CN115114677B - Network crime service platform based on block chain evidence obtaining and storing technology and application method - Google Patents

Network crime service platform based on block chain evidence obtaining and storing technology and application method Download PDF

Info

Publication number
CN115114677B
CN115114677B CN202211045027.3A CN202211045027A CN115114677B CN 115114677 B CN115114677 B CN 115114677B CN 202211045027 A CN202211045027 A CN 202211045027A CN 115114677 B CN115114677 B CN 115114677B
Authority
CN
China
Prior art keywords
electronic data
management system
target object
evidence
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211045027.3A
Other languages
Chinese (zh)
Other versions
CN115114677A (en
Inventor
董鹏亮
陈诚
郑华东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Anxun Information Technology Co ltd
Original Assignee
Sichuan Anxun Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Anxun Information Technology Co ltd filed Critical Sichuan Anxun Information Technology Co ltd
Priority to CN202211601637.7A priority Critical patent/CN115906190A/en
Priority to CN202211045027.3A priority patent/CN115114677B/en
Priority to CN202211600488.2A priority patent/CN115964760A/en
Publication of CN115114677A publication Critical patent/CN115114677A/en
Application granted granted Critical
Publication of CN115114677B publication Critical patent/CN115114677B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Virology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a block chain evidence obtaining and storing technology-based network crime service platform and an application method thereof, relating to the technical field of block chains, wherein the network crime service platform comprises: the electronic data acquisition system is used for acquiring electronic data of the target object; the electronic data management system is used for uplink chain storage and interactive sharing of electronic data of the target object; the data analysis management system is configured to perform data modeling based on a preset learning algorithm, match electronic data stored in a cochain according to an identification model and output corresponding case study results according to model identification results, wherein the data analysis management system instructs at least one execution host communicated with the data analysis management system to execute analysis identification or attack tasks aiming at a target object based on the case study results obtained by performing model identification analysis on the electronic data, and configures different anti-tracing grades for the at least one execution host according to different execution task levels.

Description

Network crime service platform based on block chain evidence obtaining and storing technology and application method
Technical Field
The invention relates to the technical field of block chains, in particular to a network crime service platform based on a block chain evidence obtaining and storing technology and an application method.
Background
Since the block chain technology is raised in China, the block chain technology becomes a popular leading-edge technology in the internet field and has remarkable effect in the internet innovation field. Various industries are trying to combine with block chain technology, and the development of the industry is hoped to be assisted by the high and new technology. The block chain is a neutral technology, but a lawbreaker aims to obtain illegal benefits, and the block chain is widely applied to illegal criminal industries such as illegal fund collection, fraud, money laundering, gambling, lasso and the like, so that the block chain causes great harm to the social and economic development of China. Due to the characteristics of decentralized block chain, anonymity, cross-boundary property and the like, the difficulty of evidence collection and evidence storage of the block chain is greatly increased, and great challenges are faced by law enforcement departments in fighting against the block chain crime.
Based on the development trend of the mobile internet, the popularity of blockchain applications is steadily increasing, but the unique security technology mechanism of the blockchain is hindered: distributed storage, decentralization and non-falsification bring great troubles for law enforcement departments to attack illegal criminal behaviors. Mainly embodied as difficult evidence collection, difficult striking, difficult capture and difficult viscera chasing.
In the original evidence obtaining process, a plurality of stages such as field investigation, evidence obtaining, medium pre-inspection, medium repairing, extraction fixing, data analysis, report generation and the like are generally required to be performed. The traditional evidence storage technology has the problems that the electronic data is lost easily, the data is easy to modify and forge and the like due to the fact that the electronic evidence is stored in a centralized single party, the electronic evidence depends on a storage medium and is easy to lose in judicial practice, the electronic evidence quality appearing in litigation is uneven, and in the evidence identification process, the authenticity, the legality and the relevance of the electronic data are difficult to guarantee and identify, and the situation identification cannot play a decisive role in case identification. The series of problems result in low adoption rate and no reliability of electronic data evidence in practice.
Electronic data is unique and non-replaceable due to its own source, fragile, incomparable, and fugitive, easy to tamper with. In the management process, most of the traditional methods are stored in physical media, manually summarized into rolls, and handed over to a monitoring center and a court, so that the conditions of complicated management and high sharing difficulty exist, and the reliable circulation of evidences among related departments such as public security, monitoring centers, court and appraisal institutions in the criminal litigation process is difficult to effectively realize. In view of the defects of the existing block chain technology, a set of terminal equipment for evidence obtaining aiming at the block chain needs to be built, and then relevant users are assisted to strictly attack against the block chain illegal criminal behaviors.
Furthermore, on the one hand, due to the differences in understanding to the person skilled in the art; on the other hand, since the applicant has studied a great deal of literature and patents when making the present invention, but the disclosure is not limited thereto and the details and contents thereof are not listed in detail, it is by no means the present invention has these prior art features, but the present invention has all the features of the prior art, and the applicant reserves the right to increase the related prior art in the background.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a network crime service platform based on a block chain evidence obtaining and storing technology and an application method thereof, aiming at solving at least one or more technical problems in the prior art.
In order to achieve the above object, the present invention provides a cyber crime service platform based on a block chain evidence obtaining and storing technology, including:
an electronic data acquisition system configured to perform a task of electronic data acquisition for a target object;
an electronic data management system configured to perform tasks of uplink certificate storage and interactive sharing for electronic data;
and the data analysis management system is configured to perform data modeling on the electronic data of the target object based on a preset learning algorithm, match the electronic data stored in the uplink according to the identification model and output a corresponding case study and judgment result according to the model identification result.
Preferably, based on case study results obtained by performing model recognition analysis on electronic data acquired by the electronic data acquisition system, the data analysis management system instructs at least one execution host in communication with the data analysis management system to execute analysis recognition or attack tasks on a target object, and the data analysis management system configures different anti-tracing levels for the at least one execution host according to different execution task levels.
Preferably, when the task of collecting the electronic evidence for the target object is executed by the electronic data collection system or the execution host with the electronic data collection system, a primary traceability level for the target object is set for the execution host by the data analysis management system.
Preferably, when the analysis recognition or attack task for the target object is executed by the data analysis management system or the execution host with the data analysis management system, a secondary anti-tracing level for the analysis recognition or attack tool is set for the execution host by the data analysis management system.
Preferably, when the electronic data collection system or the execution host with the electronic data collection system executes the task of acquiring the corresponding authority or the key data of the target object, the data analysis management system sets a three-level anti-tracing level for the execution host, the tool carried by the execution host and the data of the tool for acquiring the corresponding authority or the key data of the target object.
Preferably, the data analysis management system executes the configuration of the analysis recognition or attack tool by utilizing an execution host which builds an environment required by the attack script to run, and provides the analysis recognition or attack tool which is consistent with the operation capability of the execution host and is authorized and encrypted.
Preferably, the execution host loads data related to the analysis recognition or attack tool within a preset time period only when the analysis recognition or attack task for the target object is executed, and the execution host executes a destruction program for the analysis recognition or attack tool after the corresponding analysis recognition or attack task is executed.
Preferably, the electronic data collection system may include:
and the evidence obtaining module is used for collecting various types of electronic data from a plurality of communication channels.
The first management module is used for storing the evidence package file containing the electronic data of the target object and synchronizing the evidence package file to the electronic data management system.
Preferably, the electronic data management system may include:
and the identity verification module is used for providing the functions of credible identity authentication and authorization of at least one of the evidence provider, the evidence operator, the evidence authenticator and the evidence principal.
And the second management module is used for storing the evidence obtaining package file containing the electronic data of the target object.
And the sharing module is used for interactive sharing of the electronic data of the target object among the evidence provider, the evidence operator, the evidence appraiser and the evidence party.
Preferably, the data analysis management system may include:
and the monitoring module is used for providing a function of tracking the network address of the target object in real time.
And the source tracing module is used for tracking the target object address, acquiring the target reserved address and sending the address change information of the whole process to the analysis execution module.
And the analysis execution module is used for outputting a corresponding case study result according to the model identification result of the electronic data aiming at the target object.
Preferably, the present invention provides an application method of a cyber crime service platform, which can be used for the cyber crime service platform based on the block chain forensics technology, and specifically includes:
electronic data of the target object is acquired and a ul save is performed.
And aiming at the electronic data of the target object, performing data modeling based on a preset learning algorithm, matching the electronic data stored in the upper chain according to the identification model, and outputting a corresponding case study and judgment result according to the model identification result.
And determining a target object corresponding to the task to be executed based on the judging result. Performing the task includes an analytical identification or attack on the target object.
And configuring different tracing prevention levels for at least one execution host used for executing the task to be executed according to different task hierarchies to be executed.
Drawings
Fig. 1 is a schematic flow chart of a cyber crime service platform based on a blockchain forensics technology according to a preferred embodiment of the present invention;
fig. 2 is a schematic structural diagram of a cyber crime service platform based on a blockchain forensics technology according to a preferred embodiment of the present invention;
FIG. 3 is a schematic diagram of the structure of an electronic data acquisition system in a preferred embodiment of the present invention;
FIG. 4 is a schematic diagram of the structure of an electronic data management system in a preferred embodiment of the present invention;
fig. 5 is a schematic structural diagram of a data analysis management system according to a preferred embodiment of the present invention.
List of reference numerals
1: an electronic data acquisition system; 2: an electronic data management system; 3: a data analysis management system; 10: a forensics module; 11: a first management module; 20: an identity verification module; 21: a second management module; 22: a sharing module; 30: a monitoring module; 31: a source tracing module; 32: an analysis execution module; 101: a webpage evidence obtaining submodule; 102: a picture evidence obtaining sub-module; 103: a video forensics submodule; 104: an audio forensics sub-module; 105: a document forensics sub-module; 110: supplementing the submodule; 111: and a display module.
Detailed Description
The following detailed description is made with reference to the accompanying drawings.
Some of the terms referred to in this invention are to be interpreted:
block chains: and a plurality of blocks sequentially store the formed data chain, and the block head of each block comprises the time stamp of the block, the hash value of the previous block information and the hash value of the block information, so that mutual authentication between the blocks is realized, and a non-falsifiable block chain is formed. Each block can be understood as a data block. The block chain is formed by connecting the blocks end to end. If the data in the block needs to be modified, the contents of all blocks behind the block need to be modified, and the data backed up by all nodes in the block chain network needs to be modified.
And (3) a hash algorithm: an input of arbitrary length is converted by a hashing algorithm into an output of fixed length, which is a hash value. This conversion is a compression mapping, the space of hash values is usually much smaller than the space of inputs, different inputs may hash to the same output, so it is not possible to determine a unique input value from a hash value. The hash algorithm may be a function that compresses messages of arbitrary length to a message digest of some fixed length. Typical hash algorithms include the MD5 message digest algorithm, the SHA1 algorithm, and the SHA256 algorithm.
According to a preferred embodiment, a generic blockchain data attestation system may include a blockchain network and a server networked to the blockchain network. A blockchain network may be a network made up of a plurality of blockchain node devices. Preferably, each block link point device may be a physical device, or may be a virtual device in a server or a server cluster. The blockchain node device may be a physical host, or may be a virtual machine for virtualizing hardware resources carried by a server or a server cluster through a virtualization technology. Each block link point can be connected through various communication methods and form a network so as to bear one or more block chains.
According to a preferred embodiment, the server may be in any form that interfaces with the blockchain network. For example, the server may be an independent physical server, or a server cluster formed by multiple physical servers, or even a server virtual machine running in a cloud service. Further, the server and the block link point can be connected through a wired and/or wireless communication network. For example, the service end may be any one or a combination of a Local Area Network (Local Area Network), a Wide Area Network (Wide Area Network) and the internet, which are implemented based on a wired access Network or a wireless access Network provided by an operator.
The techniques of the present invention may be implemented in hardware and/or in software (including firmware, microcode, etc.). Furthermore, the techniques of this disclosure may take the form of a computer program product on a computer-readable medium having instructions stored thereon for use by or in connection with an instruction execution system. In the context of the present invention, a computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the instructions. For example, the computer readable medium can include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the computer readable medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
The invention provides a network crime service platform based on a block chain access evidence technology, which can comprise an electronic data acquisition system 1, an electronic data management system 2 and a data analysis management system 3 which are connected with each other through a network, as shown in fig. 1 and 2.
According to a preferred embodiment, the electronic data acquisition system 1 can be mounted on a smart mobile terminal (for example, a smart phone/bracelet, a tablet computer, a personal portable computer, etc.) of a user or a law enforcement officer in the form of an executable application. The user or law enforcement officer can collect the electronic evidence in real time through the electronic data collection system 1. In particular, the electronic data collection system 1 integrates a plurality of technologies such as block chains, electronic signatures, and electronic data identification into the whole process of evidence collection.
According to a preferred embodiment, as shown in FIG. 3, the electronic data collection system 1 of the present invention may include a forensics module 10. Further, the forensics module 10 specifically includes, but is not limited to, a web page forensics sub-module 101, a picture forensics sub-module 102, a video forensics sub-module 103, an audio forensics sub-module 104, a document forensics sub-module 105, and the like. In particular, a user or law enforcement officer may use different forensics modules 10 to capture and enter electronic evidence including, but not limited to, text, images, and sounds. Preferably, the information such as the state of things, the behavior of the parties, the speech of the parties, the chat records, the contents of web pages, the contents of software, etc. can be recorded anytime and anywhere by the electronic data collection system 1 and used as evidence of electronic data. Preferably, when the electronic data acquisition system 1 acquires the input electronic information, the platform will synchronously generate a certificate document containing chain information of the block chain.
According to a preferred embodiment, as shown in fig. 3, the electronic data acquisition system 1 may further comprise a first management module 11. Specifically, the first management module 11 is configured to save the complete evidence package file for evidence collection. In particular, the first management module 11 can synchronize the saved forensic evidence package file to the electronic data management system 2 to prevent the forensic evidence package file from being accidentally or unauthorized tampered, thereby losing evidence effectiveness due to a change in hash value.
According to a preferred embodiment, as shown in fig. 3, in the present invention, the first management module 11 may include a supplementary sub-module 110 and a presentation module 111. In particular, the supplemental sub-module 110 may be used to manually add or upload various forms of electronic evidence to a user or law enforcement officer. The presentation module 111 may be used to display and output electronic evidence stored in the blockchain forensics platform database. In particular, the user or law enforcement officer can selectively view or use the electronic evidence of the associated entry through keyword screening.
According to a preferred embodiment, the electronic data acquired by the electronic data acquisition system 1 and the corresponding forensic evidence package file are synchronized to the electronic data management system 2. Specifically, as shown in fig. 4, the electronic data management system 2 may include an authentication module 20, a second management module 21, and a sharing module 22.
According to a preferred embodiment, the identity verification module 20 may be used to provide trusted identity authentication and authorization functions for multiple parties, such as an evidence provider, an evidence operator, an evidence evaluator, and an evidence principal. When a user or a law enforcement team uploads, downloads and calls electronic evidence through the block chain evidence obtaining platform of the invention, the identity authentication module 20 needs to perform trusted identity authentication on the block chain evidence obtaining platform of the invention and/or related personnel communicating with the block chain evidence obtaining platform of the invention, so as to grant matched authority range and content for the personnel and ensure the validity of evidence obtaining and evidence obtaining.
In particular, in order to ensure the accuracy and effectiveness of the authentication result, the cyber crime service platform of the present invention may preferably communicate with an identity information registration system of an associated law enforcement agency (e.g., a public security agency, a detection agency) through a network and grant a certain authority to the associated law enforcement agency. Specifically, identity verification can be performed in a mode of an internet + a trusted identity authentication platform (CTID platform), namely, desensitization and de-identification processing are performed on identity information carried by legal identity documents by the CTID platform, and data files which are irreversible, do not contain plaintext information and are mapped with the legal identity documents one by one are generated uniformly, so that online identity authentication can be realized on the premise of not revealing the identity information.
According to a preferred embodiment, as shown in fig. 4, the second management module 21 may comprise a supplementary sub-module 110 and a presentation module 111 identical to the first management module 11. The supplementation sub-module 110 may be used to supplement the electronic evidence returned by the electronic data collection system 1. The presentation module 111 can be used to display an electronic evidence detail page to view detailed evidence storage information of the electronic evidence. Specifically, the detailed evidence-keeping information of the electronic evidence includes, but is not limited to, evidence type, file number, handling personnel, evidence-taking equipment, evidence-taking software, judicial chain hash value, evidence-keeping time, and the like, and supports extension.
According to a preferred embodiment, the sharing module 22 may be used to provide evidence sharing functionality to the associated personnel having usage or execution rights. Specifically, the sharing module 22 can perform data sharing on the electronic evidence in the platform database to departments such as public security, authentication organization, inspection and admission center, so that the electronic evidence in the platform database can be downloaded at any time, and the uplink condition of the stored evidence file can be verified, thereby providing a credible basis for the judicial officials to judge the uplink time, whether the electronic data file is tampered or not, and the like.
According to a preferred embodiment, the electronic data management system 2 of the present invention may further comprise a user management module (not shown in the figures). The user management module can be used for providing functional authority configured by different roles. Specifically, different organizational structures including sub-departments and nested sub-departments can be flexibly configured according to the business mode. On the other hand, the authorities of different roles including node administrators, operators and the like can be flexibly configured according to the operation scene. Particularly, the role operation record is marked in the whole process based on the user management module, so that the query is facilitated, and the information safety is ensured from the log perspective.
According to a preferred embodiment, as shown in fig. 5, the data analysis management system 3 of the present invention may include a monitoring module 30, a tracing module 31, and an analysis execution module 32.
According to a preferred embodiment, the monitoring module 30 may be used to provide real-time tracking of the target IP address. Preferably, the target suspicious address can be monitored in real time for 7 × 24 hours by using a virtual link monitoring technology. Specifically, for example, when the monitoring target funds are transferred, the monitoring module 30 may automatically track and monitor the new address. On the other hand, based on artificial intelligence and big data analysis technology, analysis modeling can be carried out on the chain behaviors, and the security threat in the real-time behaviors on the chain is continuously monitored, so that the user is assisted to find the security risk and the attack behaviors of the transaction on the chain in the first time. Since the prior art of virtual link monitoring and analytical modeling techniques is relatively mature, detailed description thereof is omitted here.
According to a preferred embodiment, the traceability module 31 is the same as or similar to the monitoring module 30. The tracing module 31 may be configured to track an address of a target object (e.g., a hacker), obtain a target saved address, and send full-flow address change information to the analysis execution module 32, so as to complete a full-movement analysis of a complete link (e.g., a target transfer fund transfer link) through the analysis execution module 32. Particularly, the network crime service platform database based on the block chain evidence obtaining and storing technology has a large number of real cases, and a case study and judgment report can be rapidly obtained by matching related vocabulary entry clues through an artificial intelligence algorithm, so that case combing and further analysis and judgment are assisted.
In some alternative embodiments, the generation of the judgment report corresponding to each type of electronic data by the data analysis management system 3, or specifically by the analysis execution module 32, based on the matching mapping relationship between each type of electronic data and the feature information contained in each model case in the database, may be implemented by:
the system can collect and summarize high-frequency or common words, particularly novel high-frequency words of the network crime, related to various block chain network crimes or suspected network crimes in advance, and collect and summarize legal domain name information in the Internet. And a blacklist vocabulary library, a blacklist domain name library and the like are formed through manual or intelligent algorithm auditing. High frequency or common vocabulary for blockchain cyber crimes may come from reported cyber crime platforms, illegal website advertisements, etc.
And carrying out data filtration on the collected high-frequency or common vocabulary of the cyber crime and the legal domain name information, marking the data related to the matching of the high-frequency or common vocabulary of the common cyber crime as suspected cyber crime data, and marking the corresponding data source party as a suspected cyber crime party.
And carrying out uplink storage on data related to high-frequency or common vocabulary matching of common network crimes. And (4) carrying out feature extraction on the evidence storage data stored in the uplink, and selecting a preset learning model for data modeling. Specifically, a feature vector algorithm is adopted to extract feature vectors to form a deep learning training set, a preset deep learning algorithm is selected to perform data modeling, electronic data stored in a cochain is matched according to an identification model, and a corresponding case study and judgment report is output based on a model identification result.
Preferably, by using the data analysis management system 3, the executive personnel can perform business operations of tracing back and investigating evidence for the blockchain type case. When an executive person faces business handling requirements of the block chain case, the data analysis management system 3 can be used, and based on a people and property intelligent study and judgment model, whole network block chain data and target virtual link monitoring, combing and analyzing are effectively carried out on target associated information, and finally tracking, tracing, investigating and obtaining evidence are carried out on the target.
According to a preferred embodiment, the cyber crime service platform based on the blockchain evidence-taking technology provided by the invention has the functions of carrying out analysis identification or attack which is legally authorized and authenticated on target objects (such as suspects of suspected blockchain cyber crimes) contained in case study and judgment reports, and carrying out anonymous tracing prevention on the analysis identification or attack.
Specifically, based on case judgment results obtained by performing model recognition analysis on electronic evidence obtained by the electronic data collection system 1, the data analysis management system 3 of the present invention can be used to instruct at least one enforcement host in network communication with the cyber crime service platform of the present invention to perform legally authorized analysis recognition or attack on a target object. In particular, the execution host in network communication with the cyber crime service platform of the present invention may have the same configuration, that is, may include an electronic data collection system 1, an electronic data management system 2, and a data analysis management system 3.
According to a preferred embodiment, the enforcement hosts in network communication with the cyber crime service platform of the present invention may be deployed at a plurality of locations. Each executing host can have different executing authority after legal authorization. In particular, a legal license for performing an analytical identification of the host or an attack right can be done by the data analysis management system 3. Preferably, the administration authority of the data analysis management system 3 may be controlled by a competent unit (e.g., a public security department, a inspection agency, etc.) having a law enforcement authority.
According to a preferred embodiment, when the data analysis management system 3 performs the task of analyzing and identifying or attacking the target object through at least one execution host in network communication with the data analysis management system, the data analysis management system 3 can establish an anonymous network link capable of achieving corresponding imperceptibility and imperceptibility based on the anonymous tracing-proof level of the link required to be configured by the target. Specifically, the data analysis management system 3 adjusts the established links by changing the number and/or rank of the relay nodes in the corresponding transmission interval, where the changing manner of the number and/or rank of the relay nodes is determined based on at least the corresponding anonymous traceability level, and the anonymous traceability level is determined based on at least different processes executed by each execution host. The relay node has a bit number limited by the connection relationship between the communication starting point and the communication end point, the relay node closer to the communication starting point has a lower bit number, the relay node closer to the communication end point has a higher bit number, the bit numbers of other relay nodes may change synchronously with the change of at least one relay node in the link, and the same relay node may have different bit numbers in different links.
Preferably, when performing link transmission, the data analysis management system 3 may flexibly change the relay nodes of the link based on the anonymous traceability level, so that the link transmission for the same target has uncertainty, thereby improving the concealment of the link.
According to a preferred embodiment, when the data analysis management system 3 assigns at least one execution host to execute the data collection and attack recognition tasks corresponding to the authority level thereof, the data analysis management system can assign an anonymous anti-tracing level corresponding to the authority level of each execution host. In view of this, when the execution host performs legal authorization through the data analysis management system 3 to perform data collection and attack identification tasks on the target object of the suspected block chain network crime, the degree of alertness of the network crime suspect can be reduced through the anonymous traceability technology, the criminal suspect is prevented from tracing back the attack source and way, and meanwhile, unexpected leakage caused by the adopted attack mode and the corresponding attack tool is also avoided.
According to a preferred embodiment, the core requirement of the existing anonymous traceability technology is to prevent the cyber criminal suspects from tracing the root against the cyber attacks such as the public security system. In some alternatives, when the data analysis management system 3 assigns at least one execution host to perform an analysis recognition or attack task corresponding to the authority level of the at least one execution host for the criminal behavior of the cyber criminal suspect, the at least one execution host may select a network domain familiar to the cyber criminal suspect at the last attack node, for example, to launch an attack. However, another purpose of "anonymous traceability prevention" is to avoid the attack tool from leaking out, especially to prevent the attack mode of the attack tool from leaking out, which in turn will have adverse effects on the network security environment and future network handling.
According to a preferred embodiment, when the electronic data collection system 1 or the execution host in which the electronic data collection system 1 is deployed executes a task of collecting electronic evidence for a target object suspected of cyber crime, the data analysis management system 3 sets a primary backtrack level for a cyber crime suspect as the target object. In particular, the collected or relevant electronic data information of the target object suspected to be a cyber crime may be provided to the data analysis management system 3 in an encrypted (preferably asymmetric encryption manner) manner with system exclusive authority, and synchronized to the electronic data management system 2 for uplink storage, so that when the electronic data information of the target object suspected to be a cyber crime is collected by the electronic data collection system 1 or an execution host deployed with the electronic data collection system 1, an executive at each execution host is prevented from tracing the private information of the cyber crime suspect as the target object. Through the above manner, the executive personnel at the executive hosts can be prevented from rewriting the acquired electronic data information by themselves, and the acquired electronic data information is provided to the data analysis management system 3 in an encryption manner, so that each executive host can be prevented from directly acquiring the private information of the network crime suspects as target objects, legality is ensured, and citizen privacy is respected.
According to a preferred embodiment, the SM4 algorithm can be used to encrypt the license file in the present invention. The key length is 128 bits, one cipher per message. The message key can be protected by using SM2 encryption algorithm, and the key length is 256 bits.
According to a preferred embodiment, when the data analysis management system 3 (specifically, the analysis execution module 32) or the execution host in which the data analysis management system 3 is deployed executes the task of analyzing and identifying or attacking the electronic evidence of the target object suspected of cyber crime, the data analysis management system 3 sets a secondary backtracking level for the analysis and identification or attack tool. In particular, before the data analysis management system 3 performs the analysis recognition or attack task, particularly, the analysis recognition or attack task is performed by at least one execution host in network communication with the cyber crime service platform of the present invention, the data analysis management system 3 may adjust the configuration of the secondary anti-tracing level according to the level of authority it grants to the corresponding execution host and the authority of the person operating the execution host.
According to a preferred embodiment, since the analysis recognition or attack tool that needs to be used for the analysis recognition or attack task of the target object suspected of cyber crime may have high destructiveness for the computer information system, the data analysis management system 3 may check the preset authority level for the invocation of such tool, so as to apply and adjust the specifically configured secondary anti-tracing level according to the corresponding authority level and the organization strength of the unit where the authority level is deployed. Preferably, in view of the possible network hazard of the tool for analyzing, identifying or attacking the task of the target object of the suspected cyber crime, the configuration of the secondary backtracking level is set or adjusted by the data analysis management system 3 according to the authority level of the corresponding execution host and the organization strength of the unit where the execution host is deployed, so as to obtain the most rapid and safe scheme between the operation efficiency and the anonymous backtracking.
According to a preferred embodiment, for target objects of suspected cyber crimes with higher investigation or attack priority, the analysis and identification or attack tool loading and running speed is too slow due to layer-upon-layer encryption measures, so that the optimal time for identification and investigation and attack is missed. Preferably, the data analysis management system 3 authorizes the at least one performing host to be a destructed analysis recognition or attack tool upon use, based on the target object of the suspected cyber crime as determined by the data collection evidence from earlier stages of the data analysis management system 3, and particularly when it is recognized as a higher priority for investigation or attack. In an alternative embodiment, a preconfigured, just-to-destroy analysis recognition or attack tool may be assigned to the execution host by the data analysis management system 3.
According to a preferred embodiment, when the electronic data collection system 1 or the execution host with the electronic data collection system 1 deployed executes the task of acquiring the corresponding authority or key data of the target object suspected of network crime, the data analysis management system 3 sets a three-level anti-tracing level for each execution host, the tools carried by the execution host and the data of the execution host with respect to the danger of the tools for acquiring the corresponding authority or key data of the target object suspected of network crime. In particular, under the three-level traceability system, the data analysis management system 3 may configure the function of acquiring the corresponding authority or key data of the target object suspected of cybercrime at the first execution host, and load the authority information of the host of the suspected criminal person as the target object and the key data acquired from the target object to the second execution hosts with different deployment locations respectively. And a plurality of relay nodes managed by the data analysis management system 3 in terms of the number and the order of the nodes exist between the first execution host and the second execution host, and under the three-level traceability level, the number and the order of the relay nodes called by the data analysis management system 3 for execution are anonymous and traceable for the first execution host and the second execution host.
According to a preferred embodiment, the data analysis management system 3 may secure each execution host based on a distributed technology of a block chain, for example, issue analysis identification and attack tasks to different attackers via execution hosts with different deployment locations. The execution host and the attack machine can belong to different entity servers or server clusters, or the execution host and the attack machine can be two virtual machines located on the same server. The execution host may be an application on the attacker, which mounts an attack environment, forms an attack script, and the like. Preferably, the tools required to perform the tasks of the host performing the analysis recognition or attack are all supervised by the data analysis management system 3.
According to a preferred embodiment, for the execution host used for executing the analysis recognition or attack task, the data analysis management system 3 may execute the configuration of the analysis recognition or attack tool by using the execution host (or attack node host) building the environment required for the attack script to run, in addition to setting the link of the corresponding anonymous anti-tracing level for the execution host. Specifically, under the condition that it is ensured that the attack script temporarily carried by the execution host obtains the encryption conforming to the computing capability thereof, the data analysis management system 3 instructs the corresponding at least one execution host to perform analysis recognition or attack on the target object suspected of cyber crime.
According to a preferred embodiment, only the execution host of the operation environment is required to load the corresponding analysis recognition or attack tool and the data thereof within a preset time period when the execution host of the attack script is constructed and executes the analysis recognition or attack task, and the execution of the analysis recognition or attack tool does not depend on an operator at the execution host but is derived from instructions and data which are configured in the cyber crime service platform database of the invention in advance. Further, the execution hosts are logged in the attacking node host with system authority, and the data analysis management system 3 provides the analysis identification or attack tool used by the execution hosts to each execution host preferably with a measure of encryption encrusting, whereby it is possible to avoid the encrypted analysis identification or attack tool and its data being leaked by the execution host at the attacking node.
According to a preferred embodiment, when the data analysis management system 3 provides at least one type of analysis recognition or attack tool to at least one execution host which is built with an attack script and needs to run an environment in an asymmetric encrypted compressed packet + script manner, a participant at the execution host cannot obtain an original data packet of the analysis recognition or attack tool from huge data, and each execution host executes a destruction program after executing a corresponding analysis recognition or attack task, so that the analysis recognition or attack tool used for a target object suspected of a cyber crime can stay in a virtual environment, and a user cannot grasp the tool, thereby achieving the purpose of using and managing the attack tool.
According to a preferred embodiment, the data analysis management system 3 may preferably be provided with an alarm management program. Specifically, when the platform finds that the execution host or the data cracking operation for executing the analysis recognition or attack task has the access right, the alarm management program can execute the alarm for the leakage of the possible analysis recognition or attack tool.
According to a preferred embodiment, the content of the data analysis management system 3 for managing the tool module through the tool management program may include tool integrity check, access right check, tool call record check, and tool access record check. Preferably or alternatively, the core component and the auxiliary component each obtain a traceable audit record.
According to a preferred embodiment, the management authority of the data analysis management system 3 can be controlled by or deployed at a competent entity (e.g., a police department, a monitoring authority, etc.) having law enforcement authority. The execution host is located at the operator, and the operation at the execution host requires authentication and authorization permission. The execution host mounts an attack environment for which encrypted attack tools and attack data along with scripts are provided by the data analysis management system 3. The execution host loads the encrypted attack tool and the attack data together with the script to an attack host (which can be a virtual machine), and the attack host deploys the attack host automatically to execute the attack tool and the attack data automatically under the system authority.
According to a preferred embodiment, the present invention further provides an application method of a cyber crime service platform based on a block chain forensics technology, which may include:
at least one type of electronic data is acquired through the electronic data acquisition system 1 and uplink storage is performed, and the electronic data is synchronized to the electronic data management system 2.
Based on the matching mapping relationship between each type of electronic data and the feature information contained in the model case in the database, the data analysis management system 3 generates a study and judgment report corresponding to each type of electronic data.
And based on the judging result, determining a corresponding target object suspected of the cyber crime by the data analysis management system 3 according to the electronic data acquired by the electronic data acquisition system 1, wherein the data analysis management system 3 configures different traceability levels for at least one execution host used for executing the task according to different task types.
According to a preferred embodiment, when the electronic data collection system 1 or the execution host in which the electronic data collection system 1 is deployed executes a collection task of electronic evidence for a target object suspected of cyber crime, a primary backtracking prevention level for a cyber crime suspect as the target object is set for the execution host by the data analysis management system 3.
According to a preferred embodiment, when the data analysis management system 3 or the execution host with the data analysis management system 3 deployed executes the analysis recognition or attack task for the target object suspected of cyber crime, the data analysis management system 3 sets a secondary backtracking level for the execution host with respect to the analysis recognition or attack tool.
According to a preferred embodiment, when the electronic data collection system 1 or the execution host with the electronic data collection system 1 deployed executes the task of acquiring the corresponding authority or key data of the target object suspected of network crime, the data analysis management system 3 sets a three-level anti-tracing level for each execution host, the tools carried by the execution host and the data of the execution host with respect to the danger of the tools for acquiring the corresponding authority or key data of the target object suspected of network crime.
According to a preferred embodiment, the data analysis management system 3 executes analysis recognition or configuration of an attack tool by using an execution host (or attack node host) which builds an environment required for running an attack script, and under the condition that the attack script temporarily carried by the execution host is ensured to obtain encryption which is consistent with the computation capability of the attack script, the data analysis management system 3 instructs at least one corresponding execution host to execute analysis recognition or attack on a target object suspected of cyber crime.
It should be noted that the above-mentioned embodiments are exemplary, and that those skilled in the art, having benefit of the present disclosure, may devise various arrangements that are within the scope of the present disclosure and that fall within the scope of the invention. It should be understood by those skilled in the art that the present specification and figures are illustrative only and are not intended to be limiting on the claims. The scope of the invention is defined by the claims and their equivalents. The present description contains a plurality of inventive concepts such as "preferably", "according to a preferred embodiment" or "optionally" each indicating that the respective paragraph discloses a separate concept, the applicant reserves the right to apply for divisional applications according to each inventive concept.

Claims (10)

1. A cyber crime service platform based on a block chain evidence obtaining and storing technology is characterized by comprising:
an electronic data acquisition system (1) configured to perform a task of electronic data acquisition for a target object;
an electronic data management system (2) configured to perform tasks of uplink credit and interactive sharing for electronic data;
a data analysis management system (3) configured to perform data modeling based on a predetermined learning algorithm, match electronic data saved in the uplink according to the recognition model, and output a corresponding case study result according to the model recognition result, wherein,
based on case study results obtained by performing model identification analysis on electronic data acquired by the electronic data acquisition system (1), the data analysis management system (3) instructs at least one execution host in communication with the data analysis management system to execute analysis identification or attack tasks for a target object, and the data analysis management system (3) configures different anti-tracing levels for at least one execution host according to different execution task levels.
2. The cyber crime service platform based on the block chain forensics technology according to claim 1, characterized in that when a collection task of the electronic evidence for a target object is executed by the electronic data collection system (1) or an execution host with the electronic data collection system (1), a primary backtracking prevention level for the target object is set for the execution host by the data analysis management system (3).
3. The cyber crime service platform based on the blockchain evidence obtaining technology according to claim 2, wherein when the data analysis management system (3) or an execution host having the data analysis management system (3) executes an analysis recognition or attack task for a target object, a secondary traceability level for an analysis recognition or attack tool is set for the execution host by the data analysis management system (3).
4. The cyber crime service platform based on the blockchain evidence obtaining technology according to claim 3, wherein when a task of obtaining corresponding authority or key data for a target object is executed by the electronic data collection system (1) or an execution host having the electronic data collection system (1), a three-level traceability prevention level is set for the execution host and a tool mounted thereon by the data analysis management system (3) according to a risk of the tool for obtaining the corresponding authority or key data of the target object.
5. The cyber crime service platform based on the blockchain evidence obtaining technology according to claim 4, wherein the data analysis management system (3) executes configuration of an analysis recognition or attack tool by using an execution host which builds an environment required by attack script operation, and provides the analysis recognition or attack tool which is consistent with the operation capability of the execution host and is authorized to be encrypted.
6. The cyber crime service platform based on the blockchain evidence obtaining technology according to claim 5, wherein the execution host loads data related to the analysis recognition or attack tool within a preset time period only when the analysis recognition or attack task for the target object is executed, and executes a destruction program for the analysis recognition or attack tool after the corresponding analysis recognition or attack task is executed.
7. The cyber crime service platform based on the block chain access evidence technology according to claim 6, wherein the electronic data collection system (1) comprises:
the evidence obtaining module (10) is used for collecting various types of electronic data from a plurality of communication channels;
the first management module (11) is used for saving a evidence package file containing electronic data of a target object and synchronizing the evidence package file to the electronic data management system (2).
8. A cyber crime service platform based on a blockchain forensics technology according to claim 7, wherein the electronic data management system (2) comprises:
the identity verification module (20) is used for providing the functions of trusted identity authentication and authorization of at least one of the evidence provider, the evidence operator, the evidence authenticator and the evidence principal;
a second management module (21) for storing a forensic evidence package file containing electronic data of the target object;
and the sharing module (22) is used for interactive sharing of the electronic data of the target object among the evidence provider, the evidence operator, the evidence appraiser and the evidence principal.
9. The cyber crime service platform based on the blockchain evidence obtaining technology according to claim 8, wherein the data analysis management system (3) comprises:
a monitoring module (30) for providing a function of real-time tracking of a network address for a target object;
the source tracing module (31) is used for tracking the target object address, acquiring a target reserved address and sending the address change information of the whole process to the analysis execution module (32);
and the analysis execution module (32) is used for outputting a corresponding case judgment result according to the model identification result of the electronic data aiming at the target object.
10. An application method of a cyber crime service platform, which is used for the cyber crime service platform based on the block chain forensics technology according to any one of the preceding claims 1 to 9, and is characterized by comprising the following steps:
acquiring electronic data of a target object and executing uplink storage;
aiming at the electronic data of the target object, performing data modeling based on a preset learning algorithm, matching the electronic data stored in the upper chain according to the identification model, and outputting a corresponding case study and judgment result according to the model identification result;
determining a target object corresponding to a task to be executed based on the judging result, wherein the task to be executed comprises analysis identification or attack aiming at the target object;
and configuring different backtracking prevention levels for at least one execution host used for executing the task to be executed according to different task hierarchies to be executed.
CN202211045027.3A 2022-08-30 2022-08-30 Network crime service platform based on block chain evidence obtaining and storing technology and application method Active CN115114677B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN202211601637.7A CN115906190A (en) 2022-08-30 2022-08-30 Block chain network crime service platform
CN202211045027.3A CN115114677B (en) 2022-08-30 2022-08-30 Network crime service platform based on block chain evidence obtaining and storing technology and application method
CN202211600488.2A CN115964760A (en) 2022-08-30 2022-08-30 Block chain technology-based anti-tracing method and service platform thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211045027.3A CN115114677B (en) 2022-08-30 2022-08-30 Network crime service platform based on block chain evidence obtaining and storing technology and application method

Related Child Applications (2)

Application Number Title Priority Date Filing Date
CN202211601637.7A Division CN115906190A (en) 2022-08-30 2022-08-30 Block chain network crime service platform
CN202211600488.2A Division CN115964760A (en) 2022-08-30 2022-08-30 Block chain technology-based anti-tracing method and service platform thereof

Publications (2)

Publication Number Publication Date
CN115114677A CN115114677A (en) 2022-09-27
CN115114677B true CN115114677B (en) 2022-11-04

Family

ID=83336138

Family Applications (3)

Application Number Title Priority Date Filing Date
CN202211045027.3A Active CN115114677B (en) 2022-08-30 2022-08-30 Network crime service platform based on block chain evidence obtaining and storing technology and application method
CN202211600488.2A Withdrawn CN115964760A (en) 2022-08-30 2022-08-30 Block chain technology-based anti-tracing method and service platform thereof
CN202211601637.7A Withdrawn CN115906190A (en) 2022-08-30 2022-08-30 Block chain network crime service platform

Family Applications After (2)

Application Number Title Priority Date Filing Date
CN202211600488.2A Withdrawn CN115964760A (en) 2022-08-30 2022-08-30 Block chain technology-based anti-tracing method and service platform thereof
CN202211601637.7A Withdrawn CN115906190A (en) 2022-08-30 2022-08-30 Block chain network crime service platform

Country Status (1)

Country Link
CN (3) CN115114677B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115296936B (en) * 2022-10-08 2023-08-01 四川安洵信息技术有限公司 Automatic method and system for assisting detection of anti-network crime

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104438B (en) * 2018-10-22 2021-06-18 杭州安恒信息技术股份有限公司 Botnet early warning method and device in narrow-band Internet of things and readable storage medium
CN111092743A (en) * 2018-10-24 2020-05-01 中国移动通信有限公司研究院 Virtual link monitoring method, device and storage medium
CN111291962A (en) * 2019-12-19 2020-06-16 韩兆鹤 Method for preventing and attacking AI crime and AI data infringement
CN111191240B (en) * 2019-12-30 2023-04-07 蚂蚁区块链科技(上海)有限公司 Method, device and equipment for collecting Internet electronic evidence
US11223487B2 (en) * 2020-03-19 2022-01-11 Jinan University Method and system for secure blockchain-based vehicular digital forensics
CN111159474B (en) * 2020-04-03 2020-09-04 腾讯科技(深圳)有限公司 Multi-line evidence obtaining method, device and equipment based on block chain and storage medium
CN111639914A (en) * 2020-05-29 2020-09-08 航天科工智慧产业发展有限公司 Block chain case information management method and device, electronic equipment and storage medium
US20220156864A1 (en) * 2020-11-14 2022-05-19 Elliot M. Furman System and Method for Electronically Consenting to Engage in Sexual Activity
CN113407886A (en) * 2021-07-10 2021-09-17 广州数智网络科技有限公司 Network crime platform identification method, system, device and computer storage medium
CN113987061A (en) * 2021-07-21 2022-01-28 远光软件股份有限公司 Block chain evidence storage method and device
CN114372092A (en) * 2021-12-10 2022-04-19 杭州趣链科技有限公司 Case collaborative search processing method, system, device and electronic equipment

Also Published As

Publication number Publication date
CN115114677A (en) 2022-09-27
CN115906190A (en) 2023-04-04
CN115964760A (en) 2023-04-14

Similar Documents

Publication Publication Date Title
Ryu et al. A blockchain-based decentralized efficient investigation framework for IoT digital forensics
Dezfoli et al. Digital forensic trends and future
Alenezi et al. The impact of cloud forensic readiness on security
JP2018516419A (en) A computerized system that securely delivers and exchanges cyber threat information in a standardized format
US20070139231A1 (en) Systems and methods for enterprise-wide data identification, sharing and management in a commercial context
Alghamdi Digital forensics in cyber security—recent trends, threats, and opportunities
Kumar et al. Secure log storage using blockchain and cloud infrastructure
Sun et al. A Survey of Digital Evidences Forensic and Cybercrime Investigation Procedure.
US20230418938A1 (en) Attack kill chain generation and utilization for threat analysis
Doshi et al. A review paper on security concerns in cloud computing and proposed security models
CN115114677B (en) Network crime service platform based on block chain evidence obtaining and storing technology and application method
Trček et al. Advanced framework for digital forensic technologies and procedures
Agbedanu et al. BLOFF: a blockchain-based forensic model in IoT
CN115296936B (en) Automatic method and system for assisting detection of anti-network crime
Jo et al. A blockchain-based trusted security zone architecture
CN115102785A (en) Automatic tracing system and method for network attack
Brotsis et al. Blockchain meets Internet of Things (IoT) forensics: A unified framework for IoT ecosystems
Al-Mahrouqi et al. Efficiency of network event logs as admissible digital evidence
Dezfouli et al. Digital forensics trends and future
Cisar et al. Cybercrime and Digital Forensics-Technologies and Approaches.
KR102179439B1 (en) Meta information platform devices and methods for recycle standard/threat traffic
Cisar et al. General directions of development in digital forensics
Khubrani Mobile Device Forensics, challenges and Blockchain-based Solution
Singh et al. Check for updates A Study of Implementing a Blockchain-Based Forensic Model Integration (BBFMI) for IoT Devices in Digital Forensics
Sellami et al. Detection of New Attacks on Ubiquitous Services in Cloud Computing and Against Measure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant