CN113595986A - Intelligent contract intercepting method and device based on intelligent contract firewall framework - Google Patents
Intelligent contract intercepting method and device based on intelligent contract firewall framework Download PDFInfo
- Publication number
- CN113595986A CN113595986A CN202110740050.3A CN202110740050A CN113595986A CN 113595986 A CN113595986 A CN 113595986A CN 202110740050 A CN202110740050 A CN 202110740050A CN 113595986 A CN113595986 A CN 113595986A
- Authority
- CN
- China
- Prior art keywords
- contract
- rule
- transaction
- firewall
- protected
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an intelligent contract intercepting method and device based on an intelligent contract firewall framework, wherein the method comprises the following steps: deploying a first firewall contract, a first interception rule base and a protected contract on the blockchain; the first interception rule base comprises a first rule contract; receiving and responding to a calling request sent by a user side, and returning a judgment result to a first firewall contract when the judgment result that the transaction information result is reasonably passed is obtained; and sending the transaction request to a protected contract, so that the protected contract performs transaction with the user side according to the transaction request, and returning a transaction result to the first firewall contract and the first rule contract, so that the first rule contract detects the transaction result, and intercepts the transaction when the transaction condition is not met. The embodiment of the invention can intercept the malicious transaction behaviors in time by monitoring the firewall contract in real time, thereby effectively avoiding the loss caused by the malicious transaction behaviors.
Description
Technical Field
The invention relates to the technical field of computers, in particular to an intelligent contract intercepting method and device based on an intelligent contract firewall framework.
Background
The emergence of intelligent contracts has marked the formal entry of blockchain technology into the 2.0 era, which also means that blockchains also possess systems that can perform a series of operations themselves without the need for direct manual intervention, and intelligent contracts are the carriers of such systems. However, the intelligent contract type block chain has a problem since the world: most intelligent contract-type blockchains are difficult to upgrade and maintain after intelligent contract chain deployment, and etherhouses do not even provide an official intelligent contract upgrade approach. Thus, once a smart contract containing a leak is linked up, it is costly to maintain and is vulnerable to repeated attacks by hackers resulting in significant losses to the contract deployment party. The current technologies for dealing with the security of the intelligent contract mainly comprise an intelligent contract firewall and an intelligent contract security auditing technology. The intelligent contract firewall provides real-time protection for the intelligent contract, prevents unauthorized transaction by adding another layer of protection on the intelligent contract, can configure a black and white list in a customized manner according to the actual requirements of projects, strictly filters attackers and malicious users, and ensures platform fairness and asset safety. The intelligent contract security audit technology is one of the core services of professional block chain companies such as slow fog science and technology, dispute science and technology, zero hour science and technology and the like. The technology is that a third-party audit is carried out on the intelligent contract before chain code linking, wherein matching containing characteristic codes, automatic audit technology and manual audit technology based on morphological verification and symbolic execution and symbolic abstraction exist.
The intelligent contract security upgrading performed before chaining by the existing intelligent contract intercepting method is mainly used for discovering and repairing chain code vulnerabilities, an intelligent contract firewall realizes management and control of chain code calling and prevents unauthorized chain code access through deployment of firewall codes, and the existing intelligent contract intercepting method cannot timely discover and intercept malicious transactions initiated aiming at the intelligent contract vulnerabilities.
Disclosure of Invention
The invention provides an intelligent contract intercepting method and device based on an intelligent contract firewall framework, and aims to solve the technical problem that malicious transactions initiated aiming at intelligent contract vulnerabilities cannot be found in time and intercepted by an existing intelligent contract intercepting method.
One embodiment of the invention provides an intelligent contract intercepting method based on an intelligent contract firewall framework, which comprises the following steps:
deploying a first firewall contract, a first interception rule base and a protected contract on the blockchain; the first interception rule base comprises a first rule contract;
receiving and responding to a calling request sent by a user side, sending transaction information in the transaction request sent by the user side to the first rule contract, enabling the first rule contract to judge the rationality of the transaction information, and returning a judgment result to the first firewall contract when the judgment result that the rationality passes is obtained;
receiving and responding to the judgment result, sending the transaction request to the protected contract, enabling the protected contract to perform transaction with the user side according to the transaction request, and returning the transaction result to the first firewall contract after the transaction is completed;
receiving a transaction result sent by the protected contract, sending the transaction result to the first rule contract, enabling the first rule contract to detect the transaction result according to rules in the contract, and returning the detection result to the first firewall contract if the detection result indicates that the transaction result does not meet transaction conditions;
and intercepting the transaction according to the detection result, and returning the interception result to the user side.
Further, the intercepting method further comprises:
deploying a second rule contract in the first interception rule base;
and changing the first rule contract into the second rule contract by modifying the calling state parameter of the first firewall contract.
Further, the intercepting method further comprises:
deploying a second interception rule base and a second firewall contract on the blockchain;
and destroying the first firewall contract, calling a rule contract in the second interception rule base through the second firewall contract, and protecting the protected contract by the rule contract in the second interception rule base.
Further, there is a many-to-many relationship between the firewall contract, the rule contract, and the protected contract.
Further, the intercepting method further comprises:
and after the protected contract is attacked by an unknown novel attack, carrying out fuzzy test by taking the abnormal parameters in the protected contract as samples to obtain a reinforcement rule for dealing with the novel attack.
Further, the fuzzy test is performed by using the abnormal parameter in the protected contract as a sample to obtain a reinforcement rule for dealing with the novel attack, specifically:
after the novel attack, determining abnormal parameters which cause abnormal states when the protected contract is attacked, carrying out random variation processing on the abnormal parameters to obtain variation abnormal parameters, and carrying out multiple fuzzy tests on the variation abnormal parameters to obtain reinforcement rules.
Further, the random variation processing is performed on the abnormal parameters to obtain variation abnormal parameters, and multiple fuzzy tests are performed on the variation abnormal parameters to obtain a reinforcement rule, specifically:
taking the variant abnormal parameters as an input item of each fuzzing test, and taking the attacked protected contract as a carrier of each fuzzing test to carry out fuzzing test, so as to obtain a control flow of the attacked protected contract, wherein an output item of the fuzzing test is obtained;
after multiple times of fuzzy tests, multiple groups of input and output pairs of the variation abnormal parameters and the control flow are obtained, frequent item mining is carried out on the input and output pairs, high-frequency code blocks of the input and output pairs are screened out, and the high-frequency code blocks are analyzed to obtain reinforcement rules for coping with the novel attacks.
Another embodiment of the present invention provides an intelligent contract intercepting apparatus based on an intelligent contract firewall framework, including:
a deployment module for deploying a first firewall contract, a first interception rule base and a protected contract on a blockchain; the first interception rule base comprises a first rule contract;
the transaction information sending module is used for receiving and responding to a calling request sent by a user side, sending transaction information in the transaction request sent by the user side to the first rule contract, enabling the first rule contract to judge the rationality of the transaction information, and returning a judgment result to the first firewall contract when the judgment result that the rationality passes is obtained;
the transaction request sending module is used for receiving and responding to the judgment result, sending the transaction request to the protected contract, enabling the protected contract to carry out transaction with the user side according to the transaction request, and returning the transaction result to the first firewall contract after the transaction is finished;
the transaction result sending module is used for receiving the transaction result sent by the protected contract and sending the transaction result to the first rule contract, so that the first rule contract detects the transaction result according to rules in the contract, and if the detection result indicates that the transaction result does not meet transaction conditions, the detection result is returned to the first firewall contract;
and the transaction interception module is used for intercepting the transaction according to the detection result and returning the interception result to the user side.
Yet another embodiment of the present invention provides a computer-readable storage medium, which includes a stored computer program, wherein when the computer program runs, a device on which the computer-readable storage medium is located is controlled to execute the intelligent contract intercepting method based on an intelligent contract firewall framework as described above.
The embodiment of the invention monitors each transaction of the protected contract in real time by establishing the firewall contract and the interception rule base on the block chain, and once the protected contract is found to have malicious transaction behaviors, the transaction behaviors can be intercepted in time through the firewall contract, thereby effectively avoiding the loss caused by the malicious transaction behaviors.
Furthermore, the embodiment of the invention realizes the protection of the protected contract in a form of separating the firewall contract from the interception rule, and when a user wants to replace the protection rule or a service provider, the protection can be realized only by changing the firewall contract calling parameter or directly replacing the new firewall contract, so that the protection service of the protected contract is more comprehensive and more flexible, and the maintenance cost and the maintenance difficulty of the intelligent contract can be effectively reduced.
Drawings
Fig. 1 is a schematic flowchart of an intelligent contract intercepting method based on an intelligent contract firewall framework according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an intelligent contract firewall architecture provided by an embodiment of the invention;
FIG. 3 is a schematic diagram illustrating change of inter-contract calling relationship when a rule contract is replaced according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating a change of an inter-contract calling relationship when an interception rule base is replaced according to an embodiment of the present invention;
fig. 5 is another schematic flowchart of an intelligent contract intercepting method based on an intelligent contract firewall framework according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating the operation of program code provided by an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an intelligent contract intercepting apparatus based on an intelligent contract firewall framework according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the description of the present application, it is to be understood that the terms "first", "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present application, "a plurality" means two or more unless otherwise specified.
In the description of the present application, it is to be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art.
Referring to fig. 1 to 6, in a first embodiment of the present invention, there is provided an intelligent contract intercepting method based on an intelligent contract firewall framework shown in fig. 1, including:
s1, deploying a first firewall contract, a first interception rule base and a protected contract on the blockchain; the first interception rule base comprises a first rule contract;
s2, receiving and responding to a call request sent by a user side, sending transaction information in the transaction request sent by the user side to a first rule contract, judging the rationality of the transaction information by the first rule contract, and returning a judgment result to the first firewall contract when the judgment result that the rationality passes is obtained;
optionally, the transaction information includes information of a transaction initiator and transaction parameters, the rationality judgment includes permission judgment and pre-execution result judgment, and when a judgment result that the rationality of the transaction information does not pass is obtained, the firewall contract intercepts the transaction.
S3, receiving and responding the judgment result, sending the transaction request to the protected contract, making the protected contract transact with the user side according to the transaction request, and returning the transaction result to the first firewall contract after the transaction is completed;
s4, receiving a transaction result sent by the protected contract, sending the transaction result to a first rule contract, enabling the first rule contract to detect the transaction result according to rules in the contract, and if the detection result is that the transaction result does not meet transaction conditions, returning the detection result to the first firewall contract;
and S5, intercepting the transaction according to the detection result, and returning the interception result to the user side.
In the embodiment of the present invention, the rule contract is also an intelligent contract that needs to be deployed on the blockchain, and a plurality of protection rules and interception rules for intelligent contract transactions are written in the rule contract, and the firewall interception rules may be formally described as follows:
f(p1,p2,...)
wherein pi is a transaction parameter, and f is a function operation on the transaction parameter, and may be a segment of code.
The interception rule base is a set of rule contracts, and is embodied as a plurality of intelligent contracts which are already deployed and have trade filtering protection rules written thereon in an actual application scene.
In the embodiment of the invention, the firewall contract is essentially a contract protection agent, and is an entrance of the interception rule base and is used for connecting the interception rule base and the protected contract. Fig. 2 is a schematic diagram of an intelligent contract firewall architecture according to an embodiment of the present invention.
The embodiment of the invention deploys a first firewall contract, a first interception rule base and a protected contract on a block chain; the first interception rule base comprises a first rule contract, the first firewall contract is connected with the interception rule base and the protected contract, each transaction of the protected contract is monitored in real time through the first firewall, once the protected contract is found to have malicious transaction behaviors, the transaction behaviors can be intercepted in time through the firewall contract, and therefore loss caused by the malicious transaction behaviors can be effectively avoided.
As a specific implementation manner of the embodiment of the present invention, the interception method further includes:
deploying a second rule contract in the first interception rule base;
and changing the first rule contract into a second rule contract by modifying the calling state parameter of the first firewall contract.
In the embodiment of the invention, the firewall contract is essentially a contract protection agent, and is an entrance of the interception rule base and is used for connecting the interception rule base and the protected contract.
Referring to fig. 3, when a rule contract needs to be replaced to protect a protection contract, the embodiment of the present invention may complete the replacement of the rule contract by modifying the call state parameter of the firewall contract. With continued reference to fig. 3, a first rule contract, a second rule contract, a firewall contract, and a protected contract are deployed on the blockchain, and the interception protection rule of the protected contract is determined by the first rule contract before the interception rule is replaced. When the interception rule needs to be replaced by the content of the second rule contract, the embodiment of the invention can complete the replacement of the interception rule by modifying the calling state parameter of the firewall contract from the first rule contract to the second rule contract, and the interception rule of the protected contract after the additional contract is replaced is determined by the second rule contract.
According to the embodiment of the invention, the first firewall contract is connected with the rule contract and the protected contract, when a user needs to replace protection service, the replacement of the rule contract can be conveniently realized by modifying the calling state parameter of the first firewall contract, so that not only can the protection efficiency be effectively improved, but also the replacement of the rule contract is realized only by modifying the calling state parameter, and the maintenance cost and the maintenance difficulty of the intelligent contract can be effectively reduced.
As a specific implementation manner of the embodiment of the present invention, the interception method further includes:
deploying a second interception rule base and a second firewall contract on the blockchain;
and destroying the first firewall contract, calling the rule contract in the second interception rule base through the second firewall contract, and protecting the protected contract by using the rule contract in the second interception rule base.
Alternatively, in an actual application scenario, different interception rule bases are typically maintained by different service providers. Referring to fig. 4, when a user wants to replace the interception rule base that provides the protection rule standard for the protected contract, the embodiment of the present invention is implemented by replacing the firewall agent contract. In fig. 4, a first interception rule base, a second interception rule base, a first firewall contract and a protected contract have been deployed on the blockchain, where the protected contract is provided with protection services by the first firewall contract and the interception rule is determined by one of the rule contracts in the first interception rule base. In one particular embodiment, the interception rule may be determined by a plurality of rule contracts.
Optionally, when the user wants to replace the interception rule with a certain rule contract in the second interception rule base, since the types or attributes of the external interfaces provided by different interception rule bases may not be consistent, the service cannot be replaced by directly changing the call state parameter of the firewall contract. The embodiment of the invention calls the rule contract in the second interception rule base by redeploying a second firewall contract so as to realize the replacement of the interception rule. At this time, the protected contract does not need the first interception rule base to provide the interception rule service any more, and the embodiment of the invention directly destroys the first firewall contract so as to reduce the memory space of the system and improve the interception efficiency of the system. While the first rule contract may continue to be deployed on the blockchain waiting to be recalled by other firewall contracts. After the above operation is completed, the protected contract is provided with protection service through the second firewall contract, and the interception rule is determined by one of the rule contracts in the second interception rule base. In one particular embodiment, the interception rule may be determined by a plurality of rule contracts.
In the embodiment of the invention, the first firewall contract is connected with the rule contract and the protected contract, the first firewall contract is used as a protection provider to provide protection service for the protected contract, when a user needs to replace the protection provider, the first firewall contract is destroyed, the second firewall contract is deployed on the block chain, the second firewall contract is used for calling the rule contract in the second interception rule base, and the protected contract is protected by the rule contract in the second interception rule base, so that the protection provider can be replaced quickly, the protection service for the protected contract is more comprehensive and flexible, and the maintenance cost and the maintenance difficulty of the intelligent contract can be effectively reduced.
As a specific implementation of the embodiment of the present invention, there is a many-to-many relationship between the firewall contract, the rule contract and the protected contract.
For example, the firewall contract may be protected only for one protected contract, or may protect multiple protected contracts at the same time, and the firewall contract may call one rule contract or call multiple rule contracts at the same time, and there may be many-to-many relationships between the rule contract, the firewall contract, and the protected contracts. According to the embodiment of the invention, the many-to-many relation among the firewall contract, the rule contract and the protected contract can effectively improve the intercepting efficiency and the problem of difficulty in deploying, maintaining and upgrading the intelligent contract.
As a specific implementation manner of the embodiment of the present invention, the interception method further includes:
and after the protected contract is attacked by an unknown novel attack, carrying out fuzzy test by taking abnormal parameters in the protected contract as samples to obtain a reinforcement rule for dealing with the novel attack.
In the embodiment of the invention, the abnormal parameters in the protected contract subjected to the attack are used as samples to carry out the fuzzy test, and the reinforcement rule for dealing with the novel attack is generated in a targeted manner, so that the effectiveness of the reinforcement rule can be effectively improved.
As a specific implementation manner of the embodiment of the present invention, the fuzzy test is performed on the abnormal parameters within the protected contract as a sample to obtain a reinforcement rule for dealing with the new attack, which specifically includes:
after the novel attack, determining abnormal parameters which cause abnormal states when the protected contract is attacked, carrying out random variation processing on the abnormal parameters to obtain variation abnormal parameters, and carrying out multiple times of fuzzy tests on the variation abnormal parameters to obtain reinforcement rules.
As a specific implementation manner of the embodiment of the present invention, the abnormal parameter is subjected to random variation processing to obtain a variation abnormal parameter, and the variation abnormal parameter is subjected to multiple fuzzy tests to obtain a reinforcement rule, which specifically includes:
taking the abnormal variation parameters as an input item of each fuzzification test, and taking the attacked protected contract as a carrier of each fuzzification test to carry out the fuzzification test, so as to obtain an output item of the fuzzification test, which is a control flow of the attacked protected contract;
after multiple times of fuzzy tests, multiple sets of variation abnormal parameters and input and output pairs of control flows are obtained, frequent item mining is carried out on the input and output pairs, high-frequency code blocks of the input and output pairs are screened out, and the high-frequency code blocks are analyzed to obtain reinforcement rules for coping with novel attacks.
Exemplarily, in the embodiment of the present invention, the variations are: and (3) generating new parameters by using a specific method based on the original parameters. The parameter variation method comprises addition, subtraction and replacement of random numbers, bit-wise or random inversion, exclusive OR, negation, sensitive boundary value replacement and the like. The data flow is: the running path of the code program is the code which is run from the beginning to the end in the running process of the intelligent contract. Referring to fig. 6, if the parameter i is 0, the running path of the code program is a- > B- > D, and the data flow is the code running on the way of the path. The fuzz test was: a method for discovering software vulnerabilities by providing unexpected output to a target system and monitoring for anomalous results. The main process of the primary fuzz test is as follows: firstly, randomly mutating the transaction or calling parameters triggering the abnormal state of the intelligent contract, then calling the original attacked intelligent contract by taking the mutated parameters as input parameters again, and recording the running codes as data stream output in the running process of the contract.
Frequent item mining in embodiments of the present invention is essentially a process of establishing a mapping from call parameters to code blocks. The embodiment of the invention can obtain a plurality of groups of variant transaction parameters and input/output pairs of code control flows through fuzzy test, and then establishes a frequent item set by observing the same code statement in each group of code control flows corresponding to the same transaction parameter under the condition of different variant results, thereby determining the mapping between the transaction parameters and the code blocks. Illustratively, an algorithm used for frequent item mining in the embodiment of the present invention is an Apriori algorithm, which is an algorithm based on association rule mining and aims to find out hidden relationships among things, and a support degree is used as a standard for determining a frequent item set in the embodiment of the present invention in the Apriori algorithm. The goal of Apriori's algorithm is to find the largest frequent set of K terms. In the embodiment of the present invention, the association rule is in the form of an implication form of X → Y, where X and Y are respectively referred to as a Leader (LHS) and a successor (RHS) of the association rule. The association rule XY exists support and trust. The support degree is the probability that commodities included in the rule antecedent LHS and the rule postcedent RHS are simultaneously appeared, and can be understood as the transaction times/total transaction times of the LHS commodities and the RHS commodities. In the embodiment of the present invention, a frequent item set is generated, and the goal is to find all item sets satisfying the minimum support threshold, and these item sets are called frequent item sets (frequent itemsets).
In a specific implementation manner, the algorithm steps adopted for frequent mining in the embodiment of the present invention are as follows:
inputting a data set D and a support degree threshold value alpha;
outputting the maximum frequent k item set;
s10, scanning the whole data set to obtain all the appeared data as a candidate frequent 1 item set, wherein k is 1, and the frequent 0 item set is an empty set;
s20, mining a frequent k item set;
a. scanning data to calculate the support degree of a candidate frequent k item set;
b. removing the data set with the support degree lower than a threshold value in the candidate frequent k item set to obtain a frequent k item set; if the obtained frequent k item set is empty, directly returning the set of the frequent k-1 item set as an algorithm result, and ending the algorithm; if the obtained frequent k item set has only one item, directly returning the set of the frequent k item set as an algorithm result, and ending the algorithm;
c. and continuously generating a candidate frequent k +1 item set based on the frequent k item set.
S30, let k equal to k +1, and go to step S20.
In a specific implementation manner, the input-output pairs obtained by the fuzzy test of the embodiment of the present invention include the following three input-output pairs: { A, { a, B } }, { B, { B, C } }, { C, { B } }, wherein A, B, C are three different new input parameter values after random variation of the same transaction parameter W, and a, B, and C are three code statements in an attacked intelligent contract respectively. By observing that whether W is changed into A, B or C, the code statement b runs, and then a term set { W, b } is obtained, namely when the parameter W changes, b statements run synchronously with a certain probability, and W and b are related with a certain probability. After the embodiment of the present invention changes the parameter W many times, the statement b operates with a high probability, the embodiment of the present invention establishes a frequent item set { W, b } by an Apriori algorithm, and calculates its support degree, and as long as the support degree of the set is greater than an input threshold value α which is not too large and is not greater than a large threshold value β, the embodiment of the present invention considers that various variations of the parameter W have a direct influence on whether b operates.
After a protected contract is attacked by a novel type, the embodiment of the invention carries out fuzzy test by taking abnormal parameters in the attacked protected contract as samples to obtain an input-output pair, and screens out high-frequency code blocks of the input-output pair through frequent item mining, namely suspicious codes with abnormal states, and the suspicious codes are analyzed, so that reinforcement rules aiming at the novel attack can be effectively obtained, and the protection strength of the protected contract can be effectively provided.
Fig. 5 is another schematic flow chart of intelligent contract interception based on an intelligent contract firewall framework according to an embodiment of the present invention.
The embodiment of the invention has the following beneficial effects:
the embodiment of the invention monitors each transaction of the protected contract in real time by establishing the firewall contract and the interception rule base on the block chain, and once the protected contract is found to have malicious transaction behaviors, the transaction behaviors can be intercepted in time through the firewall contract, thereby effectively avoiding the loss caused by the malicious transaction behaviors; the embodiment of the invention realizes the protection of the protected contract in a form of separating the firewall contract from the interception rule, and when a user wants to replace the protection rule or a service provider, the protection can be realized only by changing the firewall contract calling parameter or directly replacing a new firewall contract, so that the protection service of the protected contract is more comprehensive and flexible, and the maintenance cost and the maintenance difficulty of an intelligent contract can be effectively reduced; according to the embodiment of the invention, the abnormal parameters in the protected contract subjected to the attack are used as samples to carry out the fuzzy test, and the reinforcement rule for dealing with the novel attack is generated in a targeted manner, so that the effectiveness of the reinforcement rule can be effectively improved.
Referring to fig. 7, another embodiment of the present invention provides an intelligent contract intercepting apparatus based on an intelligent contract firewall framework, including:
a deployment module 10, configured to deploy a first firewall contract, a first interception rule base, and a protected contract on a blockchain; the first interception rule base comprises a first rule contract;
the transaction information request sending module 20 is configured to receive and respond to a call request sent by a user, send transaction information in the transaction request sent by the user to the first rule contract, so that the first rule contract judges the rationality of the transaction information, and when a judgment result that the rationality passes is obtained, return the judgment result to the first firewall contract;
optionally, the transaction information includes information of a transaction initiator and transaction parameters, the rationality judgment includes permission judgment and pre-execution result judgment, and when a judgment result that the rationality of the transaction information does not pass is obtained, the firewall contract intercepts the transaction.
The transaction request sending module 30 is used for receiving and responding to the judgment result, sending the transaction request to the protected contract, enabling the protected contract to carry out transaction with the user side according to the transaction request, and returning the transaction result to the first firewall contract after the transaction is completed;
the transaction result sending module 40 is configured to receive a transaction result sent by the protected contract, send the transaction result to the first rule contract, detect the transaction result according to a rule in the contract of the first rule contract, and return the detection result to the first firewall contract if the detection result indicates that the transaction result does not satisfy the transaction condition;
and the transaction interception module 50 is configured to intercept the transaction according to the detection result, and return the interception result to the user side.
In the embodiment of the present invention, the rule contract is also an intelligent contract that needs to be deployed on the blockchain, and a plurality of protection rules and interception rules for intelligent contract transactions are written in the rule contract, and the firewall interception rules may be formally described as follows:
f(p1,p2,...)
wherein pi is a transaction parameter, and f is a function operation on the transaction parameter, and may be a segment of code.
The interception rule base is a set of rule contracts, and is embodied as a plurality of intelligent contracts which are already deployed and have trade filtering protection rules written thereon in an actual application scene.
In the embodiment of the invention, the firewall contract is essentially a contract protection agent, and is an entrance of the interception rule base and is used for connecting the interception rule base and the protected contract. Fig. 2 is a schematic diagram of an intelligent contract firewall architecture according to an embodiment of the present invention.
The embodiment of the invention deploys a first firewall contract, a first interception rule base and a protected contract on a block chain; the first interception rule base comprises a first rule contract, the first firewall contract is connected with the interception rule base and the protected contract, each transaction of the protected contract is monitored in real time through the first firewall, once the protected contract is found to have malicious transaction behaviors, the transaction behaviors can be intercepted in time through the firewall contract, and therefore loss caused by the malicious transaction behaviors can be effectively avoided.
As a specific implementation manner of the embodiment of the present invention, the interception method further includes:
deploying a second rule contract in the first interception rule base;
and changing the first rule contract into a second rule contract by modifying the calling state parameter of the first firewall contract.
In the embodiment of the invention, the firewall contract is essentially a contract protection agent, and is an entrance of the interception rule base and is used for connecting the interception rule base and the protected contract.
Referring to fig. 3, when a rule contract needs to be replaced to protect a protection contract, the embodiment of the present invention may complete the replacement of the rule contract by modifying the call state parameter of the firewall contract. With continued reference to fig. 3, a first rule contract, a second rule contract, a firewall contract, and a protected contract are deployed on the blockchain, and the interception protection rule of the protected contract is determined by the first rule contract before the interception rule is replaced. When the interception rule needs to be replaced by the content of the second rule contract, the embodiment of the invention can complete the replacement of the interception rule by modifying the calling state parameter of the firewall contract from the first rule contract to the second rule contract, and the interception rule of the protected contract after the additional contract is replaced is determined by the second rule contract.
According to the embodiment of the invention, the first firewall contract is connected with the rule contract and the protected contract, when a user needs to replace protection service, the replacement of the rule contract can be conveniently realized by modifying the calling state parameter of the first firewall contract, so that not only can the protection efficiency be effectively improved, but also the replacement of the rule contract is realized only by modifying the calling state parameter, and the maintenance cost and the maintenance difficulty of the intelligent contract can be effectively reduced.
As a specific implementation manner of the embodiment of the present invention, the intercepting apparatus further includes a rule contract invoking module, configured to:
deploying a second interception rule base and a second firewall contract on the blockchain;
and destroying the first firewall contract, calling the rule contract in the second interception rule base through the second firewall contract, and protecting the protected contract by using the rule contract in the second interception rule base.
Alternatively, in an actual application scenario, different interception rule bases are typically maintained by different service providers. Referring to fig. 4, when a user wants to replace the interception rule base that provides the protection rule standard for the protected contract, the embodiment of the present invention is implemented by replacing the firewall agent contract. In fig. 4, a first interception rule base, a second interception rule base, a first firewall contract and a protected contract have been deployed on the blockchain, where the protected contract is provided with protection services by the first firewall contract and the interception rule is determined by one of the rule contracts in the first interception rule base. In one particular embodiment, the interception rule may be determined by a plurality of rule contracts.
Optionally, when the user wants to replace the interception rule with a certain rule contract in the second interception rule base, since the types or attributes of the external interfaces provided by different interception rule bases may not be consistent, the service cannot be replaced by directly changing the call state parameter of the firewall contract. The embodiment of the invention calls the rule contract in the second interception rule base by redeploying a second firewall contract so as to realize the replacement of the interception rule. At this time, the protected contract does not need the first interception rule base to provide the interception rule service any more, and the embodiment of the invention directly destroys the first firewall contract so as to reduce the memory space of the system and improve the interception efficiency of the system. While the first rule contract may continue to be deployed on the blockchain waiting to be recalled by other firewall contracts. After the above operation is completed, the protected contract is provided with protection service through the second firewall contract, and the interception rule is determined by one of the rule contracts in the second interception rule base. In one particular embodiment, the interception rule may be determined by a plurality of rule contracts.
In the embodiment of the invention, the first firewall contract is connected with the rule contract and the protected contract, the first firewall contract is used as a protection provider to provide protection service for the protected contract, when a user needs to replace the protection provider, the first firewall contract is destroyed, the second firewall contract is deployed on the block chain, the second firewall contract is used for calling the rule contract in the second interception rule base, and the protected contract is protected by the rule contract in the second interception rule base, so that the protection provider can be replaced quickly, the protection service for the protected contract is more comprehensive and flexible, and the maintenance cost and the maintenance difficulty of the intelligent contract can be effectively reduced.
As a specific implementation of the embodiment of the present invention, there is a many-to-many relationship between the firewall contract, the rule contract and the protected contract.
For example, the firewall contract may be protected only for one protected contract, or may protect multiple protected contracts at the same time, and the firewall contract may call one rule contract or call multiple rule contracts at the same time, and there may be many-to-many relationships between the rule contract, the firewall contract, and the protected contracts. According to the embodiment of the invention, the many-to-many relation among the firewall contract, the rule contract and the protected contract can effectively improve the intercepting efficiency and the problem of difficulty in deploying, maintaining and upgrading the intelligent contract.
As a specific implementation manner of the embodiment of the present invention, the intercepting apparatus further includes a fuzzy test module, configured to:
and after the protected contract is attacked by an unknown novel attack, carrying out fuzzy test by taking abnormal parameters in the protected contract as samples to obtain a reinforcement rule for dealing with the novel attack.
In the embodiment of the invention, the abnormal parameters in the protected contract subjected to the attack are used as samples to carry out the fuzzy test, and the reinforcement rule for dealing with the novel attack is generated in a targeted manner, so that the effectiveness of the reinforcement rule can be effectively improved.
As a specific implementation manner of the embodiment of the present invention, the fuzzy test module is specifically configured to:
after the novel attack, determining abnormal parameters which cause abnormal states when the protected contract is attacked, carrying out random variation processing on the abnormal parameters to obtain variation abnormal parameters, and carrying out multiple times of fuzzy tests on the variation abnormal parameters to obtain reinforcement rules.
As a specific implementation manner of the embodiment of the present invention, the abnormal parameter is subjected to random variation processing to obtain a variation abnormal parameter, and the variation abnormal parameter is subjected to multiple fuzzy tests to obtain a reinforcement rule, which specifically includes:
taking the abnormal variation parameters as an input item of each fuzzification test, and taking the attacked protected contract as a carrier of each fuzzification test to carry out the fuzzification test, so as to obtain an output item of the fuzzification test, which is a control flow of the attacked protected contract;
after multiple times of fuzzy tests, multiple sets of variation abnormal parameters and input and output pairs of control flows are obtained, frequent item mining is carried out on the input and output pairs, high-frequency code blocks of the input and output pairs are screened out, and the high-frequency code blocks are analyzed to obtain reinforcement rules for coping with novel attacks.
Exemplarily, in the embodiment of the present invention, the variations are: and (3) generating new parameters by using a specific method based on the original parameters. The parameter variation method comprises addition, subtraction and replacement of random numbers, bit-wise or random inversion, exclusive OR, negation, sensitive boundary value replacement and the like. The data flow is: the running path of the code program is the code which is run from the beginning to the end in the running process of the intelligent contract. Referring to fig. 6, if the parameter i is 0, the running path of the code program is a- > B- > D, and the data flow is the code running on the way of the path. The fuzz test was: a method for discovering software vulnerabilities by providing unexpected output to a target system and monitoring for anomalous results. The main process of the primary fuzz test is as follows: firstly, randomly mutating the transaction or calling parameters triggering the abnormal state of the intelligent contract, then calling the original attacked intelligent contract by taking the mutated parameters as input parameters again, and recording the running codes as data stream output in the running process of the contract.
Frequent item mining in embodiments of the present invention is essentially a process of establishing a mapping from call parameters to code blocks. The embodiment of the invention can obtain a plurality of groups of variant transaction parameters and input/output pairs of code control flows through fuzzy test, and then establishes a frequent item set by observing the same code statement in each group of code control flows corresponding to the same transaction parameter under the condition of different variant results, thereby determining the mapping between the transaction parameters and the code blocks. Illustratively, an algorithm used for frequent item mining in the embodiment of the present invention is an Apriori algorithm, which is an algorithm based on association rule mining and aims to find out hidden relationships among things, and a support degree is used as a standard for determining a frequent item set in the embodiment of the present invention in the Apriori algorithm. The goal of Apriori's algorithm is to find the largest frequent set of K terms. In the embodiment of the present invention, the association rule is in the form of an implication form of X → Y, where X and Y are respectively referred to as a Leader (LHS) and a successor (RHS) of the association rule. The association rule XY exists support and trust. The support degree is the probability that commodities included in the rule antecedent LHS and the rule postcedent RHS are simultaneously appeared, and can be understood as the transaction times/total transaction times of the LHS commodities and the RHS commodities. In the embodiment of the present invention, a frequent item set is generated, and the goal is to find all item sets satisfying the minimum support threshold, and these item sets are called frequent item sets (frequent itemsets).
In a specific implementation manner, the algorithm steps adopted for frequent mining in the embodiment of the present invention are as follows:
inputting a data set D and a support degree threshold value alpha;
outputting the maximum frequent k item set;
s10, scanning the whole data set to obtain all the appeared data as a candidate frequent 1 item set, wherein k is 1, and the frequent 0 item set is an empty set;
s20, mining a frequent k item set;
a. scanning data to calculate the support degree of a candidate frequent k item set;
b. removing the data set with the support degree lower than a threshold value in the candidate frequent k item set to obtain a frequent k item set; if the obtained frequent k item set is empty, directly returning the set of the frequent k-1 item set as an algorithm result, and ending the algorithm; if the obtained frequent k item set has only one item, directly returning the set of the frequent k item set as an algorithm result, and ending the algorithm;
c. and continuously generating a candidate frequent k +1 item set based on the frequent k item set.
S30, let k be k +1, and go to S20.
In a specific implementation manner, the input-output pairs obtained by the fuzzy test of the embodiment of the present invention include the following three input-output pairs: { A, { a, B } }, { B, { B, C } }, { C, { B } }, wherein A, B, C are three different new input parameter values after random variation of the same transaction parameter W, and a, B, and C are three code statements in an attacked intelligent contract respectively. By observing that whether W is changed into A, B or C, the code statement b runs, and then a term set { W, b } is obtained, namely when the parameter W changes, b statements run synchronously with a certain probability, and W and b are related with a certain probability. After the embodiment of the present invention changes the parameter W many times, the statement b operates with a high probability, the embodiment of the present invention establishes a frequent item set { W, b } by an Apriori algorithm, and calculates its support degree, and as long as the support degree of the set is greater than an input threshold value α which is not too large and is not greater than a large threshold value β, the embodiment of the present invention considers that various variations of the parameter W have a direct influence on whether b operates.
After a protected contract is attacked by a novel type, the embodiment of the invention carries out fuzzy test by taking abnormal parameters in the attacked protected contract as samples to obtain an input-output pair, and screens out high-frequency code blocks of the input-output pair through frequent item mining, namely suspicious codes with abnormal states, and the suspicious codes are analyzed, so that reinforcement rules aiming at the novel attack can be effectively obtained, and the protection strength of the protected contract can be effectively provided.
The embodiment of the invention has the following beneficial effects:
the embodiment of the invention monitors each transaction of the protected contract in real time by establishing the firewall contract and the interception rule base on the block chain, and once the protected contract is found to have malicious transaction behaviors, the transaction behaviors can be intercepted in time through the firewall contract, thereby effectively avoiding the loss caused by the malicious transaction behaviors; the embodiment of the invention realizes the protection of the protected contract in a form of separating the firewall contract from the interception rule, and when a user wants to replace the protection rule or a service provider, the protection can be realized only by changing the firewall contract calling parameter or directly replacing a new firewall contract, so that the protection service of the protected contract is more comprehensive and flexible, and the maintenance cost and the maintenance difficulty of an intelligent contract can be effectively reduced; according to the embodiment of the invention, the abnormal parameters in the protected contract subjected to the attack are used as samples to carry out the fuzzy test, and the reinforcement rule for dealing with the novel attack is generated in a targeted manner, so that the effectiveness of the reinforcement rule can be effectively improved.
Yet another embodiment of the present invention provides a computer-readable storage medium, which includes a stored computer program, wherein when the computer program runs, a device in which the computer-readable storage medium is located is controlled to execute the intelligent contract intercepting method based on the intelligent contract firewall framework as described above.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.
Claims (9)
1. An intelligent contract interception method based on an intelligent contract firewall framework is characterized by comprising the following steps:
deploying a first firewall contract, a first interception rule base and a protected contract on the blockchain; the first interception rule base comprises a first rule contract;
receiving and responding to a calling request sent by a user side, sending transaction information in the transaction request sent by the user side to the first rule contract, enabling the first rule contract to judge the rationality of the transaction information, and returning a judgment result to the first firewall contract when the judgment result that the rationality passes is obtained;
receiving and responding to the judgment result, sending the transaction request to the protected contract, enabling the protected contract to perform transaction with the user side according to the transaction request, and returning the transaction result to the first firewall contract after the transaction is completed;
receiving a transaction result sent by the protected contract, sending the transaction result to the first rule contract, enabling the first rule contract to detect the transaction result according to rules in the contract, and returning the detection result to the first firewall contract if the detection result indicates that the transaction result does not meet transaction conditions;
and intercepting the transaction according to the detection result, and returning the interception result to the user side.
2. An intelligent contract interception method based on an intelligent contract firewall framework according to claim 1, further comprising:
deploying a second rule contract in the first interception rule base;
and changing the first rule contract into the second rule contract by modifying the calling state parameter of the first firewall contract.
3. An intelligent contract interception method based on an intelligent contract firewall framework according to claim 1, further comprising:
deploying a second interception rule base and a second firewall contract on the blockchain;
and destroying the first firewall contract, calling a rule contract in the second interception rule base through the second firewall contract, and protecting the protected contract by the rule contract in the second interception rule base.
4. An intelligent contract interception method based on an intelligent contract firewall framework according to claim 1, characterized in that there is a many-to-many relationship between the firewall contract, the rule contract and the protected contract.
5. An intelligent contract interception method based on an intelligent contract firewall framework according to claim 1, further comprising:
and after the protected contract is attacked by an unknown novel attack, carrying out fuzzy test by taking the abnormal parameters in the protected contract as samples to obtain a reinforcement rule for dealing with the novel attack.
6. The intelligent contract interception method based on the intelligent contract firewall framework according to claim 5, wherein the fuzzy test is performed by using the abnormal parameters in the protected contract as samples to obtain a reinforcement rule for dealing with the new attack, specifically:
after the novel attack, determining abnormal parameters which cause abnormal states when the protected contract is attacked, carrying out random variation processing on the abnormal parameters to obtain variation abnormal parameters, and carrying out multiple fuzzy tests on the variation abnormal parameters to obtain reinforcement rules.
7. The intelligent contract interception method based on the intelligent contract firewall framework according to claim 5, wherein the random variation processing is performed on the abnormal parameters to obtain variation abnormal parameters, and multiple fuzzy tests are performed on the variation abnormal parameters to obtain a reinforcement rule, specifically:
taking the variant abnormal parameters as an input item of each fuzzing test, and taking the attacked protected contract as a carrier of each fuzzing test to carry out fuzzing test, so as to obtain a control flow of the attacked protected contract, wherein an output item of the fuzzing test is obtained;
after multiple times of fuzzy tests, multiple groups of input and output pairs of the variation abnormal parameters and the control flow are obtained, frequent item mining is carried out on the input and output pairs, high-frequency code blocks of the input and output pairs are screened out, and the high-frequency code blocks are analyzed to obtain reinforcement rules for coping with the novel attacks.
8. An intelligent contract intercepting device based on an intelligent contract firewall framework is characterized by comprising:
a deployment module for deploying a first firewall contract, a first interception rule base and a protected contract on a blockchain; the first interception rule base comprises a first rule contract;
the transaction information sending module is used for receiving and responding to a calling request sent by a user side, sending transaction information in the transaction request sent by the user side to the first rule contract, enabling the first rule contract to judge the rationality of the transaction information, and returning a judgment result to the first firewall contract when the judgment result that the rationality passes is obtained;
the transaction request sending module is used for receiving and responding to the judgment result, sending the transaction request to the protected contract, enabling the protected contract to carry out transaction with the user side according to the transaction request, and returning the transaction result to the first firewall contract after the transaction is finished;
the transaction result sending module is used for receiving the transaction result sent by the protected contract and sending the transaction result to the first rule contract, so that the first rule contract detects the transaction result according to rules in the contract, and if the detection result indicates that the transaction result does not meet transaction conditions, the detection result is returned to the first firewall contract;
and the transaction interception module is used for intercepting the transaction according to the detection result and returning the interception result to the user side.
9. A computer-readable storage medium, comprising a stored computer program, wherein the computer program, when running, controls a device on which the computer-readable storage medium is located to execute the intelligent contract intercepting method based on the intelligent contract firewall framework according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110740050.3A CN113595986B (en) | 2021-06-30 | 2021-06-30 | Intelligent contract intercepting method and device based on intelligent contract firewall framework |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110740050.3A CN113595986B (en) | 2021-06-30 | 2021-06-30 | Intelligent contract intercepting method and device based on intelligent contract firewall framework |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113595986A true CN113595986A (en) | 2021-11-02 |
| CN113595986B CN113595986B (en) | 2023-02-21 |
Family
ID=78245392
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110740050.3A Active CN113595986B (en) | 2021-06-30 | 2021-06-30 | Intelligent contract intercepting method and device based on intelligent contract firewall framework |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113595986B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115865514A (en) * | 2022-12-23 | 2023-03-28 | 深圳市拓普泰克技术股份有限公司 | Intelligent contract firewall protection method and device based on block chain |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110619523A (en) * | 2019-09-26 | 2019-12-27 | 成都链安科技有限公司 | Block chain intelligent contract firewall protection method and system |
| WO2020113139A1 (en) * | 2018-11-28 | 2020-06-04 | Dan Kikinis | System and method for security gateway for high security blockchain systems |
| CN111654494A (en) * | 2020-06-02 | 2020-09-11 | 广州大学 | Proxy firewall protection method and system for intelligent contract |
| CN112202704A (en) * | 2020-04-10 | 2021-01-08 | 厦门慢雾科技有限公司 | Block chain intelligent contract safety protection system |
-
2021
- 2021-06-30 CN CN202110740050.3A patent/CN113595986B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020113139A1 (en) * | 2018-11-28 | 2020-06-04 | Dan Kikinis | System and method for security gateway for high security blockchain systems |
| CN110619523A (en) * | 2019-09-26 | 2019-12-27 | 成都链安科技有限公司 | Block chain intelligent contract firewall protection method and system |
| CN112202704A (en) * | 2020-04-10 | 2021-01-08 | 厦门慢雾科技有限公司 | Block chain intelligent contract safety protection system |
| CN111654494A (en) * | 2020-06-02 | 2020-09-11 | 广州大学 | Proxy firewall protection method and system for intelligent contract |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115865514A (en) * | 2022-12-23 | 2023-03-28 | 深圳市拓普泰克技术股份有限公司 | Intelligent contract firewall protection method and device based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113595986B (en) | 2023-02-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10534906B1 (en) | Detection efficacy of virtual machine-based analysis with application specific events | |
| US10289838B2 (en) | Scoring for threat observables | |
| US20180205755A1 (en) | Systems and methods for adaptive vulnerability detection and management | |
| US20140201836A1 (en) | Automated Internet Threat Detection and Mitigation System and Associated Methods | |
| KR100910761B1 (en) | Anomaly Malicious Code Detection Method using Process Behavior Prediction Technique | |
| KR20190067542A (en) | Computing apparatus and method thereof robust to encryption exploit | |
| EP3474174B1 (en) | System and method of adapting patterns of dangerous behavior of programs to the computer systems of users | |
| JP2023550974A (en) | Image-based malicious code detection method and device and artificial intelligence-based endpoint threat detection and response system using the same | |
| Jasiul et al. | Identification of malware activities with rules | |
| CN113595986B (en) | Intelligent contract intercepting method and device based on intelligent contract firewall framework | |
| US20190121975A1 (en) | System and method for adapting patterns of malicious program behavior from groups of computer systems | |
| CN112347484A (en) | Software vulnerability detection method, device, equipment and computer readable storage medium | |
| CN117081818A (en) | Attack transaction identification and interception method and system based on intelligent contract firewall | |
| CN114584391B (en) | Method, device, equipment and storage medium for generating abnormal flow processing strategy | |
| WO2020027956A1 (en) | Listen mode for application operation whitelisting mechanisms | |
| CN109271787A (en) | A kind of operating system security active defense method and operating system | |
| Mercaldo et al. | Not so Crisp, Malware! Fuzzy Classification of Android Malware Classes | |
| JP7243329B2 (en) | Computer program, event anomaly detection method, and computer | |
| US20230403294A1 (en) | Cyber security restoration engine | |
| Al-Mandhari et al. | Association Rules for Buffer Overflow Vulnerability Detection Using Machine Learning | |
| Hassan et al. | Improving of network security via use machine learning | |
| US20230214489A1 (en) | Rootkit detection based on system dump files analysis | |
| Stakhanova | A framework for adaptive, cost-sensitive intrusion detection and response system | |
| Agalit et al. | A survey and taxonomy of techniques used for alerts of Intrusion Detection Systems | |
| JP2010525498A (en) | Data type management unit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |