CN113961434A - A method and system for monitoring abnormal behavior of users in a distributed blockchain system - Google Patents

A method and system for monitoring abnormal behavior of users in a distributed blockchain system Download PDF

Info

Publication number
CN113961434A
CN113961434A CN202111153349.5A CN202111153349A CN113961434A CN 113961434 A CN113961434 A CN 113961434A CN 202111153349 A CN202111153349 A CN 202111153349A CN 113961434 A CN113961434 A CN 113961434A
Authority
CN
China
Prior art keywords
data
abnormal
behavior
isolated
depth
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111153349.5A
Other languages
Chinese (zh)
Inventor
谢海鹏
王昀
汤凌峰
李更丰
别朝红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Jiaotong University
Original Assignee
Xian Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Jiaotong University filed Critical Xian Jiaotong University
Priority to CN202111153349.5A priority Critical patent/CN113961434A/en
Priority to PCT/CN2021/142711 priority patent/WO2023050620A1/en
Publication of CN113961434A publication Critical patent/CN113961434A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3438Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种分布式区块链系统用户异常行为监测方法及系统,通过对用户的行为数据进行预处理与脱敏处理后,从预处理与脱敏处理后的行为数据中提取数据特征,然后将提取的数据特征在区块链的各个节点之间共享,形成完整的数据链,各节点同步该区块以获取处理后的特征数据,然后通过构建孤立树,将所有数据根据某个维度的数据特征分散至该孤立树中的多个分叉上,通过计算数据在由多个孤立树构建的孤立森林中的路径深度与平均路径深度,可以得到检测数据的异常值,有利于克服区块链高维大数据异常监测困难、准确率低的问题,并通过采用分布式算法提升计算效率,为区块链系统交易的安全性提供可靠保障。

Figure 202111153349

The invention discloses a method and system for monitoring abnormal behavior of users in a distributed blockchain system. After preprocessing and desensitization processing of user behavior data, data features are extracted from the behavior data after the preprocessing and desensitization processing. , and then share the extracted data features among the nodes of the blockchain to form a complete data chain, each node synchronizes the block to obtain the processed feature data, and then constructs an isolated tree to combine all data according to a certain The data features of the dimension are scattered on multiple branches in the isolated tree. By calculating the path depth and average path depth of the data in the isolated forest constructed by multiple isolated trees, the abnormal value of the detected data can be obtained, which is beneficial to overcome The abnormal monitoring of high-dimensional big data in the blockchain is difficult and the accuracy is low, and the computing efficiency is improved by using distributed algorithms to provide a reliable guarantee for the security of blockchain system transactions.

Figure 202111153349

Description

Method and system for monitoring abnormal behaviors of distributed block chain system users
Technical Field
The invention belongs to the technical field of wind control related to blockchain transactions, and particularly relates to a method and a system for monitoring abnormal behaviors of a user in a distributed blockchain system.
Background
A block chain is a chain data structure that combines data blocks in a sequential manner in a chronological order. As a new distributed data storage technology, due to the characteristics of decentralization, distributed storage and the like, the distributed data storage technology attracts high attention of various industries and is becoming an important force for driving technical innovation and industrial revolution of various industries.
With the increasing maturity of blockchain technologies and the gradual expansion of blockchain applications, privacy and security of blockchain transactions are receiving wide attention. The traditional block chain system verifies the authenticity of a user through an asymmetric encryption method. However, when an attacker intercepts the user's key through a network attack form outside the blockchain, the attacker can directly control the user to do fraudulent trading behavior in the blockchain trading system. Therefore, how to accurately determine and screen abnormal behaviors in blockchain transactions becomes a key point of research.
The abnormal behavior can be identified as an abnormal point detection problem, that is, a group of data points is searched for points which are sparsely distributed and are far away from a group with high distance density. The traditional abnormal point detection technology, such as an EM algorithm based on statistics, a k-means algorithm based on clustering, a DBSCAN algorithm based on density and the like, has the problems of large time complexity, difficulty in parameter or model selection, poor high-dimensional data detection effect, incapability of distributed calculation and the like, and is not suitable for a large-data, distributed and high-dimensional block chain system. Therefore, it is necessary and urgent to study the abnormal behavior detection of the blockchain system.
Disclosure of Invention
The invention aims to provide a method and a system for monitoring abnormal user behaviors in a distributed block chain system, so as to overcome the defects of the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method for monitoring abnormal behaviors of users in a distributed block chain system comprises the following steps:
s1, acquiring behavior data of each user in the block chain transaction system;
s2, preprocessing and desensitizing the collected behavior data;
s3, extracting data characteristics from the behavior data after the preprocessing and desensitization processing;
s4, the extracted feature data are combined into a verification information block and uploaded to a block chain, and each node synchronizes the block to obtain the processed feature data;
and S5, simultaneously constructing an isolated tree by each node according to the acquired feature data, calculating the data depth and the average depth of the isolated tree, then summarizing the data depth and the average depth calculated by each node, scoring the calculated user behavior, judging the user behavior to be abnormal if the score of the user behavior exceeds a set threshold, forming an abnormal information block by the related information of the abnormal behavior, uploading the abnormal information block to a block chain, and performing self-checking on the corresponding behavior by each node according to the information of the abnormal information block.
Further, the behavior data of the user is a vector consisting of a user account, user login time, login IP, transaction amount, transaction time and transaction type.
Further, the preprocessing refers to removing incomplete and repeated data and filling missing data.
Further, the desensitization processing is to perform hash encryption on the user account and the login IP, and convert the login time and the transaction time of the user into a timestamp.
Further, the data characteristics include login time difference, login IP hash value, transaction amount standard deviation, transaction amount discrete coefficient, transaction time difference and transaction type number.
Further, each node simultaneously constructs an isolated tree according to the acquired feature data, and calculates the data depth and the average depth of the isolated tree, specifically comprising the following steps:
1) randomly selecting n samples from all data, and generating an isolated tree;
2) randomly selecting the same data characteristic of n samples, randomly selecting a value between the maximum value and the minimum value of the characteristic, performing binary division on the samples, dividing the data which is smaller than the value in the samples to the left branch of the layer tree, and dividing the data which is larger than or equal to the value to the right branch of the layer tree;
3) repeating step 2) in the left and right branches, respectively, until the data is irrevocable or the binary tree reaches a defined maximum depth log2(n)。
Further, the average path depth of all data in the isolated tree is
Figure BDA0003287790710000031
Where H (n-1) ═ ln (n-1) +0.5772156649, the path depth of any data in a certain isolated tree is H (x) ═ e + C (t.size), where e represents the number of edges through which the data crosses from the start of the isolated tree to the branch where the data crosses, t.size represents the number of samples at the same minimum branch as the data, and C (t.size) is actually a path depth correction for data that can be continuously divided up to the maximum depth.
Further, scoring the calculated user behavior after summarizing the data depth and the average depth calculated according to each node, and judging whether the user behavior is abnormal: the node score calculation method comprises
Figure BDA0003287790710000032
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, so that the user behavior corresponding to the data is considered to have abnormality.
A distributed block chain system user abnormal behavior monitoring system comprises a data acquisition module, a preprocessing module and an abnormal monitoring module;
the data acquisition module is used for acquiring behavior data of each user in the block chain transaction system and transmitting the acquired data to the preprocessing module; the preprocessing module is used for preprocessing and desensitizing the acquired behavior data, extracting data characteristics from the behavior data after preprocessing and desensitizing, then forming verification information blocks by the extracted characteristic data and uploading the verification information blocks to a block chain, and synchronizing the blocks by each node to acquire the processed characteristic data; the anomaly monitoring module is connected with each node, an isolated tree is simultaneously constructed at each node according to the acquired feature data, the data depth and the average depth of the isolated tree are calculated, then the data depth and the average depth calculated by each node are summarized and the calculated user behavior is scored, if the user behavior score exceeds a set threshold value, the user behavior is judged to be abnormal, the related information of the abnormal behavior is formed into an abnormal information block and uploaded to a block chain, and each node performs self-checking of the corresponding behavior according to the information of the abnormal information block.
Further, the abnormity monitoring module calculates according to the node score as
Figure BDA0003287790710000041
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, and the user behavior corresponding to the data is considered to have abnormality.
Compared with the prior art, the invention has the following beneficial technical effects:
the invention relates to a method for monitoring abnormal behaviors of a user in a distributed block chain system, which extracts data characteristics from behavior data after preprocessing and desensitization processing by preprocessing and desensitization processing the behavior data of the user, then the extracted data characteristics are shared among all nodes of the block chain to form a complete data chain, all nodes synchronize the block to obtain processed characteristic data, then, by constructing an isolated tree, all data is dispersed to a plurality of branches in the isolated tree according to the data characteristics of a certain dimension, by calculating the path depth and mean path depth of the data in an solitary forest constructed from a plurality of solitary trees, can obtain abnormal values of the detected data, is beneficial to overcoming the problems of difficult monitoring and low accuracy of abnormal data of high dimension of the block chain, and the calculation efficiency is improved by adopting a distributed algorithm, and reliable guarantee is provided for the safety of block chain system transaction.
Furthermore, the behavior data of the user is a vector consisting of the user account, the user login time, the login IP, the transaction amount, the transaction time and the transaction type, so that the user information can be accurately reflected, and the calculation accuracy is improved.
Furthermore, the isolated trees are independently generated by utilizing each node, and the tree depth of each data is uploaded to the system, so that the distributed algorithm is not only matched with a distributed decentralized architecture of the block chain system, but also is higher in calculation efficiency and higher in speed of distinguishing abnormal behaviors compared with a traditional method for forming the isolated forest by repeatedly generating the isolated trees on a single device, the isolated forest algorithm is more suitable for practical engineering application, and quick and effective safety guarantee is provided for the block chain system.
The invention discloses a distributed block chain system user abnormal behavior monitoring system which comprises a data acquisition module, a preprocessing module and an abnormal monitoring module;
the data acquisition module is used for acquiring behavior data of each user in the block chain transaction system, the anomaly monitoring module is used for efficiently judging the anomalous behavior of the block chain transaction system based on the isolated tree, the isolated tree is used for carrying out calculation only through the data, indexes such as density and distance of the data are not required to be calculated, and the calculation time is greatly reduced.
Drawings
Fig. 1 is a flowchart illustrating interaction between a node and a system in an anomaly identification process according to an embodiment of the present invention.
FIG. 2 is a flow chart of an implementation of an isolated forest algorithm in an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the accompanying drawings:
as shown in fig. 1, a method for monitoring abnormal behavior of a user in a distributed blockchain system includes the following steps:
s1, acquiring behavior data of each user in the block chain transaction system;
specifically, the system acquires behavior data of each user in the blockchain transaction system, the system acquires the blockchain transaction system in a private chain by using a blockchain management system, and the system randomly selects one or more nodes with computing power in a public chain and a alliance chain according to a consensus mechanism. User behavior refers to a user logging into or conducting a transaction in a blockchain transaction system. The user's behavior data is a vector consisting of the user account, the user login time, the login IP, the transaction amount, the transaction time, and the transaction type.
S2, preprocessing and desensitizing the collected behavior data;
preprocessing refers to removing incomplete and repeated data and filling missing data; the method comprises the steps that repeated partial content cleaning is carried out on information of the same user appearing for many times in behavior data, one part is reserved, multiple information data of the same user are complementarily reserved, and all information of the same user are fused to remove repeated data;
the desensitization treatment is to perform hash encryption on the user account and the login IP, namely yIP=SHA256(xIP) Wherein x isIPAnd yIPFor the IP addresses before and after encryption, SHA256 is an anti-collision irreversible encryption algorithm, and converts any character string into a 64-bit 16-system encryption result; converting the user's login time and transaction time to a timestamp, i.e. ytime=timestamp(xtime) Wherein x istimeAnd ytimeFor time information before and after conversion, timestamp is a timestamp conversion algorithm, and can convert time into a 10-bit 10-system digital result.
S3, extracting data characteristics from the behavior data after the preprocessing and desensitization processing;
the data characteristics comprise login time difference (namely the difference value of two login time stamps) and login IP hash value, and the data characteristics and the transaction amount standard difference of which the first 4 bits are IP addresses of the hash encryption result can be intercepted due to overlong hash encryption length and the anti-collision property of the hash encryption algorithm, namely the data characteristics and the transaction amount standard difference are acquired
Figure BDA0003287790710000061
Wherein
Figure BDA0003287790710000062
Is the average value of the transaction amount, the discrete coefficient of the transaction amount, i.e.
Figure BDA0003287790710000063
The transaction time difference is the difference between the timestamps of two consecutive transactions and the transaction type number.
S4, the extracted feature data are combined into a verification information block and uploaded to a block chain, and each node synchronizes the block to obtain the processed feature data;
and S5, simultaneously constructing an isolated tree by each node according to the acquired feature data, calculating the data depth and the average depth of the isolated tree, then summarizing the data depth and the average depth calculated by each node, scoring the calculated user behavior, judging the user behavior to be abnormal if the score of the user behavior exceeds a set threshold, forming an abnormal information block by the related information of the abnormal behavior, uploading the abnormal information block to a block chain, and performing self-checking on the corresponding behavior by each node according to the information of the abnormal information block.
As shown in fig. 2, each node simultaneously constructs an isolated tree according to the acquired feature data, and calculates the data depth and the average depth of the isolated tree, specifically including the following steps:
1) randomly selecting n samples from all data, and generating an isolated tree;
2) the same data feature of n samples is randomly selected, a value is randomly selected between the maximum value and the minimum value of the feature, and the samples are divided into two branches. And dividing the data which is less than the value in the sample into the left branch of the layer tree, and dividing the data which is more than or equal to the value into the right branch of the layer tree.
3) Repeating step 2) in the left and right branches, respectively, until the data is irrevocable or the binary tree reaches a defined maximum depth log2(n);
4) The average path depth of all data in the isolated tree is
Figure BDA0003287790710000071
Wherein H (n-1) ═ ln (n-1) + 0.5772156649. For any data, its path depth at a certain orphan tree is h (x) e + C (t. Where e represents the number of edges the data passes from the start of the isolated tree to the bifurcation of the data, t.size represents the number of samples at the same minimum bifurcation as the data, and C (t.size) is a path depth correction for data that has reached maximum depth but can in fact continue to be divided.
And scoring the calculated user behavior after summarizing the data depth and the average depth calculated by each node, and judging whether the user behavior is abnormal. The node score calculation method comprises
Figure BDA0003287790710000072
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, so that the user behavior corresponding to the data is considered to have abnormality. And the related information of the abnormal behaviors is combined into an abnormal information block and uploaded to a block chain, and each node performs self-checking of the corresponding behaviors according to the information of the abnormal information block.
According to the method for monitoring the abnormal behaviors of the distributed blockchain system user, the isolated forest algorithm is adopted to realize the efficient judgment of the abnormal behaviors of the blockchain trading system, and the isolated forest algorithm only needs to carry out calculation through data and does not need to calculate indexes such as density and distance of the data, so that the calculation time is greatly reduced. In addition, the isolated forest model does not need to learn and train the existing data, so that new abnormal data can be recognized, and the limitation that only the existing or part of preset abnormal behaviors can be recognized in the traditional engineering application is reduced.
By independently generating the isolated trees by using each node and uploading the tree depth of each data to the system, the distributed algorithm is not only matched with a distributed decentralized architecture of the block chain system, but also is compared with the traditional method of repeatedly generating the isolated trees on a single device to form the isolated forest, so that the calculation efficiency is further improved, the speed of distinguishing abnormal behaviors is accelerated, the isolated forest algorithm is more suitable for the practical application of engineering, and the quick and effective safety guarantee is provided for the block chain system.
By constructing the orphan tree, all data is scattered to multiple branches in the orphan tree according to the data characteristics of a certain dimension. For anomalous data, it is usually scattered closer to the tree root due to some more obvious data characteristics. The abnormal value of the detected data can be obtained by calculating the path depth and the average path depth of the data in the isolated forest constructed by a plurality of isolated trees, the larger the value is, the more probable the abnormal data is, the method is favorable for overcoming the problems of difficult abnormal monitoring and low accuracy of the high-dimensional data of the block chain, and the method improves the calculation efficiency by adopting a distributed algorithm and provides reliable guarantee for the safety of the block chain system transaction.

Claims (10)

1. A method for monitoring abnormal behaviors of users in a distributed block chain system is characterized by comprising the following steps:
s1, acquiring behavior data of each user in the block chain transaction system;
s2, preprocessing and desensitizing the collected behavior data;
s3, extracting data characteristics from the behavior data after the preprocessing and desensitization processing;
s4, the extracted feature data are combined into a verification information block and uploaded to a block chain, and each node synchronizes the block to obtain the processed feature data;
and S5, simultaneously constructing an isolated tree by each node according to the acquired feature data, calculating the data depth and the average depth of the isolated tree, then summarizing the data depth and the average depth calculated by each node, scoring the calculated user behavior, judging the user behavior to be abnormal if the score of the user behavior exceeds a set threshold, forming an abnormal information block by the related information of the abnormal behavior, uploading the abnormal information block to a block chain, and performing self-checking on the corresponding behavior by each node according to the information of the abnormal information block.
2. The method for monitoring the abnormal user behavior in the distributed blockchain system according to claim 1, wherein the user behavior data is a vector consisting of a user account, user login time, login IP, transaction amount, transaction time and transaction type.
3. The method of claim 1, wherein preprocessing comprises removing missing and repeated data and filling in missing data.
4. The method for monitoring the abnormal user behavior of the distributed blockchain system according to claim 1, wherein the desensitization process is to perform hash encryption on a user account and a login IP, and convert a login time and a transaction time of a user into a timestamp.
5. The method for monitoring the abnormal user behavior of the distributed blockchain system according to claim 1, wherein the data characteristics comprise login time difference, login IP hash value, transaction amount standard deviation, transaction amount discrete coefficient, transaction time difference and transaction type number.
6. The method for monitoring the abnormal user behavior in the distributed blockchain system according to claim 1, wherein each node simultaneously constructs an isolated tree according to the acquired feature data, and calculates the data depth and the average depth of the isolated tree, specifically comprising the following steps:
1) randomly selecting n samples from all data, and generating an isolated tree;
2) randomly selecting the same data characteristic of n samples, randomly selecting a value between the maximum value and the minimum value of the characteristic, performing binary division on the samples, dividing the data which is smaller than the value in the samples to the left branch of the layer tree, and dividing the data which is larger than or equal to the value to the right branch of the layer tree;
3) repeating step 2) in the left and right branches, respectively, until the data is irrevocable or the binary tree reaches a defined maximum depth log2(n)。
7. The method as claimed in claim 6, wherein the average path depth of all data in the orphan tree is
Figure FDA0003287790700000021
Where H (n-1) ═ ln (n-1) +0.5772156649, the path depth of any data in a certain isolated tree is H (x) ═ e + C (t.size), where e represents the number of edges through which the data crosses from the start of the isolated tree to the branch where the data crosses, t.size represents the number of samples at the same minimum branch as the data, and C (t.size) is actually a path depth correction for data that can be continuously divided up to the maximum depth.
8. The method as claimed in claim 6, wherein the user behavior is scored after the data depth and the average depth calculated by each node are summarized, and whether the user behavior is abnormal or not is determined: the node score calculation method comprises
Figure FDA0003287790700000022
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, so that the user behavior corresponding to the data is considered to have abnormality.
9. A distributed block chain system user abnormal behavior monitoring system is characterized by comprising a data acquisition module, a preprocessing module and an abnormal monitoring module;
the data acquisition module is used for acquiring behavior data of each user in the block chain transaction system and transmitting the acquired data to the preprocessing module; the preprocessing module is used for preprocessing and desensitizing the acquired behavior data, extracting data characteristics from the behavior data after preprocessing and desensitizing, then forming verification information blocks by the extracted characteristic data and uploading the verification information blocks to a block chain, and synchronizing the blocks by each node to acquire the processed characteristic data; the anomaly monitoring module is connected with each node, an isolated tree is simultaneously constructed at each node according to the acquired feature data, the data depth and the average depth of the isolated tree are calculated, then the data depth and the average depth calculated by each node are summarized and the calculated user behavior is scored, if the user behavior score exceeds a set threshold value, the user behavior is judged to be abnormal, the related information of the abnormal behavior is formed into an abnormal information block and uploaded to a block chain, and each node performs self-checking of the corresponding behavior according to the information of the abnormal information block.
10. The system according to claim 9, wherein the anomaly monitoring module calculates a node score according to a method of computing node scores
Figure FDA0003287790700000031
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, and the user behavior corresponding to the data is considered to have abnormality.
CN202111153349.5A 2021-09-29 2021-09-29 A method and system for monitoring abnormal behavior of users in a distributed blockchain system Pending CN113961434A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202111153349.5A CN113961434A (en) 2021-09-29 2021-09-29 A method and system for monitoring abnormal behavior of users in a distributed blockchain system
PCT/CN2021/142711 WO2023050620A1 (en) 2021-09-29 2021-12-29 Method and system for monitoring abnormal user behavior in distributed blockchain system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111153349.5A CN113961434A (en) 2021-09-29 2021-09-29 A method and system for monitoring abnormal behavior of users in a distributed blockchain system

Publications (1)

Publication Number Publication Date
CN113961434A true CN113961434A (en) 2022-01-21

Family

ID=79463306

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111153349.5A Pending CN113961434A (en) 2021-09-29 2021-09-29 A method and system for monitoring abnormal behavior of users in a distributed blockchain system

Country Status (2)

Country Link
CN (1) CN113961434A (en)
WO (1) WO2023050620A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114116733A (en) * 2022-01-26 2022-03-01 国网区块链科技(北京)有限公司 Data abnormal operation detection and tracing system and method for distribution automation system
CN115102729A (en) * 2022-06-10 2022-09-23 深圳市迅雷网络技术有限公司 Block chain input data anomaly detection method based on multi-node supervision system
CN115660689A (en) * 2022-11-03 2023-01-31 淮阴工学院 User behavior monitoring method and device based on block chain financial fraud
CN116663871A (en) * 2023-08-02 2023-08-29 苏州安极能新能源发展有限公司 Electricity Demand Forecasting Method and System
CN117201203A (en) * 2023-11-07 2023-12-08 西安芝麻数据科技发展有限公司 Block chain-based supply chain data secure sharing system and method
CN117408734A (en) * 2023-12-15 2024-01-16 广东云百科技有限公司 Customer information intelligent management system based on Internet of things equipment
CN118821026A (en) * 2024-09-12 2024-10-22 贵州大学 An Internet of Things monitoring method and system for mercury-containing waste treatment

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116823816B (en) * 2023-08-28 2023-11-21 济南正邦电子科技有限公司 Detection equipment and detection method based on security monitoring static memory
CN116827971B (en) * 2023-08-29 2023-11-24 北京国网信通埃森哲信息技术有限公司 Carbon emission data storage and transmission methods, devices and equipment based on blockchain
CN116911806B (en) * 2023-09-11 2023-11-28 湖北华中电力科技开发有限责任公司 Internet + based power enterprise energy information management system
CN117150244B (en) * 2023-10-30 2024-01-26 山东凯莱电气设备有限公司 Intelligent power distribution cabinet state monitoring method and system based on electrical parameter analysis
CN117648704B (en) * 2023-11-10 2024-07-23 国网宁夏电力有限公司电力科学研究院 Block chain-based data security interaction method, medium and system
CN117632937B (en) * 2023-12-06 2024-04-30 北京开元泰达净化设备有限公司 Industrial Internet big data platform and data processing method
CN117370898B (en) * 2023-12-08 2024-03-12 钛合联(深圳)科技有限公司 Electronic data safety control system
CN117454283A (en) * 2023-12-22 2024-01-26 深圳前海慧联科技发展有限公司 State evaluation method for wind turbine generator operation detection data
CN117454096B (en) * 2023-12-25 2024-03-01 西安高商智能科技有限责任公司 Motor production quality detection method and system
CN118227836B (en) * 2024-02-04 2024-09-17 江苏省海洋资源开发研究院(连云港) Block chain-based data processing method, device and storage medium
CN118041812B (en) * 2024-03-27 2024-09-13 国网山东省电力公司 Block chain-based method and system for evaluating data transmission under chain upper chain
CN118200950B (en) * 2024-05-17 2024-08-02 武汉众诚华鑫科技有限公司 Method and system for inspecting telecommunication base station
CN118245734B (en) * 2024-05-24 2024-08-09 深圳鼎智通讯股份有限公司 POS machine data intelligent processing method based on 5G technology
CN118821206B (en) * 2024-06-19 2024-12-20 苏州光橙博科软件科技有限公司 Data desensitization system based on multi-physical field model simulation of distributed computation
CN118821171B (en) * 2024-06-25 2025-03-25 广东巧算盘企业管理有限公司 Data security protection management and control system based on cloud computing
CN118611984B (en) * 2024-08-06 2024-11-05 浙江无界矩阵科技有限责任公司 A vehicle network security terminal threat intrusion detection system
CN119538165B (en) * 2025-01-23 2025-05-13 河北博勒皓拓节能科技有限公司 Temperature monitoring system and temperature monitoring method of water jacket heating furnace

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111611315A (en) * 2020-05-25 2020-09-01 辽宁大学 Multi-fork tree structure blockchain integration optimization storage method for financial big data
CN111784392A (en) * 2020-06-29 2020-10-16 中国平安财产保险股份有限公司 Method, device and device for detecting abnormal user group based on isolated forest
CN111833172A (en) * 2020-05-25 2020-10-27 百维金科(上海)信息科技有限公司 Consumption credit fraud detection method and system based on isolated forest
US20200374720A1 (en) * 2018-06-04 2020-11-26 Jiangnan University Method for Detecting Abnormal Data in Sensor Network
CN112633395A (en) * 2020-12-29 2021-04-09 平安科技(深圳)有限公司 Abnormal data detection method and device, computer equipment and storage medium
US20210160266A1 (en) * 2019-11-27 2021-05-27 Telefonaktiebolaget Lm Ericsson (Publ) Computer-implemented method and arrangement for classifying anomalies

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109859029A (en) * 2019-01-04 2019-06-07 深圳壹账通智能科技有限公司 Abnormal application detection method, device, computer equipment and storage medium
CN111798312B (en) * 2019-08-02 2024-03-01 深圳索信达数据技术有限公司 Financial transaction system anomaly identification method based on isolated forest algorithm
CN113283901B (en) * 2021-04-19 2022-11-01 河南大学 A bytecode-based fraud contract detection method for blockchain platform
CN113034145B (en) * 2021-05-24 2021-09-03 智安链云科技(北京)有限公司 Method and device for judging transaction category of user abnormal encrypted digital asset

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200374720A1 (en) * 2018-06-04 2020-11-26 Jiangnan University Method for Detecting Abnormal Data in Sensor Network
US20210160266A1 (en) * 2019-11-27 2021-05-27 Telefonaktiebolaget Lm Ericsson (Publ) Computer-implemented method and arrangement for classifying anomalies
CN111611315A (en) * 2020-05-25 2020-09-01 辽宁大学 Multi-fork tree structure blockchain integration optimization storage method for financial big data
CN111833172A (en) * 2020-05-25 2020-10-27 百维金科(上海)信息科技有限公司 Consumption credit fraud detection method and system based on isolated forest
CN111784392A (en) * 2020-06-29 2020-10-16 中国平安财产保险股份有限公司 Method, device and device for detecting abnormal user group based on isolated forest
CN112633395A (en) * 2020-12-29 2021-04-09 平安科技(深圳)有限公司 Abnormal data detection method and device, computer equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
赵嫚;李英娜;李川;杨莉;: "基于模糊聚类和孤立森林的用电数据异常检测", 陕西理工大学学报(自然科学版), no. 04, 20 August 2020 (2020-08-20) *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114116733A (en) * 2022-01-26 2022-03-01 国网区块链科技(北京)有限公司 Data abnormal operation detection and tracing system and method for distribution automation system
CN115102729A (en) * 2022-06-10 2022-09-23 深圳市迅雷网络技术有限公司 Block chain input data anomaly detection method based on multi-node supervision system
CN115660689A (en) * 2022-11-03 2023-01-31 淮阴工学院 User behavior monitoring method and device based on block chain financial fraud
CN116663871A (en) * 2023-08-02 2023-08-29 苏州安极能新能源发展有限公司 Electricity Demand Forecasting Method and System
CN116663871B (en) * 2023-08-02 2023-10-13 苏州安极能新能源发展有限公司 Method and system for predicting electricity demand
CN117201203A (en) * 2023-11-07 2023-12-08 西安芝麻数据科技发展有限公司 Block chain-based supply chain data secure sharing system and method
CN117201203B (en) * 2023-11-07 2024-02-23 西安芝麻数据科技发展有限公司 Block chain-based supply chain data secure sharing system and method
CN117408734A (en) * 2023-12-15 2024-01-16 广东云百科技有限公司 Customer information intelligent management system based on Internet of things equipment
CN117408734B (en) * 2023-12-15 2024-03-19 广东云百科技有限公司 Customer information intelligent management system based on Internet of things equipment
CN118821026A (en) * 2024-09-12 2024-10-22 贵州大学 An Internet of Things monitoring method and system for mercury-containing waste treatment

Also Published As

Publication number Publication date
WO2023050620A1 (en) 2023-04-06

Similar Documents

Publication Publication Date Title
CN113961434A (en) A method and system for monitoring abnormal behavior of users in a distributed blockchain system
CN112398779B (en) Network traffic data analysis method and system
CN109450845B (en) Detection method for generating malicious domain name based on deep neural network algorithm
Jongsuebsuk et al. Real-time intrusion detection with fuzzy genetic algorithm
CN108768986A (en) A kind of encryption traffic classification method and server, computer readable storage medium
CN115242559B (en) Network traffic intrusion detection method based on blockchain and federated learning
CN111107107B (en) Network behavior detection method and device, computer equipment and storage medium
CN110943974B (en) DDoS (distributed denial of service) anomaly detection method and cloud platform host
JP2019110513A (en) Anomaly detection method, learning method, anomaly detection device, and learning device
Lingyu et al. A hierarchical classification approach for tor anonymous traffic
US20240187446A1 (en) Method and system for detecting complex multi-step attack in electric power system
CN113706100B (en) Method and system for real-time detection and identification of IoT terminal equipment in distribution network
CN104660464A (en) Network anomaly detection method based on non-extensive entropy
Liang et al. FECC: DNS tunnel detection model based on CNN and clustering
CN115426137A (en) Malicious encrypted network flow detection tracing method and system
CN116318975A (en) A method and system for detecting malicious traffic based on multi-session and multi-protocol
CN110011990B (en) Intelligent analysis method for intranet security threats
CN116155572A (en) Encryption traffic network intrusion detection method based on ensemble learning
CN112910865B (en) A Maximum Likelihood Estimation Method and System for Inferring Attack Stage Based on Factor Graph
CN116506230B (en) Data acquisition method and system based on RSA asymmetric encryption
CN115842636A (en) Network abnormal behavior monitoring method and device based on time sequence characteristics
CN106339293B (en) A kind of log event extracting method based on signature
CN117375958A (en) Web application system identification method and device and readable storage medium
CN114124834B (en) Integrated learning device and method for ICMP hidden tunnel detection in industrial control network
US20240220610A1 (en) Security data processing device, security data processing method, and computer-readable storage medium for storing program for processing security data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination