CN113961434A - Method and system for monitoring abnormal behaviors of distributed block chain system users - Google Patents

Method and system for monitoring abnormal behaviors of distributed block chain system users Download PDF

Info

Publication number
CN113961434A
CN113961434A CN202111153349.5A CN202111153349A CN113961434A CN 113961434 A CN113961434 A CN 113961434A CN 202111153349 A CN202111153349 A CN 202111153349A CN 113961434 A CN113961434 A CN 113961434A
Authority
CN
China
Prior art keywords
data
abnormal
behavior
isolated
depth
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111153349.5A
Other languages
Chinese (zh)
Inventor
谢海鹏
王昀
汤凌峰
李更丰
别朝红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Jiaotong University
Original Assignee
Xian Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Jiaotong University filed Critical Xian Jiaotong University
Priority to CN202111153349.5A priority Critical patent/CN113961434A/en
Priority to PCT/CN2021/142711 priority patent/WO2023050620A1/en
Publication of CN113961434A publication Critical patent/CN113961434A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3438Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a method and a system for monitoring abnormal behaviors of a user in a distributed block chain system, which are characterized in that after the behavior data of the user is preprocessed and desensitized, data features are extracted from the behavior data after preprocessing and desensitizing, then the extracted data features are shared among all nodes of the block chain to form a complete data chain, all nodes synchronize the block to obtain processed feature data, then all the data are dispersed to a plurality of branches in an isolated tree according to the data features of a certain dimension by constructing the isolated tree, abnormal values of detected data can be obtained by calculating the path depth and the average path depth of the data in the isolated forest constructed by the isolated trees, the problems of difficult abnormal monitoring and low accuracy of high-dimensional big data of the block chain are solved, and the calculation efficiency is improved by adopting a distributed algorithm, and reliable guarantee is provided for the safety of the block chain system transaction.

Description

Method and system for monitoring abnormal behaviors of distributed block chain system users
Technical Field
The invention belongs to the technical field of wind control related to blockchain transactions, and particularly relates to a method and a system for monitoring abnormal behaviors of a user in a distributed blockchain system.
Background
A block chain is a chain data structure that combines data blocks in a sequential manner in a chronological order. As a new distributed data storage technology, due to the characteristics of decentralization, distributed storage and the like, the distributed data storage technology attracts high attention of various industries and is becoming an important force for driving technical innovation and industrial revolution of various industries.
With the increasing maturity of blockchain technologies and the gradual expansion of blockchain applications, privacy and security of blockchain transactions are receiving wide attention. The traditional block chain system verifies the authenticity of a user through an asymmetric encryption method. However, when an attacker intercepts the user's key through a network attack form outside the blockchain, the attacker can directly control the user to do fraudulent trading behavior in the blockchain trading system. Therefore, how to accurately determine and screen abnormal behaviors in blockchain transactions becomes a key point of research.
The abnormal behavior can be identified as an abnormal point detection problem, that is, a group of data points is searched for points which are sparsely distributed and are far away from a group with high distance density. The traditional abnormal point detection technology, such as an EM algorithm based on statistics, a k-means algorithm based on clustering, a DBSCAN algorithm based on density and the like, has the problems of large time complexity, difficulty in parameter or model selection, poor high-dimensional data detection effect, incapability of distributed calculation and the like, and is not suitable for a large-data, distributed and high-dimensional block chain system. Therefore, it is necessary and urgent to study the abnormal behavior detection of the blockchain system.
Disclosure of Invention
The invention aims to provide a method and a system for monitoring abnormal user behaviors in a distributed block chain system, so as to overcome the defects of the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method for monitoring abnormal behaviors of users in a distributed block chain system comprises the following steps:
s1, acquiring behavior data of each user in the block chain transaction system;
s2, preprocessing and desensitizing the collected behavior data;
s3, extracting data characteristics from the behavior data after the preprocessing and desensitization processing;
s4, the extracted feature data are combined into a verification information block and uploaded to a block chain, and each node synchronizes the block to obtain the processed feature data;
and S5, simultaneously constructing an isolated tree by each node according to the acquired feature data, calculating the data depth and the average depth of the isolated tree, then summarizing the data depth and the average depth calculated by each node, scoring the calculated user behavior, judging the user behavior to be abnormal if the score of the user behavior exceeds a set threshold, forming an abnormal information block by the related information of the abnormal behavior, uploading the abnormal information block to a block chain, and performing self-checking on the corresponding behavior by each node according to the information of the abnormal information block.
Further, the behavior data of the user is a vector consisting of a user account, user login time, login IP, transaction amount, transaction time and transaction type.
Further, the preprocessing refers to removing incomplete and repeated data and filling missing data.
Further, the desensitization processing is to perform hash encryption on the user account and the login IP, and convert the login time and the transaction time of the user into a timestamp.
Further, the data characteristics include login time difference, login IP hash value, transaction amount standard deviation, transaction amount discrete coefficient, transaction time difference and transaction type number.
Further, each node simultaneously constructs an isolated tree according to the acquired feature data, and calculates the data depth and the average depth of the isolated tree, specifically comprising the following steps:
1) randomly selecting n samples from all data, and generating an isolated tree;
2) randomly selecting the same data characteristic of n samples, randomly selecting a value between the maximum value and the minimum value of the characteristic, performing binary division on the samples, dividing the data which is smaller than the value in the samples to the left branch of the layer tree, and dividing the data which is larger than or equal to the value to the right branch of the layer tree;
3) repeating step 2) in the left and right branches, respectively, until the data is irrevocable or the binary tree reaches a defined maximum depth log2(n)。
Further, the average path depth of all data in the isolated tree is
Figure BDA0003287790710000031
Where H (n-1) ═ ln (n-1) +0.5772156649, the path depth of any data in a certain isolated tree is H (x) ═ e + C (t.size), where e represents the number of edges through which the data crosses from the start of the isolated tree to the branch where the data crosses, t.size represents the number of samples at the same minimum branch as the data, and C (t.size) is actually a path depth correction for data that can be continuously divided up to the maximum depth.
Further, scoring the calculated user behavior after summarizing the data depth and the average depth calculated according to each node, and judging whether the user behavior is abnormal: the node score calculation method comprises
Figure BDA0003287790710000032
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, so that the user behavior corresponding to the data is considered to have abnormality.
A distributed block chain system user abnormal behavior monitoring system comprises a data acquisition module, a preprocessing module and an abnormal monitoring module;
the data acquisition module is used for acquiring behavior data of each user in the block chain transaction system and transmitting the acquired data to the preprocessing module; the preprocessing module is used for preprocessing and desensitizing the acquired behavior data, extracting data characteristics from the behavior data after preprocessing and desensitizing, then forming verification information blocks by the extracted characteristic data and uploading the verification information blocks to a block chain, and synchronizing the blocks by each node to acquire the processed characteristic data; the anomaly monitoring module is connected with each node, an isolated tree is simultaneously constructed at each node according to the acquired feature data, the data depth and the average depth of the isolated tree are calculated, then the data depth and the average depth calculated by each node are summarized and the calculated user behavior is scored, if the user behavior score exceeds a set threshold value, the user behavior is judged to be abnormal, the related information of the abnormal behavior is formed into an abnormal information block and uploaded to a block chain, and each node performs self-checking of the corresponding behavior according to the information of the abnormal information block.
Further, the abnormity monitoring module calculates according to the node score as
Figure BDA0003287790710000041
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, and the user behavior corresponding to the data is considered to have abnormality.
Compared with the prior art, the invention has the following beneficial technical effects:
the invention relates to a method for monitoring abnormal behaviors of a user in a distributed block chain system, which extracts data characteristics from behavior data after preprocessing and desensitization processing by preprocessing and desensitization processing the behavior data of the user, then the extracted data characteristics are shared among all nodes of the block chain to form a complete data chain, all nodes synchronize the block to obtain processed characteristic data, then, by constructing an isolated tree, all data is dispersed to a plurality of branches in the isolated tree according to the data characteristics of a certain dimension, by calculating the path depth and mean path depth of the data in an solitary forest constructed from a plurality of solitary trees, can obtain abnormal values of the detected data, is beneficial to overcoming the problems of difficult monitoring and low accuracy of abnormal data of high dimension of the block chain, and the calculation efficiency is improved by adopting a distributed algorithm, and reliable guarantee is provided for the safety of block chain system transaction.
Furthermore, the behavior data of the user is a vector consisting of the user account, the user login time, the login IP, the transaction amount, the transaction time and the transaction type, so that the user information can be accurately reflected, and the calculation accuracy is improved.
Furthermore, the isolated trees are independently generated by utilizing each node, and the tree depth of each data is uploaded to the system, so that the distributed algorithm is not only matched with a distributed decentralized architecture of the block chain system, but also is higher in calculation efficiency and higher in speed of distinguishing abnormal behaviors compared with a traditional method for forming the isolated forest by repeatedly generating the isolated trees on a single device, the isolated forest algorithm is more suitable for practical engineering application, and quick and effective safety guarantee is provided for the block chain system.
The invention discloses a distributed block chain system user abnormal behavior monitoring system which comprises a data acquisition module, a preprocessing module and an abnormal monitoring module;
the data acquisition module is used for acquiring behavior data of each user in the block chain transaction system, the anomaly monitoring module is used for efficiently judging the anomalous behavior of the block chain transaction system based on the isolated tree, the isolated tree is used for carrying out calculation only through the data, indexes such as density and distance of the data are not required to be calculated, and the calculation time is greatly reduced.
Drawings
Fig. 1 is a flowchart illustrating interaction between a node and a system in an anomaly identification process according to an embodiment of the present invention.
FIG. 2 is a flow chart of an implementation of an isolated forest algorithm in an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the accompanying drawings:
as shown in fig. 1, a method for monitoring abnormal behavior of a user in a distributed blockchain system includes the following steps:
s1, acquiring behavior data of each user in the block chain transaction system;
specifically, the system acquires behavior data of each user in the blockchain transaction system, the system acquires the blockchain transaction system in a private chain by using a blockchain management system, and the system randomly selects one or more nodes with computing power in a public chain and a alliance chain according to a consensus mechanism. User behavior refers to a user logging into or conducting a transaction in a blockchain transaction system. The user's behavior data is a vector consisting of the user account, the user login time, the login IP, the transaction amount, the transaction time, and the transaction type.
S2, preprocessing and desensitizing the collected behavior data;
preprocessing refers to removing incomplete and repeated data and filling missing data; the method comprises the steps that repeated partial content cleaning is carried out on information of the same user appearing for many times in behavior data, one part is reserved, multiple information data of the same user are complementarily reserved, and all information of the same user are fused to remove repeated data;
the desensitization treatment is to perform hash encryption on the user account and the login IP, namely yIP=SHA256(xIP) Wherein x isIPAnd yIPFor the IP addresses before and after encryption, SHA256 is an anti-collision irreversible encryption algorithm, and converts any character string into a 64-bit 16-system encryption result; converting the user's login time and transaction time to a timestamp, i.e. ytime=timestamp(xtime) Wherein x istimeAnd ytimeFor time information before and after conversion, timestamp is a timestamp conversion algorithm, and can convert time into a 10-bit 10-system digital result.
S3, extracting data characteristics from the behavior data after the preprocessing and desensitization processing;
the data characteristics comprise login time difference (namely the difference value of two login time stamps) and login IP hash value, and the data characteristics and the transaction amount standard difference of which the first 4 bits are IP addresses of the hash encryption result can be intercepted due to overlong hash encryption length and the anti-collision property of the hash encryption algorithm, namely the data characteristics and the transaction amount standard difference are acquired
Figure BDA0003287790710000061
Wherein
Figure BDA0003287790710000062
Is the average value of the transaction amount, the discrete coefficient of the transaction amount, i.e.
Figure BDA0003287790710000063
The transaction time difference is the difference between the timestamps of two consecutive transactions and the transaction type number.
S4, the extracted feature data are combined into a verification information block and uploaded to a block chain, and each node synchronizes the block to obtain the processed feature data;
and S5, simultaneously constructing an isolated tree by each node according to the acquired feature data, calculating the data depth and the average depth of the isolated tree, then summarizing the data depth and the average depth calculated by each node, scoring the calculated user behavior, judging the user behavior to be abnormal if the score of the user behavior exceeds a set threshold, forming an abnormal information block by the related information of the abnormal behavior, uploading the abnormal information block to a block chain, and performing self-checking on the corresponding behavior by each node according to the information of the abnormal information block.
As shown in fig. 2, each node simultaneously constructs an isolated tree according to the acquired feature data, and calculates the data depth and the average depth of the isolated tree, specifically including the following steps:
1) randomly selecting n samples from all data, and generating an isolated tree;
2) the same data feature of n samples is randomly selected, a value is randomly selected between the maximum value and the minimum value of the feature, and the samples are divided into two branches. And dividing the data which is less than the value in the sample into the left branch of the layer tree, and dividing the data which is more than or equal to the value into the right branch of the layer tree.
3) Repeating step 2) in the left and right branches, respectively, until the data is irrevocable or the binary tree reaches a defined maximum depth log2(n);
4) The average path depth of all data in the isolated tree is
Figure BDA0003287790710000071
Wherein H (n-1) ═ ln (n-1) + 0.5772156649. For any data, its path depth at a certain orphan tree is h (x) e + C (t. Where e represents the number of edges the data passes from the start of the isolated tree to the bifurcation of the data, t.size represents the number of samples at the same minimum bifurcation as the data, and C (t.size) is a path depth correction for data that has reached maximum depth but can in fact continue to be divided.
And scoring the calculated user behavior after summarizing the data depth and the average depth calculated by each node, and judging whether the user behavior is abnormal. The node score calculation method comprises
Figure BDA0003287790710000072
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, so that the user behavior corresponding to the data is considered to have abnormality. And the related information of the abnormal behaviors is combined into an abnormal information block and uploaded to a block chain, and each node performs self-checking of the corresponding behaviors according to the information of the abnormal information block.
According to the method for monitoring the abnormal behaviors of the distributed blockchain system user, the isolated forest algorithm is adopted to realize the efficient judgment of the abnormal behaviors of the blockchain trading system, and the isolated forest algorithm only needs to carry out calculation through data and does not need to calculate indexes such as density and distance of the data, so that the calculation time is greatly reduced. In addition, the isolated forest model does not need to learn and train the existing data, so that new abnormal data can be recognized, and the limitation that only the existing or part of preset abnormal behaviors can be recognized in the traditional engineering application is reduced.
By independently generating the isolated trees by using each node and uploading the tree depth of each data to the system, the distributed algorithm is not only matched with a distributed decentralized architecture of the block chain system, but also is compared with the traditional method of repeatedly generating the isolated trees on a single device to form the isolated forest, so that the calculation efficiency is further improved, the speed of distinguishing abnormal behaviors is accelerated, the isolated forest algorithm is more suitable for the practical application of engineering, and the quick and effective safety guarantee is provided for the block chain system.
By constructing the orphan tree, all data is scattered to multiple branches in the orphan tree according to the data characteristics of a certain dimension. For anomalous data, it is usually scattered closer to the tree root due to some more obvious data characteristics. The abnormal value of the detected data can be obtained by calculating the path depth and the average path depth of the data in the isolated forest constructed by a plurality of isolated trees, the larger the value is, the more probable the abnormal data is, the method is favorable for overcoming the problems of difficult abnormal monitoring and low accuracy of the high-dimensional data of the block chain, and the method improves the calculation efficiency by adopting a distributed algorithm and provides reliable guarantee for the safety of the block chain system transaction.

Claims (10)

1. A method for monitoring abnormal behaviors of users in a distributed block chain system is characterized by comprising the following steps:
s1, acquiring behavior data of each user in the block chain transaction system;
s2, preprocessing and desensitizing the collected behavior data;
s3, extracting data characteristics from the behavior data after the preprocessing and desensitization processing;
s4, the extracted feature data are combined into a verification information block and uploaded to a block chain, and each node synchronizes the block to obtain the processed feature data;
and S5, simultaneously constructing an isolated tree by each node according to the acquired feature data, calculating the data depth and the average depth of the isolated tree, then summarizing the data depth and the average depth calculated by each node, scoring the calculated user behavior, judging the user behavior to be abnormal if the score of the user behavior exceeds a set threshold, forming an abnormal information block by the related information of the abnormal behavior, uploading the abnormal information block to a block chain, and performing self-checking on the corresponding behavior by each node according to the information of the abnormal information block.
2. The method for monitoring the abnormal user behavior in the distributed blockchain system according to claim 1, wherein the user behavior data is a vector consisting of a user account, user login time, login IP, transaction amount, transaction time and transaction type.
3. The method of claim 1, wherein preprocessing comprises removing missing and repeated data and filling in missing data.
4. The method for monitoring the abnormal user behavior of the distributed blockchain system according to claim 1, wherein the desensitization process is to perform hash encryption on a user account and a login IP, and convert a login time and a transaction time of a user into a timestamp.
5. The method for monitoring the abnormal user behavior of the distributed blockchain system according to claim 1, wherein the data characteristics comprise login time difference, login IP hash value, transaction amount standard deviation, transaction amount discrete coefficient, transaction time difference and transaction type number.
6. The method for monitoring the abnormal user behavior in the distributed blockchain system according to claim 1, wherein each node simultaneously constructs an isolated tree according to the acquired feature data, and calculates the data depth and the average depth of the isolated tree, specifically comprising the following steps:
1) randomly selecting n samples from all data, and generating an isolated tree;
2) randomly selecting the same data characteristic of n samples, randomly selecting a value between the maximum value and the minimum value of the characteristic, performing binary division on the samples, dividing the data which is smaller than the value in the samples to the left branch of the layer tree, and dividing the data which is larger than or equal to the value to the right branch of the layer tree;
3) repeating step 2) in the left and right branches, respectively, until the data is irrevocable or the binary tree reaches a defined maximum depth log2(n)。
7. The method as claimed in claim 6, wherein the average path depth of all data in the orphan tree is
Figure FDA0003287790700000021
Where H (n-1) ═ ln (n-1) +0.5772156649, the path depth of any data in a certain isolated tree is H (x) ═ e + C (t.size), where e represents the number of edges through which the data crosses from the start of the isolated tree to the branch where the data crosses, t.size represents the number of samples at the same minimum branch as the data, and C (t.size) is actually a path depth correction for data that can be continuously divided up to the maximum depth.
8. The method as claimed in claim 6, wherein the user behavior is scored after the data depth and the average depth calculated by each node are summarized, and whether the user behavior is abnormal or not is determined: the node score calculation method comprises
Figure FDA0003287790700000022
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, so that the user behavior corresponding to the data is considered to have abnormality.
9. A distributed block chain system user abnormal behavior monitoring system is characterized by comprising a data acquisition module, a preprocessing module and an abnormal monitoring module;
the data acquisition module is used for acquiring behavior data of each user in the block chain transaction system and transmitting the acquired data to the preprocessing module; the preprocessing module is used for preprocessing and desensitizing the acquired behavior data, extracting data characteristics from the behavior data after preprocessing and desensitizing, then forming verification information blocks by the extracted characteristic data and uploading the verification information blocks to a block chain, and synchronizing the blocks by each node to acquire the processed characteristic data; the anomaly monitoring module is connected with each node, an isolated tree is simultaneously constructed at each node according to the acquired feature data, the data depth and the average depth of the isolated tree are calculated, then the data depth and the average depth calculated by each node are summarized and the calculated user behavior is scored, if the user behavior score exceeds a set threshold value, the user behavior is judged to be abnormal, the related information of the abnormal behavior is formed into an abnormal information block and uploaded to a block chain, and each node performs self-checking of the corresponding behavior according to the information of the abnormal information block.
10. The system according to claim 9, wherein the anomaly monitoring module calculates a node score according to a method of computing node scores
Figure FDA0003287790700000031
Wherein E (h (x)) represents the path depth mean of the data x in all the isolated trees; when 0 is present<When score (x) < 0.5, proving that the data x can be isolated from other data through more binary divisions, and therefore considering that the user behavior corresponding to the data is normal; when 0.5 < score (x) < 1, the data x is proved to be isolated from other data through binary division for less times, and the user behavior corresponding to the data is considered to have abnormality.
CN202111153349.5A 2021-09-29 2021-09-29 Method and system for monitoring abnormal behaviors of distributed block chain system users Pending CN113961434A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202111153349.5A CN113961434A (en) 2021-09-29 2021-09-29 Method and system for monitoring abnormal behaviors of distributed block chain system users
PCT/CN2021/142711 WO2023050620A1 (en) 2021-09-29 2021-12-29 Method and system for monitoring abnormal user behavior in distributed blockchain system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111153349.5A CN113961434A (en) 2021-09-29 2021-09-29 Method and system for monitoring abnormal behaviors of distributed block chain system users

Publications (1)

Publication Number Publication Date
CN113961434A true CN113961434A (en) 2022-01-21

Family

ID=79463306

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111153349.5A Pending CN113961434A (en) 2021-09-29 2021-09-29 Method and system for monitoring abnormal behaviors of distributed block chain system users

Country Status (2)

Country Link
CN (1) CN113961434A (en)
WO (1) WO2023050620A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114116733A (en) * 2022-01-26 2022-03-01 国网区块链科技(北京)有限公司 Data abnormal operation detection and tracing system and method for distribution automation system
CN115660689A (en) * 2022-11-03 2023-01-31 淮阴工学院 User behavior monitoring method and device based on block chain financial fraud
CN116663871A (en) * 2023-08-02 2023-08-29 苏州安极能新能源发展有限公司 Method and system for predicting electricity demand
CN117201203A (en) * 2023-11-07 2023-12-08 西安芝麻数据科技发展有限公司 Block chain-based supply chain data secure sharing system and method
CN117408734A (en) * 2023-12-15 2024-01-16 广东云百科技有限公司 Customer information intelligent management system based on Internet of things equipment

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116823816B (en) * 2023-08-28 2023-11-21 济南正邦电子科技有限公司 Detection equipment and detection method based on security monitoring static memory
CN116827971B (en) * 2023-08-29 2023-11-24 北京国网信通埃森哲信息技术有限公司 Block chain-based carbon emission data storage and transmission method, device and equipment
CN116911806B (en) * 2023-09-11 2023-11-28 湖北华中电力科技开发有限责任公司 Internet + based power enterprise energy information management system
CN117150244B (en) * 2023-10-30 2024-01-26 山东凯莱电气设备有限公司 Intelligent power distribution cabinet state monitoring method and system based on electrical parameter analysis
CN117648704B (en) * 2023-11-10 2024-07-23 国网宁夏电力有限公司电力科学研究院 Block chain-based data security interaction method, medium and system
CN117632937B (en) * 2023-12-06 2024-04-30 北京开元泰达净化设备有限公司 Industrial Internet big data platform and data processing method
CN117370898B (en) * 2023-12-08 2024-03-12 钛合联(深圳)科技有限公司 Electronic data safety control system
CN117454283A (en) * 2023-12-22 2024-01-26 深圳前海慧联科技发展有限公司 State evaluation method for wind turbine generator operation detection data
CN117454096B (en) * 2023-12-25 2024-03-01 西安高商智能科技有限责任公司 Motor production quality detection method and system
CN118227836A (en) * 2024-02-04 2024-06-21 江苏省海洋资源开发研究院(连云港) Block chain-based data processing method, device and storage medium
CN118041812A (en) * 2024-03-27 2024-05-14 国网山东省电力公司 Block chain-based method and system for evaluating data transmission under chain upper chain
CN118200950B (en) * 2024-05-17 2024-08-02 武汉众诚华鑫科技有限公司 Method and system for inspecting telecommunication base station
CN118245734B (en) * 2024-05-24 2024-08-09 深圳鼎智通讯股份有限公司 POS machine data intelligent processing method based on 5G technology

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109859029A (en) * 2019-01-04 2019-06-07 深圳壹账通智能科技有限公司 Abnormal application detection method, device, computer equipment and storage medium
CN111798312B (en) * 2019-08-02 2024-03-01 深圳索信达数据技术有限公司 Financial transaction system anomaly identification method based on isolated forest algorithm
US11582249B2 (en) * 2019-11-27 2023-02-14 Telefonaktiebolaget Lm Ericsson (Publ) Computer-implemented method and arrangement for classifying anomalies
CN111833172A (en) * 2020-05-25 2020-10-27 百维金科(上海)信息科技有限公司 Consumption credit fraud detection method and system based on isolated forest
CN113283901B (en) * 2021-04-19 2022-11-01 河南大学 Byte code-based fraud contract detection method for block chain platform
CN113034145B (en) * 2021-05-24 2021-09-03 智安链云科技(北京)有限公司 Method and device for judging transaction category of user abnormal encrypted digital asset

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114116733A (en) * 2022-01-26 2022-03-01 国网区块链科技(北京)有限公司 Data abnormal operation detection and tracing system and method for distribution automation system
CN115660689A (en) * 2022-11-03 2023-01-31 淮阴工学院 User behavior monitoring method and device based on block chain financial fraud
CN116663871A (en) * 2023-08-02 2023-08-29 苏州安极能新能源发展有限公司 Method and system for predicting electricity demand
CN116663871B (en) * 2023-08-02 2023-10-13 苏州安极能新能源发展有限公司 Method and system for predicting electricity demand
CN117201203A (en) * 2023-11-07 2023-12-08 西安芝麻数据科技发展有限公司 Block chain-based supply chain data secure sharing system and method
CN117201203B (en) * 2023-11-07 2024-02-23 西安芝麻数据科技发展有限公司 Block chain-based supply chain data secure sharing system and method
CN117408734A (en) * 2023-12-15 2024-01-16 广东云百科技有限公司 Customer information intelligent management system based on Internet of things equipment
CN117408734B (en) * 2023-12-15 2024-03-19 广东云百科技有限公司 Customer information intelligent management system based on Internet of things equipment

Also Published As

Publication number Publication date
WO2023050620A1 (en) 2023-04-06

Similar Documents

Publication Publication Date Title
CN113961434A (en) Method and system for monitoring abnormal behaviors of distributed block chain system users
CN111277578B (en) Encrypted flow analysis feature extraction method, system, storage medium and security device
CN110247930B (en) Encrypted network flow identification method based on deep neural network
CN107070943B (en) Industrial internet intrusion detection method based on flow characteristic diagram and perceptual hash
CN108768986B (en) Encrypted traffic classification method, server and computer readable storage medium
CN109450845B (en) Detection method for generating malicious domain name based on deep neural network algorithm
CN111107072B (en) Authentication graph embedding-based abnormal login behavior detection method and system
CN107360145A (en) A kind of multinode honey pot system and its data analysing method
CN108282460B (en) Evidence chain generation method and device for network security event
CN110011990B (en) Intelligent analysis method for intranet security threats
JP2019110513A (en) Anomaly detection method, learning method, anomaly detection device, and learning device
CN116070206B (en) Abnormal behavior detection method, system, electronic equipment and storage medium
CN113656807A (en) Vulnerability management method, device, equipment and storage medium
CN113706100B (en) Real-time detection and identification method and system for Internet of things terminal equipment of power distribution network
CN104123501A (en) Online virus detection method based on assembly of multiple detectors
CN113259367B (en) Industrial control network flow multistage anomaly detection method and device
CN112039907A (en) Automatic testing method and system based on Internet of things terminal evaluation platform
CN116506230A (en) Data acquisition method and system based on RSA asymmetric encryption
CN116781341A (en) Decentralised network DDoS attack identification method based on large language model
CN114124834B (en) Integrated learning device and method for ICMP hidden tunnel detection in industrial control network
CN111371727A (en) Detection method for NTP protocol covert communication
CN115883152A (en) Network flow attack detection method, system and storage medium based on federal learning
CN112561538B (en) Risk model creation method, apparatus, computer device and readable storage medium
CN112733144A (en) Malicious program intelligent detection method based on deep learning technology
Yang et al. User Log Anomaly Detection System Based on Isolation Forest

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination