obtain the sum of the guarantee products of the adjacent nodes.
5. The method according to claim 2, wherein the preset trusted component threshold includes a computing power component threshold, a join duration component threshold, and a trusted product component threshold;
the determining whether the neighboring node is trusted based on a preset trusted component threshold and at least one of comparing the calculation capability value, the joining duration, the trusted product, and the sum of the guaranty products includes:
comparing the computing power value to the computing power component threshold;
comparing the joining duration with the joining duration component threshold;
comparing the trusted product to the trusted product component threshold;
and when the computing capability value is greater than the computing capability component threshold, the adding duration is greater than the adding duration component threshold, and the credible product is greater than the credible product component threshold, judging that the adjacent node is credible.
6. The method of claim 2, wherein the predetermined trusted component threshold comprises a sum of guaranteed products component threshold;
the determining whether the neighboring node is trusted based on a preset trusted component threshold and at least one of comparing the calculation capability value, the joining duration, the trusted product, and the sum of the guaranty products includes:
comparing said guaranteed product sum to said guaranteed product sum component threshold;
and when the sum of the guarantee products is larger than the sum of the guarantee products component threshold value, judging that the adjacent node is credible.
7. The method of claim 2, wherein before obtaining the guaranteed product components of the neighboring nodes from the identity guaranty message and calculating the sum of the guaranteed products of the neighboring nodes based on the guaranteed product components, the method further comprises:
verifying the identity vouching message.
8. The method of claim 7, wherein the verifying the identity assurance message comprises:
performing signature verification on the identity guarantee message;
extracting the vouching product component from the identity vouching message when the identity vouching message passes signature verification; wherein the guaranteed product component comprises one or more;
performing signature verification on the vouched product component;
and when all the guarantee product components pass the signature verification, determining that the identity guarantee message passes the verification.
9. The method of claim 1, further comprising:
receiving a guarantee product acquisition request sent by a node applying for joining;
judging whether the current node has a remaining guarantee product according to the adding duration of the current node, the calculation capacity value and the guaranteed product;
when the current node has the remaining guarantee product, calculating the guarantee product component according to the adding duration, the calculating capacity value and the number of guaranteed nodes;
providing said guaranteed product component to said application joining node.
10. An attack prevention apparatus, comprising:
a receiving module, configured to receive a computing capability proving message and/or an identity guaranty message broadcast by a neighboring node in a blockchain network; receiving the routing information recommended by the adjacent node;
a judging module, configured to judge whether the neighboring node is trusted according to a joining duration of the neighboring node joining the blockchain network and the computing capability proving message and/or according to the identity guaranty message;
and the modification module is used for modifying the routing table of the current node according to the routing information when the adjacent node is credible.
CN202010402325.8A 2020-05-13 2020-05-13 Attack prevention method and device Active CN111600871B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010402325.8A CN111600871B (en) 2020-05-13 2020-05-13 Attack prevention method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010402325.8A CN111600871B (en) 2020-05-13 2020-05-13 Attack prevention method and device

Publications (2)

Publication Number Publication Date
CN111600871A true CN111600871A (en) 2020-08-28
CN111600871B CN111600871B (en) 2022-08-02

Family

ID=72183700

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010402325.8A Active CN111600871B (en) 2020-05-13 2020-05-13 Attack prevention method and device

Country Status (1)

Country Link
CN (1) CN111600871B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113255014A (en) * 2021-07-07 2021-08-13 腾讯科技(深圳)有限公司 Data processing method based on block chain and related equipment
WO2023092951A1 (en) * 2021-11-29 2023-06-01 华为技术有限公司 Remote attestation application method, apparatus, device, and system, and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108848184A (en) * 2018-06-29 2018-11-20 北京金山安全软件有限公司 Block link point synchronization method and device based on trust mechanism
CN108965259A (en) * 2018-06-21 2018-12-07 佛山科学技术学院 A kind of discovery of block chain malicious node and partition method and device
CN109639837A (en) * 2019-01-31 2019-04-16 东南大学 Block chain DPoS common recognition method based on faith mechanism
CN110191116A (en) * 2019-05-24 2019-08-30 北京清红微谷技术开发有限责任公司 Malicious node partition method and system calculate power verifying terminal and P2P network
US20190394027A1 (en) * 2017-02-08 2019-12-26 Siemens Aktiengesellschaft Method and computer for cryptographically protecting control communication in and/or service access to it systems, in particular in connection with the diagnosis and configuration in an automation, control or supervisory system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190394027A1 (en) * 2017-02-08 2019-12-26 Siemens Aktiengesellschaft Method and computer for cryptographically protecting control communication in and/or service access to it systems, in particular in connection with the diagnosis and configuration in an automation, control or supervisory system
CN108965259A (en) * 2018-06-21 2018-12-07 佛山科学技术学院 A kind of discovery of block chain malicious node and partition method and device
CN108848184A (en) * 2018-06-29 2018-11-20 北京金山安全软件有限公司 Block link point synchronization method and device based on trust mechanism
CN109639837A (en) * 2019-01-31 2019-04-16 东南大学 Block chain DPoS common recognition method based on faith mechanism
CN110191116A (en) * 2019-05-24 2019-08-30 北京清红微谷技术开发有限责任公司 Malicious node partition method and system calculate power verifying terminal and P2P network

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113255014A (en) * 2021-07-07 2021-08-13 腾讯科技(深圳)有限公司 Data processing method based on block chain and related equipment
WO2023092951A1 (en) * 2021-11-29 2023-06-01 华为技术有限公司 Remote attestation application method, apparatus, device, and system, and storage medium

Also Published As

Publication number Publication date
CN111600871B (en) 2022-08-02

Similar Documents

Publication Publication Date Title
CN107612895B (en) Internet anti-attack method and authentication server
US9807092B1 (en) Systems and methods for classification of internet devices as hostile or benign
CN105897782B (en) A kind of processing method and processing device of the call request for interface
US9705895B1 (en) System and methods for classifying internet devices as hostile or benign
Kolokotronis et al. On blockchain architectures for trust-based collaborative intrusion detection
Shawahna et al. EDoS-ADS: An enhanced mitigation technique against economic denial of sustainability (EDoS) attacks
Li et al. ATM: An active-detection trust mechanism for VANETs based on blockchain
Chen et al. Batch identification game model for invalid signatures in wireless mobile networks
CN111600871B (en) Attack prevention method and device
CN111541696B (en) Rapid source and path verification method for random authentication embedding
CN108605264B (en) Method and apparatus for network management
CN114139203B (en) Block chain-based heterogeneous identity alliance risk assessment system and method and terminal
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
Yao et al. A trust management framework for software‐defined network applications
CN112887105B (en) Conference security monitoring method and device, electronic equipment and storage medium
CN106209907B (en) Method and device for detecting malicious attack
Nickolova et al. Threat model for user security in e-learning systems
Nappa et al. Take a deep breath: a stealthy, resilient and cost-effective botnet using skype
CN115242546A (en) Industrial control system access control method based on zero trust architecture
CN112600672A (en) Inter-domain credibility consensus method and device based on real identity
US20170324769A1 (en) Simulating unauthorized use of a cellular communication network
KR102020986B1 (en) Trust network system based block-chain
Wibowo et al. Collaborative whitelist packet filtering driven by smart contract forum
CN111953671B (en) Dynamic honey net data processing method and system based on block chain
CN109905408A (en) Network safety protection method, system, readable storage medium storing program for executing and terminal device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant