CN113315752B

CN113315752B - Intelligent medical attack tracing method based on block chain and medical big data system

Info

Publication number: CN113315752B
Application number: CN202110432928.7A
Authority: CN
Inventors: 阚中强
Original assignee: Shenzhen Tengyun Data System Co ltd
Current assignee: Shenzhen Tengyun Data System Co.,Ltd.
Priority date: 2021-04-22
Filing date: 2021-04-22
Publication date: 2022-02-25
Anticipated expiration: 2041-04-22
Also published as: CN113315752A

Abstract

The embodiment of the disclosure provides an intelligent medical attack tracing method and a medical big data system based on a block chain, when abnormal reported information sent by a block chain sharing node terminal is received, when network information attack behaviors aiming at target verification service information exist in the verification process of an intelligent contract condition of a shared intelligent contract of a block chain sharing node terminal, network attack intelligence clues of attack behavior stages in a multi-attack link data flow of the network information attack behaviors are traced, the attack tracing result information of the network information attack behaviors of the target verification service information is determined according to the network attack intelligence clues of the attack behavior stages in the multi-attack link data flow of the network information attack behaviors, and then network attacks possibly suffered by the shared verification service information launched by the block chain sharing node terminal before the verification process of the intelligent contract condition of the intelligent contract are considered, and the information security monitoring effect of shared access is improved.

Description

Intelligent medical attack tracing method based on block chain and medical big data system

Technical Field

The disclosure relates to the technical field of intelligent medical treatment based on big data technology, in particular to an intelligent medical attack tracing method based on a block chain and a medical big data system.

Background

In the face of various problems or pain points of the medical health industry, the combination of the block chain technology and the medical industry can get through the information circulation of medical data by virtue of the characteristics of distribution, non-falsification, traceability and the like on the premise of ensuring the privacy of patient data, improve the current situation that mechanisms are data islands each other, reestablish the trust between doctors and patients and improve the efficiency of the medical industry.

Based on this, in the related art, medical record sharing may provide more data sharing and data research for a large number of organizations, however, in the sharing access process, as soon as possible, the smart contract may allow trusted transactions without a third party, and these transactions may be tracked and irreversible, but do not consider a network attack that may be suffered by the shared authentication service information initiated for the blockchain shared node terminal before the authentication process of the smart contract condition of the smart contract, resulting in poor information security monitoring effect of the sharing access.

Disclosure of Invention

In order to overcome at least the above disadvantages in the prior art, an object of the present disclosure is to provide an intelligent medical attack tracing method based on a blockchain and a medical big data system.

In a first aspect, the present disclosure provides an intelligent medical attack tracing method based on a blockchain, which is applied to a medical big data system, where the medical big data system is in communication connection with a plurality of blockchain shared node terminals, and the blockchain network has a shared intelligent contract corresponding to a shared request, where the method includes:

when abnormal reporting information sent by the block chain sharing node terminal is received, judging whether network information attack behaviors aiming at target verification service information exist in the verification process of the intelligent contract condition of the shared intelligent contract of the target verification service information of the block chain sharing node terminal, wherein the target verification service information is the shared verification service information in a shared access request aiming at a first target disease data object sent by the block chain sharing node terminal, and judging the target verification service information which does not accord with the intelligent contract condition;

when the target verification service information has a network information attack behavior aiming at the target verification service information in the verification process of the intelligent contract condition, tracking a network attack intelligence clue of an attack behavior stage in a multi-attack link data flow of the network information attack behavior;

and determining the attack tracing result information of the network information attack behavior of the target verification service information according to the network attack intelligence clue of the attack behavior stage in the multi-attack-link data stream of the network information attack behavior.

In a second aspect, an embodiment of the present disclosure further provides an intelligent medical attack tracing system based on a blockchain, where the intelligent medical attack tracing system based on a blockchain includes a medical big data system and a plurality of blockchain shared node terminals communicatively connected to the medical big data system, and the blockchain network has a shared intelligent contract corresponding to a shared request;

the medical big data system is used for:

According to any one of the above aspects, in the embodiments provided by the present disclosure, when receiving abnormal report information sent by the blockchain shared node terminal, when a network information attack behavior for the target verification service information exists in the verification process of the intelligent contract condition of the shared intelligent contract, the target verification service information of the blockchain shared node terminal tracks a network attack intelligence clue of an attack behavior stage in a multi-attack-link data flow of the network information attack behavior, and determines attack result tracing information of the network information attack behavior of the target verification service information according to the network attack intelligence clue of the attack behavior stage in the multi-attack-link data flow of the network information attack behavior, thereby considering a network attack that may be suffered by the shared verification service information launched by the blockchain shared node terminal before the verification process of the intelligent contract condition of the intelligent contract, and the information security monitoring effect of shared access is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that need to be called in the embodiments are briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present disclosure, and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.

Fig. 1 is a schematic view of an application scenario of a block chain-based smart medical file sharing system according to an embodiment of the present disclosure;

fig. 2 is a schematic flowchart illustrating a method for sharing intelligent medical files based on blockchains according to an embodiment of the present disclosure;

fig. 3 is a functional block diagram of an intelligent medical attack tracing apparatus based on a blockchain according to an embodiment of the present disclosure;

fig. 4 is a block diagram illustrating a structure of a medical big data system for implementing an intelligent medical attack tracing method based on a blockchain according to an embodiment of the present disclosure.

Detailed Description

The present disclosure is described in detail below with reference to the drawings, and the specific operation methods in the method embodiments can also be applied to the device embodiments or the system embodiments.

Fig. 1 is an explanatory diagram of a block chain-based intelligent medical file sharing system 10 according to an embodiment of the disclosure. The intelligent medical file sharing system 10 based on the blockchain may include a medical big data system 100 and a blockchain sharing node terminal 200 communicatively connected with the medical big data system 100. The blockchain-based intelligent medical file sharing system 10 shown in fig. 1 is only one possible example, and in other possible embodiments, the blockchain-based intelligent medical file sharing system 10 may also include only at least some of the components shown in fig. 1 or may also include other components.

In an embodiment, the medical big data system 100 and the blockchain shared node terminal 200 in the blockchain-based intelligent medical file sharing system 10 can cooperatively perform the blockchain-based intelligent medical file sharing method described in the following method embodiments, and the detailed steps of the specific medical big data system 100 and the blockchain shared node terminal 200 can be partially described with reference to the following method embodiments.

To solve the above technical problems in the background art, fig. 2 is a flowchart illustrating a method for sharing a smart medical file based on a blockchain according to an embodiment of the present disclosure, which can be executed by the medical big data system 100 shown in fig. 1, and the method for sharing a smart medical file based on a blockchain is described in detail below.

Step S110, obtaining the smart medical file sharing data sent by the blockchain sharing node terminal, and extracting a target disease data object included in the smart medical file sharing data.

In this embodiment, the intelligent medical file sharing data is acquired by using the sharing node terminal installed in the block chain to obtain any intelligent medical file data information that needs to be shared, including but not limited to medical record information, medical disease diagnosis process information, and medical disease clinical information. The medical record information includes information of chief complaints (main symptoms, physical signs, occurrence time, nature, degree, position and the like of patients admitted to a hospital for treatment), current medical history information, past history information, family history information and the like. The medical disease diagnosis process information includes specific information of the medical disease in the diagnosis process, such as onset time, urgency, possible etiology and cause (including some cases before onset if necessary) of the medical disease in the diagnosis process of the respiratory system, the circulatory system, the digestive system, the urogenital system, the hematopoietic system, the endocrine system and the metabolic system, the nervous system, the musculoskeletal system and the like. The clinical information of the medical diseases is clinical behavior data and the like obtained by further discussion according to the information of the medical disease diagnosis process.

The medical record information, the medical disease diagnosis process information and the medical disease clinical information generated at a certain moment are combined to be used as archive data, and one archive data is generally in one-to-one correspondence with time sequence development data, namely, one archive data refers to the medical record information, the medical disease diagnosis process information and the medical disease clinical information which are acquired by a medical archive at a certain moment and a certain place.

In this embodiment, the disease data object is an identification data object on the actual disease course, such as diabetes a1 (type 1 diabetes), diabetes a2 (type 2 diabetes), and the like. The disease data object is an important component of the shared archive, that is, the shared archive can display identification information on the archive storage area in addition to the archive storage area and the storage relationship. The target disease data object is a disease data object included in the smart medical file sharing data.

The smart medical file sharing data can express the target disease data object by means of characteristic parameters, for example, in the case of uremia, the smart medical file sharing data can express uremia by using the symptom characteristics of uremia (such as chronic renal failure). Therefore, the target disease data object can be determined according to the corresponding relation between the characteristic parameters and the disease data object in the intelligent medical file sharing data. It should be understood that, when the smart medical file sharing data is multimedia data (such as video data), the image data may be analyzed by using a deep learning model to obtain a corresponding target disease data object.

Step S120, updating shared evaluation information corresponding to the target disease data object by using the smart medical file shared data, where the shared evaluation information is an evaluation confidence parameter for determining whether to share file data of the target disease data object to a shared file library.

The shared evaluation information corresponding to the target disease data object is updated according to the current intelligent medical file shared data and the past confidence degree distribution of the target disease data object.

In one embodiment, when the target disease data object already exists in the shared file library, the preset shared evaluation information of the target disease data object can be obtained according to the expression of the shared file library on the target disease data object, when the target disease data object is not in the shared file library, the smart medical file shared data of which the target disease data object is observed for the first time can be used as the preset shared evaluation information of the target disease data object, and then the preset shared evaluation information corresponding to the target disease data object is updated according to the acquired smart medical file shared data each time.

Step S130, when the sharing evaluation information satisfies the preset sharing condition, the archive data of the target disease data object is shared into the shared archive.

The preset sharing condition includes adding sharing in the shared archive and deleting sharing in the shared archive, that is, adding the target disease data object to the shared archive or deleting the target disease data object from the shared archive.

Specifically, after acquiring the smart medical file shared data sent by the blockchain shared node terminal, analyzing the smart medical file shared data to extract a target disease data object contained in the smart medical file shared data, then updating shared evaluation information corresponding to the target disease data object by using the smart medical file shared data to obtain current shared evaluation information of the target disease data object, and sharing the file data of the target disease data object into a shared file library when the shared evaluation information meets a preset sharing condition to update the shared file library.

Therefore, the intelligent medical file sharing data sent by any block chain sharing node terminal can be used for updating the shared file library, a specific intelligent medical file acquisition terminal is not needed, and the updating cost of the shared file library is greatly reduced. Meanwhile, the sharing evaluation information of the target disease data object is updated according to the intelligent medical file sharing data, so that the problem that the intelligent medical file sharing data sent by the block chain sharing node terminal has data with a data value lower than the sharing value of a specific intelligent medical file and cannot be directly used for updating the shared file library is effectively solved.

In one embodiment, a method for sharing a smart medical file based on a blockchain according to an embodiment of the present disclosure includes the following steps:

step S201, after acquiring the pre-configured smart medical file sharing data, storing a preset disease data object included in the pre-configured smart medical file sharing data and preset sharing evaluation information corresponding to the preset target disease data object.

It should be noted that the preset shared evaluation information corresponding to the preset target disease data object is obtained by performing confidence distribution calculation on the preset disease data object according to the preset intelligent medical file shared data.

That is, after the pre-configured smart medical file shared data is obtained, the pre-configured smart medical file shared data may be directly extracted to obtain the preset target disease data object included in the pre-configured smart medical file shared data, and then the preset shared evaluation information corresponding to the preset target disease data object is calculated according to the disease object characteristic information of the preset target disease data object, and the preset target disease data object and the preset shared evaluation information corresponding to the preset target disease data object are stored.

Step S202, obtaining the sharing data of the currently sent intelligent medical file.

In the embodiment of the present disclosure, the current time is the next time of the preset time, and after the shared evaluation information of the target disease data object is updated according to each current time, the current time is used as the preset time, so as to obtain the next currently sent intelligent medical file shared data.

Step S203, matching the currently transmitted smart medical file sharing data with a preset target disease data object to obtain a current target disease data object included in the currently transmitted smart medical file sharing data, where an association relationship exists between the current target disease data object and the preset target disease data object.

Wherein, the correlation is that the current target disease data object and the preset target disease data object are used for expressing the same actual generalized disease data object. In one embodiment, the currently transmitted smart medical file sharing data is matched with the preset target disease data object by using the characteristic parameters in the smart medical file sharing data, for example, when the difference between the characteristic parameters in the currently transmitted smart medical file sharing data and the characteristic parameters corresponding to the preset target disease data object is smaller than the sharing evaluation confidence, it is determined that the target disease data object in the currently transmitted smart medical file sharing data is matched with the preset target disease data object, or the currently transmitted smart medical file sharing data is matched with the preset target disease data object by using a deep learning model or the like.

Therefore, the embodiment of the disclosure can effectively extract the target disease data object used for updating the shared file library from the intelligent medical file shared data sent by the block chain shared node terminal, and simultaneously ensure that the extracted current target disease data object can be matched with the preset target disease data object, thereby effectively avoiding the problem of mistaken updating of the target disease data object.

Moreover, the method and the device are based on the storage of the preset target disease data object and the preset sharing evaluation information corresponding to the preset target disease data object, and whether the archive data of the target disease data object is directly shared in the shared archive is determined according to the stored sharing evaluation information, so that the shared archive does not need to be repeatedly processed according to the stored sharing evaluation information, and the updating cost of the shared archive is effectively saved.

In one embodiment, the updating of the shared evaluation information corresponding to the target disease data object using the smart medical file shared data comprises: and inputting the intelligent medical file shared data into a shared evaluation decision network corresponding to the disease object characteristic information of the target disease data object to obtain shared evaluation information corresponding to the disease object characteristic information of the target disease data object.

The shared evaluation decision network is obtained by utilizing the intelligent medical file shared data to carry out iterative updating according to the periodic index observation value of the disease object characteristic information, and the disease object characteristic information is a parameter used for representing a target disease data object.

In one embodiment, the disease object characteristic information may include a shared heat characteristic, an academic description characteristic, and a patient need characteristic. The sharing hot degree characteristic is the cross-node request times and the sharing times of the target disease data object in the sharing archive, the academic description characteristic is an academic description label of the target disease data object, and the patient demand characteristic is the trend of patient demand of the target disease data object in the sharing archive.

That is, the shared evaluation decision network may be utilized to obtain the current shared evaluation information of the target disease data object determined according to the current smart medical file shared data, for example, the shared evaluation decision network iteratively updated according to the smart medical file shared data at the previous time may be obtained, and then the currently transmitted smart medical file shared data is input into the shared evaluation decision network to obtain the current shared evaluation information corresponding to the disease object characteristic information of the target disease data object.

Further, when the disease object characteristic information is the sharing heat characteristic, the method inputs the intelligent medical file sharing data into the sharing evaluation decision network corresponding to the disease object characteristic information of the target disease data object, and comprises the following steps: and inputting the shared data of the intelligent medical files into a shared evaluation decision network corresponding to the shared heat characteristic to obtain shared evaluation information corresponding to the shared heat characteristic, wherein the shared evaluation information corresponding to the shared heat characteristic is a heat characteristic mean value of the shared heat characteristic.

It should be noted that the sharing heat characteristic of the target disease data object is usually a real-time update event, that is, the target disease data object is acquired by the block chain sharing node terminal as a real-time update event, and therefore, the sharing heat characteristic of the target disease data object can follow real-time heat distribution of a certain rule, so that the sharing evaluation decision network corresponding to the sharing heat characteristic can be obtained by fitting based on the sharing heat of different sharing entries, and further, in the implementation process, the sharing heat matched with different sharing entries in the smart medical archive sharing data can be obtained by weighting based on the sharing evaluation decision network to obtain sharing evaluation information corresponding to the sharing heat characteristic, and the sharing evaluation information corresponding to the sharing heat characteristic is a heat characteristic mean value of the sharing heat characteristic.

For another example, the shared data of the smart medical file can be directly input into a shared evaluation decision network corresponding to the shared heat characteristic, and then the shared evaluation decision network is calculated, first, a jacobian matrix between the observed value of the shared heat cycle index corresponding to the target disease data object in the shared data of the smart medical file and the target disease data object is calculated:

and then, further analyzing the shared evaluation decision network by using a Kalman filtering algorithm to obtain a heat characteristic mean value of the shared heat characteristic.

That is to say, after obtaining the currently sent intelligent medical file shared data, extracting a target disease data object contained in the intelligent medical file shared data, obtaining a shared heat cycle index observed value of the target disease data object seen (observed) in the intelligent medical file shared data, inputting the shared heat cycle index observed value into a shared evaluation decision network corresponding to the shared heat feature, and analyzing the shared evaluation decision network corresponding to the shared heat feature by using a kalman filter algorithm to obtain a heat feature average value of the shared heat feature.

In practical situations, during the continuous sharing process of the blockchain sharing node terminal, a plurality of continuous smart medical file sharing data can be generated for the target disease data object, for example, the blockchain sharing node terminal continuously shares for 10 cycles, and can acquire 20 smart medical file sharing data, at this time, the continuously acquired 20 smart medical file sharing data can be input into the sharing evaluation decision network corresponding to the sharing heat characteristic in batch, so as to update the sharing heat characteristic of the target disease data object through the smart medical file sharing data continuously acquired by the blockchain sharing node terminal.

For example, the continuously acquired smart medical file sharing data may be respectively matched with preset smart medical file sharing data to obtain a sharing heat cycle index observation value of the target disease data object in each frame of the smart medical file sharing data, and the smart medical file sharing data may be input into a sharing evaluation decision network corresponding to the sharing heat feature for the smart medical file sharing data. And then, analyzing the sharing evaluation decision network corresponding to the sharing heat characteristic of the sharing data of the plurality of intelligent medical files by using a corresponding analysis algorithm to obtain a heat characteristic mean value of the sharing heat characteristic corresponding to the target disease data object. In one embodiment, the least squares model may be solved using the DogLeg algorithm.

Therefore, the sharing evaluation information corresponding to the sharing heat characteristic of the target disease data object can be updated through the single or multiple uploaded intelligent medical file sharing data, so that whether the file data of the target disease data object is shared in the sharing file library or not can be determined according to the sharing evaluation information of the target disease data object.

Further, when the disease object characteristic information is an academic description characteristic, the academic description characteristic is an academic description label of the target disease data object, and the intelligent medical file sharing data is input into the shared evaluation decision network corresponding to the disease object characteristic information of the target disease data object, and the method comprises the following steps: inputting the intelligent medical file sharing data into a pre-constructed academic description decision network to obtain academic description label information of a target disease data object and confidence corresponding to the academic description label information; and inputting the confidence corresponding to the academic description label information into a shared evaluation decision network corresponding to the academic description characteristics to obtain shared evaluation information corresponding to the academic description characteristics, wherein the shared evaluation information corresponding to the academic description characteristics is evaluation information obtained by weighting the confidence corresponding to the academic description label information.

The pre-constructed academic description decision network can be a trained deep learning model, the intelligent medical file shared data is input into the trained academic description decision network, and the academic description label information of the target disease data object and the confidence corresponding to the academic description label information are obtained by using the academic description decision network. The academic description decision network is a model which is constructed based on a deep learning algorithm and is used for carrying out academic description labeling on the intelligent medical file sharing data.

In the embodiment of the disclosure, the academic description decision network is utilized to separate and identify the smart medical file sharing data to obtain the confidence levels corresponding to the academic description label c and the academic description label c, for example, if the categories of uremia are primary uremia and post-uremia, after the smart medical file sharing data is input into the pre-constructed academic description decision network, the confidence level that the smart medical file sharing data is subjected to the primary uremia by the academic description label is possibly obtained to be 0.8, and the confidence level that the smart medical file sharing data is subjected to the post-uremia by the academic description label is possibly obtained to be 0.2.

And then, fusing the confidence corresponding to the academic description label information with the confidence corresponding to the academic description label information corresponding to the preset target disease data object to obtain shared evaluation information corresponding to the academic description characteristics.

In one embodiment, after receiving the currently transmitted intelligent medical file sharing data, the intelligent medical file sharing data is input into a trained academic description decision network, the academic description label information of the target disease data object and the confidence corresponding to the academic description label information are obtained by using a deep learning model, such as confidence corresponding to primary uremia c1 and confidence corresponding to post-uremia c2, then acquiring academic description label information of a target disease data object obtained according to the pre-configured intelligent medical file sharing data and a confidence corresponding to the academic description label information, namely the confidence corresponding to the primary uremia c1 and the confidence corresponding to the secondary uremia c2, and then weighting the confidence corresponding to the two academic description label information respectively to obtain the confidence corresponding to the primary uremia c1 and the confidence corresponding to the secondary uremia c 2.

When the disease object characteristic information is a patient requirement characteristic, the patient requirement characteristic refers to the trend of the target disease data object in the patient requirement in the shared file library, and the intelligent medical file shared data is input into a shared evaluation decision network corresponding to the disease object characteristic information of the target disease data object, wherein the shared evaluation decision network comprises the following steps: inputting the intelligent medical file sharing data into a pre-constructed patient demand decision network to obtain the patient demand confidence of the target disease data object; and inputting the patient demand confidence into a shared evaluation decision network corresponding to the patient demand characteristics to obtain shared evaluation information corresponding to the patient demand characteristics, wherein the shared evaluation information corresponding to the patient demand characteristics is evaluation information obtained by weighting the patient demand confidence.

Similar to the academic description features, the pre-constructed patient demand decision network can also be a trained deep learning model, and it should be understood that the training sample set of the pre-constructed academic description decision network corresponding to the academic description features is different from the training sample set of the pre-constructed patient demand decision network corresponding to the patient demand features during training, so as to form different types of deep learning models.

For example, intelligent medical profile sharing data may be entered into a trained patient need decision network, which is used to derive patient need confidence for target disease data objects. It should be understood that in embodiments of the present disclosure, the patient need confidence corresponds to a binary distribution, where the values are present or absent. If the value is present, it indicates that the disease data object should exist in the shared archive, and if not, it indicates that the disease data object should not exist in the shared archive.

And then, fusing the patient demand confidence of the target disease data object with the patient demand confidence corresponding to the preset target disease data object to obtain the shared evaluation information corresponding to the patient demand characteristics.

In one embodiment, after receiving currently sent intelligent medical file sharing data, the intelligent medical file sharing data is input into a trained patient demand decision network, a patient demand confidence of a target disease data object is obtained by using the patient demand decision network, then a historical patient demand confidence obtained according to the preconfigured intelligent medical file sharing data is obtained (at this time, the patient demand confidence at a preset time can be from a shared file library), and the historical patient demand confidence and the current patient demand confidence are fused to obtain shared evaluation information corresponding to patient demand characteristics.

Therefore, the academic description characteristics and the patient requirement characteristics of the target disease data object can be updated respectively by utilizing the deep learning model and the fusion calculation, and the shared evaluation information corresponding to the academic description characteristics and the shared evaluation information corresponding to the patient requirement characteristics of the target disease data object are obtained.

In one embodiment, the method for sharing a smart medical file based on a blockchain may include the following steps:

step S301, obtaining the intelligent medical file sharing data sent by the blockchain sharing node terminal.

Step S302, the target disease data object contained in the intelligent medical file sharing data is extracted.

Step S303, updating shared evaluation information corresponding to the target disease data object by using the smart medical file shared data, where the shared evaluation information is an evaluation confidence parameter for determining whether to share file data of the target disease data object to the shared file repository.

Step S304, when the sharing evaluation information corresponding to the patient demand characteristics is smaller than the first sharing evaluation confidence, the target disease data object is not shared in the sharing archive.

Step S305, when the shared evaluation information corresponding to the patient demand characteristics is greater than or equal to the first shared evaluation confidence coefficient, determining to share the target disease data object in the shared archive according to the shared evaluation information corresponding to the shared heat characteristics and the shared evaluation information corresponding to the academic description characteristics.

It should be noted that the first sharing evaluation confidence is used to determine whether the target disease data object exists, and the second sharing evaluation confidence may be set to 50%, that is, when the patient demand confidence of the target disease data object is greater than 50%, the target disease data object is determined to be shared in the sharing archive according to the sharing evaluation information corresponding to the sharing heat characteristic and the sharing evaluation information corresponding to the academic description characteristic.

When the shared evaluation information corresponding to the patient demand characteristics is greater than or equal to the second shared evaluation confidence level, it is indicated that a disease data object is determined to exist, and the disease data object needs to be displayed in the shared archive, at this time, shared evaluation information corresponding to the shared heat characteristics of the disease data object and shared evaluation information corresponding to the academic description characteristics need to be further acquired, and whether the shared evaluation information corresponding to the shared heat characteristics of the target disease data object and the shared evaluation information corresponding to the academic description characteristics converge to academic description label information and the shared heat characteristics capable of determining the disease data object is judged.

The convergence condition of the sharing heat degree feature can be determined through the mean square deviation value, and the academic description feature can be determined according to the confidence degree corresponding to the academic description feature, so that the mean square deviation value and the mean value of the heat degree feature corresponding to the sharing heat degree feature and the maximum semantic confidence degree value in the sharing evaluation information corresponding to the academic description feature can be respectively obtained. Wherein, the maximum value in the shared evaluation information corresponding to the academic description features represents the most likely semantic information corresponding to the disease data object.

For example, when the shared evaluation information corresponding to the academic description feature is greater than or equal to the second shared evaluation confidence level and the variance value of the heat feature is smaller than the third shared evaluation confidence level, the target disease data object is shared in the shared archive according to the mean value of the shared heat feature.

The third shared evaluation confidence coefficient is a convergence threshold of the variance value of the heat characteristic corresponding to the shared heat characteristic, and the second shared evaluation confidence coefficient is a convergence threshold of the shared evaluation information corresponding to the academic description characteristic.

Specifically, when the intelligent medical file shared data sent by the blockchain shared node terminal is acquired, the target disease data object is extracted from the intelligent medical file shared data, and the shared evaluation information corresponding to the target disease data object is updated by using the intelligent medical file shared data, wherein the shared evaluation information comprises shared evaluation information corresponding to the shared heat characteristic, shared evaluation information corresponding to the academic description characteristic and shared evaluation information corresponding to the patient demand characteristic. When the shared evaluation information corresponding to the patient requirement characteristics is less than the first shared evaluation confidence level, it indicates that the target disease data object existing in the current shared file library is wrong, or the pre-configured intelligent medical file shared data is wrong, therefore, the disease data object is deleted from the stored target disease data object, i.e. the display information of the disease data object is shared to the shared file library, when the shared evaluation information corresponding to the patient requirement characteristics is greater than or equal to the second shared evaluation confidence level, it indicates that the target disease data object actually exists, and needs to be displayed in the shared file library, at this time, the mean and the mean values corresponding to the shared heat characteristics of the target file and the shared evaluation information corresponding to the academic description characteristics can be further obtained, and whether the mean value is less than the third shared evaluation confidence level or not can be judged, and the sharing evaluation information corresponding to the academic description features is greater than or equal to the second sharing evaluation confidence, if so, the target disease data object is shared in the sharing archive according to the mean value of the sharing heat features, and if any condition is not met, the target disease data object is not shared in the sharing archive.

It should be understood that error correction for disease data objects in the shared archive may be understood as adding new disease data objects after deleting existing erroneous disease data objects.

In one embodiment, before the archive data of the target disease data object is shared into the shared archive, the number of target disease data objects whose shared evaluation information satisfies the preset sharing condition may be counted, and when the number of target disease data objects whose shared evaluation information satisfies the preset sharing condition is greater than or equal to the preset number, the archive data of the target disease data object is shared into the shared archive.

In one embodiment, a method for intelligent medical file sharing based on block chains includes the following steps:

step S401, obtaining the smart medical file sharing data sent by the blockchain sharing node terminal.

Step S402, respectively extracting a first time sequence development data of the intelligent medical file shared data and a second time sequence development data of the shared file library.

Specifically, time sequence development data acquired during the medical disease diagnosis process can be extracted from the intelligent medical file shared data to serve as first time sequence development data, and time sequence development data corresponding to each position point in the shared file library is acquired to serve as second time sequence development data.

Step S403, mapping the first time sequence development data to a target time sequence space to obtain a first mapping node, and mapping the second time sequence development data to the target time sequence space to obtain a second mapping node.

The target time sequence space may be a time sequence space constructed in advance, or may be a time sequence space where a shared archive is located, or any one of time sequence spaces of clinical information of the medical diseases calculated based on the information of the medical disease diagnosis process. It should be understood that, in the present embodiment, the target time sequence space is used for unifying the smart medical file sharing data and the data of the shared archive into one time sequence space so as to determine whether the smart medical file sharing data and the shared archive indicate the matching of the shared nodes, and therefore, the selection of the target time sequence space is not specifically limited by the present disclosure.

Step S404, when the mapping correlation degree of the first mapping node and the second mapping node is greater than or equal to the sharing evaluation confidence, determining that the shared data of the smart medical file matches the shared file library, and determining that the shared data of the smart medical file matching the shared file library is the reference data.

That is, when the mapping correlation between the first mapping node of the smart medical file sharing data in the target time sequence space and the second mapping node of the shared file library in the target time sequence space is greater than or equal to the sharing evaluation confidence, it indicates that the smart medical file sharing data and the shared file library indicate the same actual sharing node, and at this time, the shared file library can be updated by using the smart medical file sharing data as the reference data.

In one embodiment, the sharing evaluation confidence may be 95% to 99%, wherein the sharing evaluation confidence is only used for illustration and may be determined according to an actual reference frame.

Step S405, extracting target disease data objects contained in the intelligent medical file sharing data.

Step S406, updating the shared evaluation information corresponding to the target disease data object by using the smart medical file shared data, where the shared evaluation information is an evaluation confidence parameter for determining whether to share the file data of the target disease data object to the shared file repository.

In step S407, when the sharing evaluation information satisfies the preset sharing condition, the archive data of the target disease data object is shared into the shared archive.

Specifically, after obtaining the intelligent medical file shared data sent by the blockchain shared node terminal, extracting first time sequence development data of the intelligent medical file shared data, mapping the first time sequence development data to a target time sequence space to obtain a first mapping node, then obtaining corresponding second time sequence development data in the shared file library according to the first time sequence development data of the intelligent medical file shared data, mapping the corresponding second time sequence development data to the target time sequence space to obtain a second mapping node, if the mapping correlation degree of the first mapping node and the second mapping node is greater than or equal to the sharing evaluation confidence degree, determining that the frame of the intelligent medical file shared data can be used as reference data for updating the shared file library, and if the mapping correlation degree of the first mapping node and the second mapping node is less than the sharing evaluation confidence degree, determining that the frame of the intelligent medical file shared data is not matched with the shared file library, not applicable to updates to the shared archive.

Therefore, the method and the device effectively ensure the accuracy of the intelligent medical file shared data used for updating the shared file library by comparing the intelligent medical file shared data with the time sequence development data of the shared file library and selecting the intelligent medical file shared data indicating the same actual shared node with the shared file library.

In one embodiment, the smart medical file sharing data may be pre-processed, e.g., data filtered, before being matched with the shared repository using the time-series evolution data. For example, the accuracy of the first time-series development data of the smart medical file shared data may be identified, and when the accuracy of the first time-series development data is smaller than a preset accuracy, the smart medical file shared data is determined to be invalid data, and the smart medical file shared data is deleted.

Furthermore, data preprocessing can be performed on all feature data in the smart medical file shared data, that is, accuracy detection is performed on medical record information, medical disease diagnosis process information and medical disease clinical information in each frame of smart medical file shared data, and data with accuracy smaller than a corresponding accuracy threshold is deleted as invalid data, that is, only acquired data with accuracy meeting the accuracy threshold is reserved as the smart medical file shared data.

For example, after acquiring the smart medical file shared data sent by crowdsourced data, extracting the time sequence development data in the smart medical file shared data, judging whether the precision of the time sequence development data reaches the preset precision, if the precision does not reach the preset precision, determining that the frame of smart medical file shared data is invalid data to be deleted, if the precision reaches the preset precision, further judging the precision of other data collected at the frame vehicle end, if the precision of any data is lower than the preset precision of the data, for example, the image precision of the image data is smaller than the preset image precision, deleting the image data in the frame of smart medical file shared data, and keeping other data meeting the preset precision, and using the smart medical file shared data with invalid data deleted as reference data for updating the characteristic information of the disease data object in the shared file library, and updating the shared archive based on the updated characteristic information.

Therefore, the effectiveness judgment can be carried out on the intelligent medical file shared data before the characteristic information of the disease data object is updated, the influence of invalid data on the characteristic information updating is greatly reduced, the updating accuracy of the shared file library is ensured, meanwhile, the data processing amount is reduced and the data processing speed of the shared file library updating is improved by deleting the invalid data.

step S501, obtaining the smart medical file sharing data sent by the blockchain sharing node terminal.

Step S502, the target disease data object contained in the intelligent medical file sharing data is extracted.

Step S5031, the shared data of the smart medical file is input to the shared evaluation decision network corresponding to the shared heat characteristic to obtain shared evaluation information corresponding to the shared heat characteristic, where the shared evaluation information corresponding to the shared heat characteristic is a heat characteristic mean value of the shared heat characteristic.

Step S5032, the smart medical file sharing data is input to a pre-constructed academic description decision network to obtain academic description label information of the target disease data object and a confidence corresponding to the academic description label information.

Step S5033, the confidence corresponding to the academic description label information is input to the shared evaluation decision network corresponding to the academic description feature to obtain shared evaluation information corresponding to the academic description feature, where the shared evaluation information corresponding to the academic description feature is evaluation information obtained by weighting the confidence corresponding to the academic description label information.

Step S5034, the intelligent medical file sharing data is input into a pre-constructed patient demand decision network to obtain the patient demand confidence of the target disease data object.

Step S5035, the patient demand confidence is input to a shared evaluation decision network corresponding to the patient demand characteristics to obtain shared evaluation information corresponding to the patient demand characteristics, where the shared evaluation information corresponding to the patient demand characteristics is evaluation information obtained by weighting the patient demand confidence.

Step S504, when the sharing evaluation information corresponding to the patient demand characteristics is smaller than the first sharing evaluation confidence, the target disease data object is not shared in the sharing archive.

And step S505, when the shared evaluation information corresponding to the patient demand characteristics is greater than or equal to the first shared evaluation confidence, determining to share the target disease data object in the shared archive according to the shared evaluation information corresponding to the shared heat characteristics and the shared evaluation information corresponding to the academic description characteristics.

Step S506, when the shared evaluation information corresponding to the academic description feature is greater than or equal to the second shared evaluation confidence and the variance value of the heat feature is smaller than the third shared evaluation confidence, sharing the target disease data object in the shared archive according to the mean value of the shared heat feature.

For example, the blockchain sharing node terminal can collect medical record information, medical disease diagnosis process information and medical disease clinical information, intelligent medical file sharing data is generated according to the medical record information, the medical disease diagnosis process information and the medical disease clinical information, the blockchain sharing node terminal sends the intelligent medical file sharing data to the medical big data system, the medical big data system obtains the intelligent medical file sharing data, target disease data objects contained in the intelligent medical file sharing data are extracted, sharing evaluation information corresponding to the target disease data objects is updated by the intelligent medical file sharing data, and when the sharing evaluation information meets preset sharing conditions, file data of the target disease data objects are shared into the sharing file library.

To sum up, this disclosure can utilize wisdom medical treatment archives shared data that arbitrary block chain shared node terminal sent to realize the update to shared archives, need not to adopt specific wisdom medical treatment archives acquisition terminal, greatly reduced shared archives's update cost. Meanwhile, the sharing evaluation information of the target disease data object is updated according to the intelligent medical file sharing data, so that the problem that the intelligent medical file sharing data sent by the block chain sharing node terminal has data with a data value lower than the sharing value of a specific intelligent medical file and cannot be directly used for updating the shared file library is effectively solved.

In one embodiment, the method for sharing a smart medical file based on a blockchain may further include the following steps:

step S601, acquiring a shared access request for a first target disease data object sent by any one blockchain shared node terminal in the blockchain network.

The shared access request may specifically include shared verification service information of the blockchain shared node terminal, that is, when any one blockchain shared node terminal in the blockchain network needs to initiate shared access to the first target disease data object, the shared verification service information needs to be uploaded, for example, medical institution qualification information, medical institution authentication information, and the like.

Step S602, according to the sharing access request, obtaining the intelligent contract condition of the corresponding intelligent contract, and judging whether the sharing verification service information accords with the intelligent contract condition.

In this embodiment, the intelligent contract conditions of the intelligent contract may be flexibly selected according to actual design requirements, and specifically, reference may be made to an implementation manner in the prior art, which is not an inventive point of the present application and is not described herein again.

Step S603, when the sharing verification service information meets the intelligent contract condition, obtaining the shared medical archive data of the target disease data object from the shared archive library pre-authorized by the blockchain network based on the shared index object in the sharing verification service information, and sending the shared medical archive data to the blockchain shared node terminal.

Based on the steps, when the shared verification service information meets the intelligent contract condition, the shared medical archive data of the target disease data object is acquired from the shared archive library pre-authorized by the blockchain network based on the shared index object in the shared verification service information, and the shared medical archive data is sent to the blockchain shared node terminal, so that the security of shared access and the data privacy are improved.

In one embodiment, the intelligent medical attack tracing method based on the blockchain may further include the following steps:

step S701 is to acquire a shared access request for a first target disease data object, which is sent by any one of the blockchain shared node terminals in the blockchain network, where the shared access request includes shared authentication service information of the blockchain shared node terminal.

Step S702, according to the sharing access request, obtaining the intelligent contract condition of the corresponding intelligent contract, and judging whether the sharing verification service information accords with the intelligent contract condition.

Step S703 is to determine target authentication service information that does not meet the intelligent contract condition in the shared authentication service information when the shared authentication service information does not meet the intelligent contract condition.

Step S704, sending the target verification service information to the blockchain shared node terminal, and when receiving the abnormal reporting information sent by the blockchain shared node terminal, determining whether a network information attack behavior for the target verification service information exists in the verification process of the intelligent contract condition of the target verification service information.

In this embodiment, when the blockchain shared node terminal receives the target verification service information that does not meet the intelligent contract condition in the shared verification service information, the user may be handed over to determine whether there is an abnormality (such as an abnormal condition of network behavior attack) in the current verification process, and feed back the abnormal reported information, so that the medical big data system further determines whether there is a network information attack behavior for the target verification service information in the verification process of the intelligent contract condition.

Step S705, when the target verification service information has a network information attack behavior aiming at the target verification service information in the verification process of the intelligent contract condition, tracking a network attack intelligence clue of an attack behavior stage in a multi-attack link data flow of the network information attack behavior.

In this embodiment, one network information attack behavior usually has multiple attack links, so that the data flow of multiple attack links can be tracked next, and network attack intelligence clues in the attack behavior stage, such as header information of the attack message, can be obtained.

On the basis, the attack tracing result information of the network information attack behavior of the target verification service information is determined according to the network attack intelligence clue of the attack behavior stage in the multi-attack link data flow of the network information attack behavior.

Therefore, the network attack possibly suffered by the shared verification service information initiated by the block chain shared node terminal is considered before the verification process of the intelligent contract condition of the intelligent contract, and the information security monitoring effect of the shared access is improved.

In an embodiment, determining the attack tracing result information of the network information attack behavior of the target verification service information according to the network attack intelligence clue of the attack behavior stage in the multi-attack link data stream of the network information attack behavior can be specifically realized through the following steps.

Step S706, obtaining the shared access authorization service to be traced and the target tracing rule corresponding to the shared access authorization service to be traced, which are matched with the plurality of shared security event tags, based on the network attack intelligence clues.

In this embodiment, the target tracing rule may be, for example, a tracing rule to which an authorized sharing item of the shared access authorization service to be traced belongs, where the target tracing rule includes at least one tracing rule node. Wherein the content of the first and second substances,

step S707, detecting a persistent attack vector and a non-persistent attack vector included in the multiple pieces of shared access request information of the shared access authorization service to be traced according to the target tracing rule.

In an embodiment, the shared access authorization service to be traced back may be an entity access authorization service such as a medical research registration project, a medical information docking project, and the like, and the persistent attack vector may be an attack vector having suspected attack attributes, in which attack content characteristic information is dynamically changed when the access authorization service is attacked in different authorization dimensions, for example, vector information that can be dynamically changed for medical institution address information, medical institution personnel information, and the like, when the access authorization service is in different authorization dimensions, the persistent attack vector for the access authorization service is changed to some extent, and the change of the persistent attack vector conforms to a certain rule change. The non-persistent attack vector is generally an attack vector that does not change due to different states of accessing the authorized service, such as, but not limited to, a registration name of a medical institution.

Generally, for an access authorization service with a threat, an attack vector is usually not included, or only a part of the attack vector is included, or the attack vector and a real access authorization service are different (for example, a persistent attack vector on the access authorization service subjected to misoperation usually does not or rarely changes due to a change of a state, or a change mode is different from that of the real access authorization service, and the like), so that a plurality of pieces of shared access request information obtained by performing index data acquisition on a to-be-traced shared access authorization service through different traffic big data acquisition dimensions can be acquired, and an attack location identification result of the access authorization service is comprehensively determined based on the persistent attack vector and a non-persistent attack vector.

Step S708, extracting the potential trajectory feature point of the attack partition where the non-persistent attack vector is located to obtain a non-persistent attack trajectory, extracting the potential trajectory feature point of the attack partition where the persistent attack vector is located and the attack traversal attribute of the persistent attack vector among the plurality of shared access request information to obtain the persistent attack trajectory.

In an embodiment, the non-persistent attack vector tag attribute is a potential track feature point in an actual scene, so that the potential track feature point of an attack partition where the non-persistent attack vector is located can be extracted as a non-persistent attack track, for example, the non-persistent attack track can be extracted through a K-MEANS algorithm, or the non-persistent attack track can be extracted through a convolutional neural network. For the persistent attack vector, not only the potential trajectory feature points of the attack partition where the non-persistent attack vector is located need to be considered, but also the time sequence dimension needs to be increased on the basis to capture the change features of a plurality of persistent attack vectors, and specifically, a deep learning network can be adopted to extract the persistent attack trajectory, which will be described in detail later.

Step S709, identify attack positioning information corresponding to each non-continuous attack vector based on the non-continuous attack trajectory, and identify attack positioning information corresponding to each continuous attack vector based on the continuous attack trajectory.

In an embodiment, the attack positioning information corresponding to each non-persistent attack vector may be determined according to a first attack track interval where the non-persistent attack track of each non-persistent attack vector is located and attack positioning information associated with the first attack track interval. For example, an attack trajectory interval range of the attack positioning attack vector may be set in advance, and then attack positioning information of the non-persistent attack vector may be determined according to the attack trajectory interval range in which the non-persistent attack trajectory is located.

Similarly, attack positioning information corresponding to each persistent attack vector can be determined according to a second attack track interval where the persistent attack track of each persistent attack vector is located and attack positioning information associated with the second attack track interval.

In one embodiment, the attack localization classification method can also be adopted to determine the attack localization information of the non-persistent attack vector and the persistent attack vector. For example, an SVM (Support Vector Machine) classifier is used to perform attack localization classification on the attack Vector, or an attack localization classification node in the neural network is used to perform attack localization classification on the attack Vector.

In an embodiment, the designated shared access reference information may be extracted from shared access past information including the shared access authorization service to be traced, where the designated shared access reference information may be all shared access reference information in the shared access past information, or may be one or more pieces of shared access reference information extracted from the shared access past information at set intervals, or may also be shared access reference information in which the shared access authorization service to be traced is in an authorized activated state. And then extracting potential track characteristic points of the attack partition where the non-persistent attack vector is located in the specified shared access reference information. Based on this, in an embodiment, the attack positioning information of the non-persistent attack vector contained in each piece of designated shared access reference information may be identified according to the non-persistent attack trajectory extracted from each piece of designated shared access reference information, then the attack positioning information of the same non-persistent attack vector in each piece of designated shared access reference information may be determined according to the attack positioning information of the non-persistent attack vector contained in each piece of designated shared access reference information, and then the attack positioning information of each non-persistent attack vector on the shared access authorization service to be traced back may be calculated according to the attack positioning information of the same non-persistent attack vector in each piece of designated shared access reference information.

For any one shared access reference information, the technical solution in the foregoing embodiment may be adopted to detect the non-persistent attack vector contained therein, and identify the attack location information of the non-persistent attack vector therein. And then integrating the extracted attack positioning information of the same non-persistent attack vector contained in the appointed shared access reference information to obtain the attack positioning information of each non-persistent attack vector. For example, the attack localization information may be attack localization confidence degrees, and further, the attack localization confidence degrees of the same non-persistent attack vector included in the specified shared access reference information may be averaged, and then the obtained average value is used as the attack localization information of each non-persistent attack vector.

It should be noted that, if the attack positioning information of the non-persistent attack vector is determined by directly collecting multiple pieces of shared access request information instead of extracting the specified shared access reference information from the shared access past information to determine the attack positioning information of the non-persistent attack vector, the specific processing manner is similar to the scheme of determining the attack positioning information of the non-persistent attack vector based on extracting the specified shared access reference information from the shared access past information, and is not described again.

In one embodiment, at least one set of shared access reference information may be extracted from shared access past information including a shared access authorization service to be traced, and then potential trajectory feature points of an attack partition where a persistent attack vector is located and attack traversal attributes of the persistent attack vector may be extracted from the at least one set of shared access reference information. Based on this, in an embodiment, the attack positioning information of the persistent attack vector contained in each group of shared access reference information can be identified according to the potential trajectory feature point of the attack partition where the persistent attack vector is located extracted from each group of shared access reference information and the attack traversal attribute of the persistent attack vector, then the attack positioning information of the same persistent attack vector in each group of shared access reference information is determined according to the attack positioning information of the persistent attack vector contained in each group of shared access reference information, and then the attack positioning information of each persistent attack vector on the shared access authorization service to be traced is calculated according to the attack positioning information of the same persistent attack vector in each group of shared access reference information.

For any group of shared access reference information, the technical solution in the foregoing embodiment may be adopted to detect the persistent attack vector contained therein and identify the attack location information of the persistent attack vector therein. And then integrating the extracted attack positioning information of the same continuous attack vector contained in each group of shared access reference information to obtain the attack positioning information of each continuous attack vector. For example, the attack localization information may be attack localization confidence degrees, and further, the attack localization confidence degrees of the same persistent attack vector included in each group of shared access reference information may be averaged, and then the obtained average value is used as the attack localization information of each persistent attack vector.

Of course, if at least one group of shared access reference information is not extracted from the shared access past information to determine the attack positioning information of the persistent attack vector, but multiple pieces of shared access request information are directly acquired to determine the attack positioning information of the persistent attack vector, the specific processing manner is similar to the scheme of determining the attack positioning information of the persistent attack vector based on at least one group of shared access reference information extracted from the shared access past information, for example, at least one group of shared access request information can be obtained by dividing according to the multiple pieces of shared access request information, and then attack positioning identification is performed, which is not described again.

In an embodiment, as described in the previous embodiment, the continuous attack trajectory may be extracted through a deep learning network, and meanwhile, attack positioning information corresponding to the continuous attack vector may also be output. For example, the multiple pieces of shared access request information containing the attack partition where the persistent attack vector is located may be input to the deep learning network, so as to extract, through the deep learning network, multiple attack description features of the persistent attack vector among the multiple pieces of shared access request information and potential trajectory feature points of the attack partition where the persistent attack vector is located. And then, converting the multiple attack description characteristics into the normalized description characteristics through a normalization node in the deep learning network, using the normalized description characteristics as attack traversal attributes of the continuous attack vector among the multiple shared access request information, using the potential track characteristic points and the attack traversal attributes as continuous attack tracks, and outputting attack positioning information corresponding to the continuous attack vector through an attack positioning classification node in the deep learning network.

As an example, the deep learning network may adopt 4 feature extraction units, where the 4 feature extraction units are connected in series in sequence, each feature extraction Unit is a structure of conv3d + BN (Batch Normalization) layer + Relu (Rectified Linear Unit), the feature units of the 4 feature extraction units correspond to 4 columns respectively, the connection between the description features is used to indicate that one feature Unit of a next layer is obtained by convolution of several associated feature units of a previous layer, finally, the multiple attack description features are converted into normalized description features, which are used as attack traversal attributes of a persistent attack vector among multiple shared access request information, and the potential trajectory feature points and the attack traversal attributes are used as persistent attack trajectories, and the attack localization confidence corresponding to the attack vector is output through the attack localization classification nodes. The attack localization confidence may be: a "medical certification item" + confidence level, and a "medical qualification item" + confidence level. For example, "medical certification item" 79.3%; the "medical qualification item" is 23.8%.

Step S710, determining the attack location of the shared access authorization service to be traced according to the attack location information corresponding to each non-continuous attack vector and the attack location information corresponding to each continuous attack vector.

In an embodiment, if the attack location information includes the attack location confidence, the attack location confidence corresponding to each non-continuous attack vector and the attack location confidence corresponding to each continuous attack vector may be weighted according to the weighted proportion of each non-continuous attack vector and the weighted proportion of each continuous attack vector to obtain an attack location confidence comprehensive value, and then the attack location of the shared access authorization service to be traced is determined according to the attack location confidence comprehensive value.

For example, assume that the shared access authorization service to be traced back has 1 non-persistent attack vector and 2 persistent attack vectors, the weighted ratio of the non-persistent attack vector a is 0.2, the weighted ratio of the persistent attack vector b is 0.4, the weighted ratio of the persistent attack vector c is 0.4, and the attack localization confidence of the non-persistent attack vector a is: "medical certification item" 0.4; the confidence of the attack localization of the sustained attack vector b is: 0.7 of medical qualification item; if the confidence of the attack location of the persistent attack vector c is "medical authentication item" 0.5, it can be calculated that the comprehensive confidence value of the attack location corresponding to the shared access authorization service to be traced is "medical authentication item" is 0.2 × 0.4+0.4 × (1-0.7) +0.4 × 0.5 ═ 0.4.

Illustratively, after an attack location confidence comprehensive value of the shared access authorization service to be traced is calculated, the attack location confidence comprehensive value may be compared with a preset threshold, if the attack location of the shared access authorization service to be traced is that the confidence comprehensive value of the "medical authentication item" is greater than the preset threshold, it is determined that the attack location of the shared access authorization service to be traced is the "medical authentication item", otherwise, if the confidence comprehensive value of the shared access authorization service to be traced is the "medical authentication item" is less than or equal to the preset threshold, it is determined that the attack location of the target subscription service item is not the "medical authentication item". The preset threshold value can be set according to actual conditions.

Thus, the embodiment mainly performs attack positioning of the access authorization service based on the persistent attack vector and the non-persistent attack vector on the shared access request information, considers the potential trajectory feature point of the attack partition where the non-persistent attack vector is located for the non-persistent attack vector, considers the potential trajectory feature point of the attack partition where the persistent attack vector is located for the persistent attack vector, considers the attack traversal attribute of the persistent attack vector among a plurality of shared access request information, determines the attack positioning information corresponding to each non-persistent attack vector and the attack positioning information corresponding to each persistent attack vector, and further identifies the attack positioning of the shared access authorization service to be traced according to the attack positioning information corresponding to each non-persistent attack vector and the attack positioning information corresponding to each persistent attack vector, the accuracy of attack positioning determination is improved.

In one embodiment, for step S710, in the process of determining the attack tracing back result information of the target verification service information 200 based on the attack location of the shared access authorization service to be traced back, the following exemplary sub-steps may be implemented, which are described in detail below.

In the substep S711, hash digest information in the attack positioning of the shared access authorization service to be traced and tracing source address information of the verification service object of the service terminal 200 are obtained.

And a substep S712, matching the hash digest information and the tracing source address information in the attack positioning of the shared access authorization service to be traced based on the address correlation degree between the hash digest information and the tracing source address information in the attack positioning of the shared access authorization service to be traced to obtain matching information.

And a substep S713, determining the successfully matched traceback source address information as the selected traceback source address information, and determining traceback path resource positioning information corresponding to the selected traceback source address information according to the same address service between the traceback source address information in the matching information and the selected traceback source address information.

And a substep S714 of performing tracing path search on the tracing path resource positioning information corresponding to the selected tracing source address information and the selected tracing source address information to obtain a tracing path search result.

And a substep S715, determining attack confirmation information corresponding to the attack location of the shared access authorization service to be traced and an attack fingerprint result corresponding to the attack confirmation information according to the tracing path search result and the matching information, and determining attack tracing result information of the service terminal 200 according to the attack fingerprint result.

Based on the above substeps, in this embodiment, first, hash digest information in attack positioning of the shared access authorization service to be traced and tracing source address information of a verification service object of the service terminal 200 are obtained, then, matching of the hash digest information and the tracing source address information is performed based on the address correlation degree to obtain matching information, then, tracing path resource positioning information is determined according to the tracing source address information successfully matched, so that a tracing path search result is obtained, an attack fingerprint result corresponding to attack confirmation information corresponding to the attack positioning of the shared access authorization service to be traced is determined according to the tracing path search result and the matching information, and attack tracing result information of the service terminal 200 is determined according to the attack fingerprint result. The targeted requirement can be determined through the fingerprint attack result, so that the requirement of the verification service object obtained through determination can better meet the actual intention of the user, and the accuracy of subsequent information push is improved.

In one embodiment, for sub-step S711, this may be achieved by the following exemplary embodiments.

(1) At least two hash digest attributes and at least two tracing source address attributes in attack positioning of a shared access authorization service to be traced are obtained.

(2) The method comprises the steps of obtaining hash digest book updating information and attribute transfer information of hash digest attributes between at least two hash digest attributes, and obtaining tracing source address updating information and attribute transfer information of tracing source address attributes between at least two tracing source address attributes.

(3) And combining at least two hash digest attributes according to the hash digest book updating information and the attribute transfer information of the hash digest attributes to obtain hash digest information to be traced in the attack positioning of the shared access authorization service. Wherein one hash digest information includes at least one hash digest attribute.

(4) And combining at least two tracing source address attributes according to the tracing source address updating information and the attribute transfer information of the tracing source address attributes to obtain tracing source address information in the attack positioning of the shared access authorization service to be traced. Wherein, one tracing source address information comprises at least one tracing source address attribute.

In one embodiment, for sub-step S712, it may be implemented by the following exemplary embodiments.

(1) And determining the tracing source address information in the attack location of the shared access authorization service to be traced as the activated tracing source address information, and determining the hash digest information in the attack location of the shared access authorization service to be traced as the activated hash digest information.

And the tracing source address attribute in the activated tracing source address information is determined from the real-time configuration attribute of the attack positioning for the shared access authorization service to be traced.

(2) And acquiring the hash abstract attribute in the real-time configuration attribute. And determining the correlation degree of the configuration attributes between the hash abstract attributes in the real-time configuration attributes and the hash abstract attributes in the activated hash abstract information as the address correlation degree between the activated tracing source address information and the activated hash abstract information.

And when the address correlation degree is greater than or equal to the preset address correlation degree, matching the activated tracing source address information with the activated hash digest information to obtain matching information.

For example, in one embodiment, the selected traceback source address information includes a scattered traceback source address attribute in an attack location of the shared access authorization service to be traceback. The number of matching information is at least two. And the tracing source address information in each matching information respectively comprises a global tracing source address attribute in the attack positioning of the shared access authorization service to be traced.

On this basis, in one embodiment, for sub-step S713, the following exemplary embodiments may be implemented.

(1) And acquiring the scattered tracing chain of the selected tracing source address information according to the scattered tracing source address attribute.

(2) And respectively acquiring a global tracing chain of the tracing source address information in each matching message according to the global tracing source address attribute included in each matching message.

(3) And obtaining the tracing chain linkage information between the distributed tracing chains and the global tracing chains corresponding to each matching information.

(4) And determining the same address service between the tracing source address information in each matching message and the selected tracing source address information according to the tracing chain linkage information to which each matching message belongs.

(5) And when the matching times of the target matching information are greater than a first preset matching time threshold and less than or equal to a second preset matching time threshold, determining the tracing path resource positioning information contained in the hash abstract information in the target matching information as the tracing path resource positioning information corresponding to the selected tracing source address information. The target matching information refers to matching information of which the service updating time difference corresponding to the same address service is greater than or equal to the preset service updating time difference.

In one embodiment, the number of profile attributes for the decentralized traceback source address attribute is at least two. In the process of acquiring the distributed trace back chain of the selected trace back source address information according to the distributed trace back source address attributes in the substep S713 (1), a trace back node corresponding to each of the at least two distributed trace back source address attributes may be acquired, a trace back node connected graph corresponding to the at least two distributed trace back source address attributes is acquired according to a trace back node corresponding to each of the distributed trace back source address attributes, and the trace back node connected graph is determined as the distributed trace back chain.

In one embodiment, the at least two matching information comprise matching information i, i being a positive integer less than or equal to the total number of the at least two matching information. The number of the configuration attributes of the global traceback source address attribute included in the matching information i is at least two.

In this way, in the process of obtaining the global trace-back chain of the trace-back source address information in each matching information according to the global trace-back source address attribute included in each matching information in step (2) of the sub-step S713, the trace-back node corresponding to each global trace-back source address attribute of the at least two global trace-back source address attributes included in the matching information i can be obtained, then the global trace-back node connected graph corresponding to the at least two global trace-back source address attributes is obtained according to the trace-back node corresponding to each global trace-back source address attribute, and the global trace-back node connected graph is determined as the global trace-back chain of the trace-back source address information in the matching information i.

In one embodiment, the number of the selected traceback source address information is at least two, and when the number of the target matching information is less than or equal to a first preset matching time threshold, the matching information corresponding to the traceback source address information with the largest service updating time difference corresponding to the same address service between each selected traceback source address information is respectively determined as the selected matching result corresponding to each selected traceback source address information.

On this basis, the tracing path resource positioning information contained in the hash digest information in the selected matching result corresponding to each selected tracing source address information can be respectively determined as the selected tracing path resource positioning information corresponding to each selected tracing source address information, and then at least two tracing behavior relationship characteristic representations corresponding to the selected tracing behavior relationship are determined according to the selected tracing path resource positioning information corresponding to each selected tracing source address information.

Then, a first tracing behavior positioning resource of at least two tracing behavior relationship characteristics in tracing path resource positioning information contained in hash digest information of at least two matching information can be obtained, according to the first tracing behavior positioning resource, a first target tracing behavior relationship characteristic representation of each selected tracing source address information aiming at the selected tracing behavior relationship is determined, and the selected tracing behavior relationship respectively having the first target tracing behavior relationship characteristic representation corresponding to each selected tracing source address information is determined as the tracing path resource positioning information corresponding to each selected tracing source address information. The at least two tracing behavior relationship features represent the tracing cost of the tracing behavior relationship corresponding to the second tracing behavior positioning resource in the tracing path resource positioning information corresponding to each selected tracing source address information, and the tracing cost is equal to the tracing cost of the tracing behavior relationship of the first tracing behavior positioning resource.

In one embodiment, when the number of the target matching information is greater than a second preset matching time threshold, counting resource positioning information position information of at least two tracing behavior relationship features of the selected tracing behavior relationship, wherein the tracing behavior relationship features are represented in tracing path resource positioning information contained in a hash digest attribute of the target matching information. And at least two tracing behavior relation characteristic representations are determined according to tracing path resource positioning information contained in the hash abstract information in the target matching information.

On the basis, according to the same address service and service position information between the selected tracing source address information and the target matching information, a second target tracing behavior relation characteristic representation of the selected tracing source address information aiming at the selected tracing behavior relation is determined from at least two tracing behavior relation characteristic representations, and the selected tracing behavior relation with the second target tracing behavior relation characteristic representation is determined as tracing path resource positioning information corresponding to the selected tracing source address information.

In an embodiment, in the embodiment, the traceback path resource location information included in the hash digest information in the matching information may be further determined as traceback path resource location information included in the matching information, the matching information and the traceback path search result are determined as an activated matching result in the attack location of the shared access authorization service to be traced back, the traceback path resource location information included in the activated matching result is determined as target traceback path resource location information, the same resource location information tag is added to the target traceback path resource location information and the traceback source address information in the corresponding activated matching result, the target traceback path resource location information with the traceback source address tag is respectively input to a preset multi-service mean value clustering network, and an attack fingerprint result of the target traceback path resource location information is obtained.

In the substep S715, attack confirmation information in attack positioning of the shared access authorization service to be traced can be determined according to the tracing source address information in the activated matching result, and an attack fingerprint result corresponding to the attack confirmation information is obtained from a preset multi-service mean value clustering network, a preset deep learning neural network and a preset forward feedback neural network according to a tracing source address label of the tracing source address information in the activated matching result.

The following exemplary embodiments can be implemented to obtain the attack fingerprint result corresponding to the attack confirmation information from the preset multi-service mean value clustering network, the preset deep learning neural network and the preset forward feedback neural network according to the tracing source address tag of the tracing source address information in the activated matching result.

(1) And generating first source characteristic data for detecting the target tracing path resource positioning information in the preset multi-service mean value clustering network according to the tracing source address label of the tracing source address information in the activated matching result, and generating second source characteristic data for detecting the target tracing path resource positioning information in the preset deep learning neural network according to the first source characteristic data when the attack fingerprint result corresponding to the attack confirmation information is not determined from the preset multi-service mean value clustering network according to the first source characteristic data.

(2) And when an attack fingerprint result corresponding to the attack confirmation information is not determined from the preset deep learning neural network according to the second source characteristic data, generating third source characteristic data for detecting the target tracing path resource positioning information in the preset forward feedback neural network according to the second source characteristic data.

(3) And acquiring an attack fingerprint result corresponding to the attack confirmation information from a preset forward feedback neural network according to the third source characteristic data.

Fig. 3 is a schematic functional block diagram of a smart medical attack tracing apparatus 300 based on a blockchain according to an embodiment of the present disclosure, and the functions of the functional blocks of the smart medical attack tracing apparatus 300 based on a blockchain are described in detail below.

The determining module 310 is configured to, when receiving abnormal reporting information sent by the blockchain shared node terminal, determine whether a network information attack behavior for the target verification service information exists in the verification process of the intelligent contract condition of the shared intelligent contract for the target verification service information of the blockchain shared node terminal, where the target verification service information is the target verification service information that is determined to be not in accordance with the intelligent contract condition in the shared access request for the first target disease data object sent by the blockchain shared node terminal.

The tracking module 320 is configured to track network attack intelligence clues in an attack behavior stage in a multi-attack link data flow of a network information attack behavior when the target verification service information has a network information attack behavior for the target verification service information in a verification process of an intelligent contract condition.

The determining module 330 is configured to determine attack tracing result information of the network information attack behavior of the target verification service information according to a network attack intelligence clue at an attack behavior stage in the multi-attack link data stream of the network information attack behavior.

Fig. 4 illustrates a hardware structure of the medical big data system 100 for implementing the above intelligent medical attack tracing method based on block chains according to the embodiment of the present disclosure, and as shown in fig. 4, the medical big data system 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a transceiver 140.

In a specific implementation process, at least one processor 110 executes the medical big data system execution instructions stored in the machine-readable storage medium 120, so that the processor 110 may execute the intelligent medical attack tracing method based on the blockchain as in the above method embodiment, the processor 110, the machine-readable storage medium 120, and the transceiver 140 are connected through the bus 130, and the processor 110 may be configured to control the transceiver action of the transceiver 140, so as to perform data transceiving with the blockchain shared node terminal 200.

For a specific implementation process of the processor 110, reference may be made to the above-mentioned various method embodiments executed by the medical big data system 100, which implement the principle and the technical effect similarly, and the detailed description of the embodiment is omitted here.

In addition, the readable storage medium is preset with a medical big data system execution instruction, and when the processor executes the medical big data system execution instruction, the intelligent medical attack tracing method based on the block chain is realized.

Finally, it should be understood that the examples in this specification are only intended to illustrate the principles of the examples in this specification. Other variations are also possible within the scope of this description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the present specification can be enabled to match the teachings of the present specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.

Claims

1. An intelligent medical attack tracing method based on a blockchain is applied to a medical big data system, the medical big data system is in communication connection with a plurality of blockchain sharing node terminals in a blockchain network, the blockchain network is provided with a sharing intelligent contract corresponding to a sharing request, and the method comprises the following steps:

determining attack tracing result information of the network information attack behavior of the target verification service information according to a network attack intelligence clue of an attack behavior stage in the multi-attack-link data stream of the network information attack behavior;

wherein, the step of determining the attack tracing result information of the network information attack behavior of the target verification service information according to the network attack intelligence clue of the attack behavior stage in the multi-attack link data flow of the network information attack behavior comprises the following steps:

acquiring a shared access authorization service to be traced and a target tracing rule corresponding to the shared access authorization service to be traced, wherein the shared access authorization service to be traced matches a plurality of shared security event tags, and the target tracing rule belongs to an authorized shared item of the shared access authorization service to be traced, and comprises at least one tracing rule node;

detecting a continuous attack vector and a non-continuous attack vector contained in a plurality of pieces of shared access request information of the shared access authorization service to be traced according to the target tracing rule;

extracting potential track characteristic points of an attack partition where the non-continuous attack vector is located to obtain a non-continuous attack track, and extracting potential track characteristic points of the attack partition where the continuous attack vector is located and attack traversal attributes of the continuous attack vector among the plurality of shared access request information to obtain a continuous attack track;

identifying attack positioning information corresponding to each non-continuous attack vector based on the non-continuous attack track, and identifying attack positioning information corresponding to each continuous attack vector based on the continuous attack track;

and determining the attack location of the shared access authorization service to be traced according to the attack location information corresponding to each non-continuous attack vector and the attack location information corresponding to each continuous attack vector, and determining the attack tracing result information of the network information attack behavior of the target verification service information based on the attack location of the shared access authorization service to be traced.

2. The method for intelligent medical attack tracing based on block chains according to claim 1, wherein extracting potential track feature points of an attack partition where the persistent attack vectors are located and attack traversal attributes of the persistent attack vectors among a plurality of shared access request information to obtain persistent attack tracks, and identifying attack positioning information corresponding to each persistent attack vector based on the persistent attack tracks comprises:

inputting a plurality of pieces of shared access request information containing the attack subarea where the continuous attack vector is located into a deep learning network, and extracting multiple attack description features of the continuous attack vector among the plurality of pieces of shared access request information and potential track feature points of the attack subarea where the continuous attack vector is located through the deep learning network;

converting the multiple attack description features into normalized description features through a normalization node in the deep learning network, using the normalized description features as attack traversal attributes of the continuous attack vector among multiple shared access request information, using the potential track feature points and the attack traversal attributes as continuous attack tracks, and outputting attack positioning information corresponding to the continuous attack vector through an attack positioning classification node in the deep learning network.

3. The intelligent medical attack tracing method based on the blockchain according to claim 1, wherein identifying attack localization information corresponding to each non-sustained attack vector based on the non-sustained attack trajectory comprises:

determining attack positioning information corresponding to each non-continuous attack vector according to a first attack track interval where a non-continuous attack track of each non-continuous attack vector is located and attack positioning information associated with the first attack track interval;

identifying attack positioning information corresponding to each continuous attack vector based on the continuous attack trajectory, wherein the attack positioning information comprises:

and determining attack positioning information corresponding to each continuous attack vector according to a second attack track interval where the continuous attack track of each continuous attack vector is located and attack positioning information associated with the second attack track interval.

4. The intelligent blockchain-based medical attack tracing method according to claim 1, wherein the plurality of shared access request messages include:

designated shared access reference information extracted from shared access past information containing the shared access authorization service to be traced back, wherein the designated shared access reference information comprises any one of the following information:

each piece of shared access reference information in the shared access past information, one or more pieces of shared access reference information extracted from the shared access past information according to a set interval, and shared access reference information of which the shared access authorization service to be traced is in an authorized activation state;

extracting potential track characteristic points of the attack subarea where the non-continuous attack vector is located, wherein the potential track characteristic points comprise: extracting potential track characteristic points of an attack partition where a non-continuous attack vector is located from the specified shared access reference information;

identifying attack positioning information corresponding to each non-persistent attack vector based on the non-persistent attack trajectory, including:

identifying attack positioning information of non-persistent attack vectors contained in each piece of specified shared access reference information based on non-persistent attack tracks extracted from each piece of specified shared access reference information;

determining attack positioning information of the same non-persistent attack vector in each piece of designated shared access reference information according to the attack positioning information of the non-persistent attack vector contained in each piece of designated shared access reference information;

and calculating attack positioning information of each non-persistent attack vector on the shared access authorization service to be traced according to the attack positioning information of the same non-persistent attack vector in each appointed shared access reference information.

5. The intelligent blockchain-based medical attack tracing method according to claim 1, wherein the plurality of shared access request messages include:

at least one group of shared access reference information extracted from shared access past information containing the shared access authorization service to be traced;

extracting potential track characteristic points of an attack partition where the continuous attack vector is located and attack traversal attributes of the continuous attack vector among a plurality of pieces of shared access request information, wherein the potential track characteristic points comprise:

extracting potential track characteristic points of an attack partition where the continuous attack vectors are located and attack traversal attributes of the continuous attack vectors from the at least one group of shared access reference information;

if a plurality of groups of shared access reference information are extracted from shared access past information containing the shared access authorization service to be traced, identifying attack positioning information corresponding to each continuous attack vector based on the continuous attack track, wherein the attack positioning information comprises:

identifying attack positioning information of the continuous attack vector contained in each group of shared access reference information based on potential track characteristic points of attack partitions where the continuous attack vectors are extracted from each group of shared access reference information and attack traversal attributes of the continuous attack vectors;

determining attack positioning information of the same continuous attack vector in each group of shared access reference information according to the attack positioning information of the continuous attack vector contained in each group of shared access reference information;

and calculating attack positioning information of each continuous attack vector on the shared access authorization service to be traced according to the attack positioning information of the same continuous attack vector in each group of shared access reference information.

6. The intelligent blockchain-based medical attack tracing method according to any one of claims 1 to 5, wherein the attack localization information includes an attack localization confidence level;

determining the attack location of the shared access authorization service to be traced according to the attack location information corresponding to each non-continuous attack vector and the attack location information corresponding to each continuous attack vector, including:

weighting the attack positioning confidence corresponding to each non-continuous attack vector and the attack positioning confidence corresponding to each continuous attack vector according to the weighted proportion of each non-continuous attack vector and the weighted proportion of each continuous attack vector to obtain an attack positioning confidence comprehensive value;

and determining the attack location of the shared access authorization service to be traced according to the attack location confidence coefficient comprehensive value.

7. The intelligent blockchain-based medical attack tracing method according to any one of claims 1 to 5, wherein the step of determining attack tracing result information of network information attack behavior of the target authentication service information based on the attack localization of the shared access authorization service to be traced comprises:

obtaining hash abstract information in attack positioning of the shared access authorization service to be traced and tracing source address information of a verification service object of the target verification service information;

matching the hash digest information and the tracing source address information in the attack positioning of the shared access authorization service to be traced based on the address correlation degree between the hash digest information and the tracing source address information in the attack positioning of the shared access authorization service to be traced to obtain matching information;

determining successfully matched tracing source address information as selected tracing source address information, and determining tracing path resource positioning information corresponding to the selected tracing source address information according to the same address service between the tracing source address information in the matching information and the selected tracing source address information;

tracing path resource positioning information corresponding to the selected tracing source address information and the selected tracing source address information are searched to obtain a tracing path searching result;

according to the tracing path searching result and the matching information, determining attack confirmation information corresponding to the attack positioning of the shared access authorization service to be traced and an attack fingerprint result corresponding to the attack confirmation information, and determining attack tracing result information of the network information attack behavior of the target verification service information according to the attack fingerprint result.

8. The intelligent blockchain-based medical attack tracing method according to claim 7, wherein the obtaining hash digest information in the attack localization of the shared access authorization service to be traced and tracing source address information of the verification service object of the target verification service information includes:

acquiring at least two hash digest attributes and at least two tracing source address attributes in the attack positioning of the shared access authorization service to be traced;

acquiring hash digest book updating information and attribute transfer information of the hash digest attributes between the at least two hash digest attributes, and acquiring tracing source address updating information and attribute transfer information of the tracing source address attributes between the at least two tracing source address attributes;

combining the at least two hash digest attributes according to the hash digest book updating information and the attribute transfer information of the hash digest attributes to obtain hash digest information in the attack positioning of the shared access authorization service to be traced; wherein, one hash abstract information includes at least one hash abstract attribute;

combining the at least two tracing source address attributes according to the tracing source address updating information and the attribute transfer information of the tracing source address attributes to obtain tracing source address information in the attack positioning of the shared access authorization service to be traced; the tracing source address information comprises at least one tracing source address attribute;

the matching the hash digest information and the tracing source address information in the attack positioning of the shared access authorization service to be traced based on the address correlation degree between the hash digest information and the tracing source address information in the attack positioning of the shared access authorization service to be traced comprises:

determining tracing source address information in the attack location of the shared access authorization service to be traced as activated tracing source address information, and determining hash digest information in the attack location of the shared access authorization service to be traced as activated hash digest information; wherein the tracing source address attribute in the activated tracing source address information is determined from a real-time configuration attribute of an attack location for the shared access authorization service to be traced;

acquiring a hash abstract attribute in the real-time configuration attribute; determining the correlation degree of the configuration attributes between the hash digest attributes in the real-time configuration attributes and the hash digest attributes in the activated hash digest information as the address correlation degree between the activated traceback source address information and the activated hash digest information; and when the address correlation degree is greater than or equal to a preset address correlation degree, matching the activated tracing source address information with the activated hash digest information to obtain the matching information.

9. A medical big data system, comprising a processor, a machine-readable storage medium, and a network interface, wherein the machine-readable storage medium, the network interface, and the processor are associated through a bus system, the network interface is configured to be communicatively connected to at least one blockchain shared node terminal, the machine-readable storage medium is configured to store medical big data system instructions, and the processor is configured to execute the medical big data system instructions in the machine-readable storage medium to perform the blockchain-based intelligent medical attack tracing method according to any one of claims 1 to 8.