CN118101164A - Defense method, device, terminal and storage medium for data interaction first-aid running attack - Google Patents

Defense method, device, terminal and storage medium for data interaction first-aid running attack Download PDF

Info

Publication number
CN118101164A
CN118101164A CN202410325464.3A CN202410325464A CN118101164A CN 118101164 A CN118101164 A CN 118101164A CN 202410325464 A CN202410325464 A CN 202410325464A CN 118101164 A CN118101164 A CN 118101164A
Authority
CN
China
Prior art keywords
interaction
data
node
interacted
cost value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202410325464.3A
Other languages
Chinese (zh)
Other versions
CN118101164B (en
Inventor
谢迪凡
汪晓可
秦启睿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou High Tech Zone Binjiang Blockchain And Data Security Research Institute
Original Assignee
Hangzhou High Tech Zone Binjiang Blockchain And Data Security Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou High Tech Zone Binjiang Blockchain And Data Security Research Institute filed Critical Hangzhou High Tech Zone Binjiang Blockchain And Data Security Research Institute
Priority to CN202410325464.3A priority Critical patent/CN118101164B/en
Priority claimed from CN202410325464.3A external-priority patent/CN118101164B/en
Publication of CN118101164A publication Critical patent/CN118101164A/en
Application granted granted Critical
Publication of CN118101164B publication Critical patent/CN118101164B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application is suitable for the technical field of computer application, and provides a defending method, a defending device, a defending terminal and a storage medium for data interaction first-aid running attacks, wherein the defending method comprises the following steps: acquiring a data request to be interacted sent by a user; transmitting the interactive response information to the block chain network system; if the data interaction is not uplink and the existence of the first-running node in the blockchain network system is monitored, the current interaction cost value of the data interaction is updated according to the interaction cost range and the current interaction cost value of the first-running node, and the updated interaction cost value and the data information to be interacted are sent to the blockchain network system until the updated current interaction cost value reaches the maximum value in the interaction cost range. Therefore, the active defense is carried out on the data interaction first-aid running attack of the blockchain network system by monitoring the first-aid running node in the blockchain network system and updating the current interaction cost value of the data interaction, so that the stability and safety of the data interaction of the blockchain network system are improved, and the user experience is improved.

Description

Defense method, device, terminal and storage medium for data interaction first-aid running attack
Technical Field
The application belongs to the technical field of computer application, and particularly relates to a defending method, a defending device, a defending terminal and a storage medium for data interaction first-aid running attacks.
Background
The data interaction of the block chain network system refers to digital asset exchange in the block chain network system, and the data interaction and the starting of the block chain network system refers to the behavior that an attacker makes the block chain link point pack the data of the starting preferentially by improving the value of the interaction data so as to make the attacker obtain the benefit. An attacker can conduct data interaction first-aid running attack by utilizing network delay, intelligent contract loopholes and the like.
In the related art, by reducing network delay and improving data interaction confirmation speed or performing security audit on intelligent contracts to find and repair potential vulnerabilities, opportunities of blockchain data interaction first-aid running attacks are reduced, or privacy of data interaction is protected through privacy protection technology, so that an attacker is difficult to observe and analyze data interaction behaviors, attack difficulty is increased, and risks of the data interaction first-aid running attacks are reduced.
Disclosure of Invention
The application aims to provide a defense method, a defense device, a terminal device and a computer readable storage medium for data interaction first-aid running attack, which can solve the problems of poor data interaction stability, low safety and poor user experience of a blockchain network system caused by higher implementation difficulty of modifying bottom operating logic or contract logic of the blockchain network system data interaction and difficulty in actually landing in a plurality of blockchain data interaction scenes in the related technology when the blockchain network system data interaction first-aid running attack is carried out.
In a first aspect, an embodiment of the present application provides a method for defending a data interaction first-race attack, including: acquiring or receiving a data request to be interacted sent by a user, wherein the data request to be interacted comprises data information to be interacted and an interaction cost range of data interaction; the method comprises the steps of sending interactive response information to a blockchain network system, wherein the interactive response information comprises data information to be interacted and an interactive cost value, and the interactive cost value is in an interactive cost range; if the data interaction is not uplink and the existence of a first-aid running node in the blockchain network system is monitored, the current interaction cost value of the data interaction is updated according to the interaction cost range and the current interaction cost value of the first-aid running node, the updated interaction cost value and the data information to be interacted are sent to the blockchain network system until the updated current interaction cost value reaches the maximum value in the interaction cost range, and the first-aid running node is a node which is larger than the current interaction cost value in the interaction response information sent for the data request to be interacted.
In a possible implementation manner of the first aspect, the data request to be interacted further includes an interaction time range of data interaction, and if the data interaction is not uplink and a starting node exists in the monitoring blockchain network system, updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the starting node specifically includes:
And in the interaction time range, if the data interaction is not uplink and the existence of the first-aid running node in the blockchain network system is monitored, updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the first-aid running node.
Optionally, in another possible implementation manner of the first aspect, updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the first-run node includes:
And regenerating an interaction cost value in the interaction cost range as the current interaction waiting value, wherein the regenerated interaction cost value is larger than the current interaction cost value of the first-aid running node.
Optionally, in still another possible implementation manner of the first aspect, before the sending the interactive response information to the blockchain network system, the method further includes:
simulating a data interaction process for executing the data request to be interacted in a local mode, and determining interaction calling information of the data interaction process;
after the interactive response information is sent to the blockchain network system, the method further includes:
monitoring interaction response information sent by other nodes in the block chain network system;
executing the interactive response information locally, and acquiring interactive calling information in the interactive response information corresponding to each node;
and determining the first-aid running node according to the similarity of the interaction calling information corresponding to each node and the interaction calling information corresponding to the data request to be interacted.
Optionally, in still another possible implementation manner of the first aspect, determining the first-race node according to a similarity between the interaction calling information corresponding to each node and the interaction calling information corresponding to the data request to be interacted includes:
And if the similarity between the interaction calling information and the interaction calling information corresponding to the data request to be interacted is higher than a set threshold value, determining the corresponding node as the first-run node.
Optionally, in another possible implementation manner of the first aspect, determining the first-race node according to a similarity between the interaction calling information corresponding to each node and the interaction calling information corresponding to the data request to be interacted includes:
Judging whether each node is in a preset blacklist or not;
If the node is in the first similarity threshold, determining the corresponding node as the first race node, wherein the similarity of the interaction calling information corresponding to the data request to be interacted with is higher than the first similarity threshold;
If the node is not in the first race, and the similarity of the interaction calling information corresponding to the data request to be interacted is higher than a second similarity threshold, determining the corresponding node as a first race node; the first similarity threshold is lower than the second similarity threshold.
Optionally, in a further possible implementation manner of the first aspect, the method further includes:
and adding the first-race node determined by the data interaction into a preset blacklist.
In a second aspect, the present application further provides a defending device for a data interaction first-race attack, including: the first acquisition module is used for acquiring or receiving a data request to be interacted sent by a user, wherein the data request to be interacted comprises data information to be interacted and an interaction cost range of data interaction; the system comprises a sending module, a block chain network system and a receiving module, wherein the sending module is used for sending interaction response information to the block chain network system, the interaction response information comprises data information to be interacted and an interaction cost value, and the interaction cost value is in an interaction cost range; the updating module is used for updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the first-aid running node if the data interaction is not uplink and the first-aid running node exists in the blockchain network system, and sending the updated interaction cost value and the data information to be interacted to the blockchain network system until the updated current interaction cost value reaches the maximum value in the interaction cost range, wherein the first-aid running node is a node which is larger than the current interaction cost value in the interaction response information sent for the data request to be interacted.
In a possible implementation manner of the second aspect, the data request to be interacted further includes an interaction time range of data interaction; correspondingly, the updating module comprises:
And the updating unit is used for updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the first-aid running node if the data interaction is not uplink and the first-aid running node exists in the blockchain network system in the interaction time range.
Optionally, in another possible implementation manner of the second aspect, the updating module further includes:
the generating unit is used for regenerating an interaction cost value in the interaction cost range to serve as the current interaction waiting value, and the regenerated interaction cost value is larger than the current interaction cost value of the first-aid running node.
Optionally, in a further possible implementation manner of the second aspect, the active defense device for the blockchain network system data interaction race attack further includes:
The first determining module is used for locally simulating a data interaction process for executing the data request to be interacted with and determining interaction calling information of the data interaction process;
the monitoring module is used for monitoring interaction response information sent by other nodes in the block chain network system;
The second acquisition module is used for locally executing the interaction response information and acquiring interaction calling information in the interaction response information corresponding to each node;
And the second determining module is used for determining the first-race node according to the similarity of the interaction calling information corresponding to each node and the interaction calling information corresponding to the data request to be interacted.
Optionally, in a further possible implementation manner of the second aspect, the second determining module includes:
and the first determining unit is used for determining the corresponding node as the first-race node if the similarity between the interaction calling information and the interaction calling information corresponding to the data request to be interacted is higher than a set threshold value.
Optionally, in another possible implementation manner of the second aspect, the second determining module further includes:
The judging unit is used for judging whether each node is in a preset blacklist or not;
The second determining unit is used for determining the corresponding node as the first race node if the second determining unit is in the state that the similarity of the interaction calling information corresponding to the data request to be interacted is higher than the first similarity threshold value;
The third determining unit is used for determining the corresponding node as the first-race node if the interaction calling information is not in the state and the similarity of the interaction calling information corresponding to the data request to be interacted is higher than a second similarity threshold value; the first similarity threshold is lower than the second similarity threshold.
Optionally, in a further possible implementation manner of the second aspect, the defending device for a data interaction first-race attack further includes:
And the adding module is used for adding the first-race node determined by the data interaction into a preset blacklist.
In a third aspect, the application further provides a terminal device. The terminal device includes a memory, a processor, and a computer program stored in the memory and executable on the processor. The processor, when executing the computer program, implements the method of any implementation manner of the first aspect.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium stores a computer program which when executed by a processor implements the method of any one of the implementations of the first aspect described above.
In a fifth aspect, the application also provides a computer program product for causing an electronic device to perform the method of any one of the implementations of the first aspect described above when the computer program product is run on the electronic device.
