CN113468520A - Data intrusion detection method applied to block chain service and big data server - Google Patents
Data intrusion detection method applied to block chain service and big data server Download PDFInfo
- Publication number
- CN113468520A CN113468520A CN202110665285.0A CN202110665285A CN113468520A CN 113468520 A CN113468520 A CN 113468520A CN 202110665285 A CN202110665285 A CN 202110665285A CN 113468520 A CN113468520 A CN 113468520A
- Authority
- CN
- China
- Prior art keywords
- service
- cloud service
- block chain
- information
- operation behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
Abstract
The embodiment of the application discloses a data intrusion detection method and a big data server applied to block chain services, wherein a continuous operation behavior data set is determined in a first preset intrusion detection time period, so that the data volume of the operation behavior data set can be effectively reduced, the efficiency of subsequent intrusion detection is improved, and the obtained intrusion detection data source set can be ensured to be matched with an uninterrupted cloud service event due to the time sequence continuity of the continuous operation behavior data set, so that the time sequence consistency of the access authority states of the intrusion detection data source set and the block chain service equipment can be ensured when the data intrusion detection is carried out on the access authority states of the block chain service equipment, and the reliability of the data intrusion detection is ensured.
Description
Technical Field
The present application relates to the field of blockchain and data security technologies, and in particular, to a data intrusion detection method and a big data server for blockchain services.
Background
The block chain is a decentralized shared account book which combines data blocks into a specific data structure in a chain mode according to a time sequence and ensures that the data blocks cannot be tampered and forged in a cryptographic mode. Briefly, a blockchain may be understood as a decentralized distributed database, in which data blocks are stored in chronological order, and each block stores a plurality of pieces of data information.
At present, the application of the blockchain is more and more extensive, and besides the application in the field of finance, the blockchain can also be applied to energy internet (energy source blockchain), medical services (medical blockchain), academic records in academic circles, supply chain management, cloud storage and the like.
Distributed accounting of the blockchain can ensure that stored data information cannot be tampered and counterfeited, but with the development of internet communication, various data intrusion technologies are continuously upgraded, and for blockchain services, on the premise of ensuring that data information cannot be tampered and counterfeited, data information is required to be ensured not to be illegally accessed and stolen. The related data intrusion detection techniques still have some drawbacks.
Disclosure of Invention
In a first aspect, a data intrusion detection method applied to a blockchain service is provided, and is applied to a big data server, where the method includes: determining a continuous operation behavior data set of a cloud service event executed by block chain service equipment corresponding to cloud service scene information according to interactive operation record information in a first preset intrusion detection time period; determining an intrusion detection data source set of the blockchain business equipment corresponding to the cloud business scene information through a continuous operation behavior data set of the blockchain business equipment corresponding to the cloud business scene information; and carrying out data intrusion detection on the access authority state of the block chain service equipment corresponding to the cloud service scene information based on the intrusion detection data source set.
In a second aspect, a big data server is provided, which comprises a processing engine, a network module and a memory; the processing engine and the memory communicate via the network module, and the processing engine reads the computer program from the memory and runs the computer program to perform the method of the first aspect.
In the description that follows, additional features will be set forth, in part, in the description. These features will be in part apparent to those skilled in the art upon examination of the following and the accompanying drawings, or may be learned by production or use. The features of the present application may be realized and attained by practice or use of various aspects of the methodologies, instrumentalities and combinations particularly pointed out in the detailed examples that follow.
Drawings
The present application will be further explained by way of exemplary embodiments, which will be described in detail by way of the accompanying drawings. These embodiments are not intended to be limiting, and in these embodiments like numerals are used to indicate like structures, wherein:
FIG. 1 is a flow diagram illustrating an exemplary data intrusion detection method and/or process for blockchain traffic according to some embodiments of the invention;
FIG. 2 is a block diagram illustrating an exemplary data intrusion detection mechanism for blockchain traffic in accordance with some embodiments of the present invention;
FIG. 3 is a block diagram of an exemplary data intrusion detection system for blockchain traffic, according to some embodiments of the invention, an
FIG. 4 is a diagram illustrating the hardware and software components of an exemplary big data server, according to some embodiments of the invention.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the description of the embodiments will be briefly introduced below. It is obvious that the drawings in the following description are only examples or embodiments of the application, from which the application can also be applied to other similar scenarios without inventive effort for a person skilled in the art. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system", "device", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this application and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flow charts are used herein to illustrate operations performed by systems according to embodiments of the present application. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
The application provides a data intrusion detection method and a big data server applied to a block chain service, which can determine a continuous operation behavior data set of a cloud service event executed by a block chain service device corresponding to cloud service scene information through interactive operation record information in a first preset intrusion detection time period, further determine an intrusion detection data source set of the block chain service device, and perform data intrusion detection on an access authority state of the block chain service device corresponding to the cloud service scene information. It can be understood that, by determining the continuous operation behavior data set in the first preset intrusion detection time period, the data size of the operation behavior data set can be effectively reduced, so that the efficiency of subsequent intrusion detection is improved, and due to the existence of time sequence continuity of the continuous operation behavior data set, the obtained intrusion detection data source set can be ensured to be matched with an uninterrupted cloud service event, so that when data intrusion detection is performed on the access authority state of the block chain service device, the time sequence consistency of the access authority states of the intrusion detection data source set and the block chain service device can be ensured, and the reliability of the data intrusion detection is ensured.
Referring to fig. 1, a flowchart of an exemplary data intrusion detection method and/or process applied to a blockchain service is shown, and the data intrusion detection method applied to the blockchain service may include the following technical solutions described in steps 100 to 300.
Step 100, determining a continuous operation behavior data set of a cloud service event executed by a block chain service device corresponding to cloud service scene information according to interactive operation record information in a first preset intrusion detection time period.
For example, the preset intrusion detection time period may be adjusted according to the previous intrusion detection record, and the more the number of times of the presence of the intrusion detection condition represented by the previous intrusion detection record is, the shorter the duration of the preset intrusion detection time period may be. The interactive operation record information is used for representing information corresponding to service interactive operation between different blockchain service devices, and the interactive operation record information can be expressed in the form of texts or diagrams.
Further, the cloud service scenario information may be used to represent different service types. The service type/scene corresponding to the cloud service scene information may be an online payment service, a teleworking service, a teleeducation service, an interactive enterprise service, a virtual reality service, an augmented reality service, or a smart city service.
In addition, the blockchain service devices can be intelligent electronic devices with data communication and interaction functions, different blockchain service devices communicate with each other to perform decentralized distributed service interaction, and the big data server communicates with each blockchain service device to perform data intrusion detection and does not participate in service interaction between the blockchain service devices, so that decentralized distributed service interaction between different blockchain service devices is not damaged.
It is understood that the cloud service event executed by the blockchain service device may correspond to a more detailed cloud service event corresponding to each of the online payment service, the teleworking service, the teleeducation service, the interactive enterprise service, the virtual reality service, the augmented reality service, or the smart city service described above. Such as cross-border payment events in online payment services.
Further, the continuous operation behavior data set is used for recording a data set corresponding to a series of continuous operation behaviors of the block chain service device in the process of executing the cloud service event, and the continuous operation behavior data set may be continuous in a time sequence level or continuous in a service level.
Based on the above, the determining, according to the interactive operation record information in the first preset intrusion detection time period, the continuous operation behavior data set of the cloud service event executed by the blockchain service device corresponding to the cloud service scene information in step 100 may be implemented by the methods described in steps 110 and 120 below.
And step 110, acquiring a set of first device running state data corresponding to the cloud service scene information according to the interactive operation record information in the first preset intrusion detection time period.
For example, the first device operation state data may include communication state data of the blockchain service device in the service interaction process, and the first device operation state data may further include event characteristics of the executed cloud service event and timing characteristic information of the executed cloud service event. The event characteristic information is used for summarizing the relevant content of the cloud service event, and the timing characteristic information is used for summarizing the execution time information (an execution starting time period, an execution interruption time period and an execution interruption time period) of the cloud service event.
It can be understood that, since the set of the first device operation state data includes the communication state data of the blockchain service device in the service interaction process, the event characteristics of the executed cloud service event, and the time sequence characteristic information of the executed cloud service event, when the continuous operation behavior data set of the cloud service event executed by the blockchain service device corresponding to the cloud service scenario information is determined, comprehensive consideration can be performed from the communication state level, the event characteristic level, and the time sequence characteristic level, so as to ensure the content integrity and the time sequence accuracy of the continuous operation behavior data set.
In some possible embodiments, the determining, according to the set of the first device operating state data corresponding to the cloud service scenario information, the continuous operation behavior data set of the cloud service event executed by the blockchain service device corresponding to the cloud service scenario information in step 120 may be implemented by the following steps 121 and 122.
Step 121, determining whether operation behavior triggering occurs between two cloud service events of the block chain service device corresponding to the first cloud service scenario information according to the first device operation state data corresponding to the two cloud service events associated in the time sequence layer in the set of the first device operation state data corresponding to the first cloud service scenario information.
For example, two cloud service events associated in a time sequence level may be understood as two cloud service events in a sequential order in execution time. Whether the operation behavior trigger occurs between the two cloud service events by the blockchain service device can be understood as whether the operation behavior change occurs between the two cloud service events by the blockchain service device.
Step 122, integrating any two pieces of cloud service event information which are associated in a time sequence layer and are not triggered by an operation behavior of the block chain service device corresponding to the first cloud service scene information in the set of the first device operation state data corresponding to the first cloud service scene information, so as to form a continuous operation behavior data set of the cloud service events executed by the block chain service device corresponding to the first cloud service scene information through the integrated cloud service event information.
For example, the first cloud service scenario information is any one of the interactive operation record information in the first preset intrusion detection time period. Furthermore, by integrating any two pieces of cloud business event information meeting the above conditions, the continuity of the continuous operation behavior data set at the business event level can be ensured, and the real-time performance of the continuous operation behavior data set can be ensured because whether the operation behavior change occurs between the two cloud business events by the block chain business equipment is considered.
Therefore, by implementing the steps 121 and 122, continuity and real-time performance of the continuous operation behavior data set at the business event level can be ensured.
In some possible embodiments, the determining whether the operation behavior trigger occurs between the two cloud service events by the blockchain service device corresponding to the first cloud service scenario information in step 121 may be implemented by the following step 121a or step 121 b.
Step 121a, recording the judgment information of whether the operation behavior trigger occurs in one cloud service event with the later time sequence corresponding to the time sequence characteristics of the two cloud service events in the first device running state data corresponding to the first cloud service scene information.
And 121b, recording the judgment information of whether the operation behavior triggering occurs in the cloud service event integration information formed by the two cloud service events.
Therefore, the judgment information of whether the operation behavior triggering occurs is recorded, so that follow-up quick calling is facilitated, and meanwhile, when the cloud service event information is integrated, the association judgment and the operation behavior triggering judgment of the time sequence layer can be quickly performed, and the time consumption of the judgment of the operation behavior triggering is reduced.
In another embodiment, the determining, by using the first device operation state data corresponding to two associated cloud service events in the time sequence level in the set of the first device operation state data corresponding to the first cloud service scenario information and according to the description in step 121, whether an operation behavior trigger occurs between the two cloud service events in the block chain service device corresponding to the first cloud service scenario information may include the following steps 1211 and 1212.
And 1211, determining target dynamic association time consumption of the two cloud service events according to the preset static response sensitivity of the two executed cloud service events and the similarity of the two cloud service events.
In this embodiment, the preset static response sensitivity of the two cloud service events may be understood as a static response sensitivity of service interaction during the execution of the two cloud service events, where the unit of the sensitivity may be ms, and is used to represent response time, and a static state may be used to represent that the sensitivity does not change with time. Further, the similarity of two cloud service events can be obtained by performing cosine similarity calculation on the description feature vector (used for explaining the cloud service event from multiple dimensions) of the cloud service event. And the target dynamic association time consumption may be time consumption for performing service association on the two cloud service events in a service interaction process, and generally, the unit of the target dynamic association time consumption may be ms or s.
Step 1212, determining whether an operation behavior trigger occurs between the two cloud service events for the block chain service device corresponding to the first cloud service scenario information according to the time sequence feature information of the two cloud service events executed in the set of the first device operation state data corresponding to the first cloud service scenario information and the target dynamic association time consumption.
In this embodiment, by comprehensively analyzing the time-series characteristic information and the time consumed by the dynamic association of the target, the judgment of the operation behavior trigger can be performed as accurately as possible, so as to reduce the judgment error of the operation behavior trigger and ensure the detection accuracy of the judgment of the operation behavior trigger (for example, refine the specific time period or the specific time of the operation behavior trigger).
It can be understood that, in order to accurately and reliably determine whether the operation behavior trigger occurs between the two cloud service events for the blockchain service device corresponding to the first cloud service scenario information, on the basis of step 1212, determining whether the operation behavior trigger occurs between the two cloud service events for the blockchain service device corresponding to the first cloud service scenario information according to the time sequence characteristic information of the two cloud service events executed in the set of the first device operation state data corresponding to the first cloud service scenario information and the target dynamic association time consumption may include the following contents described in steps 12121 to 12123.
Step 12121, determining time consumed by the block chain service device for performing the first target association of the two cloud service events according to the first device operating state data corresponding to the multiple pieces of cloud service scenario information in the execution process of the two cloud service events, wherein the first device operating state data corresponding to the cloud service scenario information in the first preset intrusion detection period is associated at the time sequence level.
For example, the first target associated time consumption is used to distinguish an occurrence of an operation action trigger from an non-occurrence of the operation action trigger, where the first target associated time consumption refers to a global description value (for example, an average value) or a heat value (for example, an associated time consumption with the largest occurrence number) of associated time consumptions exceeding the target dynamic associated time consumption in associated time consumptions of the two cloud service events executed according to the first device running state data corresponding to the plurality of cloud service scenario information.
Step 12122, if the association time consumption of the two cloud service events executed by the blockchain service device corresponding to the first blockchain service scenario information is greater than the first target association time consumption, determining that the blockchain service device corresponding to the first blockchain service scenario information has an operation behavior trigger in the execution process of the two cloud service events.
For example, when the association time consumption of the two cloud service events is greater than the association time consumption of the first target, it may be determined that a more complex service association condition exists, and thus it may be determined that the operation behavior change occurs between the two cloud service events by the block chain service device, and it is further determined that the operation behavior trigger occurs in the execution process of the two cloud service events by the block chain service device corresponding to the first block chain service scenario information.
Step 12123, if the association time consumption of the two cloud service events executed by the blockchain service device corresponding to the first blockchain service scenario information is less than or equal to the first target association time consumption, determining that no operation behavior trigger occurs in the execution process of the two cloud service events by the blockchain service device corresponding to the first blockchain service scenario information.
It can be understood that by implementing steps 12121 to 12123, it can be determined whether an operation behavior change occurs between the two cloud service events by the blockchain service device based on the association time consumption, so as to determine whether an operation behavior trigger occurs to the blockchain service device corresponding to the first blockchain service scenario information during the execution of the two cloud service events.
In some optional embodiments, in the above-described step 121, there are associated first device operating state data corresponding to two cloud service events in a time sequence layer in a set of first device operating state data corresponding to first cloud service scenario information, and it is determined whether an operation behavior trigger occurs between the two cloud service events for a block chain service device corresponding to the first cloud service scenario information, which may also be implemented through the contents described in the following steps (1) to (4).
(1) And acquiring a set of second equipment running state data which is associated at a time sequence level and corresponds to the cloud service scene information of the two cloud service events in the execution process according to the interactive operation record information in a second preset intrusion detection time period.
For example, the second preset intrusion detection period is before the first preset intrusion detection period, and the second device operation state data includes event characteristics of a cloud service event executed by a block chain service device corresponding to the cloud service scene information and timing characteristic information of the executed cloud service event.
(2) And determining the time consumed by the association of the second targets of the two executed cloud service events according to the set of the second device running state data corresponding to the cloud service scene information which is associated on the time sequence level and in the executing process of the two cloud service events.
Further, the second target association elapsed time is used to distinguish between occurrence of an operational behavior trigger and non-occurrence of an operational behavior trigger.
(3) And if the association time consumption of the two cloud service events executed by the block chain service device corresponding to the first block chain service scene information is greater than the association time consumption of the second target, determining that the block chain service device corresponding to the first block chain service scene information is triggered by an operation behavior in the executing process of the two cloud service events.
(4) And if the association time consumption of the two cloud service events executed by the block chain service device corresponding to the first block chain service scene information is less than or equal to the second target association time consumption, determining that the operation behavior trigger does not occur in the execution process of the two cloud service events by the block chain service device corresponding to the first block chain service scene information.
The method can be understood that the operation behavior triggering judgment is carried out based on different preset intrusion detection time periods, the reliability of the operation behavior triggering judgment can be further improved, the association among the different preset intrusion detection time periods is considered, and the accurate and reliable data intrusion detection is conveniently carried out subsequently.
On the basis of the above, the method may further include: and determining third target association time consumption of the two executed cloud service events according to the set of second device operation state data corresponding to the cloud service scene information in the time sequence layer with association and in the executing process of the two cloud service events, wherein the third target association time consumption is used for distinguishing whether the association time consumption is abnormal association time consumption or not, and the third target association time consumption is less than the second target association time consumption. The association time consumption when there is an anomaly may be understood as the time duration value of the association time consumption is significantly too large or too small. Based on this, the determining that no operation behavior trigger occurs in the execution process of the two cloud service events in the blockchain service device corresponding to the first blockchain service scenario information described in the above step may include the following: and if the association time consumption of the two cloud service events executed by the block chain service device corresponding to the first block chain service scene information is less than or equal to the second target association time consumption and is greater than or equal to the third target association time consumption, determining that the block chain service device corresponding to the first block chain service scene information does not generate operation behavior triggering in the execution process of the two cloud service events. By means of the design, the third target association time consumption is considered, namely the abnormal association time consumption is analyzed, so that the reliability of the operation behavior triggering judgment can be ensured, and the interference of the abnormal association time consumption on the operation behavior triggering judgment can be reduced.
On the basis of the above, the following contents may be further included: and determining fourth target association time consumption of the two cloud service events according to the set of second device running state data corresponding to the cloud service scenario information associated on the time sequence level and in the execution process of the two cloud service events, wherein the fourth target association time consumption is used for distinguishing a type of operation behavior triggering (the type of the operation behavior triggering can be active triggering or passive triggering), and the fourth target association time consumption is greater than the second target association time consumption. Based on this, the determining that the operation behavior trigger occurs in the blockchain service device corresponding to the first blockchain service scenario information in the execution process of the two cloud service events, which is described in the above steps, may include the following: if the association time consumption of the two cloud service events executed by the block chain service device corresponding to the first block chain service scene information is greater than the second target association time consumption and less than or equal to the fourth target association time consumption, determining that the block chain service device corresponding to the first block chain service scene information generates instantaneous operation behavior triggering on the two cloud service events; and if the association time consumption of the two cloud service events executed by the block chain service device corresponding to the first block chain service scene information is greater than the fourth target association time consumption, determining that the block chain service device corresponding to the first block chain service scene information has continuous operation behavior triggering on the two cloud service events. By the design, the category of the operation behavior trigger can be taken into consideration, so that the accuracy and the reliability of the judgment of the operation behavior trigger can be ensured.
In this embodiment, the intrusion detection data source set is used for data intrusion detection, and the data information in the intrusion detection data source set has a higher feature recognition degree at a data intrusion layer and has a smaller data size, so that the timeliness of subsequent data intrusion detection can be ensured.
In some possible embodiments, the determining, by the continuous operation behavior data set of the blockchain service device corresponding to the cloud service scenario information, the set of intrusion detection data sources of the blockchain service device corresponding to the cloud service scenario information described in step 200 may include the following: and determining an intrusion detection data source set of the block chain service equipment corresponding to the cloud service scene information according to the behavior data node information of the continuous operation behavior data set of the block chain service equipment corresponding to the cloud service scene information, wherein the intrusion detection data source set is used for representing the statistical information of the operation behavior triggering conditions of the block chain service equipment corresponding to the cloud service scene information by taking the cloud service event as the current category, and the category of the operation behavior triggering conditions is divided according to the node transmission path of the continuous operation behavior data set and the operation behavior triggering time period.
For example, the behavior data node information is used for performing node processing on the continuous operation behavior data set, and is used for performing discretization processing on linear operation behavior data to realize analysis and processing of a front-back logic relationship. Behavior data nodes corresponding to the behavior data node information can be connected through directed connecting lines. Further, the statistical information of the blockchain service device corresponding to the cloud service scenario information and taking the cloud service event as the operation behavior triggering condition of the current category may be the accumulated times of the blockchain service device corresponding to the cloud service scenario information and taking the cloud service event as the operation behavior triggering condition of the current category, the node transfer path of the continuous operation behavior data set is used for representing the sequential transfer relationship between the behavior data nodes, and the node transfer path may be determined based on the behavior data nodes and the directed connection line.
It can be understood that, because the intrusion detection data source set combines the behavior data node information and the operation behavior trigger condition and other related characteristics, the characteristic recognition degree at the data intrusion layer is higher, and the data volume size is smaller, so that the timeliness of the subsequent data intrusion detection can be ensured.
In some possible embodiments, the determining, by the foregoing step, the intrusion detection data source set of the blockchain service device corresponding to the cloud service scenario information according to the behavior data node information of the continuous operation behavior data set of the blockchain service device corresponding to the cloud service scenario information may include the following steps: and generating a plurality of intrusion detection data source sets in the first cloud service scene information according to the behavior data node information of the continuous operation behavior data set of the block chain service equipment corresponding to the first cloud service scene information. Wherein the plurality of sets of intrusion detection data sources may include at least one of four conditions.
The intrusion detection method comprises a first intrusion detection data source set, a set of cloud service event information and operation behavior trigger statistical information, wherein the cloud service event information corresponds to a first interaction state triggered by a continuous operation behavior in behavior data node information of a continuous operation behavior data set of block chain service equipment corresponding to first cloud service scene information. For example, the first interaction state may be a real-time interaction state.
And the second intrusion detection data source set is a set of operation behavior trigger statistical information of cloud service event information corresponding to a second interaction state triggered by the continuous operation behavior in the behavior data node information of the continuous operation behavior data set of the block chain service equipment corresponding to the first cloud service scene information. For example, the second interaction state may be a delayed interaction state.
It can be understood that, for the first type and the second type of intrusion detection data source sets, the cloud service event information and the operation behavior trigger statistical information corresponding to the interaction state triggered by the continuous operation behavior are targeted.
And the third intrusion detection data source set is a set of cloud service event information and operation behavior trigger statistical information corresponding to a first interaction state triggered by an instant operation behavior in behavior data node information of a continuous operation behavior data set of the block chain service equipment corresponding to the first cloud service scene information.
And a fourth intrusion detection data source set, which is a set of operation behavior trigger statistical information of cloud service event information corresponding to a second interaction state triggered by an instant operation behavior in behavior data node information of a continuous operation behavior data set of the block chain service device corresponding to the first cloud service scene information.
It can be understood that, for the third and fourth intrusion detection data source sets, the cloud service event information and the operation behavior trigger statistical information corresponding to the interaction state triggered by the instant operation behavior are provided.
And 300, performing data intrusion detection on the access authority state of the block chain service equipment corresponding to the cloud service scene information based on the intrusion detection data source set.
In this embodiment, the access right state of the blockchain service device includes a state condition of an access interface of the relevant data information, and by performing data intrusion detection on the access right state, security protection of the data information can be realized at the service interaction front end, so that when a risk of data intrusion is detected, the blockchain service device is instructed to adjust the relevant state of the access interface. For example, the state of the access interface 1 is adjusted from open access to closed, and the state of the access interface 2 is adjusted from open access to check access. For example, data intrusion detection may be performed on the access permission state of the blockchain service device corresponding to the cloud service scene information according to the intrusion detection data source set of the blockchain service device corresponding to the cloud service scene information.
In some optional embodiments, performing data intrusion detection on the access permission state of the blockchain service device corresponding to the cloud service scenario information according to the intrusion detection data source set of the blockchain service device corresponding to the cloud service scenario information may include the following contents described in step 310 and step 330.
Step 310, determining state feature data matched with the access authority state of the block chain service device according to the statistical information in the intrusion detection data source set.
For example, the status feature data may be obtained through a device operation log of the blockchain service device.
And 320, determining an intrusion detection index of the state characteristic data based on the node transmission path and the operation behavior trigger period.
For example, the intrusion detection indicators may be multi-dimensional risk detection vectors.
Step 330, identifying the state characteristic data through the intrusion detection index to obtain an identification result; and judging whether the access authority state has a data intrusion risk or not by using the identification result.
For example, the state feature data is identified by the intrusion detection index, the state feature data can be vectorized, then the similarity between the vectorized state feature data and the risk detection vector is judged, and then whether the access authority state has the data intrusion risk or not is judged according to the similarity. For example, if the similarity is greater than or equal to the set value, it can be determined that the access authority state has a data intrusion risk. For another example, if the similarity is smaller than the set value, it can be determined that the access authority state does not have a data intrusion risk.
It can be understood that, by implementing the steps 100 to 300, in a first preset intrusion detection time period, a continuous operation behavior data set of a cloud service event executed by a blockchain service device corresponding to cloud service scene information can be determined through interactive operation record information, so as to determine an intrusion detection data source set of the blockchain service device, and perform data intrusion detection on an access authority state of the blockchain service device corresponding to the cloud service scene information. It can be understood that, by determining the continuous operation behavior data set in the first preset intrusion detection time period, the data size of the operation behavior data set can be effectively reduced, so that the efficiency of subsequent intrusion detection is improved, and due to the existence of time sequence continuity of the continuous operation behavior data set, the obtained intrusion detection data source set can be ensured to be matched with an uninterrupted cloud service event, so that when data intrusion detection is performed on the access authority state of the block chain service device, the time sequence consistency of the access authority states of the intrusion detection data source set and the block chain service device can be ensured, and the reliability of the data intrusion detection is ensured.
In some optional embodiments, on the basis of the foregoing step 300, when it is determined that the access right status does not present a data intrusion risk, the method may further include sorting the service status of the blockchain service device, and accordingly, the following may be included: acquiring service states of two groups of block chain service equipment to be detected; respectively identifying service items aiming at the service state of each group of block chain service equipment to obtain service item contents corresponding to the service state of the block chain service equipment; performing relevance analysis on the business item contents to obtain relevant business item contents; the related business affair content represents the related condition among all the business affair contents; inputting the content of the associated business transaction into: a state relevance analysis network which is trained based on the relevant service item content samples is obtained in advance, and an output result which represents the relevance condition between the service states of the block chain service equipment is obtained; and obtaining a service state detection result whether the service state of the block chain service equipment belongs to the same block chain service equipment or not according to the comparison relation between the output result and a preset detection condition.
It is understood that the above-mentioned contents regarding the service state consolidation of the blockchain service device can be implemented by the following embodiments.
Example A
Step S1, acquiring the service states of two groups of block chain service equipment to be detected; and respectively identifying the service items aiming at the service state of each group of block chain service equipment to obtain the service item content corresponding to the service state of the block chain service equipment.
In this embodiment, the service state of the blockchain service device to be detected may be understood as the service state of the blockchain service device to be classified, and the service state of the blockchain service device is used to record various types of state information of the corresponding blockchain service device in the service interaction process, and when the blockchain service device is applied to different service scenes, the various types of state information corresponding to the service state of the blockchain service device may be different. Generally, scenarios for blockchain business device applications include, but are not limited to, cross-border payments, teleworking, smart medicine, smart campus, cloud gaming, big data mining, and the like.
For example, when the scenario in which the blockchain service device is applied is a cross-border payment scenario, the service state of the blockchain service device may include payment state information, collection state information, identity verification state information, network test state information, or the like.
In addition, the service transaction identifies service transaction contents corresponding to service states for determining different blockchain service devices, and the service transaction contents may include different types/dimensions of transaction contents, such as multidimensional dynamic service transaction contents, signature service transaction contents, node relation service transaction contents, and the like, and the service transaction contents will be further described based on different embodiments.
Step S2, performing relevance analysis on each business item content to obtain relevant business item content.
In this embodiment, the related service item content represents a correlation between the service item contents, and performing correlation analysis on the service item contents may deeply analyze the correlation of different service item contents on multiple feature dimension levels to obtain the related service item contents. Furthermore, the association between different service item contents can be used as a classification and division basis for the service state of the blockchain service device, and the association between different service item contents is obtained by performing association analysis on each service item content, so that the consideration of the association between different service item contents is wide, and the accuracy and reliability of classification and division of the service state of the blockchain service device can be ensured.
Step S3, inputting the content of the related business transaction to: and analyzing the network based on the state relevance of the training completion of the related service item content sample in advance to obtain an output result representing the correlation condition between the service states of the block chain service equipment.
In the present embodiment, the state association analysis network may be a Neural Network (NN) model or a Classifier model (Classifier) based on Machine Learning (Machine Learning). The state relevance analysis network is trained based on the associated service item content samples, and the associated service item content samples can be continuously optimized, updated and iterated according to actual service state detection results, so that the model performance of the state relevance analysis network can be ensured.
On one hand, the output result may be represented by a numerical value, such as an association probability value representing an association between the service states of the blockchain service device. On the other hand, the output result may also be represented in a vector form, for example, a relevance evaluation vector (a 1, a2, a 3.., ai) representing relevance between the service states of the blockchain service device, where i is a positive integer. Each vector value in the relevance evaluation vector may evaluate the relevance between the service states of the blockchain service devices from different dimensions, for example, the vector value a1 may evaluate the relevance between the service states of the blockchain service devices from a service interaction object dimension, the vector value a2 may evaluate the relevance between the service states of the blockchain service devices from a service interaction scene dimension, and the vector value a3 may evaluate the relevance between the service states of the blockchain service devices from a service interaction period dimension. The larger the vector value is, the higher the association degree between the service states of the blockchain service device in the corresponding dimension is, and the smaller the vector value is, the higher the association degree between the service states of the blockchain service device in the corresponding dimension is.
Step S4, obtaining a service state detection result of whether the service state of the blockchain service device belongs to the same blockchain service device according to the comparison relationship between the output result and a preset detection condition.
In the present embodiment, the preset detection condition may be matched with the type of the output result. If the output result is a numerical value, for example, an association probability value representing an association condition between the service states of the blockchain service device, the preset detection condition may be a preset probability value. If the output result is a vector, for example, an association degree evaluation vector representing an association condition between the service states of the block chain service device, the preset detection condition may be a reference evaluation vector.
On the basis, the comparison relationship between the output result and the preset detection condition may be a difference value between the association probability value and the preset probability value, or a cosine distance between the association degree evaluation vector and the reference evaluation vector, but is not limited thereto.
Further, according to the comparison relationship, a service state detection result of whether the service state of the blockchain service device belongs to the same blockchain service device can be obtained. And then, the service states of the block chain service devices can be integrated based on the service state detection result, so that the integration result of the service states of the block chain service devices of the same block chain service device is obtained, and accurate and reliable analysis basis can be provided for the subsequent state analysis of the block chain service devices.
Therefore, through the embodiment a, the service item identification can be performed on the service states of different blockchain service devices to obtain the service item content, and further, the relevance analysis of the service item content is realized to obtain the relevant service item content, and the relevant service item content is analyzed and processed by using the state relevance analysis network trained in advance to obtain the output result indicating the relevance between the service states of the blockchain service devices, so that whether the service states of the blockchain service devices belong to the service state detection result of the same blockchain service device can be obtained according to the comparison relationship between the output result and the preset detection condition.
It can be understood that, since the service item content is considered in the process of attribution classification of the service state of the block chain service device, the classification judgment dimensionality of the service state can be increased, so that in the process of determining the service state of the same block chain service device, the influence of the detection error of a single classification judgment dimensionality on the service state detection result is avoided as much as possible, the reliability of the service state detection result for the same block chain service device is further ensured, the service state of the block chain service device of other block chain service devices is prevented from being wrongly classified, and thus, an accurate and reliable analysis basis can be provided for the subsequent block chain service device state analysis. Therefore, by adopting the scheme, the technical problems of low accuracy and poor reliability of the classification of the service states of the block chain service equipment in the related technology can be improved.
In the following, some alternative embodiments will be described, which should be understood as examples and not as technical features essential for implementing the present solution.
Example B
On the basis of this embodiment, the content of the possible business transaction includes: the multidimensional dynamic business transaction content, further, the associated business transaction content may include: globally associating business transaction content. The multidimensional dynamic business item content is used for representing business item contents with different dimensions and real-time changes, such as transaction amount and transaction amount in cross-border payment business, network delay or business cooperation state in remote office business, and the like. Further, the global associated business items may reflect the content of the associated business items from the overall business level, such as the identity relationship between the buyer and the seller in the cross-border payment business, and the logical relationship between the business items in the remote office business.
On the basis of the above contents, the "performing service item identification respectively for the service state of each group of blockchain service devices to obtain the service item content corresponding to the service state of the blockchain service device" described in the above steps may include the following contents: and analyzing and obtaining the multidimensional dynamic service item content of the service state of the block chain service equipment based on the service interaction object and the service interaction period information of the service state fragment contained in the service state of each group of block chain service equipment.
For example, the service state fragment may be obtained by splitting the service state of the blockchain service device according to a set rule, where the set rule may be an event-based splitting rule or a time-period-based splitting rule, for example, the service state of a group of blockchain service devices may be split into the service state fragment p1, the service state fragment p2, the service state fragment p3, the service state fragment p4, and the service state fragment p 5.
In addition, the service interaction object can be other block chain service equipment and also can be other types of intelligent equipment. In this embodiment, the blockchain business device may be an intelligent device with a data information interaction function, such as a personal PC, an enterprise server, and the like. The service interaction period information is used to record periods of different service state segments, for example, the service interaction period information of the service state segment p1 is t1, the service interaction period information of the service state segment p2 is t2, the service interaction period information of the service state segment p3 is t3, the service interaction period information of the service state segment p4 is t4, and the service interaction period information of the service state segment p5 is t 5.
Furthermore, the deep mining of the dynamic business item content can be performed based on the business interaction object and the business interaction period information of the business state segment, so that the multidimensional dynamic business item content of the business state of the block chain business equipment is completely determined to serve the subsequent business state classification.
On the basis of the above contents, the step of "performing relevance analysis on each business transaction content to obtain relevant business transaction content" described in the above steps may include the following contents: and performing relevance analysis on the multidimensional dynamic service item contents of the service states of the two groups of block chain service equipment to obtain global relevant service item contents.
For example, relevance analysis is performed on the multidimensional dynamic service item contents of the service states of the two groups of block chain service equipment, the relevance between different multidimensional dynamic service item contents can be used as a basis for classifying and dividing the service states of the block chain service equipment, and since the relevance between different multidimensional dynamic service item contents is obtained by performing relevance analysis on each multidimensional dynamic service item content, the considered layer of the relevance between different multidimensional dynamic service item contents is wider, and analysis is performed in combination with the dynamic change conditions of different service item contents, so that the classification and division of the service states of the block chain service equipment can be ensured to be matched with the actual service state change.
On the basis of the above, the above steps describe "inputting the content of the associated service event into: the obtaining of an output result indicating the correlation between the service states of the blockchain service device based on the state correlation analysis network trained based on the correlated service event content samples in advance may include the following: inputting the global associated business transaction content into: and analyzing the network based on the state relevance of the training completion of the global associated service item content sample in advance to obtain an output result representing the relevance condition between the service states of the block chain service equipment.
It can be understood that the associated business item content can be reflected from the whole business level by globally associating the business item content, so that the influence of individual errors in the output result of the determined association between the business states of the block chain business equipment on the precision and the reliability of the output result can be improved, and the precision of the output result of the association between the business states of the block chain business equipment can be ensured. For example, the influence of the vector value with deviation in the relevance degree evaluation vector on the relevance description of the relevance degree evaluation vector can be weakened by analyzing the content of the global relevance business affairs.
Example C
On the basis of this embodiment, the business transaction content may include: signing the business transaction content and the multidimensional dynamic business transaction content, and based on the content, the related business transaction content comprises: local associated business transaction content and global associated business transaction content. For example, the signature service transaction content may be used to represent the service transaction content corresponding to the signature behavior of the blockchain service device, and may be used to check the security of the blockchain service device.
On the basis of the above contents, the step "respectively perform service item identification for the service state of each group of block chain service devices to obtain the service item content corresponding to the service state of the block chain service device" may be implemented by the following embodiments: respectively acquiring block chain service equipment signatures corresponding to the service states of the block chain service equipment; signature service item identification is carried out on the signature of the block chain service equipment corresponding to the service state of each group of block chain service equipment to obtain the signature service item content of the service state of the block chain service equipment; and analyzing and obtaining the multidimensional dynamic service item content of the service state of the block chain service equipment based on the service interaction object and the service interaction period information of the service state fragment contained in the service state of each group of block chain service equipment.
In actual implementation, the signature of the blockchain service device may be obtained through communication with the blockchain service device corresponding to the service state of each blockchain service device, and the signature of the blockchain service device may be a digital signature for preventing malicious tampering of data information and for verifying the security of the blockchain service device. Furthermore, by performing signature service item identification, the signature service item content of the service state of the block chain service device can be determined based on the digital signature layer.
On the basis of the above contents, the step "performing relevance analysis on each business transaction content to obtain a relevant business transaction content" can be implemented by the following embodiments: performing relevance analysis on the signature service item contents of the service states of the two groups of block chain service equipment to obtain local relevant service item contents; and performing relevance analysis on the multidimensional dynamic service item contents of the service states of the two groups of block chain service equipment to obtain global relevant service item contents.
On the basis of the above contents, the local associated service item content may focus on the relevance of the digital signature of the service state of the block chain service device, and since the relevance of the digital signature is independent compared with the multidimensional dynamic service item content, the local associated service item content and the global associated service item content can be respectively determined by the above method, thereby facilitating subsequent service state classification.
On the basis of the above, the step "inputs the content of the related business affairs into: the state relevance analysis network trained based on the relevant service event content samples in advance is used for obtaining an output result representing the relevance condition between the service states of the block chain service equipment, and the method can be realized by the following implementation modes: inputting the local associated business transaction content and the global associated business transaction content to: and obtaining an output result representing the correlation condition between the service states of the block chain service equipment based on a state correlation analysis network trained by local correlation service item content and global correlation service item content samples in advance.
It can be understood that, when determining the output result of the correlation between the service states of the blockchain service device, the local correlation service item content and the global correlation service item content can be considered at the same time, and since the state correlation analysis network is trained based on the local correlation service item content and the global correlation service item content, it can be ensured that the analysis and identification of the correlation between the service states of the blockchain service device can be matched with the actual input content, and further the reliability of the output result of the correlation between the service states of the blockchain service device can be ensured. For example, after consideration of contents of local associated business matters is introduced, a vector dimension of the relevance evaluation vector can be increased to ensure the credibility of the relevance evaluation vector.
Example four
On the basis of this embodiment, the business transaction content may include: the signature service transaction content, the multidimensional dynamic service transaction content and the node relation service transaction content, and the associated service transaction content may include: local associated business transaction content and global associated business transaction content.
Based on the above contents, the step "respectively perform service item identification for the service state of each group of block chain service devices to obtain the service item content corresponding to the service state of the block chain service device" may include the following contents: respectively acquiring block chain service equipment signatures corresponding to the service states of the block chain service equipment; signature service item identification is carried out on the signature of the block chain service equipment corresponding to the service state of each group of block chain service equipment to obtain the signature service item content of the service state of the block chain service equipment; analyzing and obtaining the multidimensional dynamic service item content of the service state of each group of block chain service equipment based on the service interaction object and the service interaction period information of the service state fragment contained in the service state of each group of block chain service equipment; and acquiring the node relation service item content corresponding to the service states of the two groups of block chain service equipment.
In some examples, the node relationship service transaction content may be used to represent: and extracting service interaction object information of the center management equipment signed by the blockchain service equipment corresponding to the service states of the two groups of blockchain service equipment in the current cloud service scene.
For example, the service server may communicate with the central management device, and extract, by the central management device, the signature of the blockchain service device corresponding to the service states of the two groups of blockchain service devices, so that the service server can be prevented from being involved in the distributed processing architecture of the blockchain service device, and the stability of the distributed processing architecture of the blockchain service device can be ensured. The current cloud service scene can be one of the cross-border payment scene, the remote office scene and the intelligent medical scene, and correspondingly, the service interaction object information can be determined according to the actual scene. The node relation of the service states of the two groups of block chain service equipment on the equipment level can be determined through the service interaction object information of the central management equipment in the current cloud service scene, so that the subsequent service state classification is facilitated.
In other examples, the node relationship business transaction content may also be used to represent: and the same block chain service equipment respectively extracts the prediction information switched between the central management equipment of the block chain service equipment signature corresponding to the service states of the two groups of block chain service equipment.
For example, the central management device may be device0, the central management device0 may be configured to extract the signatures of the blockchain service devices (device 2 and device 3) corresponding to the service states of the two groups of blockchain service devices, respectively, and the prediction information may be understood as a switching condition between the same blockchain service device1 and the central management device may be device0, in general, if the prediction information is "m 1", it may be understood as extracting the signatures of the blockchain service devices (device 2 and device 3) corresponding to the service states of the two groups of blockchain service devices, respectively, through the device0, and if the prediction information is "m 2", it may be understood as extracting the signatures of the blockchain service devices (device 2 and device 3) corresponding to the service states of the two groups of blockchain service devices, respectively, through the device1, so designed that the signatures of the blockchain service devices corresponding to the service states of the two groups of blockchain service devices may be determined according to the switching condition of the central management device, to facilitate subsequent traffic state classification.
On the basis of the above contents, the step "performing relevance analysis on each business transaction content to obtain a relevant business transaction content" may include the following contents: performing relevance analysis on the signature service item contents of the service states of the two groups of block chain service equipment to obtain local relevant service item contents; and performing relevance analysis on the multidimensional dynamic service item contents of the service states of the two groups of block chain service equipment to obtain global relevant service item contents. The description of this step can refer to the description of the above embodiments, and will not be described here.
On the basis of the above, the step "inputs the content of the related business affairs into: the state relevance analysis network trained based on the relevant service event content samples in advance is used for obtaining an output result representing the relevance condition between the service states of the block chain service equipment, and the method can be realized by the following implementation modes: inputting the local associated service item content, the global associated service item content and the node relation service item content corresponding to the service states of the two groups of block chain service equipment into: and obtaining an output result representing the association condition among the service states of the block chain service equipment in advance based on a state association analysis network which is trained by the local association service item content sample, the global association service item content sample and the node relation service item sample.
It can be understood that when the state relevance analysis network is used for determining the output result for representing the relevance between the service states of the blockchain service equipment, corresponding samples can be adopted for training according to different input information, so that the model performance and the output accuracy of the state relevance analysis network are ensured.
In some alternative embodiments, the multidimensional dynamic business transaction content comprises: hot service transaction content and cold service transaction content. The hot service item content and the cold service item content can be obtained through the update frequency of the item content, the hot service item content is used for representing the dynamic service item content with higher update frequency, and the cold service item content is used for representing the dynamic service item content with lower update frequency.
On the basis of this alternative embodiment, the step "analyzing and obtaining the multidimensional dynamic service item content of the service state of each blockchain service device based on the service interaction object and the service interaction period information of the service state segment included in the service state of each group of blockchain service devices" may include the following contents: analyzing and obtaining hot service item contents of the service state of each group of block chain service equipment based on the service interaction object and the service interaction period information of the service state fragment contained in the service state of each group of block chain service equipment; and converting the service state of the block chain service equipment into a plurality of candidate service states, and analyzing to obtain the cold service item content of each candidate service state based on the service interaction object and the service interaction period information of the service state segment contained in each candidate service state.
For example, the hot service item content of the service state of each group of block chain service devices may be determined by the matching result (update frequency) of the service interaction object information and the service interaction period information, for example, the hot service item content is determined according to the service state segment with a higher matching degree (higher update frequency) between the service interaction object information and the service interaction period information.
Further, the service state of the blockchain service device is converted into a plurality of candidate service states, which may be divided according to the hot service item content of the service state of each group of blockchain service devices, for example, the service state of each group of blockchain service devices may be divided according to the hot service item content of the service state of each group of blockchain service devices, so as to obtain a plurality of candidate service states, where the plurality of candidate service states are unrelated to the hot service item content, so that the cold service item content of each candidate service state may be obtained through analysis based on the service interaction object and the service interaction period information of the service state segment included in each candidate service state.
Because the hot service item content and the cold service item content are determined to be in sequence, the interference of the hot service item content determined in advance to the cold service item content determined in the later can be avoided, and the hot service item content and the cold service item content can be accurately distinguished.
In some further embodiments, the hot-end transaction content and the cold-end transaction content each include at least one of the following predetermined types of transaction content: dynamic request service item content, dynamic response service item content, dynamic call service item content, dynamic cooperation service item content and dynamic expansion service item content. The dynamic request service event content is used for initiating service interaction, the dynamic response service event content is used for receiving service interaction, the dynamic call service event content is used for skipping service interaction, the dynamic cooperation service event content is used for assisting service interaction, and the dynamic expansion service event content is used for optimizing service interaction.
In some further embodiments, the global associated business transaction content may include: scene associated business transaction content and object associated business transaction content. It can be understood that the scene-related service transaction contents and the object-related service transaction contents respectively focus on the scene level and the object level. Based on this, the step of "performing relevance analysis on the multidimensional dynamic service transaction content of the service states of the two groups of blockchain service devices to obtain a global relevance service transaction content" may include the following contents: respectively carrying out preset content identification on each preset type service item content contained in hot service item contents of service states of the two groups of block chain service equipment to obtain scene associated service item contents; and respectively carrying out preset content identification on each preset type service item content contained in the cold service item contents of the service states of the two groups of block chain service equipment to obtain object associated service item contents. For example, the predetermined type of service event may be selected according to service requirements.
In the actual implementation process, the scene-related business item content can be determined from the perspective of a business scene by respectively carrying out preset content identification on each preset type business item content contained in the popular business item content, and the completeness and the accuracy of the scene-related business item content can be ensured because the scene features in the popular business item content occupy higher weight. The method has the advantages that the preset content identification is respectively carried out on each preset type of service item content contained in the cold service item content, the object associated service item content can be determined in a service object angle, and the integrity and the accuracy of the object associated service item content can be ensured because the weight occupied by the service object characteristics in the cold service item content is large.
In an actual implementation process, the network model training process of the state relevance analysis network can be realized by the following steps: acquiring a training sample set containing related business item content samples and training sample description values corresponding to the related business item content samples; inputting the related business affair content sample into a state relevance analysis network to obtain a sample output result which represents the correlation condition between two business state samples corresponding to the related business affair content sample; judging whether the difference result between the sample output result and the training sample description value meets the set model performance evaluation condition or not; if so, judging that the training of the network model is finished, and obtaining a trained state correlation analysis network; if not, adjusting the network model parameters in the state relevance analysis network, returning to the step of inputting the related business item content sample into the state relevance analysis network to obtain a sample output result representing the correlation condition between the two business state samples corresponding to the related business item content sample, and continuing to perform the next network model training.
For example, the training sample description value may be understood as an actual value of the training sample, and the actual value is used for describing the association condition of the traffic state. Further, the difference result between the sample output result and the training sample description value may be a numerical result, and the set model performance evaluation condition may be a preset numerical range. The network model parameter adjustment may refer to the related art, and is not described herein.
In some other embodiments, after obtaining the trained state association analysis network, the method may further include: respectively inputting all the related business item content samples which are not used in the training sample set into the state relevance analysis network after the training is finished to obtain output results of all the samples; aiming at each sample output result, respectively obtaining a service state detection result whether two service state samples corresponding to the sample output result belong to the same block chain service equipment or not according to the comparison relation between the sample output result and a preset alternative detection condition; analyzing the state detection matching degree of the service state detection result based on the training sample description value corresponding to each sample output result; judging whether the state detection matching degree is larger than a preset state detection matching degree threshold value or not; if yes, determining the alternative detection conditions as preset detection conditions to be used; if not, adjusting the alternative detection conditions, returning the output result of each sample, and obtaining whether two service state samples corresponding to the output result of the sample belong to the service state detection result of the same block chain service equipment according to the comparison relation between the output result of the sample and the preset alternative detection conditions respectively until the state detection matching degree of the service state detection result is greater than the preset state detection matching degree threshold value; and determining the alternative detection condition which enables the state detection matching degree of the service state detection result to be larger than the preset state detection matching degree threshold value as the preset detection condition to be used.
For example, the comparison relationship between the sample output result and the preset candidate detection condition may be a numerical comparison relationship, and the state detection matching degree of the service state detection result is used to represent the degree of association between the service states of different blockchain service devices. The larger the state detection matching degree is, the higher the correlation degree between the service states of different block chain service devices is. Therefore, the preset detection conditions to be used can be ensured to be in accordance with the actual service conditions, and the accuracy of subsequent service state classification is further ensured.
In some possible embodiments, the step of "obtaining a training sample description value corresponding to a training sample set containing associated business event content samples and each associated business event content sample" may include the following steps: respectively acquiring a plurality of service state samples corresponding to different block chain service devices; respectively identifying service items aiming at each service state sample to obtain a service item content sample corresponding to each service state sample; performing relevance analysis on any two business item content samples to obtain a group of relevant business item content samples in a training sample set; determining a training sample description value corresponding to the associated business item content sample according to whether the two business item content samples belong to the same block chain business device; when the two business item content samples belong to the same block chain business equipment, determining that the training sample description value corresponding to the related business item content sample is a first set value, otherwise, determining that the training sample description value corresponding to the related business item content sample is a second set value; wherein the associated business transaction content sample represents an association between the two business transaction content samples. In this embodiment, the first setting value may be 1, and the second setting value may be 0.
In other embodiments, the training sample description value may also be determined by linear expression, for example, the training sample description value may be determined as a value interval.
In some alternative embodiments, the business transaction content samples include: the multidimensional dynamic business item content sample, based on which the business item is identified for each business state sample to obtain the business item content sample corresponding to each business state sample, may include the following contents: and analyzing and obtaining a multi-dimensional dynamic business item content sample of each business state sample based on the business interaction object and the business interaction period information of the business state fragment contained in each business state sample. The above-mentioned correlation analysis of any two service item content samples to obtain a group of correlated service item content samples in the training sample set may include the following contents: and performing relevance analysis on the multidimensional dynamic business item content samples of any two business state samples to obtain a group of global relevance business item content samples in the training sample set. The above-mentioned inputting the sample of the related service transaction content into the state relevance analysis network to obtain the sample output result indicating the relevance between the two service state samples corresponding to the sample of the related service transaction content may include the following contents: and inputting the global associated service item content sample into a state association analysis network to obtain a sample output result representing the association condition between any two service state samples.
In some alternative embodiments, the business transaction content samples include: signing a business item content sample and a multidimensional dynamic business item content sample; the associated business transaction content comprises: a local associated business transaction content sample and a global associated business transaction content sample. Based on this, the above-mentioned performing service item identification for each service state sample to obtain the service item content sample corresponding to each service state sample may include the following contents: respectively obtaining signature samples corresponding to the service state samples; performing signature service item identification on the signature sample corresponding to each service state sample to obtain a signature service item content sample of the service state sample; and analyzing and obtaining a multi-dimensional dynamic business item content sample of each business state sample based on the business interaction object and the business interaction period information of the business state fragment contained in each business state sample. The above-mentioned correlation analysis of any two service item content samples to obtain a group of correlated service item content samples in the training sample set may include the following contents: performing relevance analysis on signature service item content samples of any two service state samples to obtain local relevance service item content samples; and carrying out relevance analysis on the multidimensional dynamic business item content samples of any two business state samples to obtain a global relevance business item content sample. The above-mentioned inputting the sample of the related service transaction content into the state relevance analysis network to obtain the sample output result indicating the relevance between the two service state samples corresponding to the sample of the related service transaction content may include the following contents: and inputting the local associated service item content sample and the global associated service item content sample into a state association analysis network to obtain a sample output result representing the association condition between any two service state samples.
In some alternative embodiments, the business transaction content samples include: signing a business item content sample, a multidimensional dynamic business item content sample and a node relation business item content sample; the sample of associated business transaction content comprises: a local associated business transaction content sample and a global associated business transaction content sample. Based on this, the above-mentioned performing service item identification on each service status sample to obtain the service item content sample corresponding to each service status sample can be implemented by the following embodiments: respectively obtaining signature samples corresponding to the service state samples; performing signature service item identification on the signature sample corresponding to each service state sample to obtain a signature service item content sample of the service state sample; analyzing and obtaining a multi-dimensional dynamic business item content sample of each business state sample based on the business interaction object and the business interaction period information of the business state fragment contained in each business state sample; aiming at any two service state samples, acquiring node relation service item content samples corresponding to the two service state samples, wherein the node relation service item content samples represent that: extracting service interaction object information of the center management equipment of the signature samples corresponding to the two service state samples in the current cloud service scene; or, the node relation service transaction content indicates: and the same block chain service equipment respectively extracts the prediction information switched between the central management equipment of the signature samples corresponding to the two service state samples. Based on this, the above-mentioned correlation analysis is performed on any two business transaction content samples to obtain a group of correlated business transaction content samples in the training sample set, which can be implemented by the following implementation manners: performing relevance analysis on signature service item content samples of any two service state samples to obtain local relevance service item content samples; and carrying out relevance analysis on the multidimensional dynamic business item content samples of any two business state samples to obtain a global relevance business item content sample. Based on this, the above-mentioned inputting the related business affair content sample into the state relevance analysis network to obtain the sample output result indicating the relevance between the two business state samples corresponding to the related business affair content sample can be realized by the following embodiments: and inputting the local associated service item content sample, the global associated service item content sample and the node relation service item content sample corresponding to any two service state samples into a state association analysis network to obtain a sample output result representing the association condition between the local associated service item content sample and any two service state samples.
It should be understood that the above description of different training modes for the state association analysis network may refer to the related contents of the previous embodiments, and will not be described herein again.
In other alternative embodiments, after the service state detection result in S4 indicates whether the service state of the blockchain service device belongs to the same blockchain service device, the method may further include the following steps: and integrating the service states of the block chain service equipment to obtain a service state track of the target block chain service equipment corresponding to the service state of the block chain service equipment.
In this embodiment, the traffic state trajectory may be a knowledge graph or graph data. By analyzing the service state track, portrait information of the target block chain service node in the service interaction process can be mined, so that the service is optimized and upgraded based on the portrait information, and the service interaction efficiency between subsequent block chain service nodes is improved.
In other optional embodiments, after integrating the service states of the blockchain service devices to obtain a service state trajectory of a target blockchain service device corresponding to the service state of the blockchain service device, the method may further include the contents described in the following steps (1) to (3).
(1) Acquiring a service portrait data record according to the service state track, wherein the service portrait data record comprises a plurality of groups of uninterrupted service portrait data; and acquiring an interference portrait data record according to the service portrait data record, wherein the interference portrait data record comprises a plurality of uninterrupted groups of interference portrait data.
For example, the service representation data is used to describe a representation characteristic of the target blockchain service device, such as preference information or evaluation information of the target blockchain service device during service interaction. The interference image data is relative to the business image data, i.e., inaccurate image data.
(2) Based on the service portrait data record, acquiring a service portrait label distribution record through a first label extraction network included in a service portrait identification model, wherein the service portrait label distribution record comprises a plurality of service portrait label distributions; and acquiring an interference portrait label distribution record through a second label extraction network included in the service portrait identification model based on the interference portrait data record, wherein the interference portrait label distribution record comprises a plurality of interference portrait label distributions.
For example, the portrait label distribution may be a distribution list or a distribution map, but is not limited thereto. The business image recognition model may be a neural network model.
(3) Acquiring portrait intention skip information corresponding to the service portrait data record through a portrait intention analysis network included in the service portrait identification model based on the service portrait label distribution record and the interference portrait label distribution record; and determining the service requirement portrait information recorded by the service portrait data according to the portrait intention skip information.
For example, the image intent skip information is used to represent the change information of the service portrait data record, and the service requirement portrait information can be understood as various service requirements of the target block chain service device, such as an interactive interface requirement, an interactive time consumption requirement, and the like.
By means of the design, based on the content described in the steps (1) to (3), portrait intention skip information corresponding to the business portrait data record can be obtained based on different functional layers of the determined business portrait data record, interference portrait data record and business portrait recognition model, and due to the fact that the portrait intention skip information records the change information of the business portrait data record, the latest business demand portrait information of the business portrait data record can be determined through the portrait intention skip information, so that the business service can be optimized and upgraded based on the business demand portrait information, and the business interaction efficiency between subsequent block chain business nodes is improved.
In other alternative embodiments, the step "obtaining portrait intent skip information corresponding to the service portrait data record through the portrait intent analysis network included in the service portrait identification model based on the service portrait tag distribution record and the interference portrait tag distribution record" may include the following steps (31) to (35).
(31) And acquiring a plurality of first label classification characteristics through a first global portrait analysis layer included in the service portrait identification model based on the service portrait label distribution record, wherein each first label classification characteristic corresponds to service portrait label distribution.
(32) And acquiring a plurality of second label classification characteristics through a second global portrait analysis layer included in the service portrait identification model based on the interference portrait label distribution record, wherein each second label classification characteristic corresponds to interference portrait label distribution.
(33) And performing feature matching processing on the plurality of first label classification features and the plurality of second label classification features to obtain a plurality of target label classification features, wherein each target label classification feature comprises a first label classification feature and a second label classification feature.
(34) And acquiring label classification fusion features through a time sequence feature fusion layer included by the service portrait identification model based on the target label classification features, wherein the label classification fusion features are determined according to the target label classification features and time sequence classification weights, and each target label classification feature corresponds to one time sequence classification weight.
(35) And acquiring portrait intention skip information corresponding to the service portrait data record through a portrait intention analysis network included in the service portrait identification model based on the label classification fusion characteristics.
It can be understood that, through the steps (31) to (35), when the image intention skipping information corresponding to the business image data record is acquired, the time sequence characteristics can be taken into consideration, and therefore the real-time performance of the image intention skipping information is ensured.
For the above data intrusion detection method applied to the blockchain service, an embodiment of the present invention further provides an exemplary data intrusion detection apparatus applied to the blockchain service, and as shown in fig. 2, the data intrusion detection apparatus 200 applied to the blockchain service may include the following functional modules.
The behavior data determining module 210 is configured to determine, according to the interaction operation record information in the first preset intrusion detection time period, a continuous operation behavior data set of the cloud service event executed by the block chain service device corresponding to the cloud service scene information.
The detection data determining module 220 is configured to determine, through the continuous operation behavior data set of the blockchain service device corresponding to the cloud service scenario information, an intrusion detection data source set of the blockchain service device corresponding to the cloud service scenario information.
And the data intrusion detection module 230 is configured to perform data intrusion detection on the access right state of the blockchain service device corresponding to the cloud service scene information based on the intrusion detection data source set.
Based on the above method embodiment and apparatus embodiment, the embodiment of the present invention further provides a system embodiment, that is, a data intrusion detection system applied to a block chain service, please refer to fig. 3, where a data intrusion detection system 30 applied to a block chain service may include a big data server 10 and a block chain service device 20. Wherein the big data server 10 communicates with the blockchain service device 20 to implement the above method, and further, the functionality of the data intrusion detection system 30 applied to the blockchain service is described as follows: the big data server 10 determines a continuous operation behavior data set of a cloud service event executed by the block chain service device 20 corresponding to the cloud service scene information according to the interactive operation record information in the first preset intrusion detection time period; determining an intrusion detection data source set of the blockchain service device 20 corresponding to the cloud service scene information through the continuous operation behavior data set of the blockchain service device 20 corresponding to the cloud service scene information; and performing data intrusion detection on the access authority state of the blockchain service equipment 20 corresponding to the cloud service scene information based on the intrusion detection data source set.
Referring to fig. 4 in conjunction, the big data server 10 may include a processing engine 110, a network module 120, and a memory 130, the processing engine 110 and the memory 130 communicating through the network module 120.
Processing engine 110 may process the relevant information and/or data to perform one or more of the functions described herein. For example, in some embodiments, processing engine 110 may include at least one processing engine (e.g., a single core processing engine or a multi-core processor). By way of example only, the Processing engine 110 may include a Central Processing Unit (CPU), an Application-Specific Integrated Circuit (ASIC), an Application-Specific Instruction Set Processor (ASIP), a Graphics Processing Unit (GPU), a Physical Processing Unit (PPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), a Programmable Logic Device (PLD), a controller, a microcontroller Unit, a Reduced Instruction Set Computer (RISC), a microprocessor, or the like, or any combination thereof.
The Memory 130 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 130 is used for storing a program, and the processing engine 110 executes the program after receiving the execution instruction.
It will be appreciated that the configuration shown in fig. 4 is merely illustrative and that the big data server 10 may also include more or fewer components than shown in fig. 4, or have a different configuration than shown in fig. 4. The components shown in fig. 4 may be implemented in hardware, software, or a combination thereof.
It should be appreciated that the system and its modules shown above may be implemented in a variety of ways. For example, in some embodiments, the system and its modules may be implemented in hardware, software, or a combination of software and hardware. Wherein the hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory for execution by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the methods and systems described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided, for example, on a carrier medium such as a diskette, CD-or DVD-ROM, a programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The system and its modules of the present application may be implemented not only by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., but also by software executed by various types of processors, for example, or by a combination of the above hardware circuits and software (e.g., firmware).
It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be considered merely illustrative and not restrictive of the broad application. Various modifications, improvements and adaptations to the present application may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present application and thus fall within the spirit and scope of the exemplary embodiments of the present application.
Also, this application uses specific language to describe embodiments of the application. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the present application is included in at least one embodiment of the present application. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the present application may be combined as appropriate.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for the operation of various portions of the present application may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages, and the like. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
Numerals describing the number of components, attributes, etc. are used in some embodiments, it being understood that such numerals used in the description of the embodiments are modified in some instances by the use of the modifier "about", "approximately" or "substantially". Unless otherwise indicated, "about", "approximately" or "substantially" indicates that the numbers allow for adaptive variation. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that may vary depending upon the desired properties of the individual embodiments. In some embodiments, the numerical parameter should take into account the specified significant digits and employ a general digit preserving approach. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of the range are approximations, in the specific examples, such numerical values are set forth as precisely as possible within the scope of the application.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present application. Other variations are also possible within the scope of the present application. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the present application can be viewed as being consistent with the teachings of the present application. Accordingly, the embodiments of the present application are not limited to only those embodiments explicitly described and depicted herein.
Claims (10)
1. A data intrusion detection method applied to block chain service is characterized in that the method is applied to a big data server, and the method comprises the following steps:
determining a continuous operation behavior data set of a cloud service event executed by block chain service equipment corresponding to cloud service scene information according to interactive operation record information in a first preset intrusion detection time period;
determining an intrusion detection data source set of the blockchain business equipment corresponding to the cloud business scene information through a continuous operation behavior data set of the blockchain business equipment corresponding to the cloud business scene information;
and carrying out data intrusion detection on the access authority state of the block chain service equipment corresponding to the cloud service scene information based on the intrusion detection data source set.
2. The method of claim 1,
determining a continuous operation behavior data set of a cloud service event executed by a block chain service device corresponding to cloud service scene information according to interactive operation record information in a first preset intrusion detection time period, wherein the continuous operation behavior data set comprises:
acquiring a set of first device running state data corresponding to cloud service scene information according to interactive operation record information in a first preset intrusion detection period, wherein the first device running state data comprises event characteristics of executed cloud service events and time sequence characteristic information of the executed cloud service events;
determining a continuous operation behavior data set of a cloud service event executed by a block chain service device corresponding to cloud service scene information according to a set of first device operation state data corresponding to the cloud service scene information;
determining an intrusion detection data source set of the blockchain business equipment corresponding to the cloud business scene information through a continuous operation behavior data set of the blockchain business equipment corresponding to the cloud business scene information, including:
and determining an intrusion detection data source set of the block chain service equipment corresponding to the cloud service scene information according to the behavior data node information of the continuous operation behavior data set of the block chain service equipment corresponding to the cloud service scene information, wherein the intrusion detection data source set is used for representing the statistical information of the operation behavior triggering conditions of the block chain service equipment corresponding to the cloud service scene information by taking the cloud service event as the current category, and the category of the operation behavior triggering conditions is divided according to the node transmission path of the continuous operation behavior data set and the operation behavior triggering time period.
3. The method of claim 2, wherein determining a continuous operation behavior data set of a cloud service event executed by a blockchain service device corresponding to cloud service scenario information according to a set of first device operating state data corresponding to the cloud service scenario information comprises:
determining whether operation behavior triggering occurs between two cloud service events of block chain service equipment corresponding to first cloud service scene information according to first equipment operation state data corresponding to the two cloud service events which are associated in a time sequence layer in a set of first equipment operation state data corresponding to the first cloud service scene information;
integrating any two pieces of cloud service event information which are associated on a time sequence layer and are not triggered by an operation behavior of the block chain service equipment corresponding to the first cloud service scene information in a set of first equipment operation state data corresponding to the first cloud service scene information, so as to form a continuous operation behavior data set of cloud service events executed by the block chain service equipment corresponding to the first cloud service scene information through the integrated cloud service event information; the first cloud service scene information is any one of the interactive operation record information in a first preset intrusion detection time period.
4. The method of claim 3, wherein determining whether an operational behavior trigger occurs between the two cloud traffic events for a blockchain traffic device corresponding to the first cloud traffic scenario information comprises:
recording judgment information of whether operation behavior triggering occurs or not in a cloud service event with a later time sequence corresponding to time sequence characteristics of the two cloud service events in first equipment running state data corresponding to first cloud service scene information;
or recording the judgment information of whether the operation behavior triggering occurs in the cloud service event integration information formed by the two cloud service events.
5. The method of claim 3 or 4, wherein determining whether an operation behavior trigger occurs between two cloud service events in a blockchain service device corresponding to the first cloud service scenario information according to first device operation state data corresponding to the two cloud service events which are associated in a time sequence level in a set of first device operation state data corresponding to the first cloud service scenario information comprises:
determining target dynamic association time consumption of the two cloud service events according to preset static response sensitivity of the two executed cloud service events and similarity of the two cloud service events;
determining whether operation behavior triggering occurs between the two cloud service events of the block chain service equipment corresponding to the first cloud service scene information according to the time sequence characteristic information of the two cloud service events executed in the set of the first equipment running state data corresponding to the first cloud service scene information and the target dynamic correlation time consumption;
determining whether operation behavior triggering occurs between the two cloud service events of the block chain service device corresponding to the first cloud service scenario information according to the time sequence feature information of the two cloud service events executed in the set of the first device running state data corresponding to the first cloud service scenario information and the target dynamic association time consumption, wherein the determining comprises the following steps:
determining first target association time consumption of two cloud service events executed by block chain service equipment according to first equipment operation state data corresponding to a plurality of pieces of cloud service scene information in a time sequence level in a set of first equipment operation state data corresponding to the cloud service scene information in a first preset intrusion detection period, wherein the first target association time consumption is used for distinguishing occurrence of operation behavior triggering and non-occurrence of operation behavior triggering, and the first target association time consumption refers to a global description value or a heat value of the association time consumption exceeding the target dynamic association time consumption in the association time consumption of the two executed cloud service events calculated according to the first equipment operation state data corresponding to the plurality of pieces of cloud service scene information;
if the association time consumption of the two cloud service events executed by the block chain service device corresponding to the first block chain service scene information is greater than the first target association time consumption, determining that the block chain service device corresponding to the first block chain service scene information is triggered by an operation behavior in the executing process of the two cloud service events;
or if the association time consumption of the two cloud service events executed by the block chain service device corresponding to the first block chain service scenario information is less than or equal to the first target association time consumption, determining that no operation behavior trigger occurs in the execution process of the two cloud service events by the block chain service device corresponding to the first block chain service scenario information.
6. The method of claim 3 or 4, wherein determining whether an operation behavior trigger occurs between two cloud service events in a blockchain service device corresponding to the first cloud service scenario information according to first device operation state data corresponding to the two cloud service events which are associated in a time sequence level in a set of first device operation state data corresponding to the first cloud service scenario information comprises:
acquiring a set of second device running state data which is associated at a time sequence level and corresponds to cloud service scene information of the two cloud service events in an execution process according to interactive operation record information in a second preset intrusion detection time period, wherein the second preset intrusion detection time period is before the first preset intrusion detection time period, and the second device running state data comprises event characteristics of cloud service events executed by block chain service devices corresponding to the cloud service scene information and time sequence characteristic information of the executed cloud service events;
determining second target association time consumption of the two executed cloud service events according to a set of second device running state data corresponding to the cloud service scene information which is associated on the time sequence level and in the executing process of the two cloud service events, wherein the second target association time consumption is used for distinguishing the occurrence of operation behavior triggering from the non-occurrence of operation behavior triggering;
if the association time consumption of the two cloud service events executed by the block chain service device corresponding to the first block chain service scene information is greater than the association time consumption of the second target, determining that the block chain service device corresponding to the first block chain service scene information is triggered by an operation behavior in the executing process of the two cloud service events;
or if the association time consumption of the two cloud service events executed by the block chain service device corresponding to the first block chain service scene information is less than or equal to the second target association time consumption, determining that no operation behavior trigger occurs in the execution process of the two cloud service events by the block chain service device corresponding to the first block chain service scene information.
7. The method of claim 6, wherein the method further comprises:
determining third target association time consumption of the two executed cloud service events according to a set of second device operation state data corresponding to the cloud service scene information in the execution process of the two cloud service events with association on the time sequence level, wherein the third target association time consumption is used for distinguishing whether the association time consumption is abnormal association time consumption or not, and the third target association time consumption is less than the second target association time consumption;
determining that no operation behavior trigger occurs to the blockchain service device corresponding to the first blockchain service scenario information in the execution process of the two cloud service events, including:
and if the association time consumption of the two cloud service events executed by the block chain service device corresponding to the first block chain service scene information is less than or equal to the second target association time consumption and is greater than or equal to the third target association time consumption, determining that the block chain service device corresponding to the first block chain service scene information does not generate operation behavior triggering in the execution process of the two cloud service events.
8. The method of claim 6, wherein the method further comprises:
determining fourth target association time consumption of the two executed cloud service events according to a set of second device operation state data corresponding to the cloud service scene information which is associated on the time sequence level and in the executing process of the two cloud service events, wherein the fourth target association time consumption is used for distinguishing types triggered by the operation behaviors, and the fourth target association time consumption is larger than the second target association time consumption;
determining that operation behavior triggering occurs to the blockchain service device corresponding to the first blockchain service scenario information in the execution process of the two cloud service events, including:
if the association time consumption of the two cloud service events executed by the block chain service device corresponding to the first block chain service scene information is greater than the second target association time consumption and less than or equal to the fourth target association time consumption, determining that the block chain service device corresponding to the first block chain service scene information generates instantaneous operation behavior triggering on the two cloud service events;
or if the association time consumption of the two cloud service events executed by the block chain service device corresponding to the first block chain service scene information is greater than the fourth target association time consumption, determining that the block chain service device corresponding to the first block chain service scene information has continuous operation behavior triggering on the two cloud service events.
9. The method of claim 2, wherein determining the intrusion detection data source set of the blockchain business device corresponding to the cloud business scenario information according to the behavior data node information of the continuous operation behavior data set of the blockchain business device corresponding to the cloud business scenario information comprises: generating at least one intrusion detection data source set in the first cloud service scene information according to the behavior data node information of the continuous operation behavior data set of the block chain service equipment corresponding to the first cloud service scene information, wherein the intrusion detection data source set comprises at least one of the following intrusion detection data source sets:
the method comprises the steps that a set of cloud service event information and operation behavior triggering statistical information corresponding to a first interaction state triggered by continuous operation behaviors in behavior data node information of a continuous operation behavior data set of block chain service equipment corresponding to first cloud service scene information;
a set of operation behavior triggering statistical information of cloud service event information corresponding to a second interaction state triggered by a continuous operation behavior in behavior data node information of a continuous operation behavior data set of block chain service equipment corresponding to first cloud service scene information;
the method comprises the steps that a set of cloud service event information and operation behavior triggering statistical information corresponding to a first interaction state triggered by an instantaneous operation behavior in behavior data node information of a continuous operation behavior data set of block chain service equipment corresponding to first cloud service scene information;
and the operation behavior trigger statistical information of the cloud service event information corresponding to the second interaction state triggered by the instant operation behavior in the behavior data node information of the continuous operation behavior data set of the block chain service equipment corresponding to the first cloud service scene information is collected.
10. A big data server is characterized by comprising a processing engine, a network module and a memory; the processing engine and the memory communicate through the network module, the processing engine reading a computer program from the memory and operating to perform the method of any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110665285.0A CN113468520A (en) | 2021-06-16 | 2021-06-16 | Data intrusion detection method applied to block chain service and big data server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110665285.0A CN113468520A (en) | 2021-06-16 | 2021-06-16 | Data intrusion detection method applied to block chain service and big data server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113468520A true CN113468520A (en) | 2021-10-01 |
Family
ID=77870162
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110665285.0A Withdrawn CN113468520A (en) | 2021-06-16 | 2021-06-16 | Data intrusion detection method applied to block chain service and big data server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113468520A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114139210A (en) * | 2021-12-15 | 2022-03-04 | 智谷互联网科技(廊坊)有限公司 | Big data security threat processing method and system based on intelligent service |
| CN114218565A (en) * | 2021-11-23 | 2022-03-22 | 赵运岐 | Intrusion protection data processing method based on big data and big data server |
| CN115454781A (en) * | 2022-10-08 | 2022-12-09 | 杭银消费金融股份有限公司 | Data visualization display method and system based on enterprise architecture system |
| CN115952555A (en) * | 2022-11-29 | 2023-04-11 | 广西金教通科技有限公司 | Information processing method based on block chain and AI system |
| CN117670264A (en) * | 2024-02-01 | 2024-03-08 | 武汉软件工程职业学院(武汉开放大学) | Automatic flow processing system and method for accounting data |
| CN117670264B (en) * | 2024-02-01 | 2024-04-19 | 武汉软件工程职业学院(武汉开放大学) | Automatic flow processing system and method for accounting data |
-
2021
- 2021-06-16 CN CN202110665285.0A patent/CN113468520A/en not_active Withdrawn
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114218565A (en) * | 2021-11-23 | 2022-03-22 | 赵运岐 | Intrusion protection data processing method based on big data and big data server |
| CN114139210A (en) * | 2021-12-15 | 2022-03-04 | 智谷互联网科技(廊坊)有限公司 | Big data security threat processing method and system based on intelligent service |
| CN115454781A (en) * | 2022-10-08 | 2022-12-09 | 杭银消费金融股份有限公司 | Data visualization display method and system based on enterprise architecture system |
| CN115454781B (en) * | 2022-10-08 | 2023-05-16 | 杭银消费金融股份有限公司 | Data visualization display method and system based on enterprise architecture system |
| CN115952555A (en) * | 2022-11-29 | 2023-04-11 | 广西金教通科技有限公司 | Information processing method based on block chain and AI system |
| CN117670264A (en) * | 2024-02-01 | 2024-03-08 | 武汉软件工程职业学院(武汉开放大学) | Automatic flow processing system and method for accounting data |
| CN117670264B (en) * | 2024-02-01 | 2024-04-19 | 武汉软件工程职业学院(武汉开放大学) | Automatic flow processing system and method for accounting data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Tann et al. | Towards safer smart contracts: A sequence learning approach to detecting security threats | |
| CN109816397B (en) | Fraud discrimination method, device and storage medium | |
| CN107316198B (en) | Account risk identification method and device | |
| CN113468520A (en) | Data intrusion detection method applied to block chain service and big data server | |
| CN105590055B (en) | Method and device for identifying user credible behaviors in network interaction system | |
| US11151573B2 (en) | Intelligent chargeback processing platform | |
| US20230099864A1 (en) | User profiling based on transaction data associated with a user | |
| CN112837069B (en) | Block chain and big data based secure payment method and cloud platform system | |
| KR20190070702A (en) | System and method for automatically verifying security events based on text mining | |
| CN111177714A (en) | Abnormal behavior detection method and device, computer equipment and storage medium | |
| CN115174231B (en) | Network fraud analysis method and server based on AI Knowledge Base | |
| CN112685774B (en) | Payment data processing method based on big data and block chain finance and cloud server | |
| CN112966113A (en) | Data risk prevention and control method, device and equipment | |
| CN112115468A (en) | Service information detection method based on big data and cloud computing center | |
| CN111275416B (en) | Digital currency abnormal transaction detection method, device, electronic equipment and medium | |
| CN113468017A (en) | Online service state detection method applied to block chain and service server | |
| Esakkiraj et al. | A predictive approach for fraud detection using hidden Markov model | |
| CN112990989B (en) | Value prediction model input data generation method, device, equipment and medium | |
| CN113674318A (en) | Target tracking method, device and equipment | |
| CN112686667A (en) | Data processing method based on big data and block chain and cloud service platform | |
| CN114285587A (en) | Domain name identification method and device and domain name classification model acquisition method and device | |
| CN113763057A (en) | User identity portrait data processing method and device | |
| CN116451050A (en) | Abnormal behavior recognition model training and abnormal behavior recognition method and device | |
| CN113409014A (en) | Big data service processing method based on artificial intelligence and artificial intelligence server | |
| Jose et al. | Detection of Credit Card Fraud Using Resampling and Boosting Technique |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20211001 |