CN112134890A - Network security intelligent early warning system based on block chain technology - Google Patents

Network security intelligent early warning system based on block chain technology Download PDF

Info

Publication number
CN112134890A
CN112134890A CN202011013304.3A CN202011013304A CN112134890A CN 112134890 A CN112134890 A CN 112134890A CN 202011013304 A CN202011013304 A CN 202011013304A CN 112134890 A CN112134890 A CN 112134890A
Authority
CN
China
Prior art keywords
network
early warning
situation
network security
vulnerability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202011013304.3A
Other languages
Chinese (zh)
Inventor
郑骁宵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Hanhai Technology Co ltd
Original Assignee
Guangzhou Hanhai Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Hanhai Technology Co ltd filed Critical Guangzhou Hanhai Technology Co ltd
Priority to CN202011013304.3A priority Critical patent/CN112134890A/en
Publication of CN112134890A publication Critical patent/CN112134890A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a network security intelligent early warning system based on a block chain technology, which comprises a sensing module and a network security analysis early warning module, wherein the sensing module acquires basic network information from a network and transmits the basic network information to the network security analysis early warning module; the network security analysis early warning module comprises a block chain storage unit, a network security situation evaluation unit and an early warning unit; the block chain storage unit is used for storing a block chain, and the block chain comprises a plurality of storage nodes which are connected in a communication mode and used for storing the received network basic information; the network security situation evaluation unit quantitatively analyzes the threat, the vulnerability and the stability of the network based on the basic network information, and further realizes the analysis of the current network security situation; and the early warning unit gives an alarm based on the analysis result of the network security situation. The invention realizes the intelligent early warning of network security.

Description

Network security intelligent early warning system based on block chain technology
Technical Field
The invention relates to the technical field of information security, in particular to a network security intelligent early warning system based on a block chain technology.
Background
The problems of malignant viruses, network attacks, phishing mails, system bugs and the like are increasingly highlighted, and the network security situation is increasingly serious due to the defects of network design, software and hardware and the like. Therefore, there is a need to provide a network security intelligent early warning system.
Disclosure of Invention
Aiming at the problems, the invention provides a network security intelligent early warning system based on a block chain technology.
The purpose of the invention is realized by adopting the following technical scheme:
the system comprises a sensing module and a network security analysis early warning module, wherein the sensing module is used for acquiring network basic information from a network through a wireless sensor network and transmitting the network basic information to the network security analysis early warning module; the network security analysis early warning module comprises a block chain storage unit, a network security situation evaluation unit and an early warning unit; the block chain storage unit is used for storing a block chain, and the block chain comprises a plurality of storage nodes which are connected in a communication mode and used for storing the received network basic information; the network security situation evaluation unit quantitatively analyzes the threat, the vulnerability and the stability of the network based on the basic network information, and further realizes the analysis of the current network security situation; and the early warning unit gives an alarm based on the analysis result of the network security situation.
In an implementation manner, the sensing module includes a sink node, a cluster head and a plurality of sensor nodes, the sensor nodes are configured to collect network basic information and send the network basic information to corresponding cluster heads, and the sink node sinks the network basic information collected by the cluster heads and collected by the sensor nodes in the cluster, and sends the sunk network basic information to the network security situation evaluation unit.
In one implementation manner, the identifier of each storage node corresponds to the identifier of a cluster head, and the storage node stores the network basic information collected by the cluster head corresponding to the identifier of the storage node.
In one implementation, the network security situation assessment unit includes:
the threat situation evaluation subunit is used for determining a threat situation value of the network according to the alarm information generated by the network, and outputting the threat situation value to be 1 when the alarm number generated by the network in a set time period is greater than a set alarm number threshold value, otherwise outputting the threat situation value to be 0;
the vulnerability situation evaluation subunit is used for associating the network vulnerability information with a general vulnerability scoring system to obtain a vulnerability situation value of the network, and when the number of vulnerabilities in the network is greater than a set vulnerability number threshold value or the sum of the scoring values of all vulnerabilities in the general vulnerability scoring system exceeds a set score upper limit, outputting the vulnerability situation value of the network as 1, otherwise, outputting the vulnerability situation value of the network as 0;
and the stability situation evaluation subunit is used for acquiring a stability situation value of the network based on the network traffic information, outputting the stability situation value to be 1 when the network traffic of a set time period is greater than a set traffic upper limit, and otherwise outputting the stability situation value to be 0.
In an implementation manner, the early warning unit gives an alarm when the threat situation value is 1, the vulnerability situation value of the network is 1, or the stability situation value is 1.
The invention has the beneficial effects that: the method realizes effective acquisition of network basic information, realizes effective storage of the network basic information based on a block chain technology, and realizes network safety assessment and early warning by arranging a network safety analysis early warning module.
Drawings
The invention is further illustrated by means of the attached drawings, but the embodiments in the drawings do not constitute any limitation to the invention, and for a person skilled in the art, other drawings can be obtained on the basis of the following drawings without inventive effort.
Fig. 1 is a block diagram illustrating a connection structure of a network security intelligent warning system based on a block chain technology according to an exemplary embodiment of the present invention;
fig. 2 is a block diagram illustrating a structural connection of a network security analysis early warning module according to an exemplary embodiment of the present invention.
Reference numerals:
the system comprises a sensing module 1, a network security analysis early warning module 2, a block chain storage unit 10, a network security situation evaluation unit 20 and an early warning unit 30.
Detailed Description
The invention is further described with reference to the following examples.
Referring to fig. 1 and fig. 2, the embodiment provides a network security intelligent early warning system based on a block chain technology, including a sensing module 1 and a network security analysis early warning module 2, where the sensing module 1 is configured to acquire network basic information from a network through a wireless sensor network and transmit the network basic information to the network security analysis early warning module 2, and the network basic information includes alarm information generated by the network, network vulnerability information, and network traffic information used for describing network stability; the network security analysis early warning module 2 comprises a block chain storage unit 10, a network security situation evaluation unit 20 and an early warning unit 30; the blockchain storage unit 10 is used for storing a blockchain, wherein the blockchain comprises a plurality of storage nodes which are connected in a communication mode and used for storing the received network basic information; the network security situation evaluation unit 20 quantitatively analyzes the threat, vulnerability and stability of the network based on the network basic information, and further realizes the analysis of the current network security situation; the early warning unit 30 gives an alarm based on the analysis result of the network security situation.
In an implementation manner, the sensing module 1 includes a sink node, a cluster head, and a plurality of sensor nodes, where the sensor nodes are configured to collect network basic information and send the network basic information to corresponding cluster heads, and the sink node sinks the network basic information collected by the cluster heads and collected by the sensor nodes in the cluster, and sends the sunk network basic information to the network security situation evaluation unit 20.
In one implementation manner, the identifier of each storage node corresponds to the identifier of a cluster head, and the storage node stores the network basic information collected by the cluster head corresponding to the identifier of the storage node.
In one implementation, the network security situation evaluation unit 20 includes:
the threat situation evaluation subunit is used for determining a threat situation value of the network according to the alarm information generated by the network, and outputting the threat situation value to be 1 when the alarm number generated by the network in a set time period is greater than a set alarm number threshold value, otherwise outputting the threat situation value to be 0;
the vulnerability situation evaluation subunit is used for associating the network vulnerability information with a general vulnerability scoring system to obtain a vulnerability situation value of the network, and when the number of vulnerabilities in the network is greater than a set vulnerability number threshold value or the sum of the scoring values of all vulnerabilities in the general vulnerability scoring system exceeds a set score upper limit, outputting the vulnerability situation value of the network as 1, otherwise, outputting the vulnerability situation value of the network as 0;
and the stability situation evaluation subunit is used for acquiring a stability situation value of the network based on the network traffic information, outputting the stability situation value to be 1 when the network traffic of a set time period is greater than a set traffic upper limit, and otherwise outputting the stability situation value to be 0.
In an implementation manner, the early warning unit 30 gives an alarm when the threat situation value is 1, the vulnerability situation value of the network is 1, or the stability situation value is 1.
The embodiment of the invention realizes the effective acquisition of the basic information of the network, realizes the effective storage of the basic information of the network based on the block chain technology, and realizes the safety assessment and early warning of the network by arranging the network safety analysis early warning module 2.
In an implementation manner, the selecting, by the cluster head, a mode of direct communication or indirect communication according to a distance to the sink node to communicate with the sink node specifically includes: when the distance from the cluster head to the sink node is smaller than a set distance threshold value, the cluster head selects a direct communication mode to communicate with the sink node; when the distance from the cluster head to the sink node is not less than a set distance threshold, the cluster head selects an indirect communication mode to communicate with the sink node; each cluster head has the same initial energy y0,y0Not equal to 0, the initial maximum communication distances of the cluster heads are all l (max), the distance threshold is broadcasted to each cluster head by the sink node, and the initial distance threshold is set as:
Figure BDA0002698219980000031
in the formula, LT0Is the initial distance threshold, yminIs presetMinimum energy value, u [ L (max)]The number of cluster heads whose distance from the sink node does not exceed l (max),
Figure BDA0002698219980000041
to be within a distance of the sink node
Figure BDA0002698219980000042
Number of cluster heads, LminAnd (sink) is the distance from the sensor node with the closest sink node distance to the sink node, and the sink represents the sink node.
In this embodiment, the cluster head selects a direct communication mode or an indirect communication mode to communicate with the aggregation node according to the distance to the aggregation node, so that the routing between the cluster head and the aggregation node is more flexible. The initial distance threshold is further set according to the initial energy, the adjustable initial maximum communication distance of the cluster heads and the actual deployment situation of the cluster heads, so that the initial distance threshold is set more scientifically, and the cluster heads which are in direct communication with the sink nodes can reliably send the basic network information to the sink nodes.
In one implementation, the sink node is configured to perform the above-mentioned operation according to a preset period Δ T0Periodically acquiring energy information of all cluster heads with distances smaller than a current distance threshold, wherein the energy information comprises current residual energy of the cluster heads, and the sink node calculates the average value y of the current residual energy of all cluster headsavgThe sink node counts the current residual energy lower than y according to the acquired energy informationavgNumber of cluster heads M1When is coming into contact with
Figure BDA0002698219980000043
When so, the sink node updates the current distance threshold, where M0The number of the cluster heads with the distance smaller than the current distance threshold value is obtained; the current distance threshold value updating formula is as follows:
Figure BDA0002698219980000044
in the formula, LT(r) is the distance threshold for the r-th update, LT(r-1) is the distance threshold of the r-1 th update, s represents that the current remaining energy is lower than yavgOf cluster heads, Lmin(s) is the distance from the s-th cluster head to the nearest cluster head in its communication range, Lmin+1(s) is a distance from the s-th cluster head to a cluster head next closest in its communication range, Lmax(s) is the distance from the s-th cluster head to the cluster head farthest in its communication range, Lmax-1(s) is the distance from the s-th cluster head to the next farthest cluster head within its communication range.
In this embodiment, the sink node performs the predetermined period Δ T0The method comprises the steps of periodically acquiring data of cluster heads with the distance smaller than a current distance threshold, updating the distance threshold when more cluster heads are in low energy, and enabling more cluster heads near a sink node to convert a communication mode into a direct communication mode, so that the pressure of the original cluster heads in direct communication with the sink node in the aspect of assisting other cluster heads to forward data is reduced, the phenomenon of energy holes is further avoided, the running stability of a wireless sensor network is improved, and the effective acquisition of basic network information is further guaranteed; the embodiment further provides an updating formula of the distance threshold value, which considers that the current residual energy is lower than yavgAnd selecting a proper distance value as an updating part of the distance threshold value according to the distance values of all cluster heads and all neighbor nodes of the cluster heads, so that the updated distance threshold value is more proper, and a certain number of cluster heads are ensured to be added into a cluster head set directly communicated with the sink node.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the protection scope of the present invention, although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions can be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (5)

1. A network security intelligent early warning system based on a block chain technology is characterized by comprising a sensing module and a network security analysis early warning module, wherein the sensing module is used for acquiring network basic information from a network through a wireless sensor network and transmitting the network basic information to the network security analysis early warning module, and the network basic information comprises alarm information generated by the network, network vulnerability information and network flow information used for describing network stability; the network security analysis early warning module comprises a block chain storage unit, a network security situation evaluation unit and an early warning unit; the block chain storage unit is used for storing a block chain, and the block chain comprises a plurality of storage nodes which are connected in a communication mode and used for storing the received network basic information; the network security situation evaluation unit quantitatively analyzes the threat, the vulnerability and the stability of the network based on the basic network information, and further realizes the analysis of the current network security situation; and the early warning unit gives an alarm based on the analysis result of the network security situation.
2. The system of claim 1, wherein the sensing module comprises a sink node, a cluster head and a plurality of sensor nodes, the sensor nodes are configured to collect and send network basic information to corresponding cluster heads, and the sink node sinks the network basic information collected by the cluster heads and collected by the sensor nodes in the cluster and sends the sunk network basic information to the network security situation evaluation unit.
3. The intelligent network security early warning system based on the blockchain technology as claimed in claim 2, wherein an identifier of each storage node corresponds to an identifier of a cluster head, and the storage nodes store basic network information collected by the cluster heads corresponding to the identifiers of the storage nodes.
4. The system according to any one of claims 1 to 3, wherein the network security situation assessment unit comprises:
the threat situation evaluation subunit is used for determining a threat situation value of the network according to the alarm information generated by the network, and outputting the threat situation value to be 1 when the alarm number generated by the network in a set time period is greater than a set alarm number threshold value, otherwise outputting the threat situation value to be 0;
the vulnerability situation evaluation subunit is used for associating the network vulnerability information with a general vulnerability scoring system to obtain a vulnerability situation value of the network, and when the number of vulnerabilities in the network is greater than a set vulnerability number threshold value or the sum of the scoring values of all vulnerabilities in the general vulnerability scoring system exceeds a set score upper limit, outputting the vulnerability situation value of the network as 1, otherwise, outputting the vulnerability situation value of the network as 0;
and the stability situation evaluation subunit is used for acquiring a stability situation value of the network based on the network traffic information, outputting the stability situation value to be 1 when the network traffic of a set time period is greater than a set traffic upper limit, and otherwise outputting the stability situation value to be 0.
5. The system of claim 4, wherein the early warning unit alarms when the threat situation value is 1, the vulnerability situation value of the network is 1, or the stability situation value is 1.
CN202011013304.3A 2020-09-24 2020-09-24 Network security intelligent early warning system based on block chain technology Withdrawn CN112134890A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011013304.3A CN112134890A (en) 2020-09-24 2020-09-24 Network security intelligent early warning system based on block chain technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011013304.3A CN112134890A (en) 2020-09-24 2020-09-24 Network security intelligent early warning system based on block chain technology

Publications (1)

Publication Number Publication Date
CN112134890A true CN112134890A (en) 2020-12-25

Family

ID=73839999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011013304.3A Withdrawn CN112134890A (en) 2020-09-24 2020-09-24 Network security intelligent early warning system based on block chain technology

Country Status (1)

Country Link
CN (1) CN112134890A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112787890A (en) * 2021-01-19 2021-05-11 北京笔新互联网科技有限公司 Block chain monitoring system
CN114760155A (en) * 2022-06-15 2022-07-15 济南法诺商贸有限公司 Block chain intelligent control network data security vulnerability mining method and system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112787890A (en) * 2021-01-19 2021-05-11 北京笔新互联网科技有限公司 Block chain monitoring system
CN112787890B (en) * 2021-01-19 2022-09-27 北京笔新互联网科技有限公司 Block chain monitoring system
CN114760155A (en) * 2022-06-15 2022-07-15 济南法诺商贸有限公司 Block chain intelligent control network data security vulnerability mining method and system
CN114760155B (en) * 2022-06-15 2022-09-13 济南法诺商贸有限公司 Block chain intelligent control network data security vulnerability mining method and system

Similar Documents

Publication Publication Date Title
CN112134890A (en) Network security intelligent early warning system based on block chain technology
US11381974B2 (en) Method and attack detection function for detection of a distributed attack in a wireless network
US20070064625A1 (en) Method of processing emergent data in wireless sensor network
WO2016188116A1 (en) Credibility detection-based security routing protocol in vehicular ad hoc network
EP2907333A1 (en) Fake base station detection with core network support
Garofalo et al. Enhancing intrusion detection in wireless sensor networks through decision trees
KR20100077707A (en) Method for setting of adaptive communication environment in under acoustic sensor network and the apparatus thereof
CN109030313B (en) Seepage intelligent monitoring system for hydraulic engineering
CN101641906A (en) At the method and system that has operation WAP (wireless access point) under the situation of bursty interference
CN109618001B (en) Internet of things terminal data management and control system and method based on cloud platform
Kloiber et al. Update delay: A new information-centric metric for a combined communication and application level reliability evaluation of cam based safety applications
EP3138090B1 (en) Pedestrian detection
CN102215457B (en) A kind of Dynamic Configuration of mobile terminal group and system
CN108900517A (en) A kind of Security routing defence method based on HWMP agreement
CN110928259A (en) Production monitoring system based on internet of things
EP3888332A1 (en) Universal narrow-band internet of things communication node for use with environmental sensors and stations
CN116405503A (en) Unmanned aerial vehicle cluster network topology inference method
CN112016997A (en) High electronic commerce system of security
CN108882282A (en) It is a kind of for the detection and the response method that newly flow attack in SDWSNs
CN109922449B (en) Data informatization acquisition, management and analysis system and method
CN102932794B (en) Black hole attack detection method in a kind of clustering self-organizing network
CN109450994B (en) Agricultural environment intelligent monitoring system based on big data
CN107360236B (en) Agricultural product storage and transportation intelligent monitoring system based on wireless sensor network
CN107566974A (en) A kind of agricultural product accumulating intelligent monitor system
CN107659628A (en) A kind of Drinking Water real-time monitoring system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20201225