Compared with the prior art, the embodiment of the application has the beneficial effects that: the current interaction cost value of the data interaction is updated by monitoring the first-aid running nodes in the blockchain network system when the data interaction is not uplink and according to the interaction cost range and the current interaction cost value of the first-aid running nodes, so that the data interaction first-aid running attack of the blockchain network system is actively defended, the stability and safety of the data interaction of the blockchain network system are improved, and the user experience is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments or the description of the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a method for defending against a data interaction race attack according to an embodiment of the present application;
Fig. 2 is a flow chart of a method for defending against a data interaction race attack according to another embodiment of the present application;
Fig. 3 is a schematic structural diagram of a defending device for data interaction race attack provided by an embodiment of the present application;
Fig. 4 is a schematic structural diagram of a terminal device according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular system architecture, techniques, etc., in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It should be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
As used in the present description and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
Furthermore, the terms "first," "second," "third," and the like in the description of the present specification and in the appended claims, are used for distinguishing between descriptions and not necessarily for indicating or implying a relative importance.
Reference in the specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," and the like in the specification are not necessarily all referring to the same embodiment, but mean "one or more but not all embodiments" unless expressly specified otherwise. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.
The data interaction of the block chain network system can be a digital asset exchange in the block chain network system, and in the block chain network system, the block chain nodes can pack the data interaction with high interaction cost preferentially, so that an attacker can pack the first-aid run data submitted by the attacker preferentially through improving the interaction cost, and the first-aid run purpose is achieved.
When an attacker performs data interaction and first-aid running, the attacker can use knowledge of network delay to submit the first-aid running data before normal data interaction, or can use loopholes of intelligent contracts to perform data interaction and first-aid running attacks, if the first-aid running attacks are defended by reducing network delay or performing security audit on the intelligent contracts so as to repair the loopholes, the bottom-layer operation logic or contract logic of the blockchain network system needs to be modified, and the implementation is generally difficult, so that the problems of low security and poor stability exist when the blockchain network system performs data interaction.
Based on this, as shown in fig. 1, an embodiment of the present application provides a method for defending a data interaction first-aid running attack, including:
Step 101, acquiring or receiving a data request to be interacted sent by a user, wherein the data request to be interacted comprises data information to be interacted and an interaction cost range of data interaction.
It should be noted that, the defending method of the data interaction first-aid running attack in the embodiment of the application can be executed by the defending device of the data interaction first-aid running attack in the embodiment of the application. The defending device for the data interaction first-aid running attack can be configured in any terminal equipment to execute the defending method for the data interaction first-aid running attack.
As a possible implementation manner, a request interface may be provided for a user, a data request to be interacted sent by the user may be obtained or received through the request interface, the data request to be interacted may include data information to be interacted and an interaction cost range, the data information to be interacted may include data content of interaction, an interaction time range of data interaction, and the like, the interaction time range may include earliest valid time and latest valid time, the interaction cost range may be a range of interaction cost of data interaction, may include minimum interaction cost and maximum interaction cost, and the interaction cost may refer to a ratio of interaction quantity between two types of data, that is, when the user needs to interact with B data by using a data, the quantity of a data may be provided for B data per unit.
For example, the data information to be interacted may include interacted data content, for example, may be network performance, etc., and may include an interaction time range, for example, may be: "2024, 3, 11, 29 minutes to 2024, 3, 11, 12, 29 minutes" wherein "2024, 3, 11, 29 minutes" represents the earliest time of validity in the interaction time range and "2024, 3, 11, 12, 29 minutes" represents the latest time of validity in the interaction time range. The interactive cost range may be "10 to 100", where 10 represents the minimum interactive cost value and 100 represents the maximum interactive cost value, i.e., when a user wants to interact with B data with a data, at most 1 unit of B data may be exchanged with 100 units of a data, and at least 1 unit of B data may be exchanged with 10 units of a data.
It should be noted that, the content and the interaction cost range included in the above listed interaction data information are merely exemplary, and the interaction data information and the interaction cost range may be determined according to an actual use scenario and an actual requirement in actual use, which is not limited in the embodiment of the present application.
Step 102, the interactive response information is sent to the blockchain network system, wherein the interactive response information comprises data information to be interacted and an interactive cost value, and the interactive cost value is in an interactive cost range.
As one possible implementation manner, the interactive response information can be sent to the blockchain network system, the interactive response information can be obtained according to the data request to be interacted, the interactive response information can comprise the data information to be interacted and the interactive cost value, and the interactive cost value can be any value in the range of the interactive cost.
For example, the interaction cost ranges from "10 to 100", the interaction cost may be any value within "10 to 100", for example, the data information to be interacted with and the interaction cost 20 may be sent to the blockchain network system.
As one possible implementation manner of the application, the interactive response information can comprise the data information to be interacted and the minimum interaction cost value, wherein the minimum interaction cost value is the minimum value in the interaction cost range.
As an example, if the interaction cost ranges from "10 to 100", the minimum interaction cost value is 10.
And step 103, if the data interaction is not uplink and the existence of a first-aid running node in the blockchain network system is monitored, updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the first-aid running node, and transmitting the updated interaction cost value and the data information to be interacted to the blockchain network system until the updated current interaction cost value reaches the maximum value in the interaction cost range, wherein the first-aid running node is a node which is larger than the current interaction cost value in the interaction response information transmitted for the data request to be interacted.
It should be noted that, the uplink may be a process of packaging data into a block and adding the block to a blockchain, after the data is uplink, each node may refer to and verify the data, so that the integrity and non-tamper property of the data can be ensured, but before the data is uplink, the first-aid running attack is easily encountered.
As one possible implementation manner of the application, if the interaction response information sent by a certain node is determined to be the interaction response information aiming at the data request to be interacted, and the interaction cost value in the interaction response information is larger than the current interaction cost value corresponding to the data request to be interacted, the node can be determined to be the first-aid running node.
As an example, all nodes with the interaction cost value greater than the current interaction cost value corresponding to the data request to be interacted can be determined as the first-aid run nodes, and the nodes with the similarity greater than the similarity threshold and the interaction cost value greater than the current interaction cost value corresponding to the data request to be interacted can be determined as the first-aid run nodes according to the similarity between the interaction response information sent by the nodes and the interaction response information corresponding to the data request to be interacted, so that whether the interaction response information sent by the nodes and the interaction response information corresponding to the data request to be interacted are highly similar can be judged according to the relationship between the similarity and the similarity threshold, and when the interaction response information sent by the nodes and the interaction response information corresponding to the data request to be interacted are highly similar, the nodes can be indicated as the first-aid run nodes.
As a possible implementation manner, when the data interaction is not uplink, if the first-running node exists in the blockchain network system, the current interaction cost value of the data interaction can be updated according to the interaction cost range and the current interaction cost value of the first-running node, the updated interaction cost value and the data information to be interacted are resent to the blockchain network system, whether the first-running node exists or not is continuously monitored, if so, the interaction cost value is continuously updated and resent until the interaction cost value of the data interaction reaches the maximum value in the interaction cost range, and then the monitoring is stopped.
Furthermore, whether the block chain network system has the starting node can be monitored only in the interaction effective time, so that the defense efficiency is improved. In one possible implementation manner of the embodiment of the present application, the data request to be interacted further includes an interaction time range of data interaction, and if the data interaction is not uplink and a starting node exists in the blockchain network system is monitored, updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the starting node specifically may include:
Step 1031, if the data interaction is not uplink and the existence of the first-aid running node in the blockchain network system is monitored in the interaction time range, updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the first-aid running node.
As a possible implementation manner of the application, a request interface comprising an interaction time range field can be provided for a user, the acquired interaction time range of the data interaction can be included in the data request to be interacted, whether a starting node exists in the blockchain network system can be monitored only in the interaction time range and when the data interaction is not uplink, and if the starting node exists, the current interaction cost of the data interaction can be updated according to the interaction cost range and the current interaction cost of the starting node.
As an example, the interaction time range may include the earliest valid time and the latest valid time, for example, the earliest valid time is 2024, 3, 11, 29 minutes, and the latest valid time is "2024, 3, 11, 12, 29 minutes", then it may be monitored whether the first-aid running node exists in the blockchain network system only from 2024, 3, 11, 29 minutes to 2024, 3, 11, 12, 29 minutes.
Furthermore, the interaction cost value can be updated to be larger than the interaction cost value of the first-aid running node, so that the safety and stability of data interaction of the blockchain network system are improved, and the user experience is improved. In one possible implementation manner of the embodiment of the present application, the updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the first-aid running node may include:
in step 1032, an interaction cost value is regenerated as the current interaction cost value within the interaction cost range, and the regenerated interaction cost value is larger than the current interaction cost value of the first-race node.
As a possible implementation manner, an interaction cost value which is in the range of the interaction cost and is larger than the current interaction cost value of the first-aid running node can be generated according to the current interaction cost value of the first-aid running node and used as the current interaction cost value corresponding to the data request to be interacted.
For example, assuming that the interaction cost ranges from "10 to 100", and the current interaction cost of the first-race node is 30, a value greater than 30 and less than or equal to 100 may be selected as the current interaction cost corresponding to the interaction data request.
Furthermore, the first-aid running nodes can be marked, so that the stability and the safety of data interaction of the block chain network system are further improved. That is, in one possible implementation manner of the embodiment of the present application, the method may further include:
and adding the first-race node determined by the data interaction into a preset blacklist.
As a possible implementation manner, each of the first-race nodes existing in the current data interaction may be added to a preset blacklist, and the nodes in the preset blacklist may be more easily determined as the first-race nodes.
According to the defense method for the data interaction first-aid running attack, when the data interaction is not uplink, the first-aid running node in the blockchain network system is monitored, and the current interaction cost value of the data interaction is updated according to the interaction cost range and the current interaction cost value of the first-aid running node, so that the data interaction first-aid running attack of the blockchain network system is actively defended, the stability and safety of the data interaction of the blockchain network system are improved, the user experience is improved, and an attacker attacking the data interaction is added into a preset blacklist, so that the safety of the data interaction of the blockchain network system is further improved.
In one possible implementation form of the application, whether the first-aid running node exists or not can be judged according to the similarity between the interaction calling information corresponding to each node and the interaction calling information corresponding to the data request to be interacted, so that active defense is performed, the reliability of a defense method of data interaction first-aid running attack is improved, the safety and stability of data interaction of a blockchain network system are further improved, and user experience is improved.
The method for defending the data interaction first-aid running attack provided by the embodiment of the application is further described below with reference to fig. 2.
Fig. 2 shows a flow chart of another defense method of data interaction first-aid running attack according to the embodiment of the application.
As shown in fig. 2, the defending method for the data interaction first-aid running attack comprises the following steps:
Step 201, a data request to be interacted sent by a user is obtained or received, wherein the data request to be interacted comprises data information to be interacted and an interaction cost range of data interaction.
The specific implementation process and principle of the above step 201 may refer to the detailed description of the above embodiment, which is not repeated here.
Step 202, a data interaction process of executing a data request to be interacted is simulated locally, and interaction calling information of the data interaction process is determined.
The interactive call information may include function call information and parameter use information.
As a possible implementation manner of the application, the data interaction process of the data request to be interacted can be simulated and executed locally according to the data request to be interacted, and the related interaction calling information in the data interaction process can be determined, for example, function calling information and parameter using information in the data interaction process.
It should be noted that the above listed interaction call information is merely exemplary, and when in actual use, specific interaction call information may be determined according to actual requirements and application scenarios, which is not limited in the embodiment of the present application.
And 203, transmitting the interactive response information to the blockchain network system, wherein the interactive response information comprises data information to be interacted and an interactive cost value, and the interactive cost value is in an interactive cost range.
The specific implementation process and principle of the above step 203 may refer to the detailed description of the above embodiment, which is not repeated here.
And 204, monitoring interaction response information sent by other nodes in the block chain network system.
As a possible implementation manner, interaction response information sent by other nodes in the blockchain network system can be monitored within a range of interaction time when data interaction is not uplink.
And 205, executing the interactive response information locally, and acquiring interactive calling information in the interactive response information corresponding to each node.
As one possible implementation manner of the application, after monitoring the interactive response information sent by other nodes in the blockchain network system, the monitored interactive response information can be simulated and executed locally, and the related interactive call information can be determined, for example, function call information and parameter use information in the data interaction process.
It should be noted that, the type of information included in the interactive call information in the interactive response information corresponding to each node obtained in step 205 should be consistent with that in step 202, for example, the interactive call information in step 202 includes function call information and parameter use information, and then the interactive call information corresponding to each node obtained in step 205 should also include function call information and parameter use information.
And 206, determining the first-race node according to the similarity of the interaction calling information corresponding to each node and the interaction calling information corresponding to the data request to be interacted.
As one possible implementation manner of the application, the similarity of the interaction calling information corresponding to each node and the interaction calling information corresponding to the data request to be interacted can be determined, when the interaction calling information comprises function calling information and parameter using information, the function calling similarity of the function calling information and the parameter using similarity of the parameter using information can be calculated respectively, then the similarity of the interaction calling information is determined according to the function calling similarity and the parameter using similarity, and whether the node is a first-aid running node can be determined according to the similarity of the interaction calling information corresponding to each node.
Further, a similarity threshold value can be preset, and whether each node is a first-aid running node is judged according to the relationship between the similarity of interaction calling information corresponding to each node and the similarity threshold value, so that the reliability of a defending method of the data interaction first-aid running attack is improved. That is, in one possible implementation manner of the embodiment of the present application, the step 206 may include:
step 2061, if the similarity between the interaction call information and the interaction call information corresponding to the data request to be interacted is higher than the set threshold, determining the corresponding node as the first-aid running node.
As one possible implementation manner of the application, the value of the set threshold value can be selected, the relation between the similarity and the set threshold value is judged, when the similarity between the interaction calling information of the node and the interaction calling information corresponding to the data request to be interacted is higher than the set threshold value, the interaction calling information of the node and the interaction calling information corresponding to the data request to be interacted can be illustrated to be highly similar, and the node can be determined to be the first-aid running node.
Furthermore, the nodes in the preset blacklist can be more easily judged as the first-aid running nodes, so that the reliability of a defense method of the data interaction first-aid running attack is further improved, and the safety and stability of the data interaction of the blockchain network system are further improved. That is, in one possible implementation manner of the embodiment of the present application, the step 206 may further include:
step 2062, judging whether each node is in a preset blacklist;
step 2063, if the node is in the position, and the similarity between the interaction calling information and the interaction calling information corresponding to the data request to be interacted is higher than the first similarity threshold, determining the corresponding node as the first-aid running node;
Step 2064, if not, determining the corresponding node as the first-race node if the similarity between the interaction calling information and the interaction calling information corresponding to the data request to be interacted is higher than the second similarity threshold; the first similarity threshold is lower than the second similarity threshold.
As a possible implementation manner of the application, whether each node is in a preset blacklist or not can be judged, if so, the relationship between the similarity of the interaction calling information of the node and the interaction calling information corresponding to the data request to be interacted and a first similarity threshold value can be judged, and if the relationship is higher than the first similarity threshold value, the node can be determined to be a first-run node; if the node is not in the preset blacklist, the relation between the similarity of the interaction calling information of the node and the interaction calling information corresponding to the data request to be interacted and the second similarity threshold value can be judged, if the node is higher than the second similarity threshold value, the node can be determined to be a starting node, and the node can be added into the preset blacklist.
It should be noted that, since the nodes in the preset blacklist should be more easily determined as the first-race nodes, the first similarity threshold should be lower than the second similarity threshold.
For example, the first similarity threshold is 0.7, the second similarity threshold is 0.8, and assuming that the similarity between the interaction call information of the C node and the D node and the interaction call information corresponding to the data request to be interacted is 0.7, but the C node is in the preset blacklist, if the D node is not in the preset blacklist, only the C node is determined to be the first-aid running node, and if the similarity corresponding to the D node is 0.9, the D node may be determined to be the first-aid running node.
It should be noted that the first similarity threshold and the second similarity threshold are merely exemplary, and in actual use, the first similarity threshold and the second similarity threshold need to be determined according to actual requirements and actual application scenarios, which is not limited in the embodiments of the present application.
Step 207, if the data interaction is not uplink and the existence of the first-aid running node in the blockchain network system is monitored, updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the first-aid running node, and sending the updated interaction cost value and the data information to be interacted to the blockchain network system until the updated current interaction cost value reaches the maximum value in the interaction cost range, wherein the first-aid running node is a node which is larger than the current interaction cost value in the interaction response information sent for the data request to be interacted.
The specific implementation process and principle of the step 207 may refer to the detailed description of the embodiment, which is not repeated here.
According to the defense method for the data interaction first-aid running attack, through judging the relation between the similarity of the interaction calling information corresponding to each node and the interaction calling information corresponding to the data request to be interacted and the set threshold value, whether each node is the first-aid running node is judged, and different similarity threshold values are set for the nodes in the preset blacklist and the nodes not in the blacklist, so that the nodes in the preset blacklist are easier to judge as the first-aid running nodes, the reliability of the defense method for the data interaction first-aid running attack is improved, the stability and safety of the data interaction of the block chain network system are further improved, and user experience is further improved.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present application.
Corresponding to the method for defending the data interaction first-aid running attack described in the above embodiment, fig. 3 shows a block diagram of the apparatus for defending the data interaction first-aid running attack provided in the embodiment of the present application, and for convenience of explanation, only the portion relevant to the embodiment of the present application is shown.
Referring to fig. 3, the apparatus 30 includes:
the first obtaining module 31 is configured to obtain or receive a data request to be interacted sent by a user, where the data request to be interacted includes data information to be interacted and an interaction cost range of data interaction;
the sending module 32 is configured to send interactive response information to the blockchain network system, where the interactive response information includes data information to be interacted and an interactive cost value, and the interactive cost value is within an interactive cost range;
The updating module 33 is configured to update the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the first-run node if the data interaction is not uplink and the presence of the first-run node in the blockchain network system is monitored, and send the updated interaction cost value and the data information to be interacted to the blockchain network system until the updated current interaction cost value reaches the maximum value in the interaction cost range, wherein the first-run node is a node which is greater than the current interaction cost value in the interaction response information sent for the data request to be interacted.
In actual use, the defending device for the data interaction first-aid running attack provided by the embodiment of the application can be configured in any terminal equipment to execute the defending method for the data interaction first-aid running attack.
According to the defending device for the data interaction first-aid running attack, the first-aid running nodes in the blockchain network system are monitored when the data interaction is not uplink, and the current interaction cost value of the data interaction is updated according to the interaction cost range and the current interaction cost value of the first-aid running nodes, so that the data interaction first-aid running attack of the blockchain network system is actively defended, the stability and safety of the data interaction of the blockchain network system are improved, and user experience is improved.
In one possible implementation form of the present application, the data request to be interacted further includes an interaction time range of data interaction; correspondingly, the update module 33 includes:
And the updating unit is used for updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the first-aid running node if the data interaction is not uplink and the first-aid running node exists in the blockchain network system in the interaction time range.
Further, in another possible implementation manner of the present application, the update module 33 further includes:
the generating unit is used for regenerating an interaction cost value in the interaction cost range to serve as the current interaction waiting value, and the regenerated interaction cost value is larger than the current interaction cost value of the first-aid running node.
Further, in still another possible implementation form of the present application, the defending device 30 for a data interaction race attack further includes:
a first determining module 34, configured to locally simulate a data interaction process for executing the data request to be interacted with, and determine interaction call information of the data interaction process;
the monitoring module 35 is configured to monitor interaction response information sent by other nodes in the blockchain network system;
A second obtaining module 36, configured to locally execute the interaction response information, and obtain interaction calling information in the interaction response information corresponding to each node;
The second determining module 37 is configured to determine the first-race node according to the similarity between the interaction calling information corresponding to each node and the interaction calling information corresponding to the data request to be interacted.
Further, in still another possible implementation form of the present application, the second determining module 37 includes:
and the first determining unit is used for determining the corresponding node as the first-race node if the similarity between the interaction calling information and the interaction calling information corresponding to the data request to be interacted is higher than a set threshold value.
Further, in another possible implementation manner of the present application, the second determining module 37 further includes:
The judging unit is used for judging whether each node is in a preset blacklist or not;
The second determining unit is used for determining the corresponding node as the first race node if the second determining unit is in the state that the similarity of the interaction calling information corresponding to the data request to be interacted is higher than the first similarity threshold value;
The third determining unit is used for determining the corresponding node as the first-race node if the interaction calling information is not in the state and the similarity of the interaction calling information corresponding to the data request to be interacted is higher than a second similarity threshold value; the first similarity threshold is lower than the second similarity threshold.
Further, in still another possible implementation form of the present application, the defending device 30 for a data interaction race attack further includes:
And the adding module 38 is configured to add the first-run node determined by the data interaction to a preset blacklist.
It should be noted that, because the content of information interaction and execution process between the above devices/units is based on the same concept as the method embodiment of the present application, specific functions and technical effects thereof may be referred to in the method embodiment section, and will not be described herein.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, the specific names of the functional units and modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
In order to realize the embodiment, the application further provides terminal equipment.
Fig. 4 is a schematic structural diagram of a terminal device according to an embodiment of the present application.
As shown in fig. 4, the terminal apparatus 200 includes:
The system comprises a memory 210 and at least one processor 220, and a bus 230 connected with different components (comprising the memory 210 and the processor 220), wherein the memory 210 stores a computer program, and the processor 220 executes the program to realize the defense method of the data interaction race attack according to the embodiment of the application.
Bus 230 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, micro channel architecture (MAC) bus, enhanced ISA bus, video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Terminal device 200 typically includes a variety of electronic device readable media. Such media can be any available media that is accessible by terminal device 200 and includes both volatile and nonvolatile media, removable and non-removable media.
Memory 210 may also include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 240 and/or cache memory 250. Terminal device 200 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 260 may be used to read from or write to a non-removable, non-volatile magnetic media (not shown in FIG. 4, commonly referred to as a "hard disk drive"). Although not shown in fig. 4, a magnetic disk drive for reading from and writing to a removable non-volatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from or writing to a removable non-volatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In such cases, each drive may be coupled to bus 230 via one or more data medium interfaces. Memory 210 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of embodiments of the application.
Program/utility 280 having a set (at least one) of program modules 270 may be stored in, for example, memory 210, such program modules 270 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 270 generally perform the functions and/or methods of the embodiments described herein.
Terminal device 200 can also communicate with one or more external devices 290 (e.g., keyboard, pointing device, display 291, etc.), one or more devices that enable a user to interact with the terminal device 200, and/or any device (e.g., network card, modem, etc.) that enables the terminal device 200 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 292. Also, terminal device 200 can communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, via network adapter 293. As shown, network adapter 293 communicates with other modules of terminal device 200 over bus 230. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with terminal device 200, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
The processor 220 executes various functional applications and data processing by running programs stored in the memory 210.
It should be noted that, the implementation process and the technical principle of the terminal device in this embodiment refer to the foregoing explanation of the defending method for the data interaction first-aid running attack in the embodiment of the present application, which is not repeated herein.
Embodiments of the present application also provide a computer readable storage medium storing a computer program which, when executed by a processor, implements steps for implementing the various method embodiments described above.
Embodiments of the present application provide a computer program product enabling a terminal device to carry out the steps of the method embodiments described above when the computer program product is run on the terminal device.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application may implement all or part of the flow of the method of the above-described embodiments, and may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and the computer program may implement the steps of the method embodiments described above when executed by a processor. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing device/terminal apparatus, recording medium, computer Memory, read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), electrical carrier signals, telecommunications signals, and software distribution media. Such as a U-disk, removable hard disk, magnetic or optical disk, etc. In some jurisdictions, computer readable media may not be electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other manners. For example, the apparatus/terminal device embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical function division, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.

Claims (10)

1. The defending method for the data interaction first-aid running attack is characterized by comprising the following steps:
Acquiring or receiving a data request to be interacted sent by a user, wherein the data request to be interacted comprises data information to be interacted and an interaction cost range of data interaction;
Transmitting interactive response information to a blockchain network system, wherein the interactive response information comprises the data information to be interacted and an interactive cost value, and the interactive cost value is in the interactive cost range;
If the data interaction is not uplink and the existence of a first-aid running node in the blockchain network system is monitored, the current interaction cost value of the data interaction is updated according to the interaction cost range and the current interaction cost value of the first-aid running node, the updated interaction cost value and the data information to be interacted are sent to the blockchain network system until the updated current interaction cost value reaches the maximum value in the interaction cost range, and the first-aid running node is a node which is larger than the current interaction cost value in the interaction response information sent by aiming at the data request to be interacted.
2. The method of claim 1, wherein the data request to be interacted further comprises an interaction time range of data interaction, and if the data interaction is not uplink and a starting node exists in the blockchain network system is monitored, updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the starting node specifically comprises:
and if the data interaction is not uplink and the existence of the starting node in the blockchain network system is monitored in the interaction time range, updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the starting node.
3. The method of claim 1, wherein updating the current interaction cost value of the data interaction based on the interaction cost range, the current interaction cost value of the first-aid running node, comprises:
and regenerating an interaction cost value in the interaction cost range as a current interaction waiting value, wherein the regenerated interaction cost value is larger than the current interaction cost value of the starting node.
4. The method of claim 1, wherein prior to sending the interactive response message to the blockchain network system, the method further comprises:
simulating a data interaction process of executing the data request to be interacted in a local mode, and determining interaction calling information of the data interaction process;
after the interactive response information is sent to the blockchain network system, the method further comprises:
monitoring the interactive response information sent by other nodes in the block chain network system;
Executing the interactive response information locally to obtain interactive calling information in the interactive response information corresponding to each node;
and determining the first-race node according to the similarity of the interaction calling information corresponding to each node and the interaction calling information corresponding to the data request to be interacted.
5. The method of claim 4, wherein the determining the starting node according to the similarity between the interaction calling information corresponding to each node and the interaction calling information corresponding to the data request to be interacted comprises:
and if the similarity between the interaction calling information and the interaction calling information corresponding to the data request to be interacted is higher than a set threshold value, determining the corresponding node as the first-aid running node.
6. The method of claim 4, wherein the determining the starting node according to the similarity between the interaction calling information corresponding to each node and the interaction calling information corresponding to the data request to be interacted comprises:
Judging whether each node is in a preset blacklist or not;
If the data request is in the first state, the similarity between the interaction calling information and the interaction calling information corresponding to the data request to be interacted is higher than a first similarity threshold, and the corresponding node is determined to be a first-aid running node;
if not, and the similarity of the interaction calling information corresponding to the data request to be interacted is higher than a second similarity threshold, determining the corresponding node as a starting node; the first similarity threshold is lower than the second similarity threshold.
7. The method of any one of claims 1 or 6, wherein the method further comprises:
and adding the first-race node determined by the data interaction into a preset blacklist.
8. The defending device for the data interaction first-aid running attack is characterized by comprising the following components:
The first acquisition module is used for acquiring or receiving a data request to be interacted sent by a user, wherein the data request to be interacted comprises data information to be interacted and an interaction cost range of data interaction;
The sending module is used for sending interaction response information to the blockchain network system, wherein the interaction response information comprises the data information to be interacted and an interaction cost value, and the interaction cost value is in the interaction cost range;
and the updating module is used for updating the current interaction cost value of the data interaction according to the interaction cost range and the current interaction cost value of the first-aid running node if the data interaction is not uplink and the first-aid running node is monitored, and sending the updated interaction cost value and the data information to be interacted to the blockchain network system until the updated current interaction cost value reaches the maximum value in the interaction cost range, wherein the first-aid running node is a node which is larger than the current interaction cost value in the interaction response information sent for the data request to be interacted.
9. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor, when executing the computer program, causes the terminal device to implement the method as claimed in any one of claims 1 to 7.
10. A computer readable storage medium storing a computer program, characterized in that the computer program, when executed by an electronic device, implements the method of any one of claims 1 to 7.
CN202410325464.3A 2024-03-21 Defense method, device, terminal and storage medium for data interaction first-aid running attack Active CN118101164B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410325464.3A CN118101164B (en) 2024-03-21 Defense method, device, terminal and storage medium for data interaction first-aid running attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410325464.3A CN118101164B (en) 2024-03-21 Defense method, device, terminal and storage medium for data interaction first-aid running attack

Publications (2)

Publication Number Publication Date
CN118101164A true CN118101164A (en) 2024-05-28
CN118101164B CN118101164B (en) 2024-06-28

Family

ID=

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10387876B1 (en) * 2011-11-09 2019-08-20 United Services Automobile Association (Usaa) Transacting in advance
CN115277108A (en) * 2022-07-05 2022-11-01 成都安恒信息技术有限公司 Method and system for defending decentralized application race attack
CN116471016A (en) * 2022-01-11 2023-07-21 罗伯特·博世有限公司 Vulnerability detection for redemption function updates in cryptocurrency
CN117714164A (en) * 2023-12-17 2024-03-15 黑龙江大学 Ether Fang sandwich attack detector in block chain and detection method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10387876B1 (en) * 2011-11-09 2019-08-20 United Services Automobile Association (Usaa) Transacting in advance
CN116471016A (en) * 2022-01-11 2023-07-21 罗伯特·博世有限公司 Vulnerability detection for redemption function updates in cryptocurrency
CN115277108A (en) * 2022-07-05 2022-11-01 成都安恒信息技术有限公司 Method and system for defending decentralized application race attack
CN117714164A (en) * 2023-12-17 2024-03-15 黑龙江大学 Ether Fang sandwich attack detector in block chain and detection method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
赵淦森;谢智健;王欣明;何嘉浩;张成志;林成创;ZIHENG ZHOU;陈冰川;CHUNMING RONG;: "ContractGuard:面向以太坊区块链智能合约的入侵检测系统", 网络与信息安全学报, no. 02, 15 April 2020 (2020-04-15) *

Similar Documents

Publication Publication Date Title
EP2106085A1 (en) System and method for securing a network from zero-day vulnerability exploits
CN104426885A (en) Method and device for providing abnormal account
US20090077631A1 (en) Allowing a device access to a network in a trusted network connect environment
CN110311925B (en) DDoS reflection type attack detection method and device, computer equipment and readable medium
CN114327803A (en) Method, apparatus, device and medium for accessing machine learning model by block chain
CN110851535B (en) Data processing method and device based on block chain, storage medium and terminal
CN108183884B (en) Network attack determination method and device
CN110855715B (en) DOS attack and defense simulation method based on stochastic Petri network
CN114003904B (en) Information sharing method, device, computer equipment and storage medium
CN118101164B (en) Defense method, device, terminal and storage medium for data interaction first-aid running attack
CN116910816B (en) Multiparty asset collaborative management method and device for improving privacy protection
CN117640154A (en) Defensive strategy generation method and device, storage medium and terminal
CN111683087A (en) Access control method, device, electronic equipment and computer readable storage medium
CN113132393A (en) Abnormality detection method, abnormality detection device, electronic apparatus, and storage medium
CN118101164A (en) Defense method, device, terminal and storage medium for data interaction first-aid running attack
CN114640484A (en) Network security countermeasure method and device and electronic equipment
CN111625846B (en) System state recording method of mobile terminal equipment
CN110909349B (en) detection method and system for rebound shell in dock container
CN109151051B (en) Data security enhancement method in cloud computing environment
JP2011002916A (en) Infection activity detection apparatus, infection activity detection method and program
CN111431878A (en) Network security penetration testing system
CN114389858B (en) Flow processing method and device, electronic equipment and computer readable storage medium
CN115865519B (en) Data processing method and system suitable for network attack and defense virtual simulation
US20230396646A1 (en) Identifying computer systems for malware infection mitigation
CN118337424A (en) Risk monitoring method and device for data interaction, terminal equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant