WO2021036521A1 - Information sharing method, apparatus, system, electronic device, and storage medium - Google Patents
Information sharing method, apparatus, system, electronic device, and storage medium Download PDFInfo
- Publication number
- WO2021036521A1 WO2021036521A1 PCT/CN2020/100754 CN2020100754W WO2021036521A1 WO 2021036521 A1 WO2021036521 A1 WO 2021036521A1 CN 2020100754 W CN2020100754 W CN 2020100754W WO 2021036521 A1 WO2021036521 A1 WO 2021036521A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- threat intelligence
- shared block
- blockchain
- intelligence information
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000011156 evaluation Methods 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 12
- 238000010586 diagram Methods 0.000 description 14
- 238000005516 engineering process Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 238000010276 construction Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000008713 feedback mechanism Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000007261 regionalization Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Definitions
- the embodiments of the present disclosure relate to the field of network security technologies, and in particular, to an information sharing method, device, system, electronic device, and computer-readable storage medium.
- each security subsystem is independent of each other, and security protection works independently, making various threat intelligence information relatively isolated, causing an island effect; thus, each security subsystem cannot obtain or analyze the latest and most updated information in a timely and effective manner.
- Valuable threat intelligence information prevents timely protection and emergency response, leading to security risks and security attacks.
- the construction of a threat intelligence information sharing platform is a very important task in the construction of network security.
- the threat intelligence information shared may be tampered with.
- the embodiments of the present disclosure provide an information sharing method, device, system, electronic device, and computer-readable storage medium to solve the problem of mutual independence and lack of sharing of threat intelligence information in related technologies. At the same time, it solves the problem of the sharing mechanism in related technologies. , Its shared threat intelligence information has the possibility of being tampered with.
- embodiments of the present disclosure provide an information sharing method, the method including:
- Threat intelligence information is information threatening network security, and the threat intelligence information is sent by the first blockchain node;
- the threat intelligence information is agreed by the first consensus algorithm, generate a first shared block based on the threat intelligence information;
- the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, the first shared block is written into the blockchain.
- the threat intelligence information includes at least one of the following:
- the method further includes:
- the target shared block is the latest shared block on the time axis generated based on the target threat intelligence information, and the rating parameter is the shared block.
- the second shared block is received by the consensus of multiple blockchain nodes of the second shared block, the second shared block is written into the blockchain.
- the step of updating the rating parameters in the target shared block based on the calling information includes:
- the rating parameter in the target shared block is updated.
- the target parameter includes at least one of the following:
- An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information is
- embodiments of the present disclosure provide an information sharing device, the device including:
- the first receiving module is configured to receive threat intelligence information, where the threat intelligence information is information that threatens network security, and the threat intelligence information is sent by the first blockchain node;
- the first generation module is configured to generate a first shared block based on the threat intelligence information when the threat intelligence information is agreed by the first consensus algorithm;
- the first writing module is used to write the first shared block to the block when the first shared block is received by the consensus of multiple blockchain nodes of the first shared block Chain.
- the threat intelligence information includes at least one of the following:
- the device further includes:
- the second receiving module is used to receive the calling information sent by the second blockchain node for the target threat intelligence information
- the update module is configured to update the rating parameters in the target shared block based on the call information, the target shared block being the latest shared block on the time axis generated based on the target threat intelligence information, the The rating parameters are parameters for evaluating the blockchain nodes sharing the target threat intelligence information;
- the second generation module is configured to generate a second shared block based on the target shared block and the updated rating parameter when the updated rating parameter is agreed by the second consensus algorithm;
- the second writing module is used to write the second shared block to the second shared block when the second shared block is received by the consensus of multiple blockchain nodes of the second shared block In the blockchain.
- the update module is specifically configured to determine the target parameter for calling the target threat intelligence information based on the calling information; and to update the rating parameter in the target shared block based on the target parameter.
- the target parameter includes at least one of the following:
- An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information is
- an embodiment of the present disclosure provides an electronic device, the electronic device including: a transceiver and a processor;
- the transceiver is configured to receive threat intelligence information, where the threat intelligence information is information that threatens network security, and the threat intelligence information is sent by a first blockchain node;
- the processor is configured to generate a first shared block based on the threat intelligence information when the threat intelligence information is agreed by the first consensus algorithm; the first shared block is received in the first shared block In the case of consensus among multiple blockchain nodes sharing a block, the first shared block is written into the blockchain.
- the threat intelligence information includes at least one of the following:
- the transceiver is also used to receive the calling information sent by the second blockchain node for the target threat intelligence information
- the processor is further configured to update the rating parameters in the target shared block based on the call information, the target shared block being the latest shared block on the time axis generated based on the target threat intelligence information ,
- the rating parameter is a parameter for evaluating the blockchain nodes that share the target threat intelligence information; in the case that the updated rating parameter is agreed by the second consensus algorithm, based on the target shared block and the update
- the second shared block is generated by the rating parameters of the second shared block; in the case where the second shared block is received by the consensus of multiple blockchain nodes of the second shared block, the second shared block is written To the blockchain.
- the processor is specifically configured to determine the target parameter for calling the target threat intelligence information based on the calling information; and to update the rating parameter in the target shared block based on the target parameter.
- the target parameter includes at least one of the following:
- An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information is
- embodiments of the present disclosure provide an information sharing system, the system including: a first blockchain node, a plurality of blockchain nodes that can interact with the first blockchain node, and electronic devices;
- the first blockchain node is used to send threat intelligence information, where the threat intelligence information is information that threatens network security;
- the electronic device is used to receive the threat intelligence information; when the threat intelligence information is agreed by the first consensus algorithm, generate a first shared block based on the threat intelligence information; and transfer the first shared area
- the block is sent to the multiple blockchain nodes that can interact with the first blockchain node;
- the multiple blockchain nodes that can interact with the first blockchain node are used to receive the first shared block; and make a consensus on the first shared block;
- the electronic device is further configured to write the first shared block to the block when the first shared block is received by the consensus of multiple blockchain nodes of the first shared block Chain.
- the threat intelligence information includes at least one of the following:
- system further includes: a second blockchain node and multiple blockchain nodes that can interact with the second blockchain node;
- the second blockchain node is used to send call information for target threat intelligence information
- the electronic device is also used to receive the calling information sent by the second blockchain node for the target threat intelligence information; based on the calling information, the rating parameters in the target shared block are updated, and the target shared block is Based on the latest shared block on the time axis generated by the target threat intelligence information, the rating parameter is a parameter for evaluating the blockchain nodes that share the target threat intelligence information; the updated rating parameter is determined by the second consensus In the case of algorithm consensus, generate a second shared block based on the target shared block and the updated rating parameters; send the second shared block to the node that can interact with the second blockchain Of multiple blockchain nodes;
- the multiple blockchain nodes that can interact with the second blockchain node are used to receive the second shared block; and make a consensus on the second shared block;
- the electronic device is further configured to write the second shared block to the second shared block when the second shared block is received by the consensus of multiple blockchain nodes of the second shared block In the blockchain.
- the electronic device is specifically configured to determine the target parameter for calling the target threat intelligence information based on the calling information; and to update the rating parameter in the target shared block based on the target parameter.
- the target parameter includes at least one of the following:
- An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information is
- an embodiment of the present disclosure provides an electronic device including a processor, a memory, a computer program stored on the memory and capable of running on the processor, and when the computer program is executed by the processor Steps to implement the above information sharing method.
- embodiments of the present disclosure provide a computer-readable storage medium having a computer program stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the above-mentioned information sharing method are implemented.
- threat intelligence information is received.
- the threat intelligence information is information that threatens network security.
- the threat intelligence information is sent by the first blockchain node; then, the threat intelligence information is received by the first consensus.
- the first shared block is generated based on the threat intelligence information; finally, in the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, Write the first shared block into the blockchain.
- a blockchain of threat intelligence information and threat intelligence sources can be constructed through blockchain technology to realize the sharing of threat intelligence information.
- the blockchain has the characteristic of being non-tamperable, the possibility of tampering with the threat intelligence information can be avoided.
- FIG. 1 is one of the schematic flowcharts of the information sharing method provided by an embodiment of the present disclosure
- FIG. 2 is a schematic diagram of each blockchain node in the information sharing method provided by an embodiment of the present disclosure
- FIG. 3 is a schematic diagram of the structure of a shared block in the information sharing method provided by an embodiment of the present disclosure
- Figure 4 is a schematic diagram of the chain of the blockchain
- FIG. 5 is the second schematic flowchart of the information sharing method provided by an embodiment of the present disclosure.
- FIG. 6 is a schematic structural diagram of an information sharing device provided by an embodiment of the present disclosure.
- FIG. 7 is a schematic structural diagram of an electronic device provided by an embodiment of the present disclosure.
- FIG. 8 is one of the structural schematic diagrams of an information sharing system provided by an embodiment of the present disclosure.
- Fig. 9 is a second structural diagram of an information sharing system provided by an embodiment of the present disclosure.
- the threat intelligence information shared may be tampered with.
- the unknown data table in the intranet is polled according to a preset period to obtain the unknown data in the unknown data table; the query request is sent to the intelligence cloud server based on the unknown data, and the information returned by the intelligence cloud server is received.
- the query result of threat intelligence information is sent to the threat intelligence platform of the intranet, so that the threat intelligence platform can store the query result to realize the sharing of threat intelligence information.
- the above scheme requires the intelligence cloud server to query and push the query results.
- the threat intelligence information is at risk of being tampered with.
- the embodiments of the present disclosure propose a scheme for sharing threat intelligence information based on the blockchain.
- the information sharing method provided by the embodiments of the present disclosure can be applied to an information sharing system, and the information sharing system includes multiple blockchain nodes and electronic devices.
- the electronic device may be an information sharing server for sharing the threat intelligence information provided by the first blockchain node based on the blockchain.
- FIG. 1 shows one of the schematic flowcharts of the information sharing method provided by an embodiment of the present disclosure.
- the method may include the following steps:
- Step 101 Receive threat intelligence information, where the threat intelligence information is information threatening network security, and the threat intelligence information is sent by a first blockchain node.
- FIG. 2 a schematic diagram of each blockchain node in the information sharing method provided by the embodiment of the present disclosure is shown in the figure.
- Node 1, Node 2, Node 3, Node n-1, and Node n are blockchain nodes, and each blockchain node forms a point-to-point communication on a logical level.
- Node 1 can interact with n-1 nodes such as Node 2, Node 3, Node n-1, Node n;
- Node 2 can interact with n-1 nodes such as Node 1, Node 3, Node n-1, Node n, etc.
- Nodes interact;
- Node 3 can interact with n-1 nodes such as Node 1, Node 2, Node n-1, Node n;
- Node n-1 can interact with Node 1, Node 2, Node 3, Node n, etc.
- n- One node interacts;
- Node n can interact with n-1 nodes such as Node 1, Node 2, Node 3, Node n-1.
- the blockchain nodes are functionally divided, and there may be multiple types, each type of blockchain node may include multiple, and the first blockchain node is a block that provides threat intelligence information.
- the chain node can be called a threat intelligence provider or a threat intelligence source.
- the first blockchain node can be a professional threat intelligence manufacturer, an antivirus manufacturer, an anti-APT manufacturer, a detection product manufacturer, and a free Roles such as intelligence alliances and customers.
- the first blockchain node learns unknown data that threatens network security, it generates threat intelligence information based on the unknown data; and calls the upload interface to upload the threat intelligence information to the electronic threat intelligence information sharing. equipment.
- the electronic device receives the threat intelligence information.
- the threat intelligence information includes at least one of the following:
- the IP address information is threat intelligence information related to IP addresses
- the domain name information is threat intelligence information related to domain names
- the URL information is threat intelligence information related to URLs
- the security event information is related to security events.
- Threat intelligence information where the vulnerability information is threat intelligence information related to the vulnerability.
- Step 102 In a case where the threat intelligence information is agreed by the first consensus algorithm, generate a first shared block based on the threat intelligence information.
- the electronic device after receiving the threat intelligence information, the electronic device agrees on the threat intelligence information based on the first consensus algorithm. After the consensus, the threat intelligence information is recorded, and the time when the threat intelligence information is acquired can be recorded. In order to realize the synchronization of blocks in the blockchain.
- FIG. 3 shows a schematic structural diagram of a sharing block in an information sharing method provided by an embodiment of the present disclosure.
- the shared block includes a block header and a block body.
- the block header is composed of the hash value of the previous shared block, Merkle root, random number, and timestamp.
- the block body may include at least one of IP address information threatening network security, domain name information threatening network security, URL information threatening network security, security event information threatening network security, and vulnerability information threatening network security.
- the block body can also include the rating parameters of the threat intelligence source, and the rating parameters can be based on the second zone.
- the block chain node is updated in response to the invocation of the threat intelligence information shared by the threat intelligence source, and the specific update process will be described in detail in the following embodiments.
- the hash value of the previous shared block is the value generated by hashing from all the information of the previous shared block plus the previous timestamp.
- the Merkle root is a Merkle tree composed of all the information in the block body, and the hash value of the Merkle tree root is calculated. This value can bind the block header and the block body.
- a random number is a random number generated by the current node through the SHA256 hash algorithm based on all public key information and the current timestamp. This random number requires the hash value of the next shared block to start with this number. Number, through which the random number can prevent the attacker from forging the block of the blockchain.
- the timestamp is the time stamp stamped by the node that released the shared block at the time of release, starting at 00:00 UTC on January 1, 1970, and the number of seconds between when the shared block was generated.
- the rating parameters of threat intelligence sources include the credibility of threat intelligence sources, the contribution rate of threat intelligence sources, and the level of threat intelligence sources.
- Threat intelligence source credibility refers to the credibility-related information of the threat intelligence source
- the contribution rate of threat intelligence source is the contribution rate related information of the threat intelligence source
- the level of the threat intelligence source is the level-related information of the threat intelligence source.
- the first shared block is generated according to the structural characteristics of the shared block construction.
- a blockchain link can be constructed, as shown in Figure 4, which shows a chain diagram of the blockchain.
- the blockchain is composed of a creation block, a shared block 1, a shared block 2, and a shared block m-1, and a shared block m.
- the first shared block is the initial block constructed based on the threat intelligence information provided by the threat intelligence source. Therefore, the rating parameter for the threat intelligence source can be 0 by default.
- Step 103 In the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, write the first shared block into the blockchain.
- the electronic device After the electronic device generates the first shared block, it will broadcast the first shared block. Specifically, the first shared block is sent to all blockchain nodes of the same type as the first blockchain node. After these blockchain nodes receive the first shared block, they will reach a consensus on the first shared block. After the consensus is passed, the result is sent to the electronic device.
- the first shared block is written into the blockchain.
- the prerequisite for writing the first shared block to the blockchain that is, the number of the first shared block passed by the consensus of the blockchain nodes can be set according to the specific situation, and can be set to The preset percentage relative to the number of all blockchain nodes, such as 50%, can also be set to a preset value, such as 6.
- the electronic device will write the first shared block into the blockchain.
- threat intelligence information is received.
- the threat intelligence information is information that threatens network security.
- the threat intelligence information is sent by the first blockchain node; then, the threat intelligence information is received by the first consensus.
- the first shared block is generated based on the threat intelligence information; finally, in the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, Write the first shared block into the blockchain.
- a blockchain of threat intelligence information and threat intelligence sources can be constructed through blockchain technology to realize the sharing of threat intelligence information.
- the blockchain has the characteristic of being non-tamperable, the possibility of tampering with the threat intelligence information can be avoided.
- the above describes in detail the construction of the sharing platform based on the threat intelligence information provided by the threat intelligence source.
- the following will describe in detail how to share the threat intelligence information based on the sharing platform, and how to rate the rating in the shared block constructed in the sharing platform.
- the parameters are updated.
- FIG. 5 shows the second schematic flowchart of the information sharing method provided by the embodiment of the present disclosure. As shown in Figure 5, after the step 103, the method may further include the following steps:
- Step 501 Receive the call information sent by the second blockchain node for the target threat intelligence information.
- the second blockchain node is a blockchain node that calls threat intelligence information, and can be called a threat intelligence caller or a threat intelligence sharer.
- the second blockchain node is usually different from the first blockchain node, but the same situation exists.
- the detection product manufacturer can provide threat intelligence information as a threat intelligence source, and can also call others as a threat intelligence caller. Threat intelligence information provided by threat intelligence sources.
- the second blockchain node calls the shared record of the target threat intelligence information to generate call information; and calls the upload interface to upload the call information to the electronic device.
- the electronic device receives the call information.
- Step 502 based on the call information, update the rating parameters in the target shared block, the target shared block being the latest shared block on the time axis generated based on the target threat intelligence information, the rating parameter It is a parameter for evaluating the blockchain nodes sharing the target threat intelligence information.
- the rating parameters may include the credibility of the threat intelligence source, the contribution rate of the threat intelligence source, and the level of the threat intelligence source.
- Threat intelligence source credibility refers to the credibility-related information of the threat intelligence source
- the contribution rate of threat intelligence source is the contribution rate related information of the threat intelligence source
- the level of the threat intelligence source is the level-related information of the threat intelligence source.
- the level of the threat intelligence source can be calculated by the credibility of the threat intelligence source and the contribution rate of the threat intelligence source. For example, when the credibility of the threat intelligence source is between 10% and 20%, and the contribution rate of the threat intelligence source is 10%. %-20%, the level of the threat intelligence source is at the fifth level.
- the above method of setting the level of threat intelligence sources is just an example, and cannot be used to limit the method of setting the level of threat intelligence sources.
- the electronic device After receiving the calling information, the electronic device queries the blockchain nodes sharing the target threat intelligence information based on the target threat intelligence information in the calling information, that is, queries the threat intelligence source from which the target threat intelligence information comes.
- the rating parameters are updated.
- the step of updating the rating parameters in the target shared block based on the calling information includes:
- the rating parameter in the target shared block is updated.
- the target parameter includes at least one of the following:
- An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information is
- the number of invocations can be determined according to the number of statistical invocation information.
- the calling information may also include evaluation parameters used by the second blockchain node to evaluate the calling of the target threat intelligence information.
- a feedback mechanism may be set to provide a feedback interface for threat intelligence callers to feed back threats. The quality of the intelligence information is high or low; accordingly, the evaluation parameters in the calling information are obtained.
- the first method is to update the rating parameters based on the number of times the second blockchain node calls the target threat intelligence information.
- the rating parameter is increased by a preset percentage. For example, when the number of calls reaches 1, the rating parameter is increased by 1%.
- the second type the evaluation parameter of the second blockchain node for evaluating the call of the target threat intelligence information, and the evaluation parameter is updated.
- the evaluation parameter indicates that the target threat intelligence information is useful, its rating parameter is correspondingly increased by a preset percentage; when the evaluation parameter indicates that the target threat intelligence information is not useful, its rating parameter is correspondingly reduced by a preset percentage.
- the third type based on the number of calls of the target threat intelligence information by the second blockchain node and the evaluation parameters for the second blockchain node to evaluate the calling of the target threat intelligence information, the rating parameters are evaluated Update.
- the rating parameter is updated according to the ratio of the number of evaluation parameters that indicate the usefulness of the target threat intelligence information and the number of calls. The larger the ratio, the more the rating parameter increases accordingly.
- Step 503 In the case where the updated rating parameters are agreed by the second consensus algorithm, a second shared block is generated based on the target shared block and the updated rating parameters.
- the second consensus algorithm may be the same as or different from the first consensus algorithm, and there is no restriction here.
- a consensus is made on the updated rating parameters.
- the updated rating parameters are recorded, and the time when the rating parameters are updated can be recorded, so as to realize the regionalization in the blockchain. Synchronization of blocks.
- a second shared block After recording the updated rating parameters, based on the target shared block and the updated rating parameters, a second shared block can be generated according to the structural characteristics of the shared block construction.
- the second shared block and the target shared block may differ only in rating parameters.
- Step 504 In the case where the second shared block is received by the consensus of multiple blockchain nodes of the second shared block, write the second shared block into the blockchain.
- the electronic device After the electronic device generates the second shared block, it will broadcast the second shared block. Specifically, the second shared block is sent to all blockchain nodes of the same type as the second blockchain node. After these blockchain nodes receive the second shared block, they will reach a consensus on the second shared block. After the consensus is passed, the result is sent to the electronic device.
- the second shared block is written into the blockchain.
- the prerequisite for writing the second shared block to the blockchain that is, the number of second shared blocks that are passed by the consensus of the blockchain nodes can be set according to the specific situation, and can be set to The preset percentage relative to the number of all blockchain nodes, such as 50%, can also be set to a preset value, such as 6.
- the electronic device will write the second shared block into the blockchain.
- the rating parameters are updated by setting the rating parameters in the shared block in the blockchain, and using the calling information sent by the second blockchain node for the target threat intelligence information,
- the credibility, contribution and level of threat intelligence sources can be determined according to the rating parameters, and the problem of numerous threat intelligence sources can be solved, so that threat intelligence callers cannot effectively determine whether the threat intelligence source is credible and the contribution rate is high or low.
- a feedback mechanism can be set up to feed back the quality of the threat intelligence information shared to the threat intelligence caller. In this way, it can solve the problem that there is no corresponding feedback mechanism for the quality of the threat intelligence information provided by the threat intelligence source. In turn, it can be beneficial to the continuous and effective development of the closed loop of the entire threat intelligence ecosystem.
- the information sharing device provided by the embodiments of the present disclosure will be described below.
- the figure shows a schematic structural diagram of an information sharing device provided by an embodiment of the present disclosure.
- the information sharing device 600 includes:
- the first receiving module 601 is configured to receive threat intelligence information, where the threat intelligence information is information that threatens network security, and the threat intelligence information is sent by a first blockchain node;
- the first generation module 602 is configured to generate a first shared block based on the threat intelligence information when the threat intelligence information is agreed by the first consensus algorithm;
- the first writing module 603 is configured to write the first shared block to the zone when the first shared block is received by the consensus of multiple blockchain nodes of the first shared block Block chain.
- the threat intelligence information includes at least one of the following:
- the device further includes:
- the second receiving module is used to receive the calling information sent by the second blockchain node for the target threat intelligence information
- the update module is configured to update the rating parameters in the target shared block based on the call information, the target shared block being the latest shared block on the time axis generated based on the target threat intelligence information, the The rating parameters are parameters for evaluating the blockchain nodes sharing the target threat intelligence information;
- the second generation module is configured to generate a second shared block based on the target shared block and the updated rating parameter when the updated rating parameter is agreed by the second consensus algorithm;
- the second writing module is used to write the second shared block to the second shared block when the second shared block is received by the consensus of multiple blockchain nodes of the second shared block In the blockchain.
- the update module is specifically configured to determine the target parameter for calling the target threat intelligence information based on the calling information; and to update the rating parameter in the target shared block based on the target parameter.
- the target parameter includes at least one of the following:
- An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information is
- the information sharing device 600 can implement the various processes implemented in the foregoing method embodiments. To avoid repetition, details are not described herein again.
- threat intelligence information is received.
- the threat intelligence information is information that threatens network security.
- the threat intelligence information is sent by the first blockchain node; then, the threat intelligence information is received by the first consensus.
- the first shared block is generated based on the threat intelligence information; finally, in the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, Write the first shared block into the blockchain.
- a blockchain of threat intelligence information and threat intelligence sources can be constructed through blockchain technology to realize the sharing of threat intelligence information.
- the blockchain has the characteristic of being non-tamperable, the possibility of tampering with the threat intelligence information can be avoided.
- the figure shows a schematic structural diagram of an electronic device provided by an embodiment of the present disclosure.
- the electronic device 700 includes: a bus 701, a transceiver 702, an antenna 703, a bus interface 704, a processor 705, and a memory 706.
- the transceiver 702 is configured to receive threat intelligence information, where the threat intelligence information is information that threatens network security, and the threat intelligence information is sent by a first blockchain node;
- the processor 705 is configured to generate a first shared block based on the threat intelligence information when the threat intelligence information is agreed by the first consensus algorithm; the first shared block is received in the first shared block In the case of a consensus among multiple blockchain nodes sharing a block, the first shared block is written into the blockchain.
- the threat intelligence information includes at least one of the following:
- the transceiver 702 is also used to receive the call information sent by the second blockchain node for the target threat intelligence information
- the processor 705 is further configured to update the rating parameters in the target shared block based on the call information, the target shared block being the latest shared zone on the time axis generated based on the target threat intelligence information Block, the rating parameter is a parameter for evaluating the blockchain nodes that share the target threat intelligence information; in the case where the updated rating parameter is agreed by the second consensus algorithm, based on the target shared block and the The updated rating parameters are used to generate a second shared block; in the case where the second shared block is received by the consensus of multiple blockchain nodes of the second shared block, the second shared block is written Into the blockchain.
- the processor 705 is specifically configured to determine the target parameter for calling the target threat intelligence information based on the calling information; and to update the rating parameter in the target shared block based on the target parameter.
- the target parameter includes at least one of the following:
- An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information is
- bus 701 can include any number of interconnected buses and bridges
- bus 701 will include one or more processors represented by processor 705 and memory represented by memory 706
- the various circuits are linked together.
- the bus 701 may also link various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are all known in the art, and therefore, no further description will be given herein.
- the bus interface 704 provides an interface between the bus 701 and the transceiver 702.
- the transceiver 702 may be one element or multiple elements, such as multiple receivers and transmitters, and provide a unit for communicating with various other devices on a transmission medium.
- the data processed by the processor 705 is transmitted on the wireless medium through the antenna 703, and further, the antenna 703 also receives the data and transmits the data to the processor 705.
- the processor 705 is responsible for managing the bus 701 and general processing, and can also provide various functions, including timing, peripheral interfaces, voltage regulation, power management, and other control functions.
- the memory 706 may be used to store data used by the processor 705 when performing operations.
- the processor 705 may be a CPU, ASIC, FPGA or CPLD.
- an embodiment of the present disclosure further provides an electronic device, including a processor 705, a memory 706, a computer program stored on the memory 706 and running on the processor 705, and the computer program is executed by the processor 705
- a processor 705 a memory 706, a computer program stored on the memory 706 and running on the processor 705, and the computer program is executed by the processor 705
- threat intelligence information is received.
- the threat intelligence information is information that threatens network security.
- the threat intelligence information is sent by the first blockchain node; then, the threat intelligence information is received by the first consensus.
- the first shared block is generated based on the threat intelligence information; finally, in the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, Write the first shared block into the blockchain.
- a blockchain of threat intelligence information and threat intelligence sources can be constructed through blockchain technology to realize the sharing of threat intelligence information.
- the blockchain has the characteristic of being non-tamperable, it can avoid the possibility of the threat intelligence information being tampered with.
- the figure shows one of the structural schematic diagrams of the information sharing system provided by an embodiment of the present disclosure.
- the information sharing system 800 includes: an underlying blockchain module 801, a blockchain-based threat intelligence sharing module 802, and a blockchain-based threat intelligence rating module 803; among them,
- the underlying blockchain module 801 is used to support and implement blockchain technology for all blockchain nodes of the threat intelligence source, such as consensus algorithms.
- the block chain-based threat intelligence sharing module 802 is used to share threat intelligence information such as IP address information, domain name information, URL information, security event information, and vulnerability information in the block chain.
- the block chain-based threat intelligence rating module 803 is used to calculate the credibility of the threat intelligence source and the contribution rate of the threat intelligence source in the block chain, and to rate the level of the threat intelligence source.
- the information sharing system 900 includes: a first blockchain node 901, a plurality of blockchain nodes 902 that can interact with the first blockchain node, and an electronic device 903;
- the first blockchain node 901 is configured to send threat intelligence information, where the threat intelligence information is information that threatens network security;
- the electronic device 903 is configured to receive the threat intelligence information; in the case that the threat intelligence information is agreed by the first consensus algorithm, generate a first shared block based on the threat intelligence information; Sending the block to the multiple blockchain nodes that can interact with the first blockchain node;
- the multiple blockchain nodes 902 capable of interacting with the first blockchain node are used to receive the first shared block; and make a consensus on the first shared block;
- the electronic device 903 is further configured to write the first shared block to the zone when the first shared block is received by multiple blockchain nodes of the first shared block. Block chain.
- the threat intelligence information includes at least one of the following:
- the system further includes: a second blockchain node 904 and a plurality of blockchain nodes 905 that can interact with the second blockchain node;
- the second blockchain node 904 is used to send call information for target threat intelligence information
- the electronic device 903 is also used to receive the call information sent by the second blockchain node for the target threat intelligence information; based on the call information, update the rating parameters in the target shared block, the target shared block Is the latest shared block on the time axis generated based on the target threat intelligence information, the rating parameter is a parameter for evaluating the blockchain nodes sharing the target threat intelligence information; the updated rating parameter is the second In the case of consensus algorithm consensus, based on the target shared block and the updated rating parameters, generate a second shared block; send the second shared block to the node that can communicate with the second blockchain Multiple blockchain nodes that interact;
- the multiple blockchain nodes 905 that can interact with a second blockchain node are used to receive the second shared block; and make a consensus on the second shared block;
- the electronic device 903 is further configured to write the second shared block to all blockchain nodes when the second shared block is received by multiple blockchain nodes of the second shared block. Said in the blockchain.
- the electronic device 903 is specifically configured to determine the target parameter for calling the target threat intelligence information based on the calling information; and to update the rating parameter in the target shared block based on the target parameter.
- the target parameter includes at least one of the following:
- An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information is
- threat intelligence information is received.
- the threat intelligence information is information that threatens network security.
- the threat intelligence information is sent by the first blockchain node; then, the threat intelligence information is received by the first consensus.
- the first shared block is generated based on the threat intelligence information; finally, in the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, Write the first shared block into the blockchain.
- a blockchain of threat intelligence information and threat intelligence sources can be constructed through blockchain technology to realize the sharing of threat intelligence information.
- the blockchain has the characteristic of being non-tamperable, the possibility of tampering with the threat intelligence information can be avoided.
- the embodiments of the present disclosure also provide a computer-readable storage medium, and a computer program is stored on the computer-readable storage medium.
- a computer program is stored on the computer-readable storage medium.
- the computer program is executed by a processor, each process of the above-mentioned information sharing method embodiment is realized, and the same technology can be achieved. The effect, in order to avoid repetition, will not be repeated here.
- the computer-readable storage medium such as read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk, or optical disk, etc.
- the disclosed system and method may be implemented in other ways.
- the system embodiment described above is only illustrative.
- the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or It can be integrated into another system, or some features can be ignored or not implemented.
- the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
- the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments of the present disclosure.
- the functional units in the various embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
- the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
- the technical solution of the present disclosure essentially or the part that contributes to the related technology or the part of the technical solution can be embodied in the form of a software product.
- the computer software product is stored in a storage medium, including several
- the instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present disclosure.
- the aforementioned storage media include: U disk, mobile hard disk, ROM, RAM, magnetic disk or optical disk and other media that can store program codes.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer And Data Communications (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Provided in the present disclosure are an information sharing method, an apparatus, a system, an electronic device, and a computer-readable storage medium. The method comprises: receiving threat intelligence information, the threat intelligence information being information which threatens network security and being sent by a first blockchain node; when the threat intelligence information undergoes consensus by using a first consensus algorithm, generating a first shared block on the basis of the threat intelligence information; and when the first shared block undergoes consensus by means of multiple blockchain nodes which receive the first shared block, writing the first shared block into a blockchain.
Description
相关申请的交叉引用Cross-references to related applications
本申请主张在2019年8月30日在中国提交的中国专利申请号No.201910817069.6的优先权,其全部内容通过引用包含于此。This application claims the priority of Chinese Patent Application No. 201910817069.6 filed in China on August 30, 2019, the entire content of which is incorporated herein by reference.
本公开实施例涉及网络安全技术领域,尤其涉及一种信息共享方法、装置、系统、电子设备以及计算机可读存储介质。The embodiments of the present disclosure relate to the field of network security technologies, and in particular, to an information sharing method, device, system, electronic device, and computer-readable storage medium.
随着计算机和网络技术的快速发展,各种网络安全事件频繁发生,新漏洞层出不穷,催生出大量新的安全风险,对网络安全和业务安全造成严重威胁。With the rapid development of computer and network technology, various network security incidents occur frequently, and new vulnerabilities are emerging one after another, spawning a large number of new security risks, posing serious threats to network security and business security.
传统的网络安全模式中,各个安全子系统相互独立,安全防护各自为营,使得各项威胁情报信息相对孤立,造成孤岛效应;从而导致各个安全子系统无法及时有效地获取或者分析出最新且最有价值的威胁情报信息,进而无法及时进行防护及应急响应,导致安全风险及安全攻击。In the traditional network security model, each security subsystem is independent of each other, and security protection works independently, making various threat intelligence information relatively isolated, causing an island effect; thus, each security subsystem cannot obtain or analyze the latest and most updated information in a timely and effective manner. Valuable threat intelligence information prevents timely protection and emergency response, leading to security risks and security attacks.
因此,为了使各个安全子系统协同进行高效的防护工作,威胁情报信息共享平台的构建是网络安全建设中一项非常重要的工作。同时,相关技术中的共享机制中,其共享的威胁情报信息存在被篡改的可能性。Therefore, in order to make the various security subsystems work together for efficient protection, the construction of a threat intelligence information sharing platform is a very important task in the construction of network security. At the same time, in the sharing mechanism in related technologies, the threat intelligence information shared may be tampered with.
发明内容Summary of the invention
本公开实施例提供一种信息共享方法、装置、系统、电子设备以及计算机可读存储介质,以解决相关技术中威胁情报信息相互独立,缺乏共享的问题,同时,解决相关技术中的共享机制中,其共享的威胁情报信息存在被篡改的可能性的问题。The embodiments of the present disclosure provide an information sharing method, device, system, electronic device, and computer-readable storage medium to solve the problem of mutual independence and lack of sharing of threat intelligence information in related technologies. At the same time, it solves the problem of the sharing mechanism in related technologies. , Its shared threat intelligence information has the possibility of being tampered with.
第一方面,本公开实施例提供一种信息共享方法,所述方法包括:In the first aspect, embodiments of the present disclosure provide an information sharing method, the method including:
接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威 胁情报信息由第一区块链节点发送;Receiving threat intelligence information, where the threat intelligence information is information threatening network security, and the threat intelligence information is sent by the first blockchain node;
在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;In the case where the threat intelligence information is agreed by the first consensus algorithm, generate a first shared block based on the threat intelligence information;
在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。In the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, the first shared block is written into the blockchain.
上述方案中,所述威胁情报信息包括以下至少一项:In the above solution, the threat intelligence information includes at least one of the following:
威胁网络安全的互联网协议IP地址信息;Internet Protocol IP address information that threatens network security;
威胁网络安全的域名信息;Domain name information that threatens network security;
威胁网络安全的统一资源定位符URL信息;Uniform resource locator URL information that threatens network security;
威胁网络安全的安全事件信息;Information on security incidents that threaten network security;
威胁网络安全的漏洞信息。Information on vulnerabilities that threaten network security.
上述方案中,所述将所述第一共享区块写入至相应的区块链中之后,所述方法还包括:In the above solution, after the first shared block is written into the corresponding blockchain, the method further includes:
接收第二区块链节点针对目标威胁情报信息发送的调用信息;Receive the calling information sent by the second blockchain node for the target threat intelligence information;
基于所述调用信息,对目标共享区块中的评级参数进行更新,所述目标共享区块为基于所述目标威胁情报信息生成的时间轴上最新的共享区块,所述评级参数为对共享所述目标威胁情报信息的区块链节点进行评价的参数;Based on the call information, the rating parameters in the target shared block are updated. The target shared block is the latest shared block on the time axis generated based on the target threat intelligence information, and the rating parameter is the shared block. The parameters used for evaluation by the blockchain node of the target threat intelligence information;
在更新的评级参数被第二共识算法共识的情况下,基于所述目标共享区块和所述更新的评级参数,生成第二共享区块;In the case where the updated rating parameters are agreed by the second consensus algorithm, generate a second shared block based on the target shared block and the updated rating parameters;
在所述第二共享区块被接收所述第二共享区块的多个区块链节点共识的情况下,将所述第二共享区块写入至所述区块链中。In the case where the second shared block is received by the consensus of multiple blockchain nodes of the second shared block, the second shared block is written into the blockchain.
上述方案中,所述基于所述调用信息,对目标共享区块中的评级参数进行更新的步骤包括:In the above solution, the step of updating the rating parameters in the target shared block based on the calling information includes:
基于所述调用信息,确定对所述目标威胁情报信息调用的目标参数;Based on the calling information, determining the target parameters for calling the target threat intelligence information;
基于所述目标参数,对目标共享区块中的评级参数进行更新。Based on the target parameter, the rating parameter in the target shared block is updated.
上述方案中,所述目标参数包括以下至少一项:In the above solution, the target parameter includes at least one of the following:
调用次数;Number of calls
所述第二区块链节点针对所述目标威胁情报信息的调用进行评价的评价参数。An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information.
第二方面,本公开实施例提供一种信息共享装置,所述装置包括:In a second aspect, embodiments of the present disclosure provide an information sharing device, the device including:
第一接收模块,用于接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送;The first receiving module is configured to receive threat intelligence information, where the threat intelligence information is information that threatens network security, and the threat intelligence information is sent by the first blockchain node;
第一生成模块,用于在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;The first generation module is configured to generate a first shared block based on the threat intelligence information when the threat intelligence information is agreed by the first consensus algorithm;
第一写入模块,用于在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。The first writing module is used to write the first shared block to the block when the first shared block is received by the consensus of multiple blockchain nodes of the first shared block Chain.
上述方案中,所述威胁情报信息包括以下至少一项:In the above solution, the threat intelligence information includes at least one of the following:
威胁网络安全的互联网协议IP地址信息;Internet Protocol IP address information that threatens network security;
威胁网络安全的域名信息;Domain name information that threatens network security;
威胁网络安全的统一资源定位符URL信息;Uniform resource locator URL information that threatens network security;
威胁网络安全的安全事件信息;Information on security incidents that threaten network security;
威胁网络安全的漏洞信息。Information on vulnerabilities that threaten network security.
上述方案中,所述装置还包括:In the above solution, the device further includes:
第二接收模块,用于接收第二区块链节点针对目标威胁情报信息发送的调用信息;The second receiving module is used to receive the calling information sent by the second blockchain node for the target threat intelligence information;
更新模块,用于基于所述调用信息,对目标共享区块中的评级参数进行更新,所述目标共享区块为基于所述目标威胁情报信息生成的时间轴上最新的共享区块,所述评级参数为对共享所述目标威胁情报信息的区块链节点进行评价的参数;The update module is configured to update the rating parameters in the target shared block based on the call information, the target shared block being the latest shared block on the time axis generated based on the target threat intelligence information, the The rating parameters are parameters for evaluating the blockchain nodes sharing the target threat intelligence information;
第二生成模块,用于在更新的评级参数被第二共识算法共识的情况下,基于所述目标共享区块和所述更新的评级参数,生成第二共享区块;The second generation module is configured to generate a second shared block based on the target shared block and the updated rating parameter when the updated rating parameter is agreed by the second consensus algorithm;
第二写入模块,用于在所述第二共享区块被接收所述第二共享区块的多个区块链节点共识的情况下,将所述第二共享区块写入至所述区块链中。The second writing module is used to write the second shared block to the second shared block when the second shared block is received by the consensus of multiple blockchain nodes of the second shared block In the blockchain.
上述方案中,所述更新模块,具体用于基于所述调用信息,确定对所述目标威胁情报信息调用的目标参数;基于所述目标参数,对目标共享区块中的评级参数进行更新。In the above solution, the update module is specifically configured to determine the target parameter for calling the target threat intelligence information based on the calling information; and to update the rating parameter in the target shared block based on the target parameter.
上述方案中,所述目标参数包括以下至少一项:In the above solution, the target parameter includes at least one of the following:
调用次数;Number of calls
所述第二区块链节点针对所述目标威胁情报信息的调用进行评价的评价参数。An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information.
第三方面,本公开实施例提供一种电子设备,所述电子设备包括:收发机和处理器;In a third aspect, an embodiment of the present disclosure provides an electronic device, the electronic device including: a transceiver and a processor;
所述收发机,用于接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送;The transceiver is configured to receive threat intelligence information, where the threat intelligence information is information that threatens network security, and the threat intelligence information is sent by a first blockchain node;
所述处理器,用于在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。The processor is configured to generate a first shared block based on the threat intelligence information when the threat intelligence information is agreed by the first consensus algorithm; the first shared block is received in the first shared block In the case of consensus among multiple blockchain nodes sharing a block, the first shared block is written into the blockchain.
上述方案中,所述威胁情报信息包括以下至少一项:In the above solution, the threat intelligence information includes at least one of the following:
威胁网络安全的互联网协议IP地址信息;Internet Protocol IP address information that threatens network security;
威胁网络安全的域名信息;Domain name information that threatens network security;
威胁网络安全的统一资源定位符URL信息;Uniform resource locator URL information that threatens network security;
威胁网络安全的安全事件信息;Information on security incidents that threaten network security;
威胁网络安全的漏洞信息。Information on vulnerabilities that threaten network security.
上述方案中,所述收发机,还用于接收第二区块链节点针对目标威胁情报信息发送的调用信息;In the above solution, the transceiver is also used to receive the calling information sent by the second blockchain node for the target threat intelligence information;
所述处理器,还用于基于所述调用信息,对目标共享区块中的评级参数进行更新,所述目标共享区块为基于所述目标威胁情报信息生成的时间轴上最新的共享区块,所述评级参数为对共享所述目标威胁情报信息的区块链节点进行评价的参数;在更新的评级参数被第二共识算法共识的情况下,基于所述目标共享区块和所述更新的评级参数,生成第二共享区块;在所述第二共享区块被接收所述第二共享区块的多个区块链节点共识的情况下,将所述第二共享区块写入至所述区块链中。The processor is further configured to update the rating parameters in the target shared block based on the call information, the target shared block being the latest shared block on the time axis generated based on the target threat intelligence information , The rating parameter is a parameter for evaluating the blockchain nodes that share the target threat intelligence information; in the case that the updated rating parameter is agreed by the second consensus algorithm, based on the target shared block and the update The second shared block is generated by the rating parameters of the second shared block; in the case where the second shared block is received by the consensus of multiple blockchain nodes of the second shared block, the second shared block is written To the blockchain.
上述方案中,所述处理器,具体用于基于所述调用信息,确定对所述目标威胁情报信息调用的目标参数;基于所述目标参数,对目标共享区块中的评级参数进行更新。In the above solution, the processor is specifically configured to determine the target parameter for calling the target threat intelligence information based on the calling information; and to update the rating parameter in the target shared block based on the target parameter.
上述方案中,所述目标参数包括以下至少一项:In the above solution, the target parameter includes at least one of the following:
调用次数;Number of calls
所述第二区块链节点针对所述目标威胁情报信息的调用进行评价的评价参数。An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information.
第四方面,本公开实施例提供一种信息共享系统,所述系统包括:第一区块链节点、可与第一区块链节点进行交互的多个区块链节点和电子设备;In a fourth aspect, embodiments of the present disclosure provide an information sharing system, the system including: a first blockchain node, a plurality of blockchain nodes that can interact with the first blockchain node, and electronic devices;
所述第一区块链节点,用于发送威胁情报信息,所述威胁情报信息为威胁网络安全的信息;The first blockchain node is used to send threat intelligence information, where the threat intelligence information is information that threatens network security;
所述电子设备,用于接收所述威胁情报信息;在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;将所述第一共享区块发送至所述可与第一区块链节点进行交互的多个区块链节点;The electronic device is used to receive the threat intelligence information; when the threat intelligence information is agreed by the first consensus algorithm, generate a first shared block based on the threat intelligence information; and transfer the first shared area The block is sent to the multiple blockchain nodes that can interact with the first blockchain node;
所述可与第一区块链节点进行交互的多个区块链节点,用于接收所述第一共享区块;对所述第一共享区块进行共识;The multiple blockchain nodes that can interact with the first blockchain node are used to receive the first shared block; and make a consensus on the first shared block;
所述电子设备,还用于在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。The electronic device is further configured to write the first shared block to the block when the first shared block is received by the consensus of multiple blockchain nodes of the first shared block Chain.
上述方案中,所述威胁情报信息包括以下至少一项:In the above solution, the threat intelligence information includes at least one of the following:
威胁网络安全的互联网协议IP地址信息;Internet Protocol IP address information that threatens network security;
威胁网络安全的域名信息;Domain name information that threatens network security;
威胁网络安全的统一资源定位符URL信息;Uniform resource locator URL information that threatens network security;
威胁网络安全的安全事件信息;Information on security incidents that threaten network security;
威胁网络安全的漏洞信息。Information on vulnerabilities that threaten network security.
上述方案中,所述系统还包括:第二区块链节点和可与第二区块链节点进行交互的多个区块链节点;In the above solution, the system further includes: a second blockchain node and multiple blockchain nodes that can interact with the second blockchain node;
所述第二区块链节点,用于针对目标威胁情报信息发送调用信息;The second blockchain node is used to send call information for target threat intelligence information;
所述电子设备,还用于接收第二区块链节点针对目标威胁情报信息发送的调用信息;基于所述调用信息,对目标共享区块中的评级参数进行更新,所述目标共享区块为基于所述目标威胁情报信息生成的时间轴上最新的共享区块,所述评级参数为对共享所述目标威胁情报信息的区块链节点进行评价的参数;在更新的评级参数被第二共识算法共识的情况下,基于所述目标共享区块和所述更新的评级参数,生成第二共享区块;将所述第二共享区块发 送至所述可与第二区块链节点进行交互的多个区块链节点;The electronic device is also used to receive the calling information sent by the second blockchain node for the target threat intelligence information; based on the calling information, the rating parameters in the target shared block are updated, and the target shared block is Based on the latest shared block on the time axis generated by the target threat intelligence information, the rating parameter is a parameter for evaluating the blockchain nodes that share the target threat intelligence information; the updated rating parameter is determined by the second consensus In the case of algorithm consensus, generate a second shared block based on the target shared block and the updated rating parameters; send the second shared block to the node that can interact with the second blockchain Of multiple blockchain nodes;
所述可与第二区块链节点进行交互的多个区块链节点,用于接收所述第二共享区块;对所述第二共享区块进行共识;The multiple blockchain nodes that can interact with the second blockchain node are used to receive the second shared block; and make a consensus on the second shared block;
所述电子设备,还用于在所述第二共享区块被接收所述第二共享区块的多个区块链节点共识的情况下,将所述第二共享区块写入至所述区块链中。The electronic device is further configured to write the second shared block to the second shared block when the second shared block is received by the consensus of multiple blockchain nodes of the second shared block In the blockchain.
上述方案中,所述电子设备,具体用于基于所述调用信息,确定对所述目标威胁情报信息调用的目标参数;基于所述目标参数,对目标共享区块中的评级参数进行更新。In the above solution, the electronic device is specifically configured to determine the target parameter for calling the target threat intelligence information based on the calling information; and to update the rating parameter in the target shared block based on the target parameter.
上述方案中,所述目标参数包括以下至少一项:In the above solution, the target parameter includes at least one of the following:
调用次数;Number of calls
所述第二区块链节点针对所述目标威胁情报信息的调用进行评价的评价参数。An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information.
第五方面,本公开实施例提供一种电子设备,包括处理器,存储器,存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行时实现上述信息共享方法的步骤。In a fifth aspect, an embodiment of the present disclosure provides an electronic device including a processor, a memory, a computer program stored on the memory and capable of running on the processor, and when the computer program is executed by the processor Steps to implement the above information sharing method.
第六方面,本公开实施例提供一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现上述信息共享方法的步骤。In a sixth aspect, embodiments of the present disclosure provide a computer-readable storage medium having a computer program stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the above-mentioned information sharing method are implemented.
本公开实施例中,首先接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送;然后,在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;最后,在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。从而能够通过区块链技术构建威胁情报信息以及威胁情报源的区块链,实现对威胁情报信息的共享。同时,由于区块链具有不可篡改的特性,因此,能够避免所述威胁情报信息被篡改的可能性。In the embodiment of the present disclosure, firstly, threat intelligence information is received. The threat intelligence information is information that threatens network security. The threat intelligence information is sent by the first blockchain node; then, the threat intelligence information is received by the first consensus. In the case of algorithm consensus, the first shared block is generated based on the threat intelligence information; finally, in the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, Write the first shared block into the blockchain. In this way, a blockchain of threat intelligence information and threat intelligence sources can be constructed through blockchain technology to realize the sharing of threat intelligence information. At the same time, because the blockchain has the characteristic of being non-tamperable, the possibility of tampering with the threat intelligence information can be avoided.
为了更清楚地说明本公开实施例的技术方案,下面将对本公开实施例描 述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本公开的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获取其他的附图。In order to explain the technical solutions of the embodiments of the present disclosure more clearly, the following will briefly introduce the accompanying drawings used in the description of the embodiments of the present disclosure. Obviously, the accompanying drawings in the following description are only some embodiments of the present disclosure. For those of ordinary skill in the art, without creative labor, other drawings can be obtained based on these drawings.
图1是本公开实施例提供的信息共享方法的流程示意图之一;FIG. 1 is one of the schematic flowcharts of the information sharing method provided by an embodiment of the present disclosure;
图2是本公开实施例提供的信息共享方法中各区块链节点的逻辑示意图;2 is a schematic diagram of each blockchain node in the information sharing method provided by an embodiment of the present disclosure;
图3是本公开实施例提供的信息共享方法中共享区块的结构示意图;3 is a schematic diagram of the structure of a shared block in the information sharing method provided by an embodiment of the present disclosure;
图4是区块链的链式示意图;Figure 4 is a schematic diagram of the chain of the blockchain;
图5是本公开实施例提供的信息共享方法的流程示意图之二;FIG. 5 is the second schematic flowchart of the information sharing method provided by an embodiment of the present disclosure;
图6是本公开实施例提供的信息共享装置的结构示意图;FIG. 6 is a schematic structural diagram of an information sharing device provided by an embodiment of the present disclosure;
图7是本公开实施例提供的电子设备的结构示意图;FIG. 7 is a schematic structural diagram of an electronic device provided by an embodiment of the present disclosure;
图8是本公开实施例提供的信息共享系统的结构示意图之一;FIG. 8 is one of the structural schematic diagrams of an information sharing system provided by an embodiment of the present disclosure;
图9是本公开实施例提供的信息共享系统的结构示意图之二。Fig. 9 is a second structural diagram of an information sharing system provided by an embodiment of the present disclosure.
背景技术中,相关技术中的共享机制中,其共享的威胁情报信息存在被篡改的可能性。In the background art, in the sharing mechanism in the related art, the threat intelligence information shared may be tampered with.
比如,相关技术中,根据预设周期对内网中的未知数据表进行轮询,获得未知数据表中的未知数据;根据未知数据向情报云服务器发送查询请求,并接收情报云服务器返回的包括威胁情报信息的查询结果;将查询结果推送至内网的威胁情报平台,以使威胁情报平台将所述查询结果进行存储,实现威胁情报信息的共享。For example, in the related technology, the unknown data table in the intranet is polled according to a preset period to obtain the unknown data in the unknown data table; the query request is sent to the intelligence cloud server based on the unknown data, and the information returned by the intelligence cloud server is received. The query result of threat intelligence information; the query result is pushed to the threat intelligence platform of the intranet, so that the threat intelligence platform can store the query result to realize the sharing of threat intelligence information.
上面方案在实现共享的过程中,需要情报云服务器进行查询,并将查询结果进行推送,在这些过程中,威胁情报信息都存在被篡改的风险。In the process of realizing sharing, the above scheme requires the intelligence cloud server to query and push the query results. In these processes, the threat intelligence information is at risk of being tampered with.
基于此,本公开实施例提出基于区块链对威胁情报信息进行共享的方案。Based on this, the embodiments of the present disclosure propose a scheme for sharing threat intelligence information based on the blockchain.
下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本公开一部分实施例,而不是全部的实施例。基于本公开中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获取的所有其他实施例,都属于本公开保护的范围。The technical solutions in the embodiments of the present disclosure will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present disclosure. Obviously, the described embodiments are part of the embodiments of the present disclosure, rather than all of the embodiments. Based on the embodiments in the present disclosure, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present disclosure.
下面首先对本公开实施例提供的信息共享方法进行说明。The following first describes the information sharing method provided by the embodiments of the present disclosure.
需要说明的是,本公开实施例提供的信息共享方法可以应用于信息共享系统,所述信息共享系统包括多个区块链节点和电子设备。所述电子设备可以为信息共享服务器,用于基于区块链对第一区块链节点提供的威胁情报信息进行共享。It should be noted that the information sharing method provided by the embodiments of the present disclosure can be applied to an information sharing system, and the information sharing system includes multiple blockchain nodes and electronic devices. The electronic device may be an information sharing server for sharing the threat intelligence information provided by the first blockchain node based on the blockchain.
参见图1,图中示出了本公开实施例提供的信息共享方法的流程示意图之一。如图1所示,该方法可以包括如下步骤:Refer to FIG. 1, which shows one of the schematic flowcharts of the information sharing method provided by an embodiment of the present disclosure. As shown in Figure 1, the method may include the following steps:
步骤101,接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送。Step 101: Receive threat intelligence information, where the threat intelligence information is information threatening network security, and the threat intelligence information is sent by a first blockchain node.
这里,首先介绍本公开实施例中所涉及的各个区块链节点之间的逻辑关系,参见图2,图中示出了本公开实施例提供的信息共享方法中各区块链节点的逻辑示意图。Here, the logical relationship between the various blockchain nodes involved in the embodiment of the present disclosure is first introduced. Referring to FIG. 2, a schematic diagram of each blockchain node in the information sharing method provided by the embodiment of the present disclosure is shown in the figure.
如图2所示,Node 1、Node 2、Node 3、Node n-1和Node n为区块链节点,各个区块链节点之间在逻辑层面上形成了点对点的通信。比如,Node 1可以与Node 2、Node 3、Node n-1、Node n等n-1个节点进行交互;Node 2可以与Node 1、Node 3、Node n-1、Node n等n-1个节点进行交互;Node 3可以与Node 1、Node 2、Node n-1、Node n等n-1个节点进行交互;Node n-1可以与Node 1、Node 2、Node 3、Node n等n-1个节点进行交互;Node n可以与Node 1、Node 2、Node 3、Node n-1等n-1个节点进行交互。As shown in Figure 2, Node 1, Node 2, Node 3, Node n-1, and Node n are blockchain nodes, and each blockchain node forms a point-to-point communication on a logical level. For example, Node 1 can interact with n-1 nodes such as Node 2, Node 3, Node n-1, Node n; Node 2 can interact with n-1 nodes such as Node 1, Node 3, Node n-1, Node n, etc. Nodes interact; Node 3 can interact with n-1 nodes such as Node 1, Node 2, Node n-1, Node n; Node n-1 can interact with Node 1, Node 2, Node 3, Node n, etc. n- One node interacts; Node n can interact with n-1 nodes such as Node 1, Node 2, Node 3, Node n-1.
应当说明的是,图2中虽示出了5个区块链节点,但是,在图中区块链节点的个数只作为一种示意,并不作为对区块链节点具体个数的限制。在实际应用中,区块链节点的个数可能远不止5个。It should be noted that although 5 blockchain nodes are shown in Figure 2, the number of blockchain nodes in the figure is only used as an indication, not as a restriction on the specific number of blockchain nodes . In practical applications, the number of blockchain nodes may be far more than 5.
本公开实施例中,区块链节点从功能上划分,可以存在多种类型,每种类型的区块链节点可以包括多个,所述第一区块链节点为提供威胁情报信息的区块链节点,可以称之为威胁情报提供者,也可以称之为威胁情报源,所述第一区块链节点可以是专业威胁情报厂家、防病毒厂家、防APT厂家、检测类产品厂家、免费情报联盟、客户等角色。In the embodiments of the present disclosure, the blockchain nodes are functionally divided, and there may be multiple types, each type of blockchain node may include multiple, and the first blockchain node is a block that provides threat intelligence information. The chain node can be called a threat intelligence provider or a threat intelligence source. The first blockchain node can be a professional threat intelligence manufacturer, an antivirus manufacturer, an anti-APT manufacturer, a detection product manufacturer, and a free Roles such as intelligence alliances and customers.
所述第一区块链节点若获知到威胁网络安全的未知数据,基于所述未知数据,生成威胁情报信息;并调用上传接口,将所述威胁情报信息上传至用 于威胁情报信息共享的电子设备。相应的,该电子设备接收所述威胁情报信息。If the first blockchain node learns unknown data that threatens network security, it generates threat intelligence information based on the unknown data; and calls the upload interface to upload the threat intelligence information to the electronic threat intelligence information sharing. equipment. Correspondingly, the electronic device receives the threat intelligence information.
所述威胁情报信息包括以下至少一项:The threat intelligence information includes at least one of the following:
威胁网络安全的互联网协议IP地址信息;Internet Protocol IP address information that threatens network security;
威胁网络安全的域名信息;Domain name information that threatens network security;
威胁网络安全的统一资源定位符URL信息;Uniform resource locator URL information that threatens network security;
威胁网络安全的安全事件信息;Information on security incidents that threaten network security;
威胁网络安全的漏洞信息。Information on vulnerabilities that threaten network security.
所述IP地址信息是与IP地址相关的威胁情报信息,所述域名信息是与域名相关的威胁情报信息,所述URL信息是与URL相关的威胁情报信息,所述安全事件信息是与安全事件相关的威胁情报信息,所述漏洞信息是与漏洞相关的威胁情报信息。The IP address information is threat intelligence information related to IP addresses, the domain name information is threat intelligence information related to domain names, the URL information is threat intelligence information related to URLs, and the security event information is related to security events. Related threat intelligence information, where the vulnerability information is threat intelligence information related to the vulnerability.
步骤102,在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块。Step 102: In a case where the threat intelligence information is agreed by the first consensus algorithm, generate a first shared block based on the threat intelligence information.
这里,本公开实施例中电子设备在接收到威胁情报信息之后,基于第一共识算法,对威胁情报信息进行共识,共识之后,对威胁情报信息进行记录,可以记录获取到威胁情报信息的时间,以在区块链中实现对区块的同步。Here, in the embodiments of the present disclosure, after receiving the threat intelligence information, the electronic device agrees on the threat intelligence information based on the first consensus algorithm. After the consensus, the threat intelligence information is recorded, and the time when the threat intelligence information is acquired can be recorded. In order to realize the synchronization of blocks in the blockchain.
记录威胁情报信息之后,即可进行区块链中共享区块的构建。参见图3,图中示出了本公开实施例提供的信息共享方法中共享区块的结构示意图。After the threat intelligence information is recorded, the shared block in the blockchain can be constructed. Refer to FIG. 3, which shows a schematic structural diagram of a sharing block in an information sharing method provided by an embodiment of the present disclosure.
如图3所示,共享区块包括区块头和区块体。其中,区块头由前一共享区块的散列值、Merkle根、随机数、时间戳构成。区块体可以包括威胁网络安全的IP地址信息、威胁网络安全的域名信息、威胁网络安全的URL信息、威胁网络安全的安全事件信息、威胁网络安全的漏洞信息中的至少一种。As shown in Figure 3, the shared block includes a block header and a block body. Among them, the block header is composed of the hash value of the previous shared block, Merkle root, random number, and timestamp. The block body may include at least one of IP address information threatening network security, domain name information threatening network security, URL information threatening network security, security event information threatening network security, and vulnerability information threatening network security.
同时,为了解决威胁情报源众多,无法有效判定威胁情报源是否可信,以及贡献率高低的问题,区块体中还可以包括对威胁情报源的评级参数,所述评级参数可以基于第二区块链节点针对威胁情报源共享的威胁情报信息的调用而更新,其具体更新过程将在以下实施例中详细说明。At the same time, in order to solve the problem that there are many threat intelligence sources, it is impossible to effectively determine whether the threat intelligence source is credible, and the contribution rate is high or low, the block body can also include the rating parameters of the threat intelligence source, and the rating parameters can be based on the second zone. The block chain node is updated in response to the invocation of the threat intelligence information shared by the threat intelligence source, and the specific update process will be described in detail in the following embodiments.
具体地,前一共享区块的散列值,是由前一个共享区块的所有信息加上前时间戳,通过哈希所产生的值。Specifically, the hash value of the previous shared block is the value generated by hashing from all the information of the previous shared block plus the previous timestamp.
Merkle根,是由区块体中所有信息构成Merkle树,计算Merkle树根的散列值,该值可以将区块头和区块体绑定起来。The Merkle root is a Merkle tree composed of all the information in the block body, and the hash value of the Merkle tree root is calculated. This value can bind the block header and the block body.
随机数,是当前节点根据所有的公钥信息以及当前时间戳,通过SHA256哈希算法来产生一个随机数,此随机数要求下一个共享区块的哈希值要以该数目为开头的一串数字,通过该随机数可以防止攻击者伪造区块链的区块。A random number is a random number generated by the current node through the SHA256 hash algorithm based on all public key information and the current timestamp. This random number requires the hash value of the next shared block to start with this number. Number, through which the random number can prevent the attacker from forging the block of the blockchain.
时间戳,是发布该共享区块的节点在发布时打的时间标记,从1970年1月1日00:00 UTC开始,到该共享区块产生时间隔的秒数。The timestamp is the time stamp stamped by the node that released the shared block at the time of release, starting at 00:00 UTC on January 1, 1970, and the number of seconds between when the shared block was generated.
对威胁情报源的评级参数包括威胁情报源可信度、威胁情报源贡献率和威胁情报源的级别。威胁情报源可信度,是威胁情报源的可信度相关信息,威胁情报源贡献率,是威胁情报源的贡献率相关信息,威胁情报源的级别是威胁情报源的等级相关信息。The rating parameters of threat intelligence sources include the credibility of threat intelligence sources, the contribution rate of threat intelligence sources, and the level of threat intelligence sources. Threat intelligence source credibility refers to the credibility-related information of the threat intelligence source, the contribution rate of threat intelligence source is the contribution rate related information of the threat intelligence source, and the level of the threat intelligence source is the level-related information of the threat intelligence source.
基于所述威胁情报信息,按照共享区块构建的结构特性,生成第一共享区块。Based on the threat intelligence information, the first shared block is generated according to the structural characteristics of the shared block construction.
同时,基于构建的各个共享区块,即可构建一条区块链链路,参见图4,图中示出了区块链的链式示意图。如图4所示,该区块链由创世区块、共享区块1、共享区块2···共享区块m-1、共享区块m组成。At the same time, based on each shared block constructed, a blockchain link can be constructed, as shown in Figure 4, which shows a chain diagram of the blockchain. As shown in Figure 4, the blockchain is composed of a creation block, a shared block 1, a shared block 2, and a shared block m-1, and a shared block m.
应当说明的是,第一共享区块为基于威胁情报源提供的威胁情报信息构建的初始区块,因此,对威胁情报源的评级参数可以默认为0。It should be noted that the first shared block is the initial block constructed based on the threat intelligence information provided by the threat intelligence source. Therefore, the rating parameter for the threat intelligence source can be 0 by default.
步骤103,在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。Step 103: In the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, write the first shared block into the blockchain.
电子设备生成第一共享区块之后,会广播该第一共享区块。具体的,将第一共享区块发送给与第一区块链节点同类型的所有区块链节点,这些区块链节点接收到第一共享区块后,会对第一共享区块进行共识,共识通过之后,将结果发送给该电子设备。After the electronic device generates the first shared block, it will broadcast the first shared block. Specifically, the first shared block is sent to all blockchain nodes of the same type as the first blockchain node. After these blockchain nodes receive the first shared block, they will reach a consensus on the first shared block. After the consensus is passed, the result is sent to the electronic device.
在所述第一共享区块被多个区块链节点共识通过的情况下,将所述第一共享区块写入至区块链中。In the case where the first shared block is approved by a consensus of multiple blockchain nodes, the first shared block is written into the blockchain.
应当说明的是,将所述第一共享区块写入至区块链中的前提条件,即第一共享区块被区块链节点共识通过的个数可以根据具体情况进行设置,可以设置成相对所有区块链节点个数的预设百分比,如50%,也可以设置成预设 数值,如6个。总之,只要所述第一共享区块被预设个数的区块链节点共识通过后,电子设备即会将所述第一共享区块写入至区块链中。It should be noted that the prerequisite for writing the first shared block to the blockchain, that is, the number of the first shared block passed by the consensus of the blockchain nodes can be set according to the specific situation, and can be set to The preset percentage relative to the number of all blockchain nodes, such as 50%, can also be set to a preset value, such as 6. In short, as long as the first shared block is approved by the consensus of a preset number of blockchain nodes, the electronic device will write the first shared block into the blockchain.
本公开实施例中,首先接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送;然后,在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;最后,在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。从而能够通过区块链技术构建威胁情报信息以及威胁情报源的区块链,实现对威胁情报信息的共享。同时,由于区块链具有不可篡改的特性,因此,能够避免所述威胁情报信息被篡改的可能性。In the embodiment of the present disclosure, firstly, threat intelligence information is received. The threat intelligence information is information that threatens network security. The threat intelligence information is sent by the first blockchain node; then, the threat intelligence information is received by the first consensus. In the case of algorithm consensus, the first shared block is generated based on the threat intelligence information; finally, in the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, Write the first shared block into the blockchain. In this way, a blockchain of threat intelligence information and threat intelligence sources can be constructed through blockchain technology to realize the sharing of threat intelligence information. At the same time, because the blockchain has the characteristic of being non-tamperable, the possibility of tampering with the threat intelligence information can be avoided.
上面详细介绍了基于威胁情报源提供的威胁情报信息,对共享平台的构建,下面将详细介绍基于共享平台是如何对威胁情报信息进行共享,以及如何对共享平台中构建的共享区块中的评级参数进行更新。The above describes in detail the construction of the sharing platform based on the threat intelligence information provided by the threat intelligence source. The following will describe in detail how to share the threat intelligence information based on the sharing platform, and how to rate the rating in the shared block constructed in the sharing platform. The parameters are updated.
进一步的,基于实施例一,参照图5,图中示出了本公开实施例提供的信息共享方法的流程示意图之二。如图5所示,所述步骤103之后,该方法还可以包括如下步骤:Further, based on the first embodiment, referring to FIG. 5, the figure shows the second schematic flowchart of the information sharing method provided by the embodiment of the present disclosure. As shown in Figure 5, after the step 103, the method may further include the following steps:
步骤501,接收第二区块链节点针对目标威胁情报信息发送的调用信息。Step 501: Receive the call information sent by the second blockchain node for the target threat intelligence information.
这里,从功能上划分,所述第二区块链节点为调用威胁情报信息的区块链节点,可以称之为威胁情报调用者,也可以称之为威胁情报共享者。Here, in terms of functions, the second blockchain node is a blockchain node that calls threat intelligence information, and can be called a threat intelligence caller or a threat intelligence sharer.
所述第二区块链节点通常与第一区块链节点不同,但也存在相同的情况,如检测类产品厂家即可以作为威胁情报源提供威胁情报信息,又可以作为威胁情报调用者调用其他威胁情报源提供的威胁情报信息。The second blockchain node is usually different from the first blockchain node, but the same situation exists. For example, the detection product manufacturer can provide threat intelligence information as a threat intelligence source, and can also call others as a threat intelligence caller. Threat intelligence information provided by threat intelligence sources.
所述第二区块链节点对所述目标威胁情报信息的共享记录进行调用,生成调用信息;并调用上传接口,将所述调用信息上传至电子设备。相应的,该电子设备接收所述调用信息。The second blockchain node calls the shared record of the target threat intelligence information to generate call information; and calls the upload interface to upload the call information to the electronic device. Correspondingly, the electronic device receives the call information.
步骤502,基于所述调用信息,对目标共享区块中的评级参数进行更新,所述目标共享区块为基于所述目标威胁情报信息生成的时间轴上最新的共享区块,所述评级参数为对共享所述目标威胁情报信息的区块链节点进行评价的参数。 Step 502, based on the call information, update the rating parameters in the target shared block, the target shared block being the latest shared block on the time axis generated based on the target threat intelligence information, the rating parameter It is a parameter for evaluating the blockchain nodes sharing the target threat intelligence information.
所述评级参数可以包括威胁情报源可信度、威胁情报源贡献率和威胁情报源的级别。威胁情报源可信度,是威胁情报源的可信度相关信息,威胁情报源贡献率,是威胁情报源的贡献率相关信息,威胁情报源的级别是威胁情报源的等级相关信息。The rating parameters may include the credibility of the threat intelligence source, the contribution rate of the threat intelligence source, and the level of the threat intelligence source. Threat intelligence source credibility refers to the credibility-related information of the threat intelligence source, the contribution rate of threat intelligence source is the contribution rate related information of the threat intelligence source, and the level of the threat intelligence source is the level-related information of the threat intelligence source.
所述威胁情报源的级别可以通过威胁情报源可信度和威胁情报源贡献率来计算,比如,当威胁情报源可信度在10%~20%之间,且威胁情报源贡献率在10%~20%之间时,所述威胁情报源的级别处于第五等级。当然,上述设置威胁情报源的级别的方式只是作为一种示例,并不能用来限制威胁情报源的级别设置方式。The level of the threat intelligence source can be calculated by the credibility of the threat intelligence source and the contribution rate of the threat intelligence source. For example, when the credibility of the threat intelligence source is between 10% and 20%, and the contribution rate of the threat intelligence source is 10%. %-20%, the level of the threat intelligence source is at the fifth level. Of course, the above method of setting the level of threat intelligence sources is just an example, and cannot be used to limit the method of setting the level of threat intelligence sources.
电子设备接收到调用信息之后,基于所述调用信息中的目标威胁情报信息,查询共享所述目标威胁情报信息的区块链节点,即查询所述目标威胁情报信息源于哪个威胁情报源。After receiving the calling information, the electronic device queries the blockchain nodes sharing the target threat intelligence information based on the target threat intelligence information in the calling information, that is, queries the threat intelligence source from which the target threat intelligence information comes.
首先,基于所述调用信息中的目标威胁情报信息,查询获得目标共享区块,基于目标共享区块,获得共享所述目标威胁情报信息的区块链节点,同时获得评级参数。First, based on the target threat intelligence information in the calling information, query and obtain the target shared block, and based on the target shared block, obtain the blockchain nodes that share the target threat intelligence information, and obtain the rating parameters at the same time.
然后,基于所述调用信息,对所述评级参数进行更新。Then, based on the calling information, the rating parameters are updated.
所述基于所述调用信息,对目标共享区块中的评级参数进行更新的步骤包括:The step of updating the rating parameters in the target shared block based on the calling information includes:
基于所述调用信息,确定对所述目标威胁情报信息调用的目标参数;Based on the calling information, determining the target parameters for calling the target threat intelligence information;
基于所述目标参数,对目标共享区块中的评级参数进行更新。Based on the target parameter, the rating parameter in the target shared block is updated.
其中,所述目标参数包括以下至少一项:Wherein, the target parameter includes at least one of the following:
调用次数;Number of calls
所述第二区块链节点针对所述目标威胁情报信息的调用进行评价的评价参数。An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information.
可以根据统计调用信息的个数,来确定所述调用次数。另外,所述调用信息中也可以包括第二区块链节点针对所述目标威胁情报信息的调用进行评价的评价参数,比如,可以设置反馈机制,给威胁情报调用者提供反馈接口,以反馈威胁情报信息的质量高低;相应的,获取调用信息中的评价参数。The number of invocations can be determined according to the number of statistical invocation information. In addition, the calling information may also include evaluation parameters used by the second blockchain node to evaluate the calling of the target threat intelligence information. For example, a feedback mechanism may be set to provide a feedback interface for threat intelligence callers to feed back threats. The quality of the intelligence information is high or low; accordingly, the evaluation parameters in the calling information are obtained.
具体的,有以下三种方式对所述评级参数进行更新。Specifically, there are the following three ways to update the rating parameters.
第一种:基于第二区块链节点对目标威胁情报信息的调用次数,对所述评级参数进行更新。The first method is to update the rating parameters based on the number of times the second blockchain node calls the target threat intelligence information.
比如,调用次数达到预设值时,其评级参数相应增加预设百分比,举个例子来说,调用次数达到1时,其评级参数相应增加1%。For example, when the number of calls reaches a preset value, the rating parameter is increased by a preset percentage. For example, when the number of calls reaches 1, the rating parameter is increased by 1%.
第二种:所述第二区块链节点针对所述目标威胁情报信息的调用进行评价的评价参数,对所述评级参数进行更新。The second type: the evaluation parameter of the second blockchain node for evaluating the call of the target threat intelligence information, and the evaluation parameter is updated.
比如,评价参数指示所述目标威胁情报信息有用时,其评级参数相应增加预设百分比;评价参数指示所述目标威胁情报信息无用时,其评级参数相应降低预设百分比。For example, when the evaluation parameter indicates that the target threat intelligence information is useful, its rating parameter is correspondingly increased by a preset percentage; when the evaluation parameter indicates that the target threat intelligence information is not useful, its rating parameter is correspondingly reduced by a preset percentage.
第三种:基于第二区块链节点对目标威胁情报信息的调用次数和,所述第二区块链节点针对所述目标威胁情报信息的调用进行评价的评价参数,对所述评级参数进行更新。The third type: based on the number of calls of the target threat intelligence information by the second blockchain node and the evaluation parameters for the second blockchain node to evaluate the calling of the target threat intelligence information, the rating parameters are evaluated Update.
比如,根据指示目标威胁情报信息有用的评价参数的个数和调用次数的比值,对所述评级参数进行更新,比值越大,评级参数相应增加的越多。For example, the rating parameter is updated according to the ratio of the number of evaluation parameters that indicate the usefulness of the target threat intelligence information and the number of calls. The larger the ratio, the more the rating parameter increases accordingly.
步骤503,在更新的评级参数被第二共识算法共识的情况下,基于所述目标共享区块和所述更新的评级参数,生成第二共享区块。Step 503: In the case where the updated rating parameters are agreed by the second consensus algorithm, a second shared block is generated based on the target shared block and the updated rating parameters.
所述第二共识算法可以与第一共识算法相同,也可以不同,这里不做限制。The second consensus algorithm may be the same as or different from the first consensus algorithm, and there is no restriction here.
这里,在更新评级参数之后,基于第二共识算法,对更新的评级参数进行共识,共识之后,对更新的评级参数进行记录,可以记录更新评级参数的时间,以在区块链中实现对区块的同步。Here, after updating the rating parameters, based on the second consensus algorithm, a consensus is made on the updated rating parameters. After the consensus, the updated rating parameters are recorded, and the time when the rating parameters are updated can be recorded, so as to realize the regionalization in the blockchain. Synchronization of blocks.
记录更新的评级参数之后,即可基于所述目标共享区块和所述更新的评级参数,按照共享区块构建的结构特性,生成第二共享区块。After recording the updated rating parameters, based on the target shared block and the updated rating parameters, a second shared block can be generated according to the structural characteristics of the shared block construction.
应当说明的是,所述第二共享区块与目标共享区块可以仅评级参数不同。It should be noted that the second shared block and the target shared block may differ only in rating parameters.
步骤504,在所述第二共享区块被接收所述第二共享区块的多个区块链节点共识的情况下,将所述第二共享区块写入至所述区块链中。Step 504: In the case where the second shared block is received by the consensus of multiple blockchain nodes of the second shared block, write the second shared block into the blockchain.
电子设备生成第二共享区块之后,会广播该第二共享区块。具体的,将第二共享区块发送给与第二区块链节点同类型的所有区块链节点,这些区块链节点接收到第二共享区块后,会对第二共享区块进行共识,共识通过之后, 将结果发送给该电子设备。After the electronic device generates the second shared block, it will broadcast the second shared block. Specifically, the second shared block is sent to all blockchain nodes of the same type as the second blockchain node. After these blockchain nodes receive the second shared block, they will reach a consensus on the second shared block. After the consensus is passed, the result is sent to the electronic device.
在所述第二共享区块被多个区块链节点共识通过的情况下,将所述第二共享区块写入至区块链中。In the case where the second shared block is approved by a consensus of multiple blockchain nodes, the second shared block is written into the blockchain.
应当说明的是,将所述第二共享区块写入至区块链中的前提条件,即第二共享区块被区块链节点共识通过的个数可以根据具体情况进行设置,可以设置成相对所有区块链节点个数的预设百分比,如50%,也可以设置成预设数值,如6个。总之,只要所述第二共享区块被预设个数的区块链节点共识通过后,电子设备即会将所述第二共享区块写入至区块链中。It should be noted that the prerequisite for writing the second shared block to the blockchain, that is, the number of second shared blocks that are passed by the consensus of the blockchain nodes can be set according to the specific situation, and can be set to The preset percentage relative to the number of all blockchain nodes, such as 50%, can also be set to a preset value, such as 6. In short, as long as the second shared block is approved by the consensus of a preset number of blockchain nodes, the electronic device will write the second shared block into the blockchain.
本公开实施例中,通过在区块链中的共享区块中设置评级参数,并通过第二区块链节点针对目标威胁情报信息发送的调用信息,对评级参数进行更新,In the embodiment of the present disclosure, the rating parameters are updated by setting the rating parameters in the shared block in the blockchain, and using the calling information sent by the second blockchain node for the target threat intelligence information,
从而能够根据该评级参数,确定威胁情报源的可信度、贡献度和级别,解决威胁情报源众多,而使威胁情报调用者无法有效判定威胁情报源是否可信,贡献率高低的问题。同时,可以设置反馈机制,为威胁情报调用者反馈共享的威胁情报信息的质量高低,这样,能够解决针对威胁情报源所提供的威胁情报信息的质量高低没有对应的反馈机制的问题。进而能够有利于整个威胁情报生态的闭环持续有效开展。Therefore, the credibility, contribution and level of threat intelligence sources can be determined according to the rating parameters, and the problem of numerous threat intelligence sources can be solved, so that threat intelligence callers cannot effectively determine whether the threat intelligence source is credible and the contribution rate is high or low. At the same time, a feedback mechanism can be set up to feed back the quality of the threat intelligence information shared to the threat intelligence caller. In this way, it can solve the problem that there is no corresponding feedback mechanism for the quality of the threat intelligence information provided by the threat intelligence source. In turn, it can be beneficial to the continuous and effective development of the closed loop of the entire threat intelligence ecosystem.
下面对本公开实施例提供的信息共享装置进行说明。The information sharing device provided by the embodiments of the present disclosure will be described below.
参见图6,图中示出了本公开实施例提供的信息共享装置的结构示意图。如图6所示,信息共享装置600包括:Referring to FIG. 6, the figure shows a schematic structural diagram of an information sharing device provided by an embodiment of the present disclosure. As shown in FIG. 6, the information sharing device 600 includes:
第一接收模块601,用于接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送;The first receiving module 601 is configured to receive threat intelligence information, where the threat intelligence information is information that threatens network security, and the threat intelligence information is sent by a first blockchain node;
第一生成模块602,用于在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;The first generation module 602 is configured to generate a first shared block based on the threat intelligence information when the threat intelligence information is agreed by the first consensus algorithm;
第一写入模块603,用于在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。The first writing module 603 is configured to write the first shared block to the zone when the first shared block is received by the consensus of multiple blockchain nodes of the first shared block Block chain.
可选的,所述威胁情报信息包括以下至少一项:Optionally, the threat intelligence information includes at least one of the following:
威胁网络安全的互联网协议IP地址信息;Internet Protocol IP address information that threatens network security;
威胁网络安全的域名信息;Domain name information that threatens network security;
威胁网络安全的统一资源定位符URL信息;Uniform resource locator URL information that threatens network security;
威胁网络安全的安全事件信息;Information on security incidents that threaten network security;
威胁网络安全的漏洞信息。Information on vulnerabilities that threaten network security.
可选的,所述装置还包括:Optionally, the device further includes:
第二接收模块,用于接收第二区块链节点针对目标威胁情报信息发送的调用信息;The second receiving module is used to receive the calling information sent by the second blockchain node for the target threat intelligence information;
更新模块,用于基于所述调用信息,对目标共享区块中的评级参数进行更新,所述目标共享区块为基于所述目标威胁情报信息生成的时间轴上最新的共享区块,所述评级参数为对共享所述目标威胁情报信息的区块链节点进行评价的参数;The update module is configured to update the rating parameters in the target shared block based on the call information, the target shared block being the latest shared block on the time axis generated based on the target threat intelligence information, the The rating parameters are parameters for evaluating the blockchain nodes sharing the target threat intelligence information;
第二生成模块,用于在更新的评级参数被第二共识算法共识的情况下,基于所述目标共享区块和所述更新的评级参数,生成第二共享区块;The second generation module is configured to generate a second shared block based on the target shared block and the updated rating parameter when the updated rating parameter is agreed by the second consensus algorithm;
第二写入模块,用于在所述第二共享区块被接收所述第二共享区块的多个区块链节点共识的情况下,将所述第二共享区块写入至所述区块链中。The second writing module is used to write the second shared block to the second shared block when the second shared block is received by the consensus of multiple blockchain nodes of the second shared block In the blockchain.
可选的,所述更新模块,具体用于基于所述调用信息,确定对所述目标威胁情报信息调用的目标参数;基于所述目标参数,对目标共享区块中的评级参数进行更新。Optionally, the update module is specifically configured to determine the target parameter for calling the target threat intelligence information based on the calling information; and to update the rating parameter in the target shared block based on the target parameter.
可选的,所述目标参数包括以下至少一项:Optionally, the target parameter includes at least one of the following:
调用次数;Number of calls
所述第二区块链节点针对所述目标威胁情报信息的调用进行评价的评价参数。An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information.
信息共享装置600能够实现上述方法实施例中实现的各个过程,为避免重复,这里不再赘述。The information sharing device 600 can implement the various processes implemented in the foregoing method embodiments. To avoid repetition, details are not described herein again.
本公开实施例中,首先接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送;然后,在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;最后,在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。从而能够通过区块链技术构建威胁情报信息以及威胁情报源的区块链,实现对威胁情报信 息的共享。同时,由于区块链具有不可篡改的特性,因此,能够避免所述威胁情报信息被篡改的可能性。In the embodiment of the present disclosure, firstly, threat intelligence information is received. The threat intelligence information is information that threatens network security. The threat intelligence information is sent by the first blockchain node; then, the threat intelligence information is received by the first consensus. In the case of algorithm consensus, the first shared block is generated based on the threat intelligence information; finally, in the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, Write the first shared block into the blockchain. In this way, a blockchain of threat intelligence information and threat intelligence sources can be constructed through blockchain technology to realize the sharing of threat intelligence information. At the same time, because the blockchain has the characteristic of being non-tamperable, the possibility of tampering with the threat intelligence information can be avoided.
下面对本公开实施例提供的电子设备进行说明。The electronic equipment provided by the embodiments of the present disclosure will be described below.
参见图7,图中示出了本公开实施例提供的电子设备的结构示意图。如图7所示,电子设备700包括:包括总线701、收发机702、天线703、总线接口704、处理器705和存储器706。Referring to FIG. 7, the figure shows a schematic structural diagram of an electronic device provided by an embodiment of the present disclosure. As shown in FIG. 7, the electronic device 700 includes: a bus 701, a transceiver 702, an antenna 703, a bus interface 704, a processor 705, and a memory 706.
所述收发机702,用于接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送;The transceiver 702 is configured to receive threat intelligence information, where the threat intelligence information is information that threatens network security, and the threat intelligence information is sent by a first blockchain node;
所述处理器705,用于在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。The processor 705 is configured to generate a first shared block based on the threat intelligence information when the threat intelligence information is agreed by the first consensus algorithm; the first shared block is received in the first shared block In the case of a consensus among multiple blockchain nodes sharing a block, the first shared block is written into the blockchain.
上述方案中,所述威胁情报信息包括以下至少一项:In the above solution, the threat intelligence information includes at least one of the following:
威胁网络安全的互联网协议IP地址信息;Internet Protocol IP address information that threatens network security;
威胁网络安全的域名信息;Domain name information that threatens network security;
威胁网络安全的统一资源定位符URL信息;Uniform resource locator URL information that threatens network security;
威胁网络安全的安全事件信息;Information on security incidents that threaten network security;
威胁网络安全的漏洞信息。Information on vulnerabilities that threaten network security.
上述方案中,所述收发机702,还用于接收第二区块链节点针对目标威胁情报信息发送的调用信息;In the above solution, the transceiver 702 is also used to receive the call information sent by the second blockchain node for the target threat intelligence information;
所述处理器705,还用于基于所述调用信息,对目标共享区块中的评级参数进行更新,所述目标共享区块为基于所述目标威胁情报信息生成的时间轴上最新的共享区块,所述评级参数为对共享所述目标威胁情报信息的区块链节点进行评价的参数;在更新的评级参数被第二共识算法共识的情况下,基于所述目标共享区块和所述更新的评级参数,生成第二共享区块;在所述第二共享区块被接收所述第二共享区块的多个区块链节点共识的情况下,将所述第二共享区块写入至所述区块链中。The processor 705 is further configured to update the rating parameters in the target shared block based on the call information, the target shared block being the latest shared zone on the time axis generated based on the target threat intelligence information Block, the rating parameter is a parameter for evaluating the blockchain nodes that share the target threat intelligence information; in the case where the updated rating parameter is agreed by the second consensus algorithm, based on the target shared block and the The updated rating parameters are used to generate a second shared block; in the case where the second shared block is received by the consensus of multiple blockchain nodes of the second shared block, the second shared block is written Into the blockchain.
上述方案中,所述处理器705,具体用于基于所述调用信息,确定对所述目标威胁情报信息调用的目标参数;基于所述目标参数,对目标共享区块 中的评级参数进行更新。In the above solution, the processor 705 is specifically configured to determine the target parameter for calling the target threat intelligence information based on the calling information; and to update the rating parameter in the target shared block based on the target parameter.
上述方案中,所述目标参数包括以下至少一项:In the above solution, the target parameter includes at least one of the following:
调用次数;Number of calls
所述第二区块链节点针对所述目标威胁情报信息的调用进行评价的评价参数。An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information.
在图7中,总线架构(用总线701来代表),总线701可以包括任意数量的互联的总线和桥,总线701将包括由处理器705代表的一个或多个处理器和存储器706代表的存储器的各种电路链接在一起。总线701还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口704在总线701和收发机702之间提供接口。收发机702可以是一个元件,也可以是多个元件,比如多个接收器和发送器,提供用于在传输介质上与各种其他装置通信的单元。经处理器705处理的数据通过天线703在无线介质上进行传输,进一步,天线703还接收数据并将数据传送给处理器705。In Figure 7, the bus architecture (represented by bus 701), bus 701 can include any number of interconnected buses and bridges, bus 701 will include one or more processors represented by processor 705 and memory represented by memory 706 The various circuits are linked together. The bus 701 may also link various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are all known in the art, and therefore, no further description will be given herein. The bus interface 704 provides an interface between the bus 701 and the transceiver 702. The transceiver 702 may be one element or multiple elements, such as multiple receivers and transmitters, and provide a unit for communicating with various other devices on a transmission medium. The data processed by the processor 705 is transmitted on the wireless medium through the antenna 703, and further, the antenna 703 also receives the data and transmits the data to the processor 705.
处理器705负责管理总线701和通常的处理,还可以提供各种功能,包括定时,外围接口,电压调节、电源管理以及其他控制功能。而存储器706可以被用于存储处理器705在执行操作时所使用的数据。The processor 705 is responsible for managing the bus 701 and general processing, and can also provide various functions, including timing, peripheral interfaces, voltage regulation, power management, and other control functions. The memory 706 may be used to store data used by the processor 705 when performing operations.
可选的,处理器705可以是CPU、ASIC、FPGA或CPLD。Optionally, the processor 705 may be a CPU, ASIC, FPGA or CPLD.
可选的,本公开实施例还提供一种电子设备,包括处理器705,存储器706,存储在存储器706上并可在所述处理器705上运行的计算机程序,该计算机程序被处理器705执行时实现上述信息共享方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。Optionally, an embodiment of the present disclosure further provides an electronic device, including a processor 705, a memory 706, a computer program stored on the memory 706 and running on the processor 705, and the computer program is executed by the processor 705 Each process of the above-mentioned information sharing method embodiment can be realized at a time, and the same technical effect can be achieved. In order to avoid repetition, it will not be repeated here.
本公开实施例中,首先接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送;然后,在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;最后,在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。从而能够通过区块链技术构建威胁情报信息以及威胁情报源的区块链,实现对威胁情报信息的共享。同时,由于区块链具有不可篡改的特性,因此,能够避免所述威 胁情报信息被篡改的可能性。In the embodiment of the present disclosure, firstly, threat intelligence information is received. The threat intelligence information is information that threatens network security. The threat intelligence information is sent by the first blockchain node; then, the threat intelligence information is received by the first consensus. In the case of algorithm consensus, the first shared block is generated based on the threat intelligence information; finally, in the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, Write the first shared block into the blockchain. In this way, a blockchain of threat intelligence information and threat intelligence sources can be constructed through blockchain technology to realize the sharing of threat intelligence information. At the same time, because the blockchain has the characteristic of being non-tamperable, it can avoid the possibility of the threat intelligence information being tampered with.
下面对本公开实施例提供的信息共享系统进行说明。The information sharing system provided by the embodiments of the present disclosure will be described below.
参见图8,图中示出了本公开实施例提供的信息共享系统的结构示意图之一。如图8所示,信息共享系统800包括:底层区块链模块801、基于区块链的威胁情报共享模块802、基于区块链的威胁情报评级模块803;其中,Referring to FIG. 8, the figure shows one of the structural schematic diagrams of the information sharing system provided by an embodiment of the present disclosure. As shown in Figure 8, the information sharing system 800 includes: an underlying blockchain module 801, a blockchain-based threat intelligence sharing module 802, and a blockchain-based threat intelligence rating module 803; among them,
底层区块链模块801,用于对威胁情报源的所有区块链节点进行区块链技术的支撑与实现,如共识算法等。The underlying blockchain module 801 is used to support and implement blockchain technology for all blockchain nodes of the threat intelligence source, such as consensus algorithms.
基于区块链的威胁情报共享模块802,用于对区块链中的IP地址信息、域名信息、URL信息、安全事件信息、漏洞信息等威胁情报信息进行共享。The block chain-based threat intelligence sharing module 802 is used to share threat intelligence information such as IP address information, domain name information, URL information, security event information, and vulnerability information in the block chain.
基于区块链的威胁情报评级模块803,用于对区块链中的威胁情报源可信度和威胁情报源贡献率进行计算,并对威胁情报源的等级进行评级。The block chain-based threat intelligence rating module 803 is used to calculate the credibility of the threat intelligence source and the contribution rate of the threat intelligence source in the block chain, and to rate the level of the threat intelligence source.
参见图9,图中示出了本公开实施例提供的信息共享系统的结构示意图之二。如图9所示,信息共享系统900包括:第一区块链节点901、可与第一区块链节点进行交互的多个区块链节点902和电子设备903;Refer to FIG. 9, which shows the second structural diagram of an information sharing system provided by an embodiment of the present disclosure. As shown in FIG. 9, the information sharing system 900 includes: a first blockchain node 901, a plurality of blockchain nodes 902 that can interact with the first blockchain node, and an electronic device 903;
所述第一区块链节点901,用于发送威胁情报信息,所述威胁情报信息为威胁网络安全的信息;The first blockchain node 901 is configured to send threat intelligence information, where the threat intelligence information is information that threatens network security;
所述电子设备903,用于接收所述威胁情报信息;在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;将所述第一共享区块发送至所述可与第一区块链节点进行交互的多个区块链节点;The electronic device 903 is configured to receive the threat intelligence information; in the case that the threat intelligence information is agreed by the first consensus algorithm, generate a first shared block based on the threat intelligence information; Sending the block to the multiple blockchain nodes that can interact with the first blockchain node;
所述可与第一区块链节点进行交互的多个区块链节点902,用于接收所述第一共享区块;对所述第一共享区块进行共识;The multiple blockchain nodes 902 capable of interacting with the first blockchain node are used to receive the first shared block; and make a consensus on the first shared block;
所述电子设备903,还用于在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。The electronic device 903 is further configured to write the first shared block to the zone when the first shared block is received by multiple blockchain nodes of the first shared block. Block chain.
上述方案中,所述威胁情报信息包括以下至少一项:In the above solution, the threat intelligence information includes at least one of the following:
威胁网络安全的互联网协议IP地址信息;Internet Protocol IP address information that threatens network security;
威胁网络安全的域名信息;Domain name information that threatens network security;
威胁网络安全的统一资源定位符URL信息;Uniform resource locator URL information that threatens network security;
威胁网络安全的安全事件信息;Information on security incidents that threaten network security;
威胁网络安全的漏洞信息。Information on vulnerabilities that threaten network security.
上述方案中,所述系统还包括:第二区块链节点904和可与第二区块链节点进行交互的多个区块链节点905;In the above solution, the system further includes: a second blockchain node 904 and a plurality of blockchain nodes 905 that can interact with the second blockchain node;
所述第二区块链节点904,用于针对目标威胁情报信息发送调用信息;The second blockchain node 904 is used to send call information for target threat intelligence information;
所述电子设备903,还用于接收第二区块链节点针对目标威胁情报信息发送的调用信息;基于所述调用信息,对目标共享区块中的评级参数进行更新,所述目标共享区块为基于所述目标威胁情报信息生成的时间轴上最新的共享区块,所述评级参数为对共享所述目标威胁情报信息的区块链节点进行评价的参数;在更新的评级参数被第二共识算法共识的情况下,基于所述目标共享区块和所述更新的评级参数,生成第二共享区块;将所述第二共享区块发送至所述可与第二区块链节点进行交互的多个区块链节点;The electronic device 903 is also used to receive the call information sent by the second blockchain node for the target threat intelligence information; based on the call information, update the rating parameters in the target shared block, the target shared block Is the latest shared block on the time axis generated based on the target threat intelligence information, the rating parameter is a parameter for evaluating the blockchain nodes sharing the target threat intelligence information; the updated rating parameter is the second In the case of consensus algorithm consensus, based on the target shared block and the updated rating parameters, generate a second shared block; send the second shared block to the node that can communicate with the second blockchain Multiple blockchain nodes that interact;
所述可与第二区块链节点进行交互的多个区块链节点905,用于接收所述第二共享区块;对所述第二共享区块进行共识;The multiple blockchain nodes 905 that can interact with a second blockchain node are used to receive the second shared block; and make a consensus on the second shared block;
所述电子设备903,还用于在所述第二共享区块被接收所述第二共享区块的多个区块链节点共识的情况下,将所述第二共享区块写入至所述区块链中。The electronic device 903 is further configured to write the second shared block to all blockchain nodes when the second shared block is received by multiple blockchain nodes of the second shared block. Said in the blockchain.
上述方案中,所述电子设备903,具体用于基于所述调用信息,确定对所述目标威胁情报信息调用的目标参数;基于所述目标参数,对目标共享区块中的评级参数进行更新。In the above solution, the electronic device 903 is specifically configured to determine the target parameter for calling the target threat intelligence information based on the calling information; and to update the rating parameter in the target shared block based on the target parameter.
上述方案中,所述目标参数包括以下至少一项:In the above solution, the target parameter includes at least one of the following:
调用次数;Number of calls
所述第二区块链节点针对所述目标威胁情报信息的调用进行评价的评价参数。An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information.
本公开实施例中,首先接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送;然后,在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;最后,在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。从而能够通过区块链技术构建威胁情报信息以及威胁情报源的区块链,实现对威胁情报信 息的共享。同时,由于区块链具有不可篡改的特性,因此,能够避免所述威胁情报信息被篡改的可能性。In the embodiment of the present disclosure, firstly, threat intelligence information is received. The threat intelligence information is information that threatens network security. The threat intelligence information is sent by the first blockchain node; then, the threat intelligence information is received by the first consensus. In the case of algorithm consensus, the first shared block is generated based on the threat intelligence information; finally, in the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, Write the first shared block into the blockchain. In this way, a blockchain of threat intelligence information and threat intelligence sources can be constructed through blockchain technology to realize the sharing of threat intelligence information. At the same time, because the blockchain has the characteristic of being non-tamperable, the possibility of tampering with the threat intelligence information can be avoided.
本公开实施例还提供一种计算机可读存储介质,计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时实现上述信息共享方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。其中,所述的计算机可读存储介质,如只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等。The embodiments of the present disclosure also provide a computer-readable storage medium, and a computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, each process of the above-mentioned information sharing method embodiment is realized, and the same technology can be achieved. The effect, in order to avoid repetition, will not be repeated here. Wherein, the computer-readable storage medium, such as read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk, or optical disk, etc.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本公开的范围。A person of ordinary skill in the art may realize that the units and algorithm steps of the examples described in combination with the embodiments disclosed herein can be implemented by electronic hardware or a combination of computer software and electronic hardware. Whether these functions are performed by hardware or software depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of the present disclosure.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and conciseness of description, the specific working process of the system, device and unit described above can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
在本申请所提供的实施例中,应该理解到,所揭露的系统和方法,可以通过其它的方式实现。例如,以上所描述的系统实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the embodiments provided in this application, it should be understood that the disclosed system and method may be implemented in other ways. For example, the system embodiment described above is only illustrative. For example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or It can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本公开实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments of the present disclosure.
另外,在本公开各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, the functional units in the various embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本公开的技术方案本质上或者说对相关技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本公开各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。If the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present disclosure essentially or the part that contributes to the related technology or the part of the technical solution can be embodied in the form of a software product. The computer software product is stored in a storage medium, including several The instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present disclosure. The aforementioned storage media include: U disk, mobile hard disk, ROM, RAM, magnetic disk or optical disk and other media that can store program codes.
以上所述,仅为本公开的具体实施方式,但本公开的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本公开揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本公开的保护范围之内。因此,本公开的保护范围应以权利要求的保护范围为准。The above are only specific implementations of the present disclosure, but the protection scope of the present disclosure is not limited thereto. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present disclosure. It should be covered within the protection scope of the present disclosure. Therefore, the protection scope of the present disclosure should be subject to the protection scope of the claims.
Claims (10)
- 一种信息共享方法,包括:A method of information sharing, including:接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送;Receiving threat intelligence information, where the threat intelligence information is information that threatens network security, and the threat intelligence information is sent by the first blockchain node;在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;In the case where the threat intelligence information is agreed by the first consensus algorithm, generate a first shared block based on the threat intelligence information;在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。In the case where the first shared block is received by the consensus of multiple blockchain nodes of the first shared block, the first shared block is written into the blockchain.
- 根据权利要求1所述的方法,其中,所述威胁情报信息包括以下至少一项:The method according to claim 1, wherein the threat intelligence information includes at least one of the following:威胁网络安全的互联网协议IP地址信息;Internet Protocol IP address information that threatens network security;威胁网络安全的域名信息;Domain name information that threatens network security;威胁网络安全的统一资源定位符URL信息;Uniform resource locator URL information that threatens network security;威胁网络安全的安全事件信息;Information on security incidents that threaten network security;威胁网络安全的漏洞信息。Information on vulnerabilities that threaten network security.
- 根据权利要求1所述的方法,其中,所述将所述第一共享区块写入至相应的区块链中之后,所述方法还包括:The method according to claim 1, wherein, after the writing the first shared block into the corresponding blockchain, the method further comprises:接收第二区块链节点针对目标威胁情报信息发送的调用信息;Receive the calling information sent by the second blockchain node for the target threat intelligence information;基于所述调用信息,对目标共享区块中的评级参数进行更新,所述目标共享区块为基于所述目标威胁情报信息生成的时间轴上最新的共享区块,所述评级参数为对共享所述目标威胁情报信息的区块链节点进行评价的参数;Based on the call information, the rating parameters in the target shared block are updated. The target shared block is the latest shared block on the time axis generated based on the target threat intelligence information, and the rating parameter is the shared block. The parameters used for evaluation by the blockchain node of the target threat intelligence information;在更新的评级参数被第二共识算法共识的情况下,基于所述目标共享区块和所述更新的评级参数,生成第二共享区块;In the case where the updated rating parameters are agreed by the second consensus algorithm, generate a second shared block based on the target shared block and the updated rating parameters;在所述第二共享区块被接收所述第二共享区块的多个区块链节点共识的情况下,将所述第二共享区块写入至所述区块链中。In the case where the second shared block is received by the consensus of multiple blockchain nodes of the second shared block, the second shared block is written into the blockchain.
- 根据权利要求3所述的方法,其中,所述基于所述调用信息,对目标共享区块中的评级参数进行更新的步骤包括:The method according to claim 3, wherein the step of updating the rating parameters in the target shared block based on the calling information comprises:基于所述调用信息,确定对所述目标威胁情报信息调用的目标参数;Based on the calling information, determining the target parameters for calling the target threat intelligence information;基于所述目标参数,对目标共享区块中的评级参数进行更新。Based on the target parameter, the rating parameter in the target shared block is updated.
- 根据权利要求4所述的方法,其中,所述目标参数包括以下至少一项:The method according to claim 4, wherein the target parameter includes at least one of the following:调用次数;Number of calls所述第二区块链节点针对所述目标威胁情报信息的调用进行评价的评价参数。An evaluation parameter used by the second blockchain node to evaluate the call of the target threat intelligence information.
- 一种信息共享装置,包括:An information sharing device includes:第一接收模块,用于接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送;The first receiving module is configured to receive threat intelligence information, where the threat intelligence information is information that threatens network security, and the threat intelligence information is sent by the first blockchain node;第一生成模块,用于在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;The first generation module is configured to generate a first shared block based on the threat intelligence information when the threat intelligence information is agreed by the first consensus algorithm;第一写入模块,用于在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。The first writing module is used to write the first shared block to the block when the first shared block is received by the consensus of multiple blockchain nodes of the first shared block Chain.
- 一种电子设备,包括:收发机和处理器;An electronic device, including: a transceiver and a processor;所述收发机,用于接收威胁情报信息,所述威胁情报信息为威胁网络安全的信息,所述威胁情报信息由第一区块链节点发送;The transceiver is configured to receive threat intelligence information, where the threat intelligence information is information that threatens network security, and the threat intelligence information is sent by a first blockchain node;所述处理器,用于在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。The processor is configured to generate a first shared block based on the threat intelligence information when the threat intelligence information is agreed by the first consensus algorithm; the first shared block is received in the first shared block In the case of consensus among multiple blockchain nodes sharing a block, the first shared block is written into the blockchain.
- 一种电子设备,包括:包括处理器,存储器,存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行时实现如权利要求1至5中任一项所述的信息共享方法的步骤。An electronic device, comprising: a processor, a memory, a computer program stored on the memory and running on the processor, and the computer program is executed by the processor to implement claims 1 to 5 The steps of any one of the information sharing method.
- 一种信息共享系统,包括:第一区块链节点、可与第一区块链节点进行交互的多个区块链节点和电子设备;An information sharing system includes: a first block chain node, a plurality of block chain nodes that can interact with the first block chain node, and electronic equipment;所述第一区块链节点,用于发送威胁情报信息,所述威胁情报信息为威胁网络安全的信息;The first blockchain node is used to send threat intelligence information, where the threat intelligence information is information that threatens network security;所述电子设备,用于接收所述威胁情报信息;在所述威胁情报信息被第一共识算法共识的情况下,基于所述威胁情报信息生成第一共享区块;将所述第一共享区块,发送至所述可与第一区块链节点进行交互的多个区块链节 点;The electronic device is configured to receive the threat intelligence information; in the case that the threat intelligence information is agreed by the first consensus algorithm, generate a first shared block based on the threat intelligence information; divide the first shared area Block, sent to the multiple blockchain nodes that can interact with the first blockchain node;所述可与第一区块链节点进行交互的多个区块链节点,用于接收所述第一共享区块;对所述第一共享区块进行共识;The multiple blockchain nodes that can interact with the first blockchain node are used to receive the first shared block; and make a consensus on the first shared block;所述电子设备,还用于在所述第一共享区块被接收所述第一共享区块的多个区块链节点共识的情况下,将所述第一共享区块写入至区块链中。The electronic device is further configured to write the first shared block to the block when the first shared block is received by the consensus of multiple blockchain nodes of the first shared block Chain.
- 一种计算机可读存储介质,其中,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至5中任一项所述的信息共享方法的步骤。A computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the information sharing method according to any one of claims 1 to 5 is implemented step.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910817069.6A CN112448923B (en) | 2019-08-30 | 2019-08-30 | Information sharing method, device, system, electronic device and storage medium |
CN201910817069.6 | 2019-08-30 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021036521A1 true WO2021036521A1 (en) | 2021-03-04 |
Family
ID=74683552
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/100754 WO2021036521A1 (en) | 2019-08-30 | 2020-07-08 | Information sharing method, apparatus, system, electronic device, and storage medium |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN112448923B (en) |
WO (1) | WO2021036521A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114363914A (en) * | 2022-01-10 | 2022-04-15 | 中国联合网络通信集团有限公司 | Cell configuration method, device, equipment and storage medium |
CN117692230A (en) * | 2023-12-18 | 2024-03-12 | 永信至诚科技集团股份有限公司 | Information sharing method, system, electronic device and medium for network attack and defense exercise |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115714811A (en) * | 2021-08-20 | 2023-02-24 | 海信集团控股股份有限公司 | Threat information sharing method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108632381A (en) * | 2018-05-14 | 2018-10-09 | 济南浪潮高新科技投资发展有限公司 | A kind of environment measure of supervision and system based on block chain |
CN109243548A (en) * | 2018-08-22 | 2019-01-18 | 广东工业大学 | A kind of medical data platform based on block chain technology |
CN109413174A (en) * | 2018-10-18 | 2019-03-01 | 中国船舶工业系统工程研究院 | A kind of trans-departmental oceanographic data sharing method based on block chain |
US20190109717A1 (en) * | 2017-10-09 | 2019-04-11 | Cisco Technology, Inc. | Sharing network security threat information using a blockchain network |
CN109981564A (en) * | 2019-01-28 | 2019-07-05 | 中国科学院信息工程研究所 | A kind of threat information exchange sharing method based on block chain |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10225273B2 (en) * | 2017-01-27 | 2019-03-05 | International Business Machines Corporation | Secured event monitoring leveraging blockchain |
CN108122165B (en) * | 2017-12-15 | 2020-10-30 | 北京中电普华信息技术有限公司 | Block chain consensus method and system |
CN108390891A (en) * | 2018-03-28 | 2018-08-10 | 电子科技大学天府协同创新中心 | Information protecting method based on privately owned block chain |
CN108965247A (en) * | 2018-06-04 | 2018-12-07 | 上海交通大学 | A kind of threat information exchange shared system and method based on block chain |
CN110049063B (en) * | 2019-04-30 | 2021-09-07 | 中国科学院计算机网络信息中心 | Block chain-based phishing data sharing method and system |
-
2019
- 2019-08-30 CN CN201910817069.6A patent/CN112448923B/en active Active
-
2020
- 2020-07-08 WO PCT/CN2020/100754 patent/WO2021036521A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190109717A1 (en) * | 2017-10-09 | 2019-04-11 | Cisco Technology, Inc. | Sharing network security threat information using a blockchain network |
CN108632381A (en) * | 2018-05-14 | 2018-10-09 | 济南浪潮高新科技投资发展有限公司 | A kind of environment measure of supervision and system based on block chain |
CN109243548A (en) * | 2018-08-22 | 2019-01-18 | 广东工业大学 | A kind of medical data platform based on block chain technology |
CN109413174A (en) * | 2018-10-18 | 2019-03-01 | 中国船舶工业系统工程研究院 | A kind of trans-departmental oceanographic data sharing method based on block chain |
CN109981564A (en) * | 2019-01-28 | 2019-07-05 | 中国科学院信息工程研究所 | A kind of threat information exchange sharing method based on block chain |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114363914A (en) * | 2022-01-10 | 2022-04-15 | 中国联合网络通信集团有限公司 | Cell configuration method, device, equipment and storage medium |
CN114363914B (en) * | 2022-01-10 | 2023-06-20 | 中国联合网络通信集团有限公司 | Cell configuration method, device, equipment and storage medium |
CN117692230A (en) * | 2023-12-18 | 2024-03-12 | 永信至诚科技集团股份有限公司 | Information sharing method, system, electronic device and medium for network attack and defense exercise |
Also Published As
Publication number | Publication date |
---|---|
CN112448923A (en) | 2021-03-05 |
CN112448923B (en) | 2022-09-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021036521A1 (en) | Information sharing method, apparatus, system, electronic device, and storage medium | |
US11824768B2 (en) | Verification of data processes in a network of computing resources | |
US20210092161A1 (en) | Collaborative database and reputation management in adversarial information environments | |
US10491632B1 (en) | Methods for reducing compliance violations in mobile application management environments and devices thereof | |
US8645701B2 (en) | System and method for zone signing and key management in a DNS system | |
US20120066759A1 (en) | System and method for providing endpoint management for security threats in a network environment | |
US11502828B2 (en) | Authenticating chaincode to chaincode invocations of a blockchain | |
CN111460458B (en) | Data processing method, related device and computer storage medium | |
CN110543448A (en) | data synchronization method, device, equipment and computer readable storage medium | |
JP2021525016A (en) | Auto-commit transaction management in blockchain network | |
US20180336334A1 (en) | Prevention of organizational data leakage across platforms based on device status | |
CN112163240A (en) | Block chain based distributed government affair architecture unifying method and system | |
US11044104B2 (en) | Data certification as a service powered by permissioned blockchain network | |
WO2021226894A1 (en) | Ip address updating method, apparatus, and device, and computer storage medium | |
US10951605B2 (en) | Centrally managing data for distributed identity-based firewalling | |
US20210336856A1 (en) | Decentralized auto-scaling of network architectures | |
CN110930253B (en) | Method and device for generating main key inside intelligent contract, computer equipment and storage medium | |
US11663058B1 (en) | Preemptive filtering of events of an event bus with a deterministic filter | |
WO2022022248A1 (en) | Threat intelligence emergency response method and apparatus | |
CN115328509A (en) | Algorithm changing method, device, computer equipment and storage medium | |
GB2546135A (en) | Robust computing device identification framework | |
CN112187900A (en) | DNS data updating method and system based on block chain shared cache | |
US20190155790A1 (en) | Event-based synchronization in a file sharing environment | |
CN112989404A (en) | Log management method based on block chain and related equipment | |
JP4438805B2 (en) | Information diffusion prevention method in P2P (Peer to Peer) network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20858427 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20858427 Country of ref document: EP Kind code of ref document: A1 |