CN114006713A - Trust architecture for node diversity - Google Patents
Trust architecture for node diversity Download PDFInfo
- Publication number
- CN114006713A CN114006713A CN202011136481.0A CN202011136481A CN114006713A CN 114006713 A CN114006713 A CN 114006713A CN 202011136481 A CN202011136481 A CN 202011136481A CN 114006713 A CN114006713 A CN 114006713A
- Authority
- CN
- China
- Prior art keywords
- diversity
- trust
- user
- node
- architecture
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000005516 engineering process Methods 0.000 claims abstract description 23
- 238000000034 method Methods 0.000 claims abstract description 23
- 210000000987 immune system Anatomy 0.000 claims abstract description 20
- 230000006399 behavior Effects 0.000 claims description 42
- 230000002159 abnormal effect Effects 0.000 claims description 12
- 238000004891 communication Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 9
- 238000004458 analytical method Methods 0.000 claims description 8
- 230000008901 benefit Effects 0.000 claims description 5
- 230000007123 defense Effects 0.000 claims description 5
- 230000007246 mechanism Effects 0.000 claims description 5
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 4
- 241000700605 Viruses Species 0.000 claims description 4
- 238000013473 artificial intelligence Methods 0.000 claims description 4
- 230000000903 blocking effect Effects 0.000 claims description 4
- 230000006378 damage Effects 0.000 claims description 4
- 230000035515 penetration Effects 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 4
- 230000026676 system process Effects 0.000 claims description 4
- 230000004931 aggregating effect Effects 0.000 claims description 3
- 238000004364 calculation method Methods 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims description 3
- 230000008713 feedback mechanism Effects 0.000 claims description 3
- 230000008447 perception Effects 0.000 claims description 3
- 230000001902 propagating effect Effects 0.000 claims description 3
- 230000004888 barrier function Effects 0.000 abstract description 3
- 238000001914 filtration Methods 0.000 abstract description 2
- 230000009471 action Effects 0.000 description 3
- 230000002085 persistent effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to the technical field of network architecture, and discloses a trust architecture aiming at node diversity, which comprises the following steps: the method comprises the following steps: three major systems are established, and the three major systems are divided into three parts, including: 1. the diversity Trust architecture system is divided into two parts, namely trusted chip diversity and operating system diversity, wherein the trusted chip diversity comprises a plurality of TPM/Intel-SGX/ARM-Trust-Zone chips. By arranging the diversified trust framework, the intelligent AI technology and the continuous immune system, a layer of filtering barrier can be formed in the network, the credible user can be released and the dynamic state of the credible user can be tracked in real time when accessing the website, the credible user can be intercepted and further website access is forbidden when accessing the website, the safety of the website is improved, the safety of data in the website is ensured, and the data leakage in the website is avoided.
Description
Technical Field
The invention relates to the technical field of network architectures, in particular to a trust architecture aiming at node diversity.
Background
The network architecture refers to the structure of computer network, which is composed of computer system, communication link and network node, and it is the field of tight combination of computer technology and communication technology, and it undertakes two kinds of works of data communication and data processing.
Because the informatization development speed is high, certain potential safety hazard exists in data disclosure unauthorized access, and the complex structure of a system network can make the system face more and more threats, the invention provides a trust architecture aiming at node diversity to solve the problems.
Disclosure of Invention
The invention provides a trust framework aiming at node diversity, has the advantages of brand new framework mechanism and AI technology for improving defense capability and sustaining immune system construction to further improve safety, and solves the problems in the background technology.
The invention provides the following technical scheme: a trust architecture for node diversity comprising the steps of:
the method comprises the following steps: three major systems are established, and the three major systems are divided into three parts, including:
1. the diversity Trust architecture system is divided into two parts, namely trusted chip diversity and operating system diversity, wherein the trusted chip diversity comprises TPM \ Intel-SGX \ ARM-Trust-Zone chips, and the operating system diversity comprises Linux \ Windows \ Mac-OS \ Android systems.
2. The intelligent AI technical system is divided into an information collecting system, an indexing system and an inquiry interface.
3. The continuous immune system is divided into a trusted protection white list, user behavior analysis perception, block chain tamper-resistant evidence storage and an autonomous countermeasure strategy.
Step two: the user login authentication is divided into two parts, including:
1. the user holds trust credentials and tokens, i.e. the user can log in to the web page and can access the web page by approval of the web page and the blockchain.
2. The user does not hold trust credentials and tokens, i.e. the user cannot log in to the web page.
Preferably, the diversity trust architecture system, the diversity of the trusted chip and the diversity of the operating system are in an inclusion relationship, that is, the diversity trust architecture system includes both the diversity of the trusted chip and the diversity of the operating system, and the diversity trust architecture system, the intelligent AI technical system and the persistent immune system are in a parallel relationship, when a user accesses a webpage, an account of the user accesses the diversity trust architecture system, the intelligent AI technical system and the persistent immune system in sequence, and the user account can access the webpage after all passing through the diversity trust architecture system, the intelligent AI technical system and the persistent immune system.
Preferably, information gathering can be divided into two strategies: (1) information is cyclically found in the internet in a breadth-first, depth-first or heuristic manner, starting with a set of starting URLs, which may be arbitrary URLs, but are often sites that are very popular and contain many links, following hyperlinks (hyperlinks) in these URLs. (2) The Web space is divided according to domain names, IP addresses or national domain names, and each searcher is responsible for the exhaustive search of one subspace.
Preferably, the index system program analyzes the collected web pages, extracts related web page information, performs a large amount of complex calculations according to a certain relevancy algorithm to obtain the relevancy (or importance) of each web page for each keyword in the page text and the hyperlink, and then establishes a web page index database by using the related information, wherein the validity of a search engine depends on the quality of the index to a great extent.
Preferably, the query interface is that when the user makes a query request, the search engine quickly detects documents in the index database according to the query of the user, performs relevance evaluation of the documents and the query, ranks the results to be output, and implements a certain user relevance feedback mechanism.
Preferably, through a white list mechanism of the trusted state of the server, even an intruder who obtains the highest control right of the server cannot load malicious programs for implementing destruction, such as system backdoor, virus and penetration tool. Therefore, the intrusion means is limited to a great extent, once the credible state of the server is changed, the credible protection system can automatically block the abnormal process and send out an alarm, or send out an alarm to remind an administrator to perform manual blocking.
Preferably, a trusted block chain technology developed autonomously is used for guaranteeing that data on all chains are not tampered. On one hand, even if the external intruder with the highest control right is obtained, the attack trace of the external intruder cannot be erased; on the other hand, even an internal high-level administrator cannot repudiate the illegal behavior, so that internal and external attacks can be effectively prevented.
Preferably, a plurality of data sources such as system processes and operation logs are collected, user and system behaviors are analyzed in an aggregation mode, whether abnormal behaviors exist or not is judged, the risk degree of abnormal events is evaluated, a focused user portrait is beneficial to reducing misjudgment, the identification speed is improved, and internal and external threats are accurately sensed.
Preferably, the user behavior analysis module can generate a corresponding defense strategy based on the existing data source to limit the user behavior or the system behavior, the administrator can also limit the user behavior or the system behavior through a newly-established strategy, and when the user behavior or the system behavior is abnormal, a warning is timely sent out.
Preferably, with the support of artificial intelligence technology, an active countermeasure strategy is automatically formulated for the perceived and prejudged threat, and before an intruder takes the next attack means, security measures are distributed on the attack path at high speed, so as to realize first time response handling.
Preferably, the core technology of the trusted block chain technology is as follows: decentralized trust root based on heterogeneous consensus; namely, the trusted computing technology (TEE/TPM/SGX) is used for protecting the running state of the consensus node from any malicious program; the extensible communication protocol (Stream-Net) further enforces the trustworthiness state between the propagating and aggregating nodes; the trusted mode (Trust-Rank) reflects the frequency of indirect check of one node by other nodes directly or iteratively; the pluggable classification account API accelerates the upper layer block chain consensus process and simultaneously realizes higher safety intensity; the cross-chain communication is realized by a parallel double-chain structure: one for the main service chain and the other for the configuration side chain. With the side-chain technique, configuration updates and acknowledgement information can flow accurately bi-directionally between the configuration chain and the traffic backbone.
The invention has the following beneficial effects:
1. this trust framework to node diversity through being provided with diversity trust framework, intelligent AI technique and lasting immune system, can form one deck in the network and filter the barrier, can pass and track its developments in real time when credible user visits the website, can intercept and forbid further visiting the website when can not visit the website to the user of credit, improves the safety of website, has guaranteed the safety of website internal data, has avoided the inside data of website to reveal.
2. According to the Trust architecture aiming at the node diversity, the trusted chip diversity and the operating system diversity are included in the diversity Trust architecture, the trusted chip diversity comprises TPM \ Intel-SGX \ ARM-Trust-Zone, the operating system diversity comprises a Linux \ Windows \ Mac-OS \ Android system, the requirements of different operating systems can be met, therefore, the operation of a website at different clients can be realized, and the applicability is improved.
3. Through the white list mechanism of the credible state of the server, even if an intruder with the highest control right of the server is obtained, malicious programs for implementing damage, such as system backdoor, virus and penetration tools, cannot be loaded. Therefore, the intrusion means is limited to a great extent, once the credible state of the server is changed, the credible protection system can automatically block the abnormal process and send out an alarm, or send out an alarm to remind an administrator to perform manual blocking.
4. The method has the advantages that various data sources such as system processes and operation logs are integrated, user and system behaviors are analyzed in a gathering mode, whether abnormal behaviors exist or not is judged, the risk degree of abnormal events is evaluated, a user figure is focused, misjudgment is reduced, the identification speed is improved, and internal and external threats are sensed accurately.
5. The user behavior analysis module can generate a corresponding defense strategy based on the existing data source to limit the user behavior or the system behavior, an administrator can also limit the user behavior or the system behavior through a newly-established strategy, and when the user behavior or the system behavior is abnormal, a warning is timely sent out.
6. And the independently developed trusted block chain technology is utilized to ensure that data on all chains are not tampered. On one hand, even if the external intruder with the highest control right is obtained, the attack trace of the external intruder cannot be erased; on the other hand, even an internal high-level administrator cannot repudiate the illegal behavior, so that internal and external attacks can be effectively prevented.
7. Under the support of artificial intelligence technology, an active countermeasure strategy is automatically formulated aiming at the perceived and prejudged threats, and safety measures are distributed on an attack path at high speed before an intruder takes the next attack means, so that first time response handling is realized.
Drawings
FIG. 1 is a schematic diagram of the trust framework workflow of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a trust framework for node diversity includes the following steps:
the method comprises the following steps: three major systems are established, and the three major systems are divided into three parts, including:
1. the diversity Trust architecture system is divided into two parts, namely trusted chip diversity and operating system diversity, wherein the trusted chip diversity comprises TPM \ Intel-SGX \ ARM-Trust-Zone chips, and the operating system diversity comprises Linux \ Windows \ Mac-OS \ Android systems.
2. The intelligent AI technical system is divided into an information collecting system, an indexing system and an inquiry interface.
3. The continuous immune system is divided into a trusted protection white list, user behavior analysis perception, block chain tamper-resistant evidence storage and an autonomous countermeasure strategy.
Through the white list mechanism of the credible state of the server, even if an intruder with the highest control right of the server is obtained, malicious programs for implementing damage, such as system backdoor, virus and penetration tools, cannot be loaded. Therefore, the intrusion means is limited to a great extent, once the credible state of the server is changed, the credible protection system can automatically block the abnormal process and send out an alarm, or send out an alarm to remind an administrator to perform manual blocking.
The method has the advantages that various data sources such as system processes and operation logs are integrated, user and system behaviors are analyzed in a gathering mode, whether abnormal behaviors exist or not is judged, the risk degree of abnormal events is evaluated, a user figure is focused, misjudgment is reduced, the identification speed is improved, and internal and external threats are sensed accurately.
The user behavior analysis module can generate a corresponding defense strategy based on the existing data source to limit the user behavior or the system behavior, an administrator can also limit the user behavior or the system behavior through a newly-established strategy, and when the user behavior or the system behavior is abnormal, a warning is timely sent out.
When the system identifies that the user logs in the network node, the user behavior analysis module can detect and track the position of the user in the node in real time, so that the user is ensured to be verified in the node through a diversified trust framework system, an intelligent AI technical system and a continuous immune system, the behavior safety of the user is ensured to be judged after the user logs in the node, and the relationship between the user and the node is further connected.
And the independently developed trusted block chain technology is utilized to ensure that data on all chains are not tampered. On one hand, even if the external intruder with the highest control right is obtained, the attack trace of the external intruder cannot be erased; on the other hand, even an internal high-level administrator cannot repudiate the illegal behavior, so that internal and external attacks can be effectively prevented.
Aiming at the user behavior and security threat records, the system realizes permanent evidence storage, tamper resistance and traceability of data.
Under the support of artificial intelligence technology, an active countermeasure strategy is automatically formulated aiming at the perceived and prejudged threats, and safety measures are distributed on an attack path at high speed before an intruder takes the next attack means, so that first time response handling is realized.
According to the specific scene of the invasion, threat information is intelligently generated by using a big data analysis means, and support is provided for safety operation and maintenance personnel to make a timely decision and implement manual treatment.
Step two: the user login authentication is divided into two parts, including:
1. the user holds trust credentials and tokens, i.e. the user can log in to the web page and can access the web page by approval of the web page and the blockchain.
2. The user does not hold trust credentials and tokens, i.e. the user cannot log in to the web page.
The diversity trust architecture system, the diversity of the trusted chip and the diversity of the operating system are in an inclusion relationship, namely the diversity trust architecture system comprises the diversity of the trusted chip and the diversity of the operating system, the diversity trust architecture system, the intelligent AI technical system and the continuous immune system are in a parallel relationship, when a user accesses a webpage, an account of the user accesses the diversity trust architecture system, the intelligent AI technical system and the continuous immune system in sequence, and the user account can access the webpage after passing through the diversity trust architecture system, the intelligent AI technical system and the continuous immune system.
The method has the advantages that the diversity trust architecture system, the diversity of the trusted chip and the diversity of the operating system are in inclusion relation, namely the diversity trust architecture system comprises the diversity of the trusted chip and the diversity of the operating system, the diversity trust architecture system, the intelligent AI technical system and the continuous immune system are in parallel relation, when a user accesses a webpage, the account number of the user accesses the diversity trust architecture system, the intelligent AI technical system and the continuous immune system in sequence, the user account number completely passes through the diversity trust architecture system, the intelligent AI technical system and the continuous immune system, the user account number can access the setting of the webpage, the webpage can be guaranteed to have higher safety in verification, and accordingly the safety of the webpage is guaranteed.
The trust framework aiming at node diversity can form a layer of filtering barrier in a network by setting the diversified trust framework, the intelligent AI technology and the continuous immune system, can be released and track the dynamic state of a trusted user in real time when the trusted user accesses a website, can intercept and forbid further access to the website when an untrusted user accesses the website, improves the security of the website, ensures the security of data in the website, and avoids data leakage in the website;
according to the Trust architecture aiming at the node diversity, the trusted chip diversity and the operating system diversity are included in the diversity Trust architecture, the trusted chip diversity comprises TPM \ Intel-SGX \ ARM-Trust-Zone, the operating system diversity comprises a Linux \ Windows \ Mac-OS \ Android system, the requirements of different operating systems can be met, therefore, the operation of a website at different clients can be realized, and the applicability is improved.
Information gathering can be divided into two strategies: (1) information is cyclically found in the internet in a breadth-first, depth-first or heuristic manner, starting with a set of starting URLs, which may be arbitrary URLs, but are often sites that are very popular and contain many links, following hyperlinks (hyperlinks) in these URLs. (2) The Web space is divided according to domain names, IP addresses or national domain names, and each searcher is responsible for the exhaustive search of one subspace.
The index system program analyzes the collected web pages, extracts related web page information, carries out a large amount of complex calculation according to a certain relevancy algorithm to obtain the relevancy (or importance) of each web page for each keyword in page characters and hyperlinks, then establishes a web page index database by using the related information, and the effectiveness of a search engine depends on the index quality to a great extent.
When the user provides the query requirement, the search engine quickly detects the documents in the index database according to the query of the user, evaluates the relevance of the documents and the query, orders the results to be output and realizes a certain user relevance feedback mechanism.
The core technology of the trusted blockchain technology is as follows: decentralized trust root based on heterogeneous consensus; namely, the trusted computing technology (TEE/TPM/SGX) is used for protecting the running state of the consensus node from any malicious program;
the extensible communication protocol (Stream-Net) further enforces the trustworthiness state between the propagating and aggregating nodes;
the trusted mode (Trust-Rank) reflects the frequency of indirect check of one node by other nodes directly or iteratively;
the pluggable classification account API accelerates the upper layer block chain consensus process and simultaneously realizes higher safety intensity;
the cross-chain communication is realized by a parallel double-chain structure: one for the main service chain and the other for the configuration side chain. With the side-chain technique, configuration updates and acknowledgement information can flow accurately bi-directionally between the configuration chain and the traffic backbone.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (11)
1. A trust architecture for node diversity comprising the steps of:
the method comprises the following steps: three major systems are established, and the three major systems are divided into three parts, including:
1. the diversity Trust architecture system is divided into two parts, namely trusted chip diversity and operating system diversity, wherein the trusted chip diversity comprises TPM \ Intel-SGX \ ARM-Trust-Zone chips, and the operating system diversity comprises Linux \ Windows \ Mac-OS \ Android systems.
2. The intelligent AI technical system is divided into an information collecting system, an indexing system and an inquiry interface.
3. The continuous immune system is divided into a trusted protection white list, user behavior analysis perception, block chain tamper-resistant evidence storage and an autonomous countermeasure strategy.
Step two: the user login authentication is divided into two parts, including:
1. the user holds trust credentials and tokens, i.e. the user can log in to the web page and can access the web page by approval of the web page and the blockchain.
2. The user does not hold trust credentials and tokens, i.e. the user cannot log in to the web page.
2. A trust architecture for node diversity according to claim 1, wherein: the diversity trust architecture system, the diversity of the trusted chip and the diversity of the operating system are in an inclusion relationship, namely the diversity trust architecture system comprises the diversity of the trusted chip and the diversity of the operating system, the diversity trust architecture system, the intelligent AI technical system and the continuous immune system are in a parallel relationship, when a user accesses a webpage, an account of the user accesses the diversity trust architecture system, the intelligent AI technical system and the continuous immune system in sequence, and the user account can access the webpage after passing through the diversity trust architecture system, the intelligent AI technical system and the continuous immune system.
3. A trust architecture for node diversity according to claim 1, wherein: information gathering can be divided into two strategies: (1) information is cyclically found in the internet in a breadth-first, depth-first or heuristic manner, starting with a set of starting URLs, which may be arbitrary URLs, but are often sites that are very popular and contain many links, following hyperlinks (hyperlinks) in these URLs. (2) The Web space is divided according to domain names, IP addresses or national domain names, and each searcher is responsible for the exhaustive search of one subspace.
4. A trust architecture for node diversity according to claim 1, wherein: the index system program analyzes the collected web pages, extracts related web page information, carries out a large amount of complex calculation according to a certain relevancy algorithm to obtain the relevancy (or importance) of each web page for each keyword in page characters and hyperlinks, then establishes a web page index database by using the related information, and the effectiveness of a search engine depends on the index quality to a great extent.
5. A trust architecture for node diversity according to claim 1, wherein: when the user provides the query requirement, the search engine quickly detects the documents in the index database according to the query of the user, evaluates the relevance of the documents and the query, orders the results to be output and realizes a certain user relevance feedback mechanism.
6. A trust architecture for node diversity according to claim 1, wherein: the server trusted state white list mechanism makes it impossible to load malicious programs for implementing destruction, such as system backdoors, viruses, and penetration tools, even if an intruder with the highest control right of the server is obtained. Therefore, the intrusion means is limited to a great extent, once the credible state of the server is changed, the credible protection system can automatically block the abnormal process and send out an alarm, or send out an alarm to remind an administrator to perform manual blocking.
7. A trust architecture for node diversity according to claim 1, wherein: and the independently developed trusted block chain technology is utilized to ensure that data on all chains are not tampered. On one hand, even if the external intruder with the highest control right is obtained, the attack trace of the external intruder cannot be erased; on the other hand, even an internal high-level administrator cannot repudiate the illegal behavior, so that internal and external attacks can be effectively prevented.
8. A trust architecture for node diversity according to claim 1, wherein: the method has the advantages that various data sources such as system processes and operation logs are integrated, user and system behaviors are analyzed in a gathering mode, whether abnormal behaviors exist or not is judged, the risk degree of abnormal events is evaluated, a user figure is focused, misjudgment is reduced, the identification speed is improved, and internal and external threats are sensed accurately.
9. A trust architecture for node diversity according to claim 1, wherein: the user behavior analysis module can generate a corresponding defense strategy based on the existing data source to limit the user behavior or the system behavior, an administrator can also limit the user behavior or the system behavior through a newly-established strategy, and when the user behavior or the system behavior is abnormal, a warning is timely sent out.
10. A trust architecture for node diversity according to claim 1, wherein: under the support of artificial intelligence technology, an active countermeasure strategy is automatically formulated aiming at the perceived and prejudged threats, and safety measures are distributed on an attack path at high speed before an intruder takes the next attack means, so that first time response handling is realized.
11. A trust architecture for node diversity according to claim 1, wherein: the core technology of the trusted blockchain technology is as follows: decentralized trust root based on heterogeneous consensus; namely, the trusted computing technology (TEE/TPM/SGX) is used for protecting the running state of the consensus node from any malicious program; the extensible communication protocol (Stream-Net) further enforces the trustworthiness state between the propagating and aggregating nodes; the trusted mode (Trust-Rank) reflects the frequency of indirect check of one node by other nodes directly or iteratively; the pluggable classification account API accelerates the upper layer block chain consensus process and simultaneously realizes higher safety intensity; the cross-chain communication is realized by a parallel double-chain structure: one for the main service chain and the other for the configuration side chain. With the side-chain technique, configuration updates and acknowledgement information can flow accurately bi-directionally between the configuration chain and the traffic backbone.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011136481.0A CN114006713A (en) | 2020-10-22 | 2020-10-22 | Trust architecture for node diversity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011136481.0A CN114006713A (en) | 2020-10-22 | 2020-10-22 | Trust architecture for node diversity |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114006713A true CN114006713A (en) | 2022-02-01 |
Family
ID=79920706
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011136481.0A Pending CN114006713A (en) | 2020-10-22 | 2020-10-22 | Trust architecture for node diversity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114006713A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114666157A (en) * | 2022-04-14 | 2022-06-24 | 西安邮电大学 | Block chain cross-chain threat information sharing system and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101535945A (en) * | 2006-04-25 | 2009-09-16 | 英孚威尔公司 | Full text query and search systems and method of use |
| CN101938459A (en) * | 2010-06-22 | 2011-01-05 | 北京豪讯美通科技有限公司 | CRNET (China Railcom Net) sSafe cooperative defense system for whole course communication network |
| CN102332070A (en) * | 2011-09-30 | 2012-01-25 | 中国人民解放军海军计算技术研究所 | Trust chain transfer method for trusted computing platform |
| CN103905218A (en) * | 2013-06-28 | 2014-07-02 | 威盛电子股份有限公司 | Multi-node architecture multimedia transmission system and multimedia transmission control method thereof |
| CN110222252A (en) * | 2019-06-14 | 2019-09-10 | 宜春宜联科技有限公司 | Information retrieval method, device and equipment |
-
2020
- 2020-10-22 CN CN202011136481.0A patent/CN114006713A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101535945A (en) * | 2006-04-25 | 2009-09-16 | 英孚威尔公司 | Full text query and search systems and method of use |
| CN101938459A (en) * | 2010-06-22 | 2011-01-05 | 北京豪讯美通科技有限公司 | CRNET (China Railcom Net) sSafe cooperative defense system for whole course communication network |
| CN102332070A (en) * | 2011-09-30 | 2012-01-25 | 中国人民解放军海军计算技术研究所 | Trust chain transfer method for trusted computing platform |
| CN103905218A (en) * | 2013-06-28 | 2014-07-02 | 威盛电子股份有限公司 | Multi-node architecture multimedia transmission system and multimedia transmission control method thereof |
| CN110222252A (en) * | 2019-06-14 | 2019-09-10 | 宜春宜联科技有限公司 | Information retrieval method, device and equipment |
Non-Patent Citations (4)
| Title |
|---|
| BM: "区块链节点可新状态验证服务介绍", Retrieved from the Internet <URL:https://www.elecfans.com/blockchain/1164041.html> * |
| 华任杰: "区块链驱动金融信息系统的可信安全", Retrieved from the Internet <URL:https://www.sohu.com/a/318311078_100006100> * |
| 韩旭: "企业安全需求不断升高,八分量用持续免疫系统防护变种勒索攻击与信息泄露", Retrieved from the Internet <URL:https://36kr.com/p/1722000130049> * |
| 高翔: "人工智能技术在搜索引擎中的应用", 《硅谷》, no. 3, pages 79 - 80 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114666157A (en) * | 2022-04-14 | 2022-06-24 | 西安邮电大学 | Block chain cross-chain threat information sharing system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Fredj et al. | An OWASP top ten driven survey on web application protection methods | |
| US11212305B2 (en) | Web application security methods and systems | |
| US9680866B2 (en) | System and method for analyzing web content | |
| Rao et al. | Phishshield: a desktop application to detect phishing webpages through heuristic approach | |
| Sandhu et al. | A survey of intrusion detection & prevention techniques | |
| CN107872456A (en) | Network intrusion prevention method, apparatus, system and computer-readable recording medium | |
| Zhang et al. | User intention-based traffic dependence analysis for anomaly detection | |
| Nagpal et al. | SECSIX: security engine for CSRF, SQL injection and XSS attacks | |
| Al-Khateeb et al. | Awareness model for minimizing the effects of social engineering attacks in web applications | |
| CN110290133A (en) | A kind of website cloud means of defence and device | |
| CN111901348A (en) | Method and system for active network threat awareness and mimicry defense | |
| Deng et al. | Lexical analysis for the webshell attacks | |
| Meinig et al. | Holistic strategy-based threat model for organizations | |
| Falana et al. | Detection of cross-site scripting attacks using dynamic analysis and fuzzy inference system | |
| CN117294517A (en) | Network security protection method and system for solving abnormal traffic | |
| Perera et al. | The next gen security operation center | |
| CN114006713A (en) | Trust architecture for node diversity | |
| McKenna | Detection and classification of Web robots with honeypots | |
| Sibai et al. | Countering network-centric insider threats through self-protective autonomic rule generation | |
| KR102377784B1 (en) | Network security system that provides security optimization function of internal network | |
| Vala et al. | Usability of software intrusion-detection system in web applications | |
| Razzaq et al. | Multi-layered defense against web application attacks | |
| Lakshmi Narayanan et al. | Design and Implementation of Cyber Threat Intelligence Data Mining Model | |
| Krishnan et al. | Survey on SQL Injection and Cross-Site Scripting Malware Injection Attacks | |
| Hossain et al. | Broken Authentication and Its Significance in Protecting Online Applications: An Overview Paper |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220201 |
|
| RJ01 | Rejection of invention patent application after publication |