CN114039739A - Method for rapidly searching for failure by optimizing node communication - Google Patents
Method for rapidly searching for failure by optimizing node communication Download PDFInfo
- Publication number
- CN114039739A CN114039739A CN202011368707.XA CN202011368707A CN114039739A CN 114039739 A CN114039739 A CN 114039739A CN 202011368707 A CN202011368707 A CN 202011368707A CN 114039739 A CN114039739 A CN 114039739A
- Authority
- CN
- China
- Prior art keywords
- node
- malicious
- source data
- user
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000004891 communication Methods 0.000 title claims abstract description 15
- 238000012545 processing Methods 0.000 claims description 4
- 230000007480 spreading Effects 0.000 claims description 4
- 238000013524 data verification Methods 0.000 claims description 3
- 230000001066 destructive effect Effects 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims 4
- 238000007689 inspection Methods 0.000 abstract description 3
- 230000008569 process Effects 0.000 description 6
- 230000009471 action Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The invention relates to the technical field of block chains, and discloses a method for quickly searching for failures by optimizing node communication. The method for rapidly failing by optimizing node communication includes the steps that nodes are screened by the method for rapidly failing, malicious node broadcast data are prevented from appearing, normal logic can be polluted or influenced after the data reach other nodes, the safety of source data is guaranteed, meanwhile, the safety of a user when the user accesses the source data is guaranteed, three-layer inspection is conducted on the system through an IP address and identity information of the user and a trust certificate used when the user logs in, the malicious node cannot escape, once the malicious node is detected by the system, the system can immediately pull the malicious node into a blacklist, and the connection of the malicious node is disconnected, so that the malicious source data and the normal nodes are effectively prevented from being damaged.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a method for quickly searching for failures by optimizing node communication.
Background
Blockchains are a term of art in information technology. Essentially, the block chain technology is a shared database, and the data or information stored in the shared database has the characteristics of 'unforgeability', 'trace in the whole process', 'traceability', 'open transparency', 'collective maintenance' and the like. And the rich application scenes of the block chains basically solve the problem of information asymmetry based on the block chains, and realize the cooperative trust and consistent action among a plurality of main bodies.
The fast failure is that when an iterator traverses an aggregate object, if the structure of the aggregate object is modified (added or deleted) in the traversing process, a current Modification Exception is thrown, the iterator directly accesses the content in the aggregate in the traversing process, and a modCount variable is used in the traversing process. The collection changes its value modCount if the structure changes during being traversed. Before the iterator traverses the next element by using hashNext ()/next (), whether the modCount variable is an expectedModCount value or not is detected, and if yes, the iterator returns to the traversal; otherwise, throwing the exception and terminating the traversal.
When a user accesses data, due to the fact that the number of nodes is continuously increased, the data can be accessed by unused nodes, operation errors or malicious nodes can inevitably exist in the nodes, the operation errors or the malicious nodes are treated by the existing method without effective measures, and therefore the malicious nodes broadcast the data, the data can pollute or influence normal logic after reaching other nodes, the internal network is disordered, normal nodes can not normally access the data, and the data can be leaked or modified to a certain degree.
Disclosure of Invention
The invention provides a method for quickly searching for failure by optimizing node communication, which can timely discriminate wrong operation or malicious nodes, and can perform blacklist and disconnection on the wrong operation or malicious nodes, thereby effectively avoiding error data spreading and malicious node damage and solving the problems in the background technology.
The invention provides the following technical scheme: a method for rapidly searching for failure by optimizing node communication discriminates operation error or malicious nodes by a rapid failure method so as to effectively avoid error data spreading, comprising the following steps of:
the first step is as follows: establishing source data
Accessible source data is established in the blockchain.
The second step is that: node access
The access is carried out through different nodes, and the access is carried out between the nodes in sequence through a certain priority.
The third step: data verification
When the node accesses, the system automatically checks the IP address and the identity information of the user and the trust certificate used when the user logs in according to the node on which the user logs in.
The fourth step: judging whether the node is a malicious node
The system automatically judges whether the node is a malicious node or not by checking the IP address and the identity information used when the user logs in the node and the trust certificate used when the user logs in.
The fifth step: processing of regular nodes
After the system judges, the system passes the normal node, so that the normal node can normally access the source data, and records the normal node so as to facilitate the access of the normal node next time.
And a sixth step: malicious node handling
After the system judges, the malicious node does not pass the system, the malicious node is pulled into a blacklist, the system deprives the link node of the malicious node and disconnects the node, and meanwhile, the system records the malicious node permanently to prevent each subsequent login.
Preferably, when accessing the source data, the source data is accessed only through a fast failure, and the fast failure is to add a layer of secure channel to the source data.
Preferably, when the user logs in, a trust certificate carried by the system and identity information of the user are needed, so that the system can check the node used by the user.
Preferably, the malicious node is extremely destructive, the system checks the node more strictly, and the malicious node is prevented from being damaged in a layer-by-layer checking mode.
Preferably, when the system checks, the system checks the user with the lower certificate level according to the priority of the certificate, and the system firstly checks the user with the lower certificate level, so that the malicious node is prevented from being generated and damaged due to the fact that some people log in the node maliciously through the lower certificate level.
The invention has the following beneficial effects:
1. the method for rapidly failing by optimizing node communication includes the steps that nodes are screened by the method for rapidly failing, malicious node broadcast data are prevented from appearing, normal logic can be polluted or influenced after the data reach other nodes, the safety of source data is guaranteed, meanwhile, the safety of a user when the user accesses the source data is guaranteed, three-layer inspection is conducted on the system through an IP address and identity information of the user and a trust certificate used when the user logs in, the malicious node cannot escape, once the malicious node is detected by the system, the system can immediately pull the malicious node into a blacklist, and the connection of the malicious node is disconnected, so that the malicious source data and the normal nodes are effectively prevented from being damaged.
2. According to the method for rapidly failing through optimizing node communication, the source data is established in a block chain mode, so that the security of the source data is greatly improved, the verification of identity information and certificates of users logged in the block chain is facilitated, the rapid failure method is more beneficial to implementation in the block chain, the security of the source data is guaranteed, meanwhile, when the users access the source data, malicious modification of the source data is avoided, once the system detects malicious users, long-time blocking processing is implemented on the malicious users, and damage of people without idea to the source data and normal nodes is effectively prevented.
Drawings
FIG. 1 is a schematic flow chart of the method of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a method for quickly searching for a failure by optimizing node communication, which discriminates a node having a wrong operation or a malicious node by using a quick failure method, so as to effectively avoid spreading of error data, includes the following steps:
the first step is as follows: establishing source data
Accessible source data is established in the blockchain.
The second step is that: node access
The access is carried out through different nodes, and the access is carried out between the nodes in sequence through a certain priority.
The third step: data verification
When the node accesses, the system automatically checks the IP address and the identity information of the user and the trust certificate used when the user logs in according to the node on which the user logs in.
The fourth step: judging whether the node is a malicious node
The system automatically judges whether the node is a malicious node or not by checking the IP address and the identity information used when the user logs in the node and the trust certificate used when the user logs in, so that the node is ensured to be a normal node, and the system can normally run.
The fifth step: processing of regular nodes
After the system judges, the system passes the normal node, so that the normal node can normally access the source data, and records the normal node so as to facilitate the access of the normal node next time.
And a sixth step: malicious node handling
After the system judges, the malicious node does not pass the system, the malicious node is pulled into a blacklist, the system deprives the link node of the malicious node and disconnects the node, and meanwhile, the system records the malicious node permanently to prevent each subsequent login.
When source data is accessed, the source data can be accessed only through quick failure, and the quick failure is to add a layer of secure channel to the source data to protect the source data.
When the user logs in, the trust certificate carried by the system and the identity information of the user are needed, so that the system can check the nodes used by the user and effectively check the nodes logged in by the user.
The destructive performance of the malicious nodes is extremely strong, the system checks the nodes more strictly, and the malicious nodes are prevented from being damaged in a layer-by-layer checking mode.
When the system is used for checking, the checking is carried out according to the priority of the certificate, and the system firstly checks the user with the lower certificate grade, so that the malicious login node is prevented from being carried out by some people through the lower certificate grade, the generation of the malicious node is prevented, and the malicious node is prevented from being damaged.
The node is screened by a rapid failure method, malicious node broadcast data is prevented from occurring, normal logic is prevented from being polluted or influenced after the broadcast data reaches other nodes, the security of source data is guaranteed, meanwhile, the security of a user when the user accesses the source data is guaranteed, and the system conducts three-layer inspection through the IP address and the identity information of the user and a trust certificate used when the user logs in, so that the malicious node cannot escape.
The method for establishing the source data in the block chain greatly improves the security of the source data, and the method for rapidly failing is more beneficial to implementation in the block chain because the user logs in the verification of the identity information and the certificate in the block chain, so that the security of the source data is ensured, and meanwhile, the malicious modification of the source data is avoided when the user accesses the source data.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (5)
1. A method for rapidly searching for failure by optimizing node communication discriminates operation error or malicious nodes by a rapid failure method so as to effectively avoid error data spreading, comprising the following steps of:
the first step is as follows: establishing source data
Accessible source data is established in the blockchain.
The second step is that: node access
The access is carried out through different nodes, and the access is carried out between the nodes in sequence through a certain priority.
The third step: data verification
When the node accesses, the system automatically checks the IP address and the identity information of the user and the trust certificate used when the user logs in according to the node on which the user logs in.
The fourth step: judging whether the node is a malicious node
The system automatically judges whether the node is a malicious node or not by checking the IP address and the identity information used when the user logs in the node and the trust certificate used when the user logs in.
The fifth step: processing of regular nodes
After the system judges, the system passes the normal node, so that the normal node can normally access the source data, and records the normal node so as to facilitate the access of the normal node next time.
And a sixth step: malicious node handling
After the system judges, the malicious node does not pass the system, the malicious node is pulled into a blacklist, the system deprives the link node of the malicious node and disconnects the node, and meanwhile, the system records the malicious node permanently to prevent each subsequent login.
2. The method of claim 1, wherein the node communication is optimized for fast failure detection, and further comprising: when the source data is accessed, the source data can be accessed only through quick failure, and the quick failure is to add a layer of secure channel to the source data.
3. The method of claim 1, wherein the node communication is optimized for fast failure detection, and further comprising: when the user logs in, a trust certificate carried by the system and identity information of the user are needed, so that the system can check the node used by the user.
4. The method of claim 1, wherein the node communication is optimized for fast failure detection, and further comprising: the destructive property of the malicious node is extremely strong, the system checks the node more strictly, and the malicious node is prevented from being damaged in a layer-by-layer checking mode.
5. The method of claim 1, wherein the node communication is optimized for fast failure detection, and further comprising: when the system is used for checking, the priority of the certificate is checked, and the system firstly checks the user with the lower certificate grade, so that the malicious node logging in by some people through the lower certificate grade is prevented, the generation of the malicious node is prevented, and the malicious node is prevented from being damaged.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011368707.XA CN114039739B (en) | 2020-11-30 | 2020-11-30 | Method for fast failure by optimizing node communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011368707.XA CN114039739B (en) | 2020-11-30 | 2020-11-30 | Method for fast failure by optimizing node communication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114039739A true CN114039739A (en) | 2022-02-11 |
| CN114039739B CN114039739B (en) | 2024-04-16 |
Family
ID=80134155
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011368707.XA Active CN114039739B (en) | 2020-11-30 | 2020-11-30 | Method for fast failure by optimizing node communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114039739B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102355663A (en) * | 2011-06-30 | 2012-02-15 | 北京交通大学 | Credible inter-domain rapid authentication method on basis of separation mechanism network |
| CN102724172A (en) * | 2011-07-28 | 2012-10-10 | 北京天地互连信息技术有限公司 | System and method supporting rapid access authentication |
| US20160191078A1 (en) * | 2014-12-24 | 2016-06-30 | Imagination Technologies Limited | Low density parity check decoder |
| US20180083771A1 (en) * | 2016-09-20 | 2018-03-22 | United States Postal Service | Methods and systems for a digital trust architecture |
| CN108737501A (en) * | 2018-04-23 | 2018-11-02 | 北京海华鑫安生物信息技术有限责任公司 | A kind of DNA date storage methods, equipment and system based on block chain |
| CN111787073A (en) * | 2020-06-18 | 2020-10-16 | 多加网络科技(北京)有限公司 | Current-limiting fusing platform and method for unified service |
| CN111901338A (en) * | 2020-07-28 | 2020-11-06 | 安徽高山科技有限公司 | Data security protection method for application block chain |
-
2020
- 2020-11-30 CN CN202011368707.XA patent/CN114039739B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102355663A (en) * | 2011-06-30 | 2012-02-15 | 北京交通大学 | Credible inter-domain rapid authentication method on basis of separation mechanism network |
| CN102724172A (en) * | 2011-07-28 | 2012-10-10 | 北京天地互连信息技术有限公司 | System and method supporting rapid access authentication |
| US20160191078A1 (en) * | 2014-12-24 | 2016-06-30 | Imagination Technologies Limited | Low density parity check decoder |
| US20180083771A1 (en) * | 2016-09-20 | 2018-03-22 | United States Postal Service | Methods and systems for a digital trust architecture |
| CN108737501A (en) * | 2018-04-23 | 2018-11-02 | 北京海华鑫安生物信息技术有限责任公司 | A kind of DNA date storage methods, equipment and system based on block chain |
| CN111787073A (en) * | 2020-06-18 | 2020-10-16 | 多加网络科技(北京)有限公司 | Current-limiting fusing platform and method for unified service |
| CN111901338A (en) * | 2020-07-28 | 2020-11-06 | 安徽高山科技有限公司 | Data security protection method for application block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114039739B (en) | 2024-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8214906B2 (en) | System, method and program product to determine security risk of an application | |
| CN114978584A (en) | Network security protection safety method and system based on unit cell | |
| CN103179130B (en) | A kind of information system intranet security management platform and management method | |
| US9794285B1 (en) | System and method for detecting hacked modems | |
| CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| US20100268818A1 (en) | Systems and methods for forensic analysis of network behavior | |
| CN102291394B (en) | Security defense system based on network accelerating equipment | |
| CN106295349A (en) | Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen | |
| CN106899561B (en) | TNC (network node controller) authority control method and system based on ACL (Access control List) | |
| US20100080239A1 (en) | Technique for combating loops in communication network | |
| CN111092910B (en) | Database security access method, device, equipment, system and readable storage medium | |
| CN113114647A (en) | Network security risk detection method and device, electronic equipment and storage medium | |
| CN106034054A (en) | Redundant access control list ACL rule file detection method and apparatus thereof | |
| CN108632267A (en) | A kind of topology pollution attack defense method and system | |
| CN112699357A (en) | Big data security system access operation platform and data retrieval method | |
| CN114884678A (en) | Block chain-based data security management method and system | |
| CN117081868B (en) | Network security operation method based on security policy | |
| CN205510108U (en) | A network access system for local lan | |
| CN114039739B (en) | Method for fast failure by optimizing node communication | |
| Adeleke | Intrusion detection: issues, problems and solutions | |
| CN112202812A (en) | Water conservancy Internet of things terminal access authentication method and system based on block chain | |
| KR20030057929A (en) | Public network and private network combination security system and method thereof | |
| CN101901307A (en) | Method and device for detecting whether database is attacked by cross-site script | |
| CN109981600B (en) | Security assessment system for website reinforcement | |
| CN114006699B (en) | Certificate issuing method in zero trust architecture |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |