CN112016922A

CN112016922A - Information security protection method and equipment applied to block chain financial fusion and online payment

Info

Publication number: CN112016922A
Application number: CN202010852731.4A
Authority: CN
Inventors: 王红建
Original assignee: Individual
Current assignee: Individual
Priority date: 2020-08-22
Filing date: 2020-08-22
Publication date: 2020-12-01
Also published as: CN112766960A; CN112766961A

Abstract

The specification discloses an information security protection method and equipment applied to block chain financial fusion and online payment. When the method is applied, first service behavior information of a first block chain node in a set time period is obtained, second service behavior information of the first block chain node in a service processing time period corresponding to a second block chain node is obtained, then the first block chain node is intercepted when the first block chain node is detected to have information safety risk according to the first service behavior information and the second service behavior information, the information risk safety level of the second block chain node is determined according to a detection result and a first service authorization record of the second block chain node in the set time period and a second service authorization record of the second block chain node in the service processing time period, and finally the second block chain node is correspondingly processed according to the information risk safety level. Therefore, the first blockchain node can be accurately intercepted, and the normal operation of the second blockchain node is ensured.

Description

Information security protection method and equipment applied to block chain financial fusion and online payment

Technical Field

The application relates to the technical field of block chain finance, in particular to an information security protection method and equipment applied to block chain financial fusion and online payment.

Background

With the rapid development of the blockchain technology, the research and development of the blockchain in the financial field are more and more mature. At present, a plurality of business products are established based on the block chain technology, new power is added for economic development of service entities, and good effect is achieved. For example, the blockchain technology can be applied to the business fields of fund management, supply chain finance, trade finance, credible traceability and the like.

However, the weak centralization of the blockchain technology does not mean forced decentralization in business, and in the network financial and online payment business environment with multi-party participation, a uniform network environment check needs to be performed on a plurality of blockchain nodes to ensure the information security of the blockchain nodes. In the prior art, when network environment verification is performed on block chain link points, a phenomenon of intercepting a block chain link point group in a large area exists, which can cause some block chain nodes in a secure network environment to be incapable of operating normally.

Disclosure of Invention

The specification provides an information security protection method and equipment applied to block chain financial fusion and online payment, so as to solve or partially solve the technical problems in the background art.

An information security protection method applied to blockchain financial fusion and online payment, the method comprising:

acquiring first service behavior information of a first blockchain node in a blockchain network within a set time period;

obtaining second service behavior information of the first blockchain node in a service processing time period corresponding to a second blockchain node in the blockchain network; the second blockchain node is a node in the blockchain network, which communicates with the first blockchain node, and the service processing period is used for representing that a service authorization interface of the second blockchain node is in an open state;

according to the first service behavior information and the second service behavior information, carrying out information security risk detection on the first block link point to obtain a detection result; intercepting the first block chain node when the detection result represents that the first block chain node has information security risk;

and determining the information risk safety level of the second block chain node based on the detection result and a first service authorization record of the second block chain node in the set time period and a second service authorization record of the second block chain node in the service processing time period, and correspondingly processing the second block chain node according to the information risk safety level.

Optionally, the correspondingly processing the second block link point according to the information risk security level includes:

determining a risk index interval where the information risk safety grade is located;

if the risk index interval is a first risk index interval, sending an information safety prompt for prompting that the first block link point has an information safety risk to the second block link point;

if the risk index interval is a second risk index interval, intercepting the set business behavior of the second block link node; the set service behavior comprises a user information transceiving behavior, a check code verification behavior and an authority opening behavior;

and if the risk index interval is a third risk index interval, intercepting all business behaviors of the second block link node.

Optionally, intercepting the set service behavior of the second blockchain node includes:

reading a service execution request uploaded by the second block link point during uplink from a preset database, and acquiring behavior parameters of a plurality of service behaviors to be identified corresponding to the second block link point according to the service execution request;

calculating the information interception coefficient of each service behavior to be identified according to the behavior parameters; sequencing each business behavior to be identified according to the sequence of the information interception coefficient from large to small, and selecting a set number of business behaviors to be identified which are sequenced at the front as set business behaviors: the set number of business behaviors to be identified which are ranked in the front include a user information transceiving behavior, a check code verification behavior and an authority opening behavior;

and intercepting the set business behavior.

Optionally, intercepting the set service behavior specifically includes:

acquiring service configuration information of each set service behavior;

extracting service associated thread data from the service configuration information, and outputting an extraction result comprising a service behavior identifier and a service state corresponding to the service behavior identifier;

judging based on the extraction result, and performing information splitting on the service configuration information meeting the condition of influencing the service state corresponding to the service behavior identifier to obtain a split information set obtained by splitting; the service state is a service state corresponding to other service behaviors of the second block link node;

and changing a mapping path identifier in the target information of the mapping control thread of the service state corresponding to the service behavior identifier in the split information set so that the service configuration information does not influence the service state corresponding to the service behavior identifier, and intercepting the set service behavior after the mapping path identifier is changed.

Optionally, sending an information security prompt to the second block link point, where the information security prompt is used to prompt that the first block link point has an information security risk, where the information security prompt includes:

acquiring a first service interaction record between the first block link point and the second block link point from the first block link node, and acquiring a second service interaction record between the first block link point and the second block link point from the second block link node;

comparing the interaction information in the first service interaction record and the interaction information in the second service interaction record at the same time interval according to the time sequence to obtain a comparison result; judging whether the first service interaction record is matched with the second service interaction record in time sequence according to the comparison result;

if the first service interaction record is matched with the second service interaction record in time sequence, extracting service configuration data of the first block chain node from the first service interaction record, determining an information safety risk report of the first block chain node according to the service configuration data, calibrating a node identifier of the corresponding block chain node in the information safety risk report to obtain a target report, packaging the target report, adding field information for outputting by the second block chain link point to obtain the information safety prompt, and sending the information safety prompt to the second block chain link point;

if the first service interaction record is not matched with the second service interaction record in time sequence, extracting an interaction information list which is not matched with the second service interaction record from the first service interaction record, and determining the current list data and the historical list data of the interaction information list; mapping an information security check result corresponding to any group of first interactive data in the current list data to an image file of an information security check thread corresponding to second interactive data with the maximum interactive activity in the historical list data, so as to obtain a mirror image check result corresponding to the information security check result in the image file; determining a target business behavior of the first block chain with an updating behavior relative to the second block chain link point based on the information security check result and the mirror image check result, generating a business interaction track graph with an information security risk of the first block chain link point according to the target business behavior, marking a corresponding region of the second block chain node in the business interaction track graph to obtain a target track graph, carrying out image coding on the target track graph, adding field information for the second block chain link point to output so as to obtain the information security prompt, and sending the information security prompt to the second block chain link point.

Optionally, determining an information risk security level of the second block link node based on the detection result and a first service authorization record of the second block link node in the set time period and a second service authorization record of the second block link node in the service processing time period, respectively, includes:

determining a result generation time corresponding to the detection result;

extracting a plurality of first permission behavior information corresponding to the first service authorization record and a plurality of second permission behavior information corresponding to the second service authorization record, and determining a set number of target permission behavior information from the plurality of first permission behavior information and the plurality of second permission behavior information according to the result generation time; the authority behaviors corresponding to the target authority behavior information have behaviors of capturing the privacy information of the second block chain node;

determining a calling function of each behavior node of the target authority behavior information, and determining the number of behavior nodes of which the real-time reliability is less than or equal to the preset reliability according to the calling function of each behavior node; calculating the proportion of the number of the behavior nodes to the total number of the behavior nodes of the target authority behavior information to obtain a privacy information leakage coefficient of the target authority behavior information; and determining the information risk safety level of the second block chain node according to the privacy information leakage coefficient.

Optionally, according to the first service behavior information and the second service behavior information, performing information security risk detection on the first block link point to obtain a detection result, including:

determining a service behavior synchronization result between the first service behavior information and the second service behavior information;

drawing a time sequence curve chart of the synchronization result;

and determining the detection result according to the service influence factor between two adjacent service behavior intervals in the time sequence curve graph.

Optionally, intercepting the first block link node when the detection result indicates that there is an information security risk in the first block link node, including:

generating a script file for identifying a service label corresponding to the first block link point according to a service message transceiving protocol corresponding to the first block link point;

sending the script file to other block chain nodes except the first block chain link point in the block chain network; and after receiving the script file, other blockchain nodes generate a firewall for intercepting the service message corresponding to the first blockchain node based on the script file.

A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.

An information security device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method when executing the program.

Through one or more technical schemes of this description, this description has following beneficial effect or advantage:

the method comprises the steps of firstly obtaining first service behavior information of a first block chain node in a set time period, secondly obtaining second service behavior information of the first block chain node in a service processing time period corresponding to a second block chain node, then intercepting the first block chain node when detecting that the first block chain node has information security risk according to the first service behavior information and the second service behavior information, determining the information risk security level of the second block chain node based on a detection result and a first service authorization record of the second block chain node in the set time period and a second service authorization record of the second block chain node in the service processing time period, and finally correspondingly processing the second block chain node according to the information risk security level.

Therefore, after the first block chain node is intercepted, the different second block chain link points can be correspondingly processed according to different information safety risk levels, so that excessive intercepting behaviors are avoided, accurate service interception is carried out on the first block chain link points with the information safety risks, and normal operation of the second block chain node which is in a safe network environment and does not have the information safety risks is ensured.

The above description is only an outline of the technical solution of the present specification, and the embodiments of the present specification are described below in order to make the technical means of the present specification more clearly understood, and the present specification and other objects, features, and advantages of the present specification can be more clearly understood.

Drawings

Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the specification. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:

FIG. 1 shows a schematic diagram of an information security system applied to blockchain financial and online payments, according to one embodiment of the present description;

FIG. 2 illustrates a flow diagram of a method of information security protection applied to blockchain financing and online payment in accordance with one embodiment of the present description;

FIG. 3 illustrates a block diagram of an information security guard applied to blockchain financing and online payment in accordance with one embodiment of the present description.

Figure 4 illustrates a schematic view of a safety shield apparatus in accordance with one embodiment of the present disclosure.

Detailed Description

Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

The inventor finds that, when the existing network environment verification technology is used for verifying the network environment of the block link point, if the current block link point is detected to have an information security risk, the current block link node and other block link nodes which are in communication with the current block link point are intercepted.

However, the prior art is based on the communication log of the current blockchain node when intercepting other blockchain nodes. Therefore, other block chain nodes which communicate with the current block chain node earlier can be intercepted, but other block chain nodes which communicate with the current block chain node earlier do not have information security risk, so that excessive intercepting behavior can be caused, and some block chain nodes which are in a safe network environment and do not have information security risk can not normally operate.

In order to solve the above problem, embodiments of the present invention provide an information security protection method and an information security protection device applied to block chain financing and online payment, which are capable of determining different information security risk levels of other block chain nodes based on information security risk categories when it is detected that there is an information security risk in a block chain node, so as to perform corresponding processing on different other block chain link points according to the different information security risk levels. Therefore, the method can avoid excessive interception behaviors to carry out accurate service interception on the block chain link points with the information safety risk, and ensure the normal operation of the block chain link points without the information safety risk under a safe network environment.

To achieve the above objective, referring first to fig. 1, a communication architecture of an information security protection system 100 applied to blockchain financial and online payment is provided, where the information security protection system 100 may include an information security protection device 200 and a plurality of blockchain nodes 400, which are in communication with each other. The information security protection device 200 may be a cloud server or a cloud computing center, and the block link node 400 may be an intelligent terminal or an intelligent device, which is not limited herein.

On the basis of the above, please refer to fig. 2, which provides a flowchart of an information security method applied to blockchain financial and online payment, where the method may be applied to the information security device 200 in fig. 1, and may specifically include the contents described in steps S210 to S240 below.

Step S210, obtaining first service behavior information of a first blockchain node in the blockchain network within a set time period.

Specifically, the set time interval is adjusted according to the number of the blockchain nodes in the blockchain network, and the service behavior information includes identity verification information, payment behavior information, collection behavior information, flow direction information of capital data and the like of the first blockchain node.

Step S220, second service behavior information of the first block chain node in a service processing time period corresponding to a second block chain node in the block chain network is obtained; the second blockchain node is a node in the blockchain network, which communicates with the first blockchain node, and the service processing period is used for representing that a service authorization interface of the second blockchain node is in an open state.

Step S230, performing information security risk detection on the first block link point according to the first service behavior information and the second service behavior information to obtain a detection result; and intercepting the first block chain node when the detection result represents that the first block chain node has information security risk.

Step S240, determining an information risk security level of the second block link node based on the detection result and the first service authorization record of the second block link node in the set time period and the second service authorization record of the second block link node in the service processing time period, and performing corresponding processing on the second block link node according to the information risk security level.

Specifically, the service authorization record includes record information of the second block link point performing service request processing through the service authorization interface.

In practical application, by executing the steps S210 to S240, first service behavior information of the first block chain node in a set time period is obtained, second service behavior information of the first block chain node in a service processing time period corresponding to the second block chain node is obtained, then the first block chain node is intercepted when it is detected that the first block chain node has an information security risk according to the first service behavior information and the second service behavior information, an information risk security level of the second block chain node is determined based on a detection result and a first service authorization record of the second block chain node in the set time period and a second service authorization record of the second block chain node in the service processing time period, and finally the second block chain node is correspondingly processed according to the information risk security level.

In a specific implementation, the corresponding processing on the second block link point according to the information risk security level described in step S240 may specifically include the contents described in the following steps a to d.

Step a, determining a risk index interval where the information risk safety grade is located.

And b, if the risk index interval is a first risk index interval, sending an information safety prompt for prompting that the first block link point has an information safety risk to the second block link point.

Step c, if the risk index interval is a second risk index interval, intercepting the set business behavior of the second block link node; the set service behavior comprises a user information transceiving behavior, a check code verification behavior and an authority opening behavior.

And d, if the risk index interval is a third risk index interval, intercepting all business behaviors of the second block link node.

It can be understood that through the content described in the above steps a to d, different processing can be performed on the second block link point according to different risk index intervals in which the information risk security level is located, so that not only can the information security risk generated by the second block link point in the later period be prevented, but also the business behavior of the second block link point can be partially or completely intercepted according to the risk index intervals, and thus the normal operation of the second block link node can be maximally ensured.

In practical application, in order to ensure that the second blockchain node is protected from information security intrusion during normal operation, an information security prompt with complete and traceability needs to be sent to the second blockchain node, and for this purpose, the information security prompt for prompting that the first blockchain node has an information security risk is sent to the second blockchain node in the step b, which may specifically include the contents described in the following step b 1-step b4.

Step b1, obtaining a first business interaction record between the first block link point and the second block link point from the first block link node, and obtaining a second business interaction record between the first block link point and the second block link point from the second block link node.

Step b2, comparing the interaction information in the first service interaction record and the interaction information in the second service interaction record at the same time interval according to the time sequence order, and obtaining a comparison result; and judging whether the first service interaction record is matched with the second service interaction record in time sequence according to the comparison result.

Step b3, if the first service interaction record is matched with the second service interaction record in time sequence, extracting service configuration data of the first block chain node from the first service interaction record, determining an information security risk report of the first block chain node according to the service configuration data, calibrating a node identifier of the corresponding block chain node in the information security risk report to obtain a target report, packaging the target report, adding field information for outputting by the second block chain link point to obtain the information security prompt, and sending the information security prompt to the second block chain link point.

b4, if the first service interaction record and the second service interaction record are not matched in time sequence, extracting an interaction information list which is not matched with the second service interaction record from the first service interaction record, and determining current list data and historical list data of the interaction information list; mapping an information security check result corresponding to any group of first interactive data in the current list data to an image file of an information security check thread corresponding to second interactive data with the maximum interactive activity in the historical list data, so as to obtain a mirror image check result corresponding to the information security check result in the image file; determining a target business behavior of the first block chain with an updating behavior relative to the second block chain link point based on the information security check result and the mirror image check result, generating a business interaction track graph with an information security risk of the first block chain link point according to the target business behavior, marking a corresponding region of the second block chain node in the business interaction track graph to obtain a target track graph, carrying out image coding on the target track graph, adding field information for the second block chain link point to output so as to obtain the information security prompt, and sending the information security prompt to the second block chain link point.

When the content described in the above step b 1-step b4 is implemented, a complete and traceable information security prompt can be sent to the second block link point, so that it can be ensured that the second block link point deploys a firewall or a security verification mechanism in advance according to the information security prompt, and further it is ensured that the second block link node is prevented from information security intrusion in the normal operation process.

The inventor finds in research that, in order to reduce the operational impact on the second blockchain node as much as possible and ensure the information security of the second blockchain node, the setting traffic behavior of the second blockchain node intercepted in step c may further include the following descriptions of step c 1-step c 3.

Step c1, reading the service execution request uploaded by the second block link point during uplink from a preset database, and acquiring the behavior parameters of the plurality of service behaviors to be identified corresponding to the second block link point according to the service execution request.

Step c2, calculating the information interception coefficient of each service behavior to be identified according to the behavior parameters; sequencing each business behavior to be identified according to the sequence of the information interception coefficient from large to small, and selecting a set number of business behaviors to be identified which are sequenced at the front as set business behaviors: the set number of business behaviors to be identified which are ranked in the front include a user information transceiving behavior, a check code verification behavior and an authority opening behavior.

And c3, intercepting the set business behavior.

By applying the above steps c1 to c3, the operational influence on the second blockchain node can be minimized and the information security of the second blockchain node can be ensured.

In a specific implementation process, in order to ensure that the set traffic behavior of the second blockchain node is intercepted without causing interference to other traffic behaviors of the second blockchain, the intercepting of the set traffic behavior described in step c3 may further include the following steps c 31-c 34.

And step c31, acquiring the service configuration information of each set service behavior.

Step c32, extracting the service associated thread data from the service configuration information, and outputting the extraction result including the service behavior identifier and the service state corresponding to the service behavior identifier.

Step c33, based on the extraction result, judging, splitting information of the service configuration information meeting the condition of influencing the service state corresponding to the service behavior identifier, and obtaining a split information set obtained by splitting; and the service state is a service state corresponding to other service behaviors of the second block chain node.

Step c34, the mapping path identifier in the target information of the mapping control thread of the service state corresponding to the service behavior identifier in the split information set is changed, so that the service configuration information does not affect the service state corresponding to the service behavior identifier, and the set service behavior is intercepted after the mapping path identifier is changed.

In this way, based on the descriptions of step c31 to step c34, the operational influence on the second block link point can be reduced as much as possible.

In practical applications, in order to accurately determine the information risk security level of the second blockchain node, the influence of the authorization authority of the first service authorization record and the second service authorization record on the degree of leakage of the privacy information of the second blockchain node needs to be considered, and to achieve this purpose, the information risk security level of the second blockchain node is determined based on the detection result and the first service authorization record of the second blockchain node in the set time period and the second service authorization record of the second blockchain node in the service processing time period, which are described in step S240, which may be exemplarily implemented by the following steps S241 to S243.

And step S241, determining the result generation time corresponding to the detection result.

Step S242, extracting a plurality of first permission behavior information corresponding to the first service authorization record and a plurality of second permission behavior information corresponding to the second service authorization record, and determining a set number of target permission behavior information from the plurality of first permission behavior information and the plurality of second permission behavior information according to the result generation time; and capturing the privacy information of the second block chain node in the authority behaviors corresponding to the target authority behavior information.

Step S243, determining a calling function of each behavior node of the target authority behavior information, and determining the number of behavior nodes of which the real-time reliability is less than or equal to the preset reliability according to the calling function of each behavior node; calculating the proportion of the number of the behavior nodes to the total number of the behavior nodes of the target authority behavior information to obtain a privacy information leakage coefficient of the target authority behavior information; and determining the information risk safety level of the second block chain node according to the privacy information leakage coefficient.

In this way, by applying the steps S241 to S243, the influence of the authorization authority of the first service authorization record and the authorization authority of the second service authorization record on the leakage degree of the privacy information of the second blockchain node can be considered, so that the information risk security level of the second blockchain node can be accurately determined.

In a specific embodiment, in order to ensure real-time performance and reliability of the detection result, the detecting step S230 may specifically include, according to the first business behavior information and the second business behavior information, performing information security risk detection on the first block link point to obtain the detection result, as described in the following steps: determining a service behavior synchronization result between the first service behavior information and the second service behavior information, drawing a time sequence graph of the synchronization result, and determining the detection result according to a service influence factor between two adjacent service behavior intervals in the time sequence graph. In this way, the detection result can be reliably determined in real time based on the time-series graph.

In detail, the determining of the service behavior synchronization result between the first service behavior information and the second service behavior information specifically includes the contents described in the following steps (11) to (14).

(11) And acquiring the node centrality of the first block chain node, the business behavior data of the first business behavior information and the business behavior data of the second business behavior information.

(12) And under the condition that the node centrality determines that the link point of the first block contains a dynamic behavior tag, determining the behavior data synchronization rate between each service behavior data of the second service behavior information under the dynamic behavior tag and each service behavior data of the first service behavior information under the dynamic behavior tag according to the service behavior data of the first service behavior information under the dynamic behavior tag and the behavior data risk coefficient of the first service behavior information.

(13) And adjusting the service behavior data of the first service behavior information under the dynamic behavior label and the service behavior data of the second service behavior information under the dynamic behavior label into the second service behavior information.

(14) Determining a first service behavior transmission track of each service behavior data of the first service behavior information and a second service behavior transmission track of each service behavior data of the second service behavior information, and determining a service behavior synchronization result between the first service behavior information and the second service behavior information according to a track parameter corresponding to a track intersection point of the first service behavior transmission track and the second service behavior transmission track in the same time period.

In detail, the determining of the detection result according to the traffic impact factor between two adjacent traffic behavior intervals in the timing graph may specifically include the contents described in the following steps (21) to (23).

(21) And determining the directional path distribution of a plurality of risk directional information to be screened for determining the detection result and the synchronization rate between different risk directional information according to the direct influence weight and the indirect influence weight of the service influence factor between two adjacent service behavior intervals in the time sequence graph.

(22) And screening the plurality of risk pointing information based on the determined pointing path distribution of the plurality of risk pointing information and the synchronization rate between different risk pointing information, so that the path concentration degree of the pointing path distribution of the screened risk pointing information is greater than a first set value, and the synchronization rate between the screened risk pointing information is less than a second set value.

(23) Integrating the screened risk pointing information to obtain risk detection information used for indicating the updating behavior of the information crawling log of the first block chain node, and determining the detection result according to the risk detection information.

In a specific embodiment, intercepting the first blockchain node when the detection result indicates that there is an information security risk in the first blockchain node may specifically include the following steps: generating a script file for identifying a service label corresponding to the first block link point according to a service message transceiving protocol corresponding to the first block link point, and issuing the script file to other block link nodes except the first block link point in the block link network; and after receiving the script file, other blockchain nodes generate a firewall for intercepting the service message corresponding to the first blockchain node based on the script file. In this way, communication interception of the first blockchain node can be achieved by "isolating" the first blockchain node.

Alternatively, the obtaining of the first traffic behavior information of the first blockchain node in the blockchain network within the set time period as described in step S210 may be exemplarily implemented by the following steps S211 to S213.

Step S211, determining a first log text corresponding to the set time period from the running log of the first block chain node.

Step S212, extracting a first text feature in the first log text.

Step S213, integrating the first target fields with the service signatures in the first text feature according to the sequence in the set time period to obtain the first service behavior information.

Optionally, the obtaining of the second service behavior information of the first blockchain node in the service processing period corresponding to the second blockchain node in the blockchain network, which is described in step S220, may be exemplarily implemented by the following steps S221 to S223.

Step S221, determining a second log text corresponding to the service processing time period from the running log of the first block chain node.

Step S212, extracting a second text feature in the second log text.

Step S213, integrating the second target fields with the service signatures in the second text feature according to the sequence in the service processing time period to obtain the second service behavior information.

Fig. 3 also shows a functional block diagram of the information security device 300 applied to the block chain financial and online payment based on the same inventive concept as the previous embodiment, and the detailed description about the information security device 300 is as follows.

A1. An information security guard 300 for use in blockchain financial and online payments, the apparatus comprising:

a first obtaining module 310, configured to obtain first service behavior information of a first blockchain node in a blockchain network within a set time period; the method specifically comprises the following steps: determining a first log text corresponding to the set time interval from the running log of the first block chain node, extracting a first text feature in the first log text, and integrating first target fields with service signatures in the first text feature according to the sequence in the set time interval to obtain the first service behavior information;

a second obtaining module 320, configured to obtain second service behavior information of the first blockchain node in a service processing time period corresponding to a second blockchain node in the blockchain network; the second blockchain node is a node in the blockchain network, which communicates with the first blockchain node, and the service processing period is used for representing that a service authorization interface of the second blockchain node is in an open state;

the node intercepting module 330 is configured to perform information security risk detection on the first block link point according to the first service behavior information and the second service behavior information to obtain a detection result; intercepting the first block chain node when the detection result represents that the first block chain node has information security risk;

a hierarchical processing module 340, configured to determine an information risk security level of the second block link node based on the detection result and a first service authorization record of the second block link point in the set time period and a second service authorization record of the second block link point in the service processing time period, and perform corresponding processing on the second block link point according to the information risk security level.

A2. The apparatus of a1, the hierarchical processing module 340 configured to:

A3. The apparatus of a2, the hierarchical processing module 340 configured to:

and intercepting the set business behavior.

A4. The apparatus of a3, the hierarchical processing module 340 configured to:

acquiring service configuration information of each set service behavior;

A5. The apparatus of a2, the hierarchical processing module 340 configured to:

A6. The apparatus of any of a1-a5, the hierarchical processing module 340 to:

determining a result generation time corresponding to the detection result;

A7. The apparatus of a1, the node interception module 330, to:

drawing a time sequence curve chart of the synchronization result;

A8. The apparatus of a1, the node interception module 330, to:

For a detailed description of the functional modules, please refer to the description of the method shown in fig. 2, which is not repeated herein.

Based on the same inventive concept as the previous embodiment, an information security protection system applied to block chain financial and online payment is also provided, which is described in detail as follows.

B1. An information safety protection system applied to block chain financial fusion and online payment comprises information safety protection equipment and a plurality of block chain nodes, wherein the information safety protection equipment is communicated with the plurality of block chain nodes, and the plurality of block chain nodes form a block chain network; wherein:

the information security device is at least to:

acquiring first service behavior information of a first blockchain node in a blockchain network within a set time period; the method specifically comprises the following steps: determining a first log text corresponding to the set time interval from the running log of the first block chain node, extracting a first text feature in the first log text, and integrating first target fields with service signatures in the first text feature according to the sequence in the set time interval to obtain the first service behavior information;

B2. According to the system of B1, the information security device is specifically configured to:

B3. According to the system of B2, the information security device is specifically configured to:

and intercepting the set business behavior.

B4. According to the system of B3, the information security device is specifically configured to:

acquiring service configuration information of each set service behavior;

B5. According to the system of B2, the information security device is specifically configured to:

B6. The system of any one of B1-B5, the information security device specifically configured to:

determining a result generation time corresponding to the detection result;

B7. According to the system of B1, the information security device is specifically configured to:

drawing a time sequence curve chart of the synchronization result;

B8. According to the system of B1, the information security device is specifically configured to:

Based on the same inventive concept as in the previous embodiments, the present specification further provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of any of the methods described above.

Based on the same inventive concept as in the previous embodiment, an embodiment of the present specification further provides an information security device 200, as shown in fig. 4, including a memory 204, a processor 202, and a computer program stored in the memory 204 and executable on the processor 202, wherein the processor 202 implements the steps of any one of the methods described above when executing the program.

Through one or more embodiments of the present description, the present description has the following advantages or advantages:

The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, this description is not intended for any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the present specification and that specific languages are described above to disclose the best modes of the specification.

In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the present description may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the specification, various features of the specification are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that is, the present specification as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this specification.

Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the description and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

The various component embodiments of this description may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components of a gateway, proxy server, system in accordance with embodiments of the present description. The present description may also be embodied as an apparatus or device program (e.g., computer program and computer program product) for performing a portion or all of the methods described herein. Such programs implementing the description may be stored on a computer-readable medium or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.

It should be noted that the above-mentioned embodiments illustrate rather than limit the specification, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The description may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

Claims

1. An information security protection method applied to block chain financial fusion and online payment, the method comprising:

2. The method of claim 1, wherein correspondingly processing the second block link point according to the information risk security level comprises:

3. The method of claim 2, wherein intercepting the set traffic behavior of the second blockchain node comprises:

and intercepting the set business behavior.

4. The method according to claim 3, wherein intercepting the set business behavior specifically comprises:

acquiring service configuration information of each set service behavior;

5. The method of claim 2, wherein sending an information security prompt to the second block link point for prompting the first block link point to present an information security risk comprises:

6. The method according to any one of claims 1 to 5, wherein determining the information risk security level of the second blockchain node based on the detection result and a first service authorization record of the second blockchain node in the set period and a second service authorization record of the second blockchain node in the service processing period respectively comprises:

determining a result generation time corresponding to the detection result;

7. The method according to any one of claims 1 to 6, wherein performing information security risk detection on the first block link point according to the first business behavior information and the second business behavior information to obtain a detection result comprises:

drawing a time sequence curve chart of the synchronization result;

8. The method of claim 1, wherein intercepting the first blockchain node when the detection result indicates that the first blockchain node is at information security risk comprises:

9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.

10. An information security device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the method of any of claims 1 to 8 are performed when the program is executed by the processor.