CN113961434A - A method and system for monitoring abnormal behavior of users in a distributed blockchain system - Google Patents
A method and system for monitoring abnormal behavior of users in a distributed blockchain system Download PDFInfo
- Publication number
- CN113961434A CN113961434A CN202111153349.5A CN202111153349A CN113961434A CN 113961434 A CN113961434 A CN 113961434A CN 202111153349 A CN202111153349 A CN 202111153349A CN 113961434 A CN113961434 A CN 113961434A
- Authority
- CN
- China
- Prior art keywords
- data
- abnormal
- behavior
- isolated
- depth
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 28
- 238000000034 method Methods 0.000 title claims abstract description 26
- 206010000117 Abnormal behaviour Diseases 0.000 title claims abstract description 25
- 230000002159 abnormal effect Effects 0.000 claims abstract description 41
- 238000007781 pre-processing Methods 0.000 claims abstract description 24
- 238000000586 desensitisation Methods 0.000 claims abstract description 10
- 238000012545 processing Methods 0.000 claims abstract description 8
- 230000006399 behavior Effects 0.000 claims description 69
- 238000004364 calculation method Methods 0.000 claims description 13
- 238000012795 verification Methods 0.000 claims description 7
- 230000005856 abnormality Effects 0.000 claims description 5
- 238000012937 correction Methods 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 3
- 238000001514 detection method Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000002547 anomalous effect Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000004140 cleaning Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3438—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明公开了一种分布式区块链系统用户异常行为监测方法及系统,通过对用户的行为数据进行预处理与脱敏处理后,从预处理与脱敏处理后的行为数据中提取数据特征,然后将提取的数据特征在区块链的各个节点之间共享,形成完整的数据链,各节点同步该区块以获取处理后的特征数据,然后通过构建孤立树,将所有数据根据某个维度的数据特征分散至该孤立树中的多个分叉上,通过计算数据在由多个孤立树构建的孤立森林中的路径深度与平均路径深度,可以得到检测数据的异常值,有利于克服区块链高维大数据异常监测困难、准确率低的问题,并通过采用分布式算法提升计算效率,为区块链系统交易的安全性提供可靠保障。
The invention discloses a method and system for monitoring abnormal behavior of users in a distributed blockchain system. After preprocessing and desensitization processing of user behavior data, data features are extracted from the behavior data after the preprocessing and desensitization processing. , and then share the extracted data features among the nodes of the blockchain to form a complete data chain, each node synchronizes the block to obtain the processed feature data, and then constructs an isolated tree to combine all data according to a certain The data features of the dimension are scattered on multiple branches in the isolated tree. By calculating the path depth and average path depth of the data in the isolated forest constructed by multiple isolated trees, the abnormal value of the detected data can be obtained, which is beneficial to overcome The abnormal monitoring of high-dimensional big data in the blockchain is difficult and the accuracy is low, and the computing efficiency is improved by using distributed algorithms to provide a reliable guarantee for the security of blockchain system transactions.
Description
Technical Field
The invention belongs to the technical field of wind control related to blockchain transactions, and particularly relates to a method and a system for monitoring abnormal behaviors of a user in a distributed blockchain system.
Background
A block chain is a chain data structure that combines data blocks in a sequential manner in a chronological order. As a new distributed data storage technology, due to the characteristics of decentralization, distributed storage and the like, the distributed data storage technology attracts high attention of various industries and is becoming an important force for driving technical innovation and industrial revolution of various industries.
With the increasing maturity of blockchain technologies and the gradual expansion of blockchain applications, privacy and security of blockchain transactions are receiving wide attention. The traditional block chain system verifies the authenticity of a user through an asymmetric encryption method. However, when an attacker intercepts the user's key through a network attack form outside the blockchain, the attacker can directly control the user to do fraudulent trading behavior in the blockchain trading system. Therefore, how to accurately determine and screen abnormal behaviors in blockchain transactions becomes a key point of research.
The abnormal behavior can be identified as an abnormal point detection problem, that is, a group of data points is searched for points which are sparsely distributed and are far away from a group with high distance density. The traditional abnormal point detection technology, such as an EM algorithm based on statistics, a k-means algorithm based on clustering, a DBSCAN algorithm based on density and the like, has the problems of large time complexity, difficulty in parameter or model selection, poor high-dimensional data detection effect, incapability of distributed calculation and the like, and is not suitable for a large-data, distributed and high-dimensional block chain system. Therefore, it is necessary and urgent to study the abnormal behavior detection of the blockchain system.
Disclosure of Invention
The invention aims to provide a method and a system for monitoring abnormal user behaviors in a distributed block chain system, so as to overcome the defects of the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method for monitoring abnormal behaviors of users in a distributed block chain system comprises the following steps:
s1, acquiring behavior data of each user in the block chain transaction system;
s2, preprocessing and desensitizing the collected behavior data;
s3, extracting data characteristics from the behavior data after the preprocessing and desensitization processing;
s4, the extracted feature data are combined into a verification information block and uploaded to a block chain, and each node synchronizes the block to obtain the processed feature data;
and S5, simultaneously constructing an isolated tree by each node according to the acquired feature data, calculating the data depth and the average depth of the isolated tree, then summarizing the data depth and the average depth calculated by each node, scoring the calculated user behavior, judging the user behavior to be abnormal if the score of the user behavior exceeds a set threshold, forming an abnormal information block by the related information of the abnormal behavior, uploading the abnormal information block to a block chain, and performing self-checking on the corresponding behavior by each node according to the information of the abnormal information block.
Further, the behavior data of the user is a vector consisting of a user account, user login time, login IP, transaction amount, transaction time and transaction type.
Further, the preprocessing refers to removing incomplete and repeated data and filling missing data.
Further, the desensitization processing is to perform hash encryption on the user account and the login IP, and convert the login time and the transaction time of the user into a timestamp.
Further, the data characteristics include login time difference, login IP hash value, transaction amount standard deviation, transaction amount discrete coefficient, transaction time difference and transaction type number.
Further, each node simultaneously constructs an isolated tree according to the acquired feature data, and calculates the data depth and the average depth of the isolated tree, specifically comprising the following steps:
1) randomly selecting n samples from all data, and generating an isolated tree;
2) randomly selecting the same data characteristic of n samples, randomly selecting a value between the maximum value and the minimum value of the characteristic, performing binary division on the samples, dividing the data which is smaller than the value in the samples to the left branch of the layer tree, and dividing the data which is larger than or equal to the value to the right branch of the layer tree;
3) repeating step 2) in the left and right branches, respectively, until the data is irrevocable or the binary tree reaches a defined maximum depth log2(n)。
Further, the average path depth of all data in the isolated tree is
Where H (n-1) ═ ln (n-1) +0.5772156649, the path depth of any data in a certain isolated tree is H (x) ═ e + C (t.size), where e represents the number of edges through which the data crosses from the start of the isolated tree to the branch where the data crosses, t.size represents the number of samples at the same minimum branch as the data, and C (t.size) is actually a path depth correction for data that can be continuously divided up to the maximum depth.
Further, scoring the calculated user behavior after summarizing the data depth and the average depth calculated according to each node, and judging whether the user behavior is abnormal: the node score calculation method comprises
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, so that the user behavior corresponding to the data is considered to have abnormality.
A distributed block chain system user abnormal behavior monitoring system comprises a data acquisition module, a preprocessing module and an abnormal monitoring module;
the data acquisition module is used for acquiring behavior data of each user in the block chain transaction system and transmitting the acquired data to the preprocessing module; the preprocessing module is used for preprocessing and desensitizing the acquired behavior data, extracting data characteristics from the behavior data after preprocessing and desensitizing, then forming verification information blocks by the extracted characteristic data and uploading the verification information blocks to a block chain, and synchronizing the blocks by each node to acquire the processed characteristic data; the anomaly monitoring module is connected with each node, an isolated tree is simultaneously constructed at each node according to the acquired feature data, the data depth and the average depth of the isolated tree are calculated, then the data depth and the average depth calculated by each node are summarized and the calculated user behavior is scored, if the user behavior score exceeds a set threshold value, the user behavior is judged to be abnormal, the related information of the abnormal behavior is formed into an abnormal information block and uploaded to a block chain, and each node performs self-checking of the corresponding behavior according to the information of the abnormal information block.
Further, the abnormity monitoring module calculates according to the node score as
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, and the user behavior corresponding to the data is considered to have abnormality.
Compared with the prior art, the invention has the following beneficial technical effects:
the invention relates to a method for monitoring abnormal behaviors of a user in a distributed block chain system, which extracts data characteristics from behavior data after preprocessing and desensitization processing by preprocessing and desensitization processing the behavior data of the user, then the extracted data characteristics are shared among all nodes of the block chain to form a complete data chain, all nodes synchronize the block to obtain processed characteristic data, then, by constructing an isolated tree, all data is dispersed to a plurality of branches in the isolated tree according to the data characteristics of a certain dimension, by calculating the path depth and mean path depth of the data in an solitary forest constructed from a plurality of solitary trees, can obtain abnormal values of the detected data, is beneficial to overcoming the problems of difficult monitoring and low accuracy of abnormal data of high dimension of the block chain, and the calculation efficiency is improved by adopting a distributed algorithm, and reliable guarantee is provided for the safety of block chain system transaction.
Furthermore, the behavior data of the user is a vector consisting of the user account, the user login time, the login IP, the transaction amount, the transaction time and the transaction type, so that the user information can be accurately reflected, and the calculation accuracy is improved.
Furthermore, the isolated trees are independently generated by utilizing each node, and the tree depth of each data is uploaded to the system, so that the distributed algorithm is not only matched with a distributed decentralized architecture of the block chain system, but also is higher in calculation efficiency and higher in speed of distinguishing abnormal behaviors compared with a traditional method for forming the isolated forest by repeatedly generating the isolated trees on a single device, the isolated forest algorithm is more suitable for practical engineering application, and quick and effective safety guarantee is provided for the block chain system.
The invention discloses a distributed block chain system user abnormal behavior monitoring system which comprises a data acquisition module, a preprocessing module and an abnormal monitoring module;
the data acquisition module is used for acquiring behavior data of each user in the block chain transaction system, the anomaly monitoring module is used for efficiently judging the anomalous behavior of the block chain transaction system based on the isolated tree, the isolated tree is used for carrying out calculation only through the data, indexes such as density and distance of the data are not required to be calculated, and the calculation time is greatly reduced.
Drawings
Fig. 1 is a flowchart illustrating interaction between a node and a system in an anomaly identification process according to an embodiment of the present invention.
FIG. 2 is a flow chart of an implementation of an isolated forest algorithm in an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the accompanying drawings:
as shown in fig. 1, a method for monitoring abnormal behavior of a user in a distributed blockchain system includes the following steps:
s1, acquiring behavior data of each user in the block chain transaction system;
specifically, the system acquires behavior data of each user in the blockchain transaction system, the system acquires the blockchain transaction system in a private chain by using a blockchain management system, and the system randomly selects one or more nodes with computing power in a public chain and a alliance chain according to a consensus mechanism. User behavior refers to a user logging into or conducting a transaction in a blockchain transaction system. The user's behavior data is a vector consisting of the user account, the user login time, the login IP, the transaction amount, the transaction time, and the transaction type.
S2, preprocessing and desensitizing the collected behavior data;
preprocessing refers to removing incomplete and repeated data and filling missing data; the method comprises the steps that repeated partial content cleaning is carried out on information of the same user appearing for many times in behavior data, one part is reserved, multiple information data of the same user are complementarily reserved, and all information of the same user are fused to remove repeated data;
the desensitization treatment is to perform hash encryption on the user account and the login IP, namely yIP=SHA256(xIP) Wherein x isIPAnd yIPFor the IP addresses before and after encryption, SHA256 is an anti-collision irreversible encryption algorithm, and converts any character string into a 64-bit 16-system encryption result; converting the user's login time and transaction time to a timestamp, i.e. ytime=timestamp(xtime) Wherein x istimeAnd ytimeFor time information before and after conversion, timestamp is a timestamp conversion algorithm, and can convert time into a 10-bit 10-system digital result.
S3, extracting data characteristics from the behavior data after the preprocessing and desensitization processing;
the data characteristics comprise login time difference (namely the difference value of two login time stamps) and login IP hash value, and the data characteristics and the transaction amount standard difference of which the first 4 bits are IP addresses of the hash encryption result can be intercepted due to overlong hash encryption length and the anti-collision property of the hash encryption algorithm, namely the data characteristics and the transaction amount standard difference are acquired
Wherein
Is the average value of the transaction amount, the discrete coefficient of the transaction amount, i.e.
The transaction time difference is the difference between the timestamps of two consecutive transactions and the transaction type number.
S4, the extracted feature data are combined into a verification information block and uploaded to a block chain, and each node synchronizes the block to obtain the processed feature data;
and S5, simultaneously constructing an isolated tree by each node according to the acquired feature data, calculating the data depth and the average depth of the isolated tree, then summarizing the data depth and the average depth calculated by each node, scoring the calculated user behavior, judging the user behavior to be abnormal if the score of the user behavior exceeds a set threshold, forming an abnormal information block by the related information of the abnormal behavior, uploading the abnormal information block to a block chain, and performing self-checking on the corresponding behavior by each node according to the information of the abnormal information block.
As shown in fig. 2, each node simultaneously constructs an isolated tree according to the acquired feature data, and calculates the data depth and the average depth of the isolated tree, specifically including the following steps:
1) randomly selecting n samples from all data, and generating an isolated tree;
2) the same data feature of n samples is randomly selected, a value is randomly selected between the maximum value and the minimum value of the feature, and the samples are divided into two branches. And dividing the data which is less than the value in the sample into the left branch of the layer tree, and dividing the data which is more than or equal to the value into the right branch of the layer tree.
3) Repeating step 2) in the left and right branches, respectively, until the data is irrevocable or the binary tree reaches a defined maximum depth log2(n);
4) The average path depth of all data in the isolated tree is
Wherein H (n-1) ═ ln (n-1) + 0.5772156649. For any data, its path depth at a certain orphan tree is h (x) e + C (t. Where e represents the number of edges the data passes from the start of the isolated tree to the bifurcation of the data, t.size represents the number of samples at the same minimum bifurcation as the data, and C (t.size) is a path depth correction for data that has reached maximum depth but can in fact continue to be divided.
And scoring the calculated user behavior after summarizing the data depth and the average depth calculated by each node, and judging whether the user behavior is abnormal. The node score calculation method comprises
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, so that the user behavior corresponding to the data is considered to have abnormality. And the related information of the abnormal behaviors is combined into an abnormal information block and uploaded to a block chain, and each node performs self-checking of the corresponding behaviors according to the information of the abnormal information block.
According to the method for monitoring the abnormal behaviors of the distributed blockchain system user, the isolated forest algorithm is adopted to realize the efficient judgment of the abnormal behaviors of the blockchain trading system, and the isolated forest algorithm only needs to carry out calculation through data and does not need to calculate indexes such as density and distance of the data, so that the calculation time is greatly reduced. In addition, the isolated forest model does not need to learn and train the existing data, so that new abnormal data can be recognized, and the limitation that only the existing or part of preset abnormal behaviors can be recognized in the traditional engineering application is reduced.
By independently generating the isolated trees by using each node and uploading the tree depth of each data to the system, the distributed algorithm is not only matched with a distributed decentralized architecture of the block chain system, but also is compared with the traditional method of repeatedly generating the isolated trees on a single device to form the isolated forest, so that the calculation efficiency is further improved, the speed of distinguishing abnormal behaviors is accelerated, the isolated forest algorithm is more suitable for the practical application of engineering, and the quick and effective safety guarantee is provided for the block chain system.
By constructing the orphan tree, all data is scattered to multiple branches in the orphan tree according to the data characteristics of a certain dimension. For anomalous data, it is usually scattered closer to the tree root due to some more obvious data characteristics. The abnormal value of the detected data can be obtained by calculating the path depth and the average path depth of the data in the isolated forest constructed by a plurality of isolated trees, the larger the value is, the more probable the abnormal data is, the method is favorable for overcoming the problems of difficult abnormal monitoring and low accuracy of the high-dimensional data of the block chain, and the method improves the calculation efficiency by adopting a distributed algorithm and provides reliable guarantee for the safety of the block chain system transaction.
Claims (10)
1. A method for monitoring abnormal behaviors of users in a distributed block chain system is characterized by comprising the following steps:
s1, acquiring behavior data of each user in the block chain transaction system;
s2, preprocessing and desensitizing the collected behavior data;
s3, extracting data characteristics from the behavior data after the preprocessing and desensitization processing;
s4, the extracted feature data are combined into a verification information block and uploaded to a block chain, and each node synchronizes the block to obtain the processed feature data;
and S5, simultaneously constructing an isolated tree by each node according to the acquired feature data, calculating the data depth and the average depth of the isolated tree, then summarizing the data depth and the average depth calculated by each node, scoring the calculated user behavior, judging the user behavior to be abnormal if the score of the user behavior exceeds a set threshold, forming an abnormal information block by the related information of the abnormal behavior, uploading the abnormal information block to a block chain, and performing self-checking on the corresponding behavior by each node according to the information of the abnormal information block.
2. The method for monitoring the abnormal user behavior in the distributed blockchain system according to claim 1, wherein the user behavior data is a vector consisting of a user account, user login time, login IP, transaction amount, transaction time and transaction type.
3. The method of claim 1, wherein preprocessing comprises removing missing and repeated data and filling in missing data.
4. The method for monitoring the abnormal user behavior of the distributed blockchain system according to claim 1, wherein the desensitization process is to perform hash encryption on a user account and a login IP, and convert a login time and a transaction time of a user into a timestamp.
5. The method for monitoring the abnormal user behavior of the distributed blockchain system according to claim 1, wherein the data characteristics comprise login time difference, login IP hash value, transaction amount standard deviation, transaction amount discrete coefficient, transaction time difference and transaction type number.
6. The method for monitoring the abnormal user behavior in the distributed blockchain system according to claim 1, wherein each node simultaneously constructs an isolated tree according to the acquired feature data, and calculates the data depth and the average depth of the isolated tree, specifically comprising the following steps:
1) randomly selecting n samples from all data, and generating an isolated tree;
2) randomly selecting the same data characteristic of n samples, randomly selecting a value between the maximum value and the minimum value of the characteristic, performing binary division on the samples, dividing the data which is smaller than the value in the samples to the left branch of the layer tree, and dividing the data which is larger than or equal to the value to the right branch of the layer tree;
3) repeating step 2) in the left and right branches, respectively, until the data is irrevocable or the binary tree reaches a defined maximum depth log2(n)。
7. The method as claimed in claim 6, wherein the average path depth of all data in the orphan tree is
Where H (n-1) ═ ln (n-1) +0.5772156649, the path depth of any data in a certain isolated tree is H (x) ═ e + C (t.size), where e represents the number of edges through which the data crosses from the start of the isolated tree to the branch where the data crosses, t.size represents the number of samples at the same minimum branch as the data, and C (t.size) is actually a path depth correction for data that can be continuously divided up to the maximum depth.
8. The method as claimed in claim 6, wherein the user behavior is scored after the data depth and the average depth calculated by each node are summarized, and whether the user behavior is abnormal or not is determined: the node score calculation method comprises
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, so that the user behavior corresponding to the data is considered to have abnormality.
9. A distributed block chain system user abnormal behavior monitoring system is characterized by comprising a data acquisition module, a preprocessing module and an abnormal monitoring module;
the data acquisition module is used for acquiring behavior data of each user in the block chain transaction system and transmitting the acquired data to the preprocessing module; the preprocessing module is used for preprocessing and desensitizing the acquired behavior data, extracting data characteristics from the behavior data after preprocessing and desensitizing, then forming verification information blocks by the extracted characteristic data and uploading the verification information blocks to a block chain, and synchronizing the blocks by each node to acquire the processed characteristic data; the anomaly monitoring module is connected with each node, an isolated tree is simultaneously constructed at each node according to the acquired feature data, the data depth and the average depth of the isolated tree are calculated, then the data depth and the average depth calculated by each node are summarized and the calculated user behavior is scored, if the user behavior score exceeds a set threshold value, the user behavior is judged to be abnormal, the related information of the abnormal behavior is formed into an abnormal information block and uploaded to a block chain, and each node performs self-checking of the corresponding behavior according to the information of the abnormal information block.
10. The system according to claim 9, wherein the anomaly monitoring module calculates a node score according to a method of computing node scores
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, and the user behavior corresponding to the data is considered to have abnormality.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111153349.5A CN113961434A (en) | 2021-09-29 | 2021-09-29 | A method and system for monitoring abnormal behavior of users in a distributed blockchain system |
| PCT/CN2021/142711 WO2023050620A1 (en) | 2021-09-29 | 2021-12-29 | Method and system for monitoring abnormal user behavior in distributed blockchain system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111153349.5A CN113961434A (en) | 2021-09-29 | 2021-09-29 | A method and system for monitoring abnormal behavior of users in a distributed blockchain system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113961434A true CN113961434A (en) | 2022-01-21 |
Family
ID=79463306
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111153349.5A Pending CN113961434A (en) | 2021-09-29 | 2021-09-29 | A method and system for monitoring abnormal behavior of users in a distributed blockchain system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113961434A (en) |
| WO (1) | WO2023050620A1 (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114116733A (en) * | 2022-01-26 | 2022-03-01 | 国网区块链科技(北京)有限公司 | Data abnormal operation detection and tracing system and method for distribution automation system |
| CN115102729A (en) * | 2022-06-10 | 2022-09-23 | 深圳市迅雷网络技术有限公司 | Block chain input data anomaly detection method based on multi-node supervision system |
| CN115660689A (en) * | 2022-11-03 | 2023-01-31 | 淮阴工学院 | User behavior monitoring method and device based on block chain financial fraud |
| CN116663871A (en) * | 2023-08-02 | 2023-08-29 | 苏州安极能新能源发展有限公司 | Electricity Demand Forecasting Method and System |
| CN117201203A (en) * | 2023-11-07 | 2023-12-08 | 西安芝麻数据科技发展有限公司 | Block chain-based supply chain data secure sharing system and method |
| CN117408734A (en) * | 2023-12-15 | 2024-01-16 | 广东云百科技有限公司 | Customer information intelligent management system based on Internet of things equipment |
| CN118821026A (en) * | 2024-09-12 | 2024-10-22 | 贵州大学 | An Internet of Things monitoring method and system for mercury-containing waste treatment |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116823816B (en) * | 2023-08-28 | 2023-11-21 | 济南正邦电子科技有限公司 | Detection equipment and detection method based on security monitoring static memory |
| CN116827971B (en) * | 2023-08-29 | 2023-11-24 | 北京国网信通埃森哲信息技术有限公司 | Carbon emission data storage and transmission methods, devices and equipment based on blockchain |
| CN116911806B (en) * | 2023-09-11 | 2023-11-28 | 湖北华中电力科技开发有限责任公司 | Internet + based power enterprise energy information management system |
| CN117150244B (en) * | 2023-10-30 | 2024-01-26 | 山东凯莱电气设备有限公司 | Intelligent power distribution cabinet state monitoring method and system based on electrical parameter analysis |
| CN117648704B (en) * | 2023-11-10 | 2024-07-23 | 国网宁夏电力有限公司电力科学研究院 | Block chain-based data security interaction method, medium and system |
| CN117632937B (en) * | 2023-12-06 | 2024-04-30 | 北京开元泰达净化设备有限公司 | Industrial Internet big data platform and data processing method |
| CN117370898B (en) * | 2023-12-08 | 2024-03-12 | 钛合联(深圳)科技有限公司 | Electronic data safety control system |
| CN117454283A (en) * | 2023-12-22 | 2024-01-26 | 深圳前海慧联科技发展有限公司 | State evaluation method for wind turbine generator operation detection data |
| CN117454096B (en) * | 2023-12-25 | 2024-03-01 | 西安高商智能科技有限责任公司 | Motor production quality detection method and system |
| CN118227836B (en) * | 2024-02-04 | 2024-09-17 | 江苏省海洋资源开发研究院(连云港) | Block chain-based data processing method, device and storage medium |
| CN118041812B (en) * | 2024-03-27 | 2024-09-13 | 国网山东省电力公司 | Block chain-based method and system for evaluating data transmission under chain upper chain |
| CN118200950B (en) * | 2024-05-17 | 2024-08-02 | 武汉众诚华鑫科技有限公司 | Method and system for inspecting telecommunication base station |
| CN118245734B (en) * | 2024-05-24 | 2024-08-09 | 深圳鼎智通讯股份有限公司 | POS machine data intelligent processing method based on 5G technology |
| CN118821206B (en) * | 2024-06-19 | 2024-12-20 | 苏州光橙博科软件科技有限公司 | Data desensitization system based on multi-physical field model simulation of distributed computation |
| CN118821171B (en) * | 2024-06-25 | 2025-03-25 | 广东巧算盘企业管理有限公司 | Data security protection management and control system based on cloud computing |
| CN118611984B (en) * | 2024-08-06 | 2024-11-05 | 浙江无界矩阵科技有限责任公司 | A vehicle network security terminal threat intrusion detection system |
| CN119538165B (en) * | 2025-01-23 | 2025-05-13 | 河北博勒皓拓节能科技有限公司 | Temperature monitoring system and temperature monitoring method of water jacket heating furnace |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111611315A (en) * | 2020-05-25 | 2020-09-01 | 辽宁大学 | Multi-fork tree structure blockchain integration optimization storage method for financial big data |
| CN111784392A (en) * | 2020-06-29 | 2020-10-16 | 中国平安财产保险股份有限公司 | Method, device and device for detecting abnormal user group based on isolated forest |
| CN111833172A (en) * | 2020-05-25 | 2020-10-27 | 百维金科(上海)信息科技有限公司 | Consumption credit fraud detection method and system based on isolated forest |
| US20200374720A1 (en) * | 2018-06-04 | 2020-11-26 | Jiangnan University | Method for Detecting Abnormal Data in Sensor Network |
| CN112633395A (en) * | 2020-12-29 | 2021-04-09 | 平安科技(深圳)有限公司 | Abnormal data detection method and device, computer equipment and storage medium |
| US20210160266A1 (en) * | 2019-11-27 | 2021-05-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Computer-implemented method and arrangement for classifying anomalies |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109859029A (en) * | 2019-01-04 | 2019-06-07 | 深圳壹账通智能科技有限公司 | Abnormal application detection method, device, computer equipment and storage medium |
| CN111798312B (en) * | 2019-08-02 | 2024-03-01 | 深圳索信达数据技术有限公司 | Financial transaction system anomaly identification method based on isolated forest algorithm |
| CN113283901B (en) * | 2021-04-19 | 2022-11-01 | 河南大学 | A bytecode-based fraud contract detection method for blockchain platform |
| CN113034145B (en) * | 2021-05-24 | 2021-09-03 | 智安链云科技(北京)有限公司 | Method and device for judging transaction category of user abnormal encrypted digital asset |
-
2021
- 2021-09-29 CN CN202111153349.5A patent/CN113961434A/en active Pending
- 2021-12-29 WO PCT/CN2021/142711 patent/WO2023050620A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200374720A1 (en) * | 2018-06-04 | 2020-11-26 | Jiangnan University | Method for Detecting Abnormal Data in Sensor Network |
| US20210160266A1 (en) * | 2019-11-27 | 2021-05-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Computer-implemented method and arrangement for classifying anomalies |
| CN111611315A (en) * | 2020-05-25 | 2020-09-01 | 辽宁大学 | Multi-fork tree structure blockchain integration optimization storage method for financial big data |
| CN111833172A (en) * | 2020-05-25 | 2020-10-27 | 百维金科(上海)信息科技有限公司 | Consumption credit fraud detection method and system based on isolated forest |
| CN111784392A (en) * | 2020-06-29 | 2020-10-16 | 中国平安财产保险股份有限公司 | Method, device and device for detecting abnormal user group based on isolated forest |
| CN112633395A (en) * | 2020-12-29 | 2021-04-09 | 平安科技(深圳)有限公司 | Abnormal data detection method and device, computer equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 赵嫚;李英娜;李川;杨莉;: "基于模糊聚类和孤立森林的用电数据异常检测", 陕西理工大学学报(自然科学版), no. 04, 20 August 2020 (2020-08-20) * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114116733A (en) * | 2022-01-26 | 2022-03-01 | 国网区块链科技(北京)有限公司 | Data abnormal operation detection and tracing system and method for distribution automation system |
| CN115102729A (en) * | 2022-06-10 | 2022-09-23 | 深圳市迅雷网络技术有限公司 | Block chain input data anomaly detection method based on multi-node supervision system |
| CN115660689A (en) * | 2022-11-03 | 2023-01-31 | 淮阴工学院 | User behavior monitoring method and device based on block chain financial fraud |
| CN116663871A (en) * | 2023-08-02 | 2023-08-29 | 苏州安极能新能源发展有限公司 | Electricity Demand Forecasting Method and System |
| CN116663871B (en) * | 2023-08-02 | 2023-10-13 | 苏州安极能新能源发展有限公司 | Method and system for predicting electricity demand |
| CN117201203A (en) * | 2023-11-07 | 2023-12-08 | 西安芝麻数据科技发展有限公司 | Block chain-based supply chain data secure sharing system and method |
| CN117201203B (en) * | 2023-11-07 | 2024-02-23 | 西安芝麻数据科技发展有限公司 | Block chain-based supply chain data secure sharing system and method |
| CN117408734A (en) * | 2023-12-15 | 2024-01-16 | 广东云百科技有限公司 | Customer information intelligent management system based on Internet of things equipment |
| CN117408734B (en) * | 2023-12-15 | 2024-03-19 | 广东云百科技有限公司 | Customer information intelligent management system based on Internet of things equipment |
| CN118821026A (en) * | 2024-09-12 | 2024-10-22 | 贵州大学 | An Internet of Things monitoring method and system for mercury-containing waste treatment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023050620A1 (en) | 2023-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113961434A (en) | A method and system for monitoring abnormal behavior of users in a distributed blockchain system | |
| CN112398779B (en) | Network traffic data analysis method and system | |
| CN109450845B (en) | Detection method for generating malicious domain name based on deep neural network algorithm | |
| Jongsuebsuk et al. | Real-time intrusion detection with fuzzy genetic algorithm | |
| CN108768986A (en) | A kind of encryption traffic classification method and server, computer readable storage medium | |
| CN115242559B (en) | Network traffic intrusion detection method based on blockchain and federated learning | |
| CN111107107B (en) | Network behavior detection method and device, computer equipment and storage medium | |
| CN110943974B (en) | DDoS (distributed denial of service) anomaly detection method and cloud platform host | |
| JP2019110513A (en) | Anomaly detection method, learning method, anomaly detection device, and learning device | |
| Lingyu et al. | A hierarchical classification approach for tor anonymous traffic | |
| US20240187446A1 (en) | Method and system for detecting complex multi-step attack in electric power system | |
| CN113706100B (en) | Method and system for real-time detection and identification of IoT terminal equipment in distribution network | |
| CN104660464A (en) | Network anomaly detection method based on non-extensive entropy | |
| Liang et al. | FECC: DNS tunnel detection model based on CNN and clustering | |
| CN115426137A (en) | Malicious encrypted network flow detection tracing method and system | |
| CN116318975A (en) | A method and system for detecting malicious traffic based on multi-session and multi-protocol | |
| CN110011990B (en) | Intelligent analysis method for intranet security threats | |
| CN116155572A (en) | Encryption traffic network intrusion detection method based on ensemble learning | |
| CN112910865B (en) | A Maximum Likelihood Estimation Method and System for Inferring Attack Stage Based on Factor Graph | |
| CN116506230B (en) | Data acquisition method and system based on RSA asymmetric encryption | |
| CN115842636A (en) | Network abnormal behavior monitoring method and device based on time sequence characteristics | |
| CN106339293B (en) | A kind of log event extracting method based on signature | |
| CN117375958A (en) | Web application system identification method and device and readable storage medium | |
| CN114124834B (en) | Integrated learning device and method for ICMP hidden tunnel detection in industrial control network | |
| US20240220610A1 (en) | Security data processing device, security data processing method, and computer-readable storage medium for storing program for processing security data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |