WO2022150961A1 - Blockchain security monitoring method and apparatus, electronic device and storage medium - Google Patents

Blockchain security monitoring method and apparatus, electronic device and storage medium Download PDF

Info

Publication number
WO2022150961A1
WO2022150961A1 PCT/CN2021/071245 CN2021071245W WO2022150961A1 WO 2022150961 A1 WO2022150961 A1 WO 2022150961A1 CN 2021071245 W CN2021071245 W CN 2021071245W WO 2022150961 A1 WO2022150961 A1 WO 2022150961A1
Authority
WO
WIPO (PCT)
Prior art keywords
monitoring
node
detected
storage
nodes
Prior art date
Application number
PCT/CN2021/071245
Other languages
French (fr)
Chinese (zh)
Inventor
王毅
马佳玲
陈洁欣
廖竞
罗秋明
毛睿
Original Assignee
深圳大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳大学 filed Critical 深圳大学
Priority to PCT/CN2021/071245 priority Critical patent/WO2022150961A1/en
Publication of WO2022150961A1 publication Critical patent/WO2022150961A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring

Definitions

  • the present application relates to the field of blockchain technology, and in particular, to a blockchain security monitoring method, device, electronic device and storage medium.
  • blockchain storage is a trend in the future development of the storage industry.
  • how to verify the correctness of users' stored data and the reliability of storage nodes is a very important issue.
  • a data strip is usually randomly selected in the blockchain, and the blockchain nodes corresponding to the data strip are randomly monitored for security.
  • the present application provides a blockchain security monitoring method, device, electronic device and storage medium to solve the defects of the prior art such as low reliability.
  • a first aspect of the present application provides a blockchain security monitoring method, including:
  • monitoring resources are allocated for each stored data block, so as to perform security monitoring on the nodes to be detected.
  • selecting the node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data stripe to be detected includes:
  • each trusted storage node with the same monitoring priority update the monitoring priority of each trusted storage node based on the descending sorting result of the usage of each trusted storage node;
  • a node to be detected is selected from the reliability storage nodes.
  • it further includes: in the storage nodes corresponding to the data stripes to be detected, screening new nodes that are newly added within a preset time;
  • a new node to be detected is selected from the new nodes
  • monitoring resources are allocated to each stored data block, so as to perform security monitoring of the new node to be detected.
  • selecting a new node to be detected from the new nodes based on the monitoring frequency and joining time of each new node including:
  • a new node to be detected is selected from the new nodes.
  • the monitoring resources are allocated to each stored data block, so that the nodes to be detected are allocated monitoring resources.
  • Security monitoring including:
  • the access frequency of the storage data block determine the data block level corresponding to the storage data block
  • monitoring resources are allocated to each storage data block, so as to perform security monitoring on the node to be detected.
  • the method before selecting the node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data stripe to be detected, the method further includes:
  • the confidence of each storage node is calculated according to the historical monitoring records.
  • a second aspect of the present application provides a blockchain security monitoring device, including:
  • an acquisition module used to acquire the data strip to be detected and the total amount of preset monitoring resources
  • a determination module configured to select a node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data strip to be detected;
  • the monitoring module is configured to allocate monitoring resources for each stored data block based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources and according to the access frequency of the stored data blocks in the nodes to be detected, so as to ensure the security of the nodes to be detected monitor.
  • the determining module is specifically used for:
  • each trusted storage node with the same monitoring priority update the monitoring priority of each trusted storage node based on the descending sorting result of the usage of each trusted storage node;
  • a node to be detected is selected from the reliability storage nodes.
  • the determining module is further used for:
  • a new node to be detected is selected from the new nodes
  • monitoring resources are allocated to each stored data block, so as to perform security monitoring of the new node to be detected.
  • the determining module is specifically used for:
  • a new node to be detected is selected from the new nodes.
  • the monitoring module is specifically used for:
  • the access frequency of the storage data block determine the data block level corresponding to the storage data block
  • monitoring resources are allocated to each storage data block, so as to perform security monitoring on the node to be detected.
  • the determining module is further used for:
  • the confidence of each storage node is calculated according to the historical monitoring records.
  • the determining module is further used for:
  • a third aspect of the present application provides an electronic device, including: at least one processor and a memory;
  • the memory stores computer-executable instructions
  • the at least one processor executes computer-implemented instructions stored in the memory to cause the at least one processor to perform the methods described above in the first aspect and various possible designs of the first aspect.
  • a fourth aspect of the present application provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when a processor executes the computer-executable instructions, the first aspect and the first Aspects various possible designs of the described method.
  • the blockchain security monitoring method, device, electronic device and storage medium provided by this application by obtaining the data strip to be detected and the total amount of preset monitoring resources; and usage, select the node to be detected; based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources, according to the access frequency of the stored data block in the node to be detected, allocate monitoring resources for each stored data block to the node to be detected Conduct safety monitoring.
  • the nodes to be detected are selected according to the confidence, detection frequency and usage of each storage node, and monitoring resources are allocated according to the access frequency of each storage data block in the node, which balances the monitoring of each storage node.
  • the frequency of monitoring resources is reasonably allocated, which improves the reliability of security monitoring results and lays a foundation for improving the security of the blockchain storage system.
  • FIG. 1 is a schematic structural diagram of a blockchain security monitoring system based on an embodiment of the application
  • FIG. 2 is a schematic flowchart of a blockchain security monitoring method provided by an embodiment of the present application.
  • FIG. 3 is a schematic structural diagram of a blockchain security monitoring device provided by an embodiment of the present application.
  • FIG. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
  • a data strip is usually randomly selected in the blockchain, and the blockchain nodes corresponding to the data strip are randomly monitored for security.
  • the security monitoring of blockchain nodes is carried out based on the existing technology, some nodes may be monitored frequently, while some nodes cannot be monitored for a long time, which is not conducive to Ensure the reliability of safety monitoring results.
  • the blockchain security monitoring method, device, electronic device and storage medium obtained the data stripe to be detected and the total amount of preset monitoring resources; according to the storage node corresponding to the data stripe to be detected Based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources, according to the access frequency of the stored data blocks in the nodes to be detected, the monitoring nodes are allocated to each stored data block. resources for security monitoring of nodes to be detected.
  • the nodes to be detected are selected according to the confidence, detection frequency and usage of each storage node, and monitoring resources are allocated according to the access frequency of each storage data block in the node, which balances the monitoring of each storage node.
  • the frequency of monitoring resources is reasonably allocated, which improves the reliability of security monitoring results and lays a foundation for improving the security of the blockchain storage system.
  • the blockchain security monitoring method, device, electronic device, and storage medium provided by the embodiments of this application are suitable for security monitoring of storage nodes in a blockchain storage system.
  • FIG. 1 it is a schematic structural diagram of the blockchain security monitoring system based on the embodiment of the application, which mainly includes a blockchain storage system, a monitoring sequence construction device, and an area for performing security monitoring on the blockchain storage system.
  • Blockchain security monitoring device Specifically, a monitoring sequence construction device can be used to randomly select data strips in the blockchain storage system, and store the data strips in sequence according to the selection order to construct a monitoring sequence. Detecting data strips, determining nodes to be detected and new nodes to be detected according to the extracted data strips to be detected, and further filling the selected nodes to be detected into the monitoring sequence, and sequentially performing safety monitoring on the nodes in the monitoring sequence .
  • the embodiments of the present application provide a blockchain security monitoring method, which is used for security monitoring of storage nodes in a blockchain storage system.
  • the execution body of the embodiment of the present application is an electronic device, such as a server, a desktop computer, a notebook computer, a tablet computer, and other electronic devices that can be used for security monitoring.
  • FIG. 2 a schematic flowchart of a blockchain security monitoring method provided by an embodiment of the present application, the method includes:
  • Step 201 Acquire the data strip to be detected and the total amount of preset monitoring resources.
  • the preset total amount of monitoring resources may specifically refer to the set number of security monitoring per hour, also called the number of audits, which may be specifically set according to the actual situation, which is not limited in this embodiment of the present application.
  • Step 202 Select a node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data strip to be detected.
  • the monitoring frequency refers to the number of times of being monitored, that is, the number of times of being audited within the preset security monitoring period.
  • the blockchain area storage system includes trusted storage nodes and untrusted storage nodes, which can be distinguished according to the confidence of the storage nodes.
  • security monitoring is usually only performed on trusted storage nodes. Therefore, the node to be detected can be selected among the trusted storage nodes.
  • a storage node with a lower monitoring frequency may be selected as the node to be detected.
  • the usage of each storage node can also be comprehensively considered, so as to select the nodes to be detected that most require security monitoring.
  • Step 203 Based on the preset monitoring resource allocation rule and the preset total amount of monitoring resources, and according to the access frequency of the stored data blocks in the nodes to be detected, monitoring resources are allocated to each stored data block, so as to perform security monitoring on the nodes to be detected.
  • monitoring resources may be allocated to each storage data block in proportion to allocate monitoring resources reasonably. Specifically, it refers to the number of security monitoring allocated to each storage node, that is, the number of audits allocated to each storage node.
  • the method further includes:
  • Step 301 in the storage nodes corresponding to the data stripes to be detected, filter new nodes that are newly added within a preset time;
  • Step 302 based on the monitoring frequency and joining time of each new node, select a new node to be detected from the new nodes;
  • Step 303 Based on a preset monitoring resource allocation rule and a preset total amount of monitoring resources, and according to the monitoring frequency of the stored data blocks in the new node to be detected, allocate monitoring resources to each stored data block, so as to perform security monitoring on the new node to be detected.
  • a common new node screening method may be used to screen new nodes among the multiple storage storage nodes corresponding to the data stripes to be detected.
  • the new node with the lowest monitoring frequency can be selected as the new node to be detected. If there are multiple new nodes with the lowest monitoring frequency, among these new nodes with the lowest monitoring frequency, the new node with the earliest joining time is selected. The node is a new node on the side to be detected.
  • the monitoring priority corresponding to each new node may be determined according to the ascending sorting result of the monitoring frequency corresponding to each new node; for each new node with the same monitoring priority, based on According to the order of the joining time of each new node, the monitoring priority of each new node is updated; according to the updated monitoring priority of each new node, a new node to be detected is selected from the new nodes.
  • the monitoring priority is divided for the new node. If the monitoring priority of multiple new nodes is the highest at the same time, that is, the monitoring frequency of multiple new nodes is tied for the lowest, then these new nodes are sorted again according to the joining time of each new node corresponding to the monitoring priority, that is, the The monitoring priority of each new node is updated, and finally the new node with the lowest monitoring frequency and the earliest joining time is selected as the new node to be detected.
  • selecting the node to be detected (step 202 ) according to the confidence, monitoring frequency and usage of the storage node corresponding to the data stripe to be detected may include:
  • Step 2021 according to the confidence level of the storage node, filter the trusted storage node in the storage node;
  • Step 2022 Determine the monitoring priority corresponding to each trusted storage node according to the ascending sorting result of the monitoring frequencies of the trusted storage nodes;
  • Step 2023 for each trusted storage node with the same monitoring priority, update the monitoring priority of each trusted storage node based on the descending sorting result of the usage of each trusted storage node;
  • Step 2024 according to the updated monitoring priority of each trusted storage node, select a node to be detected from the trusted storage nodes.
  • the monitoring priority is divided for the trusted storage nodes. If the monitoring priority of multiple trusted storage nodes is the highest at the same time, that is, the monitoring frequency of multiple trusted storage nodes is tied for the lowest, then according to the usage of each trusted storage node corresponding to the monitoring priority, The trusted storage nodes are sorted again, that is, the monitoring priority of each trusted storage node is updated, and finally the trusted storage node with the lowest monitoring frequency and the largest usage is selected as the node to be detected.
  • the first total amount of monitoring resources corresponding to the node to be detected may be determined based on a preset monitoring resource allocation rule and a preset total amount of monitoring resources; the storage data may be determined according to the access frequency of the stored data blocks.
  • the first total amount of monitoring resources is to allocate monitoring resources to each storage data block to perform security monitoring on nodes to be detected.
  • the data block level of the storage data block with lower access frequency may be determined as the first level
  • the data block level of the storage data block with normal access frequency may be determined as the second level
  • the data block of the storage data block with higher access frequency may be determined as the second level.
  • the block level is determined to be level three. If the number of third-level storage data blocks in the node to be detected is m, the number of second-level storage data blocks is k, and the number of first-level storage data blocks is t.
  • the number of times that each trusted storage node is audited every d days can be defined as adNumperw, and its calculation formula is:
  • adNumperw blAdNum*24*d/blNum
  • blAdNum represents the total number of audit times per hour of all trusted storage nodes, and blNum represents the number of trusted storage nodes in the data strip to be detected.
  • the total number of audit times per hour of all trusted storage nodes can be calculated according to the following formula:
  • blAdNum numperh*blNum/(blNum+newNum)
  • numperh represents the total amount of preset monitoring resources
  • newNum represents the number of new nodes in the data strip to be detected.
  • the secondary storage data block that defines the normal access frequency is allocated x 2 audit times every d days, that is, the allocated monitoring resources are x 2 :
  • the secondary storage data block with lower access frequency is defined, and the number of audits allocated every d days is x 3 , that is, the allocated monitoring resources are x 3 :
  • the allocation is carried out in units of d days.
  • the first x 1 time is to select the third-level storage data block
  • the next x 2 times are to select the second-level storage data block
  • the last x 3 times are to select the first-level storage data block.
  • the storage data block is selected according to the access frequency, and the security monitoring is performed first if the access frequency is high.
  • the second total amount of monitoring resources corresponding to the new node to be detected may be determined based on a preset monitoring resource allocation rule and a preset total amount of monitoring resources;
  • the access frequency of the data blocks determines the data block level corresponding to the storage data block; according to the data block level corresponding to each storage data block and the number of storage data blocks contained in each data block level, the resource allocation ratio of each storage data block is determined; according to The resource allocation ratio of each storage data block and the total amount of the second monitoring resources are used to allocate monitoring resources for each storage data block, so as to perform security monitoring on the new node to be detected.
  • newadNumperw the number of times each new node is audited every d days (the second total amount of monitoring resources)
  • newadNumperw the number of times each new node is audited every d days
  • newAdNum represents the total number of audit times per hour of all new nodes
  • newNum represents the number of trusted storage nodes in the data strip to be detected.
  • the total number of audits per hour for all new nodes can be calculated according to the following formula:
  • newAdNum numperh*newNum/(blNum+newNum)
  • numperh represents the total amount of preset monitoring resources
  • blNum represents the number of trusted storage nodes in the data strip to be detected.
  • the sum of the resource allocation ratios corresponding to each data block level may be 1.
  • security monitoring may be performed on the obtained storage data blocks with few monitoring resources first.
  • the second total amount of monitoring resources corresponding to the new node to be detected may be determined based on the preset monitoring resource allocation rule and the preset total amount of monitoring resources; the second total amount of monitoring resources is equally divided into Each storage data block in the new node to be detected.
  • the security monitoring sequence of each stored data block is determined, and specifically, the security monitoring may be performed on the stored data block with high access frequency first.
  • the Methods before selecting the node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data stripe to be detected, the Methods also include:
  • Step 401 obtaining historical monitoring records of each storage node
  • Step 402 Calculate the confidence of each storage node based on a preset confidence calculation rule and historical monitoring records.
  • the confidence level stConflevel of the storage node can be calculated according to the following formula:
  • stConflevel the number of times the storage node has passed the audit in the last d days/the total number of audits of the storage node in the last d days.
  • the number of audits passed in the last d days and the total number of audits in the last d days can be obtained according to the historical monitoring records.
  • trusted storage node is defined as:
  • the untrusted storage node is defined as:
  • the time interval between the current node to be detected and the previous historical monitoring time is not is less than the preset time threshold; if so, abandon the current node to be detected.
  • the preset time threshold may be one hour. If it is determined that the last security monitoring time of the currently selected node to be detected is less than one hour away from the current time, in order to avoid multiple security monitoring of a certain storage node in a short period of time ( Audit), and other storage nodes do not have the opportunity for security monitoring for a long time, they will abandon the current node to be detected, and re-select a new node to be detected.
  • an embodiment of the present application provides a monitoring sequence construction device that can construct a monitoring sequence, specifically constructing a stripe sequence with a length of n, wherein the data strip is also called stripe, and the stripe sequence is taken each time.
  • the first to be audited is defined as N
  • the maximum storage stripe sequence space provided by the audit center is defined as adSpace. Since the storage space of each audit center may be different, if adSpace is set to a fixed value Obviously unreasonable, because the audit center does not only store stripe sequences, but also other contents, it is impossible to fill the storage space of the entire audit center. This method will use half of the storage space of the audit center, so it is possible to obtain The calculation formula of adSpace is:
  • N adSpace/stripe size (n ⁇ N)
  • the stripe sequence of the audit center needs to be filled.
  • the node to be detected and the new node to be detected selected in the above embodiment may be filled into the stripe sequence.
  • the filling method is: when the user saves the file, a random stripe of a segment is randomly selected and added to the stripe queue.
  • the random method of the segment is:
  • stripe number (current unix timestamp) mod (the number of stripes divided by the segment)
  • the data to be stored by the user will first be divided into segments (segments) of the same size, and then each segment is encrypted and divided into smaller data stripes (stripes), and each stripe is passed through Erasure After Encoding, it is divided into several data blocks (share) and stored in different storage nodes. And in the process of splitting, a segment number is allocated to each segment, and a stripe number is allocated to each stripe.
  • the above random selection method is only an exemplary random selection method, and other random selection methods may also be adopted, which are not limited in the embodiments of the present application.
  • fill the selected stripe into the stripe sequence and the number of fillings shall not exceed N.
  • a new filling strategy is adopted. Specifically, the above embodiment can be used. The selected nodes to be detected, new nodes to be detected and storage data blocks are filled into the stripe sequence.
  • the blockchain security monitoring method obtains the data strip to be detected and the total amount of preset monitoring resources; Detecting nodes; based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources, and according to the access frequency of the stored data blocks in the nodes to be detected, allocating monitoring resources to each stored data block, so as to perform security monitoring on the nodes to be detected.
  • the nodes to be detected are selected according to the confidence, detection frequency and usage of each storage node, and monitoring resources are allocated according to the access frequency of each storage data block in the node, which balances the monitoring of each storage node.
  • the frequency of monitoring resources is reasonably allocated, which improves the reliability of security monitoring results and lays a foundation for improving the security of the blockchain storage system.
  • the security monitoring can also be performed on the newly added new node, which further improves the reliability of the obtained security monitoring result.
  • the trusted storage node can be audited first, and the new node can be audited later, so that the data stored by the user can be verified as soon as possible, and at the same time, the new node can be audited.
  • the embodiments of the present application provide a blockchain security monitoring device, which is used to execute the blockchain security monitoring method provided by the above embodiments.
  • the blockchain security monitoring device 30 includes an acquisition module 301 , a determination module 302 and a monitoring module 303 .
  • the acquisition module is used to acquire the data strip to be detected and the total amount of preset monitoring resources; the determination module is used to select the node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data strip to be detected The monitoring module is used to allocate monitoring resources for each stored data block based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources and according to the access frequency of the stored data blocks in the nodes to be detected, so as to monitor the security of the nodes to be detected. .
  • the determining module is specifically used for:
  • each trusted storage node with the same monitoring priority update the monitoring priority of each trusted storage node based on the descending sorting result of the usage of each trusted storage node;
  • a node to be detected is selected from the trusted storage nodes.
  • the determining module is further configured to:
  • a new node to be detected is selected from the new nodes
  • monitoring resources are allocated to each stored data block, so as to perform security monitoring on the new node to be detected.
  • the determining module is specifically used for:
  • a new node to be detected is selected from the new nodes.
  • the monitoring module is specifically used for:
  • the access frequency of the storage data block determine the data block level corresponding to the storage data block
  • monitoring resources are allocated to each storage data block, so as to perform security monitoring on the node to be detected.
  • the determining module is further configured to:
  • the confidence of each storage node is calculated.
  • the determining module is further configured to:
  • the blockchain security monitoring device provided by the embodiment of the present application is used to execute the blockchain security monitoring method provided by the above-mentioned embodiment, and the implementation method and principle are the same, and are not repeated here.
  • the embodiment of the present application provides an electronic device for executing the blockchain security monitoring method provided by the above embodiment.
  • the electronic device 40 includes: at least one processor 41 and a memory 42;
  • the memory stores computer-executable instructions; at least one processor executes the computer-executable instructions stored in the memory, so that the at least one processor executes the blockchain security monitoring method provided in the above embodiment.
  • An electronic device provided by an embodiment of the present application is used to execute the blockchain security monitoring method provided by the above-mentioned embodiment, and its implementation manner is the same as the principle, which will not be repeated.
  • Embodiments of the present application provide a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the processor executes the computer-executable instructions, the blockchain security monitoring method provided in any of the above embodiments is implemented.
  • the storage medium containing the computer-executable instructions of the embodiments of the present application can be used to store the computer-executable instructions of the blockchain security monitoring method provided in the foregoing embodiments.

Abstract

A blockchain security monitoring method and apparatus, an electronic device and a storage medium. The method comprises: obtaining a data strip to be detected and a preset total quantity of monitoring resources (201); selecting, according to the confidence level, monitoring frequency and usage amount of a storage node corresponding to said data strip, a node to be detected (202); and allocating, on the basis of a preset monitoring resource allocation rule and the preset total quantity of monitoring resources, a monitoring resource for each storage data block according to the access frequencies of storage data blocks in the node to be detected, so as to perform security monitoring on said node (203). In the method, by selecting, according to the confidence level, monitoring frequency and usage amount of each storage node, the node to be detected, and further allocating monitoring resources according to the access frequency of each storage data block in the node, the monitoring frequency of each storage node is balanced, and the monitoring resources are reasonably allocated, thereby improving the reliability of a security monitoring result, and laying a foundation for improving the security of a blockchain storage system.

Description

一种区块链安全监测方法、装置、电子设备及存储介质A blockchain security monitoring method, device, electronic device and storage medium 技术领域technical field
本申请涉及区块链技术领域,尤其涉及一种区块链安全监测方法、装置、电子设备及存储介质。The present application relates to the field of blockchain technology, and in particular, to a blockchain security monitoring method, device, electronic device and storage medium.
背景技术Background technique
目前,人们对于数据存储的私密性、安全性和正确性提出了更高的要求,传统的存储办法面临巨大挑战,因此区块链存储是未来存储界发展的一种趋势。在区块链存储中,如何验证用户存储数据的正确性,验证存储节点的可靠性是一个非常重要的问题。At present, people have put forward higher requirements for the privacy, security and correctness of data storage, and traditional storage methods are facing great challenges. Therefore, blockchain storage is a trend in the future development of the storage industry. In blockchain storage, how to verify the correctness of users' stored data and the reliability of storage nodes is a very important issue.
在现有技术中,通常在区块链中随机选取数据条带,对该数据条带对应的区块链节点随机进行安全监测。In the prior art, a data strip is usually randomly selected in the blockchain, and the blockchain nodes corresponding to the data strip are randomly monitored for security.
但是,由于区块链网络中区块链节点众多,若基于现有技术对区块链节点进行安全监测,可能出现有些节点频繁被监测,而有些节点长时间得不到监测的情况,不利于保障安全监测结果的可靠性。因此,急需一种可以保障安全监测结果的可靠性的区块链安全监测方法,对提高区块链存储系统的安全性有重要意义。However, due to the large number of blockchain nodes in the blockchain network, if the security monitoring of blockchain nodes is carried out based on the existing technology, some nodes may be monitored frequently, while some nodes cannot be monitored for a long time, which is not conducive to Ensure the reliability of safety monitoring results. Therefore, there is an urgent need for a blockchain security monitoring method that can ensure the reliability of security monitoring results, which is of great significance for improving the security of blockchain storage systems.
发明内容SUMMARY OF THE INVENTION
本申请提供一种区块链安全监测方法、装置、电子设备及存储介质,以解决现有技术的可靠性较低等缺陷。The present application provides a blockchain security monitoring method, device, electronic device and storage medium to solve the defects of the prior art such as low reliability.
本申请第一个方面提供一种区块链安全监测方法,包括:A first aspect of the present application provides a blockchain security monitoring method, including:
获取待检测数据条带及预设监测资源总量;Obtain the data strips to be detected and the total amount of preset monitoring resources;
根据所述待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点;selecting a node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data strip to be detected;
基于预设的监测资源分配规则和所述预设监测资源总量,根据待检测节点中存储数据块的访问频率,为各存储数据块分配监测资源,以对待检测节 点进行安全监测。Based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources, and according to the access frequency of the stored data blocks in the nodes to be detected, monitoring resources are allocated for each stored data block, so as to perform security monitoring on the nodes to be detected.
可选的,所述根据所述待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点,包括:Optionally, selecting the node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data stripe to be detected includes:
根据所述存储节点的置信度,在所述存储节点中筛选可信存储节点;Screening trusted storage nodes in the storage nodes according to the confidence of the storage nodes;
根据所述可信存储节点的监测频率的升序排序结果,确定各可信存储节点对应的监测优先级;Determine the monitoring priority corresponding to each trusted storage node according to the ascending sorting result of the monitoring frequency of the trusted storage node;
对于同一监测优先级的各可信存储节点,基于各可信存储节点的使用量的降序排序结果,对各可信存储节点的监测优先级进行更新;For each trusted storage node with the same monitoring priority, update the monitoring priority of each trusted storage node based on the descending sorting result of the usage of each trusted storage node;
根据更新后的各可信存储节点的监测优先级,在所述可信度存储节点中选取待检测节点。According to the updated monitoring priority of each trusted storage node, a node to be detected is selected from the reliability storage nodes.
可选的,还包括:在所述待检测数据条带对应的存储节点中,筛选在预设时间内新加入的新节点;Optionally, it further includes: in the storage nodes corresponding to the data stripes to be detected, screening new nodes that are newly added within a preset time;
基于各新节点的监测频率和加入时间,在新节点中选取待检测新节点;Based on the monitoring frequency and joining time of each new node, a new node to be detected is selected from the new nodes;
基于预设的监测资源分配规则和所述预设监测资源总量,根据待检测新节点中存储数据块的监测频率,为各存储数据块分配监测资源,以对待检测新节点进行安全监测。Based on the preset monitoring resource allocation rule and the preset total amount of monitoring resources, and according to the monitoring frequency of the stored data blocks in the new node to be detected, monitoring resources are allocated to each stored data block, so as to perform security monitoring of the new node to be detected.
可选的,所述基于各新节点的监测频率和加入时间,在新节点中选取待检测新节点,包括:Optionally, selecting a new node to be detected from the new nodes based on the monitoring frequency and joining time of each new node, including:
根据各新节点对应的监测频率的升序排序结果,确定各新节点对应的监测优先级;Determine the monitoring priority corresponding to each new node according to the ascending sorting result of the monitoring frequency corresponding to each new node;
对于同一监测优先级的各新节点,基于各新节点的加入时间的顺序,对各新节点的监测优先级进行更新;For each new node with the same monitoring priority, update the monitoring priority of each new node based on the order of the joining time of each new node;
根据更新后的各新节点的监测优先级,在所述新节点中选取待检测新节点。According to the updated monitoring priority of each new node, a new node to be detected is selected from the new nodes.
可选的,所述基于预设的监测资源分配规则和所述预设监测资源总量,根据待检测节点中存储数据块的访问频率,为各存储数据块分配监测资源,以对待检测节点进行安全监测,包括:Optionally, based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources, and according to the access frequency of the stored data blocks in the nodes to be detected, the monitoring resources are allocated to each stored data block, so that the nodes to be detected are allocated monitoring resources. Security monitoring, including:
基于预设的监测资源分配规则和所述预设监测资源总量,确定待检测节点对应的第一监测资源总量;Determine the first total amount of monitoring resources corresponding to the node to be detected based on the preset monitoring resource allocation rule and the preset total amount of monitoring resources;
根据所述存储数据块的访问频率,确定存储数据块对应的数据块等级;According to the access frequency of the storage data block, determine the data block level corresponding to the storage data block;
根据各存储数据块对应的数据块等级和各数据块等级包含的存储数据块的数量,确定各存储数据块的资源分配比例;Determine the resource allocation ratio of each storage data block according to the data block level corresponding to each storage data block and the number of storage data blocks included in each data block level;
根据所述各存储数据块的资源分配比例和所述第一监测资源总量,为各存储数据块分配监测资源,以对所述待检测节点进行安全监测。According to the resource allocation ratio of each storage data block and the total amount of the first monitoring resources, monitoring resources are allocated to each storage data block, so as to perform security monitoring on the node to be detected.
可选的,在根据所述待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点之前,所述方法还包括:Optionally, before selecting the node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data stripe to be detected, the method further includes:
获取各所述存储节点的历史监测记录;Obtain historical monitoring records of each of the storage nodes;
基于预设的置信度计算规则,根据所述历史监测记录,计算各所述存储节点的置信度。Based on a preset confidence calculation rule, the confidence of each storage node is calculated according to the historical monitoring records.
可选的,还包括:Optionally, also include:
判断当前待检测节点与上一历史监测时间的时间间隔是否小于预设时间阈值;Determine whether the time interval between the current node to be detected and the last historical monitoring time is less than a preset time threshold;
若是,则放弃所述当前待检测节点。If so, abandon the current node to be detected.
本申请第二个方面提供一种区块链安全监测装置,包括:A second aspect of the present application provides a blockchain security monitoring device, including:
获取模块,用于获取待检测数据条带及预设监测资源总量;an acquisition module, used to acquire the data strip to be detected and the total amount of preset monitoring resources;
确定模块,用于根据所述待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点;a determination module, configured to select a node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data strip to be detected;
监测模块,用于基于预设的监测资源分配规则和所述预设监测资源总量,根据待检测节点中存储数据块的访问频率,为各存储数据块分配监测资源,以对待检测节点进行安全监测。The monitoring module is configured to allocate monitoring resources for each stored data block based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources and according to the access frequency of the stored data blocks in the nodes to be detected, so as to ensure the security of the nodes to be detected monitor.
可选的,所述确定模块,具体用于:Optionally, the determining module is specifically used for:
根据所述存储节点的置信度,在所述存储节点中筛选可信存储节点;Screening trusted storage nodes in the storage nodes according to the confidence of the storage nodes;
根据所述可信存储节点的监测频率的升序排序结果,确定各可信存储节点对应的监测优先级;Determine the monitoring priority corresponding to each trusted storage node according to the ascending sorting result of the monitoring frequency of the trusted storage node;
对于同一监测优先级的各可信存储节点,基于各可信存储节点的使用量的降序排序结果,对各可信存储节点的监测优先级进行更新;For each trusted storage node with the same monitoring priority, update the monitoring priority of each trusted storage node based on the descending sorting result of the usage of each trusted storage node;
根据更新后的各可信存储节点的监测优先级,在所述可信度存储节点中选取待检测节点。According to the updated monitoring priority of each trusted storage node, a node to be detected is selected from the reliability storage nodes.
可选的,所述确定模块,还用于:Optionally, the determining module is further used for:
在所述待检测数据条带对应的存储节点中,筛选在预设时间内新加入的 新节点;In the storage nodes corresponding to the data stripes to be detected, filter new nodes that are newly added within a preset time;
基于各新节点的监测频率和加入时间,在新节点中选取待检测新节点;Based on the monitoring frequency and joining time of each new node, a new node to be detected is selected from the new nodes;
基于预设的监测资源分配规则和所述预设监测资源总量,根据待检测新节点中存储数据块的监测频率,为各存储数据块分配监测资源,以对待检测新节点进行安全监测。Based on the preset monitoring resource allocation rule and the preset total amount of monitoring resources, and according to the monitoring frequency of the stored data blocks in the new node to be detected, monitoring resources are allocated to each stored data block, so as to perform security monitoring of the new node to be detected.
可选的,所述确定模块,具体用于:Optionally, the determining module is specifically used for:
根据各新节点对应的监测频率的升序排序结果,确定各新节点对应的监测优先级;Determine the monitoring priority corresponding to each new node according to the ascending sorting result of the monitoring frequency corresponding to each new node;
对于同一监测优先级的各新节点,基于各新节点的加入时间的顺序,对各新节点的监测优先级进行更新;For each new node with the same monitoring priority, update the monitoring priority of each new node based on the order of the joining time of each new node;
根据更新后的各新节点的监测优先级,在所述新节点中选取待检测新节点。According to the updated monitoring priority of each new node, a new node to be detected is selected from the new nodes.
可选的,所述监测模块,具体用于:Optionally, the monitoring module is specifically used for:
基于预设的监测资源分配规则和所述预设监测资源总量,确定待检测节点对应的第一监测资源总量;Determine the first total amount of monitoring resources corresponding to the node to be detected based on the preset monitoring resource allocation rule and the preset total amount of monitoring resources;
根据所述存储数据块的访问频率,确定存储数据块对应的数据块等级;According to the access frequency of the storage data block, determine the data block level corresponding to the storage data block;
根据各存储数据块对应的数据块等级和各数据块等级包含的存储数据块的数量,确定各存储数据块的资源分配比例;Determine the resource allocation ratio of each storage data block according to the data block level corresponding to each storage data block and the number of storage data blocks included in each data block level;
根据所述各存储数据块的资源分配比例和所述第一监测资源总量,为各存储数据块分配监测资源,以对所述待检测节点进行安全监测。According to the resource allocation ratio of each storage data block and the total amount of the first monitoring resources, monitoring resources are allocated to each storage data block, so as to perform security monitoring on the node to be detected.
可选的,所述确定模块,还用于:Optionally, the determining module is further used for:
获取各所述存储节点的历史监测记录;Obtain historical monitoring records of each of the storage nodes;
基于预设的置信度计算规则,根据所述历史监测记录,计算各所述存储节点的置信度。Based on a preset confidence calculation rule, the confidence of each storage node is calculated according to the historical monitoring records.
可选的,所述确定模块,还用于:Optionally, the determining module is further used for:
判断当前待检测节点与上一历史监测时间的时间间隔是否小于预设时间阈值;Determine whether the time interval between the current node to be detected and the last historical monitoring time is less than a preset time threshold;
若是,则放弃所述当前待检测节点。If so, abandon the current node to be detected.
本申请第三个方面提供一种电子设备,包括:至少一个处理器和存储器;A third aspect of the present application provides an electronic device, including: at least one processor and a memory;
所述存储器存储计算机执行指令;the memory stores computer-executable instructions;
所述至少一个处理器执行所述存储器存储的计算机执行指令,使得所述至少一个处理器执行如上第一个方面以及第一个方面各种可能的设计所述的方法。The at least one processor executes computer-implemented instructions stored in the memory to cause the at least one processor to perform the methods described above in the first aspect and various possible designs of the first aspect.
本申请第四个方面提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机执行指令,当处理器执行所述计算机执行指令时,实现如上第一个方面以及第一个方面各种可能的设计所述的方法。A fourth aspect of the present application provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when a processor executes the computer-executable instructions, the first aspect and the first Aspects various possible designs of the described method.
本申请技术方案,具有如下优点:The technical solution of the present application has the following advantages:
本申请提供的区块链安全监测方法、装置、电子设备及存储介质,通过获取待检测数据条带及预设监测资源总量;根据待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点;基于预设的监测资源分配规则和预设监测资源总量,根据待检测节点中存储数据块的访问频率,为各存储数据块分配监测资源,以对待检测节点进行安全监测。上述技术方案提供的方法,通过根据各存储节点的置信度、检测频率和使用量选择待检测节点,进一步根据该节点中各存储数据块的访问频率,分配监测资源,平衡了各存储节点的监测频率,并对监测资源进行了合理的分配,提高了安全监测结果的可靠性,为提高区块链存储系统的安全性奠定了基础。The blockchain security monitoring method, device, electronic device and storage medium provided by this application, by obtaining the data strip to be detected and the total amount of preset monitoring resources; and usage, select the node to be detected; based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources, according to the access frequency of the stored data block in the node to be detected, allocate monitoring resources for each stored data block to the node to be detected Conduct safety monitoring. In the method provided by the above technical solutions, the nodes to be detected are selected according to the confidence, detection frequency and usage of each storage node, and monitoring resources are allocated according to the access frequency of each storage data block in the node, which balances the monitoring of each storage node. The frequency of monitoring resources is reasonably allocated, which improves the reliability of security monitoring results and lays a foundation for improving the security of the blockchain storage system.
附图说明Description of drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following will briefly introduce the accompanying drawings used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present application, and for those of ordinary skill in the art, other drawings can also be obtained according to these drawings.
图1为本申请实施例基于的区块链安全监测系统的结构示意图;1 is a schematic structural diagram of a blockchain security monitoring system based on an embodiment of the application;
图2为本申请实施例提供的区块链安全监测方法的流程示意图;2 is a schematic flowchart of a blockchain security monitoring method provided by an embodiment of the present application;
图3为本申请实施例提供的区块链安全监测装置的结构示意图;3 is a schematic structural diagram of a blockchain security monitoring device provided by an embodiment of the present application;
图4为为本申请实施例提供的电子设备的结构示意图。FIG. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
通过上述附图,已示出本申请明确的实施例,后文中将有更详细的描述。这些附图和文字描述并不是为了通过任何方式限制本公开构思的范围,而是通过参考特定实施例为本领域技术人员说明本申请的概念。Specific embodiments of the present application have been shown by the above-mentioned drawings, and will be described in more detail hereinafter. These drawings and written descriptions are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the present application to those skilled in the art by referring to specific embodiments.
具体实施方式Detailed ways
为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be described clearly and completely below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments It is a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present application.
此外,术语“第一”、“第二”等仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。在以下各实施例的描述中,“多个”的含义是两个以上,除非另有明确具体的限定。In addition, the terms "first", "second", etc. are used for descriptive purposes only, and should not be construed as indicating or implying relative importance or implying the number of indicated technical features. In the description of the following embodiments, the meaning of "plurality" is two or more, unless otherwise expressly and specifically defined.
在现有技术中,通常是在区块链中随机选取数据条带,对该数据条带对应的区块链节点随机进行安全监测。但是,由于区块链网络中区块链节点众多,若基于现有技术对区块链节点进行安全监测,可能出现有些节点频繁被监测,而有些节点长时间得不到监测的情况,不利于保障安全监测结果的可靠性。In the prior art, a data strip is usually randomly selected in the blockchain, and the blockchain nodes corresponding to the data strip are randomly monitored for security. However, due to the large number of blockchain nodes in the blockchain network, if the security monitoring of blockchain nodes is carried out based on the existing technology, some nodes may be monitored frequently, while some nodes cannot be monitored for a long time, which is not conducive to Ensure the reliability of safety monitoring results.
针对上述问题,本申请实施例提供的区块链安全监测方法、装置、电子设备及存储介质,通过获取待检测数据条带及预设监测资源总量;根据待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点;基于预设的监测资源分配规则和预设监测资源总量,根据待检测节点中存储数据块的访问频率,为各存储数据块分配监测资源,以对待检测节点进行安全监测。上述技术方案提供的方法,通过根据各存储节点的置信度、检测频率和使用量选择待检测节点,进一步根据该节点中各存储数据块的访问频率,分配监测资源,平衡了各存储节点的监测频率,并对监测资源进行了合理的分配,提高了安全监测结果的可靠性,为提高区块链存储系统的安全性奠定了基础。In view of the above problems, the blockchain security monitoring method, device, electronic device and storage medium provided by the embodiments of the present application obtain the data stripe to be detected and the total amount of preset monitoring resources; according to the storage node corresponding to the data stripe to be detected Based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources, according to the access frequency of the stored data blocks in the nodes to be detected, the monitoring nodes are allocated to each stored data block. resources for security monitoring of nodes to be detected. In the method provided by the above technical solutions, the nodes to be detected are selected according to the confidence, detection frequency and usage of each storage node, and monitoring resources are allocated according to the access frequency of each storage data block in the node, which balances the monitoring of each storage node. The frequency of monitoring resources is reasonably allocated, which improves the reliability of security monitoring results and lays a foundation for improving the security of the blockchain storage system.
下面这几个具体的实施例可以相互结合,对于相同或相似的概念或过程可能在某些实施例中不再赘述。下面将结合附图,对本申请实施例进行描述。The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be repeated in some embodiments. The embodiments of the present application will be described below with reference to the accompanying drawings.
首先,对本申请所基于的区块链安全监测系统的结构进行说明:First, the structure of the blockchain security monitoring system on which this application is based is explained:
本申请实施例提供的区块链安全监测方法、装置、电子设备及存储介质,适用于对区块链存储系统中的存储节点进行安全监测。如图1所示,为本申请实施例基于的区块链安全监测系统的结构示意图,主要包括区块链存储系 统、监测序列构建装置和用于对该区块链存储系统进行安全监测的区块链安全监测装置。具体地,可以利用监测序列构建装置在区块链存储系统中随机选取数据条带,并按照选取顺序对各数据条带进行按序存储,以构建监测序列,该装置在构建监测序列中提取待检测数据条带,根据所提取的待检测数据条带,确定待检测节点和待检测新节点,并进一步将所选取的待检测节点,填充至监测序列,依次对监测序列中的节点进行安全监测。The blockchain security monitoring method, device, electronic device, and storage medium provided by the embodiments of this application are suitable for security monitoring of storage nodes in a blockchain storage system. As shown in FIG. 1, it is a schematic structural diagram of the blockchain security monitoring system based on the embodiment of the application, which mainly includes a blockchain storage system, a monitoring sequence construction device, and an area for performing security monitoring on the blockchain storage system. Blockchain security monitoring device. Specifically, a monitoring sequence construction device can be used to randomly select data strips in the blockchain storage system, and store the data strips in sequence according to the selection order to construct a monitoring sequence. Detecting data strips, determining nodes to be detected and new nodes to be detected according to the extracted data strips to be detected, and further filling the selected nodes to be detected into the monitoring sequence, and sequentially performing safety monitoring on the nodes in the monitoring sequence .
本申请实施例提供了一种区块链安全监测方法,用于对区块链存储系统中的存储节点进行安全监测。本申请实施例的执行主体为电子设备,比如服务器、台式电脑、笔记本电脑、平板电脑及其他可用于进行安全监测的电子设备。The embodiments of the present application provide a blockchain security monitoring method, which is used for security monitoring of storage nodes in a blockchain storage system. The execution body of the embodiment of the present application is an electronic device, such as a server, a desktop computer, a notebook computer, a tablet computer, and other electronic devices that can be used for security monitoring.
如图2所示,为本申请实施例提供的区块链安全监测方法的流程示意图,该方法包括:As shown in FIG. 2 , a schematic flowchart of a blockchain security monitoring method provided by an embodiment of the present application, the method includes:
步骤201,获取待检测数据条带及预设监测资源总量。Step 201: Acquire the data strip to be detected and the total amount of preset monitoring resources.
需要解释的是,预设监测资源总量具体可以指设定的每小时安全监测次数,也称审计次数,具体可以根据实际情况进行设定,本申请实施例不做限定。It should be explained that the preset total amount of monitoring resources may specifically refer to the set number of security monitoring per hour, also called the number of audits, which may be specifically set according to the actual situation, which is not limited in this embodiment of the present application.
步骤202,根据待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点。Step 202: Select a node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data strip to be detected.
需要解释的是,监测频率是指在预设的安全监测周期内,被监测的次数,即被审计的次数。It should be explained that the monitoring frequency refers to the number of times of being monitored, that is, the number of times of being audited within the preset security monitoring period.
具体地,在区块链区存储系统中包括可信存储节点和不可信存储节点,具体可以根据存储节点的置信度来区分,为了避免浪费监测资源,通常只对可信存储节点进行安全监测,因此,可以在可信存储节点中选择待检测节点。Specifically, the blockchain area storage system includes trusted storage nodes and untrusted storage nodes, which can be distinguished according to the confidence of the storage nodes. In order to avoid wasting monitoring resources, security monitoring is usually only performed on trusted storage nodes. Therefore, the node to be detected can be selected among the trusted storage nodes.
进一步的,为了保障各存储节点的监测频率的平衡,可以选择监测频率较低的存储节点作为待检测节点。其中,为了保障存储节点中所存储的数据的安全性,在确定待检测节点时,也可以综合考虑各存储节点的使用量,以选取到最需要进行安全监测的待检测节点。Further, in order to ensure the balance of the monitoring frequency of each storage node, a storage node with a lower monitoring frequency may be selected as the node to be detected. Among them, in order to ensure the security of the data stored in the storage nodes, when determining the nodes to be detected, the usage of each storage node can also be comprehensively considered, so as to select the nodes to be detected that most require security monitoring.
步骤203,基于预设的监测资源分配规则和预设监测资源总量,根据待检测节点中存储数据块的访问频率,为各存储数据块分配监测资源,以对待检测节点进行安全监测。Step 203: Based on the preset monitoring resource allocation rule and the preset total amount of monitoring resources, and according to the access frequency of the stored data blocks in the nodes to be detected, monitoring resources are allocated to each stored data block, so as to perform security monitoring on the nodes to be detected.
具体地,可以根据所选取的待检测节点中的各存储数据块的使用情况,按比例为各存储数据块分配监测资源,以合理分配监测资源。具体是指为各存储节点分配安全监测的次数,即为各存储节点分配审计次数。Specifically, according to the usage of each storage data block in the selected node to be detected, monitoring resources may be allocated to each storage data block in proportion to allocate monitoring resources reasonably. Specifically, it refers to the number of security monitoring allocated to each storage node, that is, the number of audits allocated to each storage node.
在上述实施例的基础上,由于区块链存储系统中有很多新加入的存储节点,且这些新节点的置信度是未知的,为了进一步保障区块链安全监测结果的可靠性,作为一种可实施的方式,在一实施例中,该方法还包括:On the basis of the above embodiment, since there are many newly added storage nodes in the blockchain storage system, and the confidence of these new nodes is unknown, in order to further ensure the reliability of the blockchain security monitoring results, as a In an implementation manner, in one embodiment, the method further includes:
步骤301,在待检测数据条带对应的存储节点中,筛选在预设时间内新加入的新节点; Step 301, in the storage nodes corresponding to the data stripes to be detected, filter new nodes that are newly added within a preset time;
步骤302,基于各新节点的监测频率和加入时间,在新节点中选取待检测新节点; Step 302, based on the monitoring frequency and joining time of each new node, select a new node to be detected from the new nodes;
步骤303,基于预设的监测资源分配规则和预设监测资源总量,根据待检测新节点中存储数据块的监测频率,为各存储数据块分配监测资源,以对待检测新节点进行安全监测。Step 303: Based on a preset monitoring resource allocation rule and a preset total amount of monitoring resources, and according to the monitoring frequency of the stored data blocks in the new node to be detected, allocate monitoring resources to each stored data block, so as to perform security monitoring on the new node to be detected.
具体地,可以采用常用的新节点筛选方式,在待检测数据条带对应的多个存储存储节点中,筛选新节点。Specifically, a common new node screening method may be used to screen new nodes among the multiple storage storage nodes corresponding to the data stripes to be detected.
具体地,可以在各新节点中选取监测频率最低的新节点为待检测新节点,若有多个新节点监测频率并列最低,则在监测频率最低的这些新节点中,选择加入时间最早的新节点为待检测侧新节点。Specifically, the new node with the lowest monitoring frequency can be selected as the new node to be detected. If there are multiple new nodes with the lowest monitoring frequency, among these new nodes with the lowest monitoring frequency, the new node with the earliest joining time is selected. The node is a new node on the side to be detected.
具体地,在一实施例中,为了提高安全监测效率,可以根据各新节点对应的监测频率的升序排序结果,确定各新节点对应的监测优先级;对于同一监测优先级的各新节点,基于各新节点的加入时间的顺序,对各新节点的监测优先级进行更新;根据更新后的各新节点的监测优先级,在新节点中选取待检测新节点。Specifically, in an embodiment, in order to improve the safety monitoring efficiency, the monitoring priority corresponding to each new node may be determined according to the ascending sorting result of the monitoring frequency corresponding to each new node; for each new node with the same monitoring priority, based on According to the order of the joining time of each new node, the monitoring priority of each new node is updated; according to the updated monitoring priority of each new node, a new node to be detected is selected from the new nodes.
具体地,首先根据各新节点的监测频率,为新节点划分监测优先级。若同时有多个新节点的监测优先级为最高级,即多个新节点监测频率并列最低,则根据该监测优先级对应的各新节点的加入时间,对这些新节点再次进行排序,即对各新节点的监测优先级进行更新,最后选择监测频率最低,且加入时间最早的新节点为待检测新节点。Specifically, first, according to the monitoring frequency of each new node, the monitoring priority is divided for the new node. If the monitoring priority of multiple new nodes is the highest at the same time, that is, the monitoring frequency of multiple new nodes is tied for the lowest, then these new nodes are sorted again according to the joining time of each new node corresponding to the monitoring priority, that is, the The monitoring priority of each new node is updated, and finally the new node with the lowest monitoring frequency and the earliest joining time is selected as the new node to be detected.
类似的,在一实施例中,根据待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点(步骤202),可以包括:Similarly, in an embodiment, selecting the node to be detected (step 202 ) according to the confidence, monitoring frequency and usage of the storage node corresponding to the data stripe to be detected may include:
步骤2021,根据存储节点的置信度,在存储节点中筛选可信存储节点;Step 2021, according to the confidence level of the storage node, filter the trusted storage node in the storage node;
步骤2022,根据可信存储节点的监测频率的升序排序结果,确定各可信存储节点对应的监测优先级;Step 2022: Determine the monitoring priority corresponding to each trusted storage node according to the ascending sorting result of the monitoring frequencies of the trusted storage nodes;
步骤2023,对于同一监测优先级的各可信存储节点,基于各可信存储节点的使用量的降序排序结果,对各可信存储节点的监测优先级进行更新;Step 2023, for each trusted storage node with the same monitoring priority, update the monitoring priority of each trusted storage node based on the descending sorting result of the usage of each trusted storage node;
步骤2024,根据更新后的各可信存储节点的监测优先级,在可信度存储节点中选取待检测节点。Step 2024, according to the updated monitoring priority of each trusted storage node, select a node to be detected from the trusted storage nodes.
具体地,首先根据各可信存储节点的监测频率,为可信存储节点划分监测优先级。若同时有多个可信存储节点的监测优先级为最高级,即多个可信存储节点的监测频率并列最低,则根据该监测优先级对应的各可信存储节点的使用量,对这些可信存储节点再次进行排序,即对各可信存储节点的监测优先级进行更新,最后选择监测频率最低,且使用量最大的可信存储节点为待检测节点。Specifically, first, according to the monitoring frequency of each trusted storage node, the monitoring priority is divided for the trusted storage nodes. If the monitoring priority of multiple trusted storage nodes is the highest at the same time, that is, the monitoring frequency of multiple trusted storage nodes is tied for the lowest, then according to the usage of each trusted storage node corresponding to the monitoring priority, The trusted storage nodes are sorted again, that is, the monitoring priority of each trusted storage node is updated, and finally the trusted storage node with the lowest monitoring frequency and the largest usage is selected as the node to be detected.
进一步的,在一实施例中,可以基于预设的监测资源分配规则和预设监测资源总量,确定待检测节点对应的第一监测资源总量;根据存储数据块的访问频率,确定存储数据块对应的数据块等级;根据各存储数据块对应的数据块等级和各数据块等级包含的存储数据块的数量,确定各存储数据块的资源分配比例;根据各存储数据块的资源分配比例和第一监测资源总量,为各存储数据块分配监测资源,以对待检测节点进行安全监测。Further, in one embodiment, the first total amount of monitoring resources corresponding to the node to be detected may be determined based on a preset monitoring resource allocation rule and a preset total amount of monitoring resources; the storage data may be determined according to the access frequency of the stored data blocks. The data block level corresponding to the block; according to the data block level corresponding to each storage data block and the number of storage data blocks contained in each data block level, the resource allocation ratio of each storage data block is determined; according to the resource allocation ratio of each storage data block and The first total amount of monitoring resources is to allocate monitoring resources to each storage data block to perform security monitoring on nodes to be detected.
示例性的,可将访问频率较低的存储数据块的数据块等级确定为一级,将访问频率正常的存储数据块的数据块等级确定为二级,将访问频率较高的存储数据库的数据块等级确定为三级。若该待检测节点中三级存储数据块数量为m,二级存储数据块数量为k,一级存储数据块数量为t。其中,为了保证每个可信存储节点被审计的次数基本上相同,可以定义每个可信存储节点每d天被审计的次数(第一监测资源总量)为adNumperw,其计算公式为:Exemplarily, the data block level of the storage data block with lower access frequency may be determined as the first level, the data block level of the storage data block with normal access frequency may be determined as the second level, and the data block of the storage data block with higher access frequency may be determined as the second level. The block level is determined to be level three. If the number of third-level storage data blocks in the node to be detected is m, the number of second-level storage data blocks is k, and the number of first-level storage data blocks is t. Among them, in order to ensure that the number of times that each trusted storage node is audited is basically the same, the number of times that each trusted storage node is audited every d days (the total amount of first monitoring resources) can be defined as adNumperw, and its calculation formula is:
adNumperw=blAdNum*24*d/blNumadNumperw=blAdNum*24*d/blNum
其中,blAdNum表示所有可信存储节点的每小时审计次数的总量,blNum表示待检测数据条带中的可信存储节点的个数。Among them, blAdNum represents the total number of audit times per hour of all trusted storage nodes, and blNum represents the number of trusted storage nodes in the data strip to be detected.
其中,所有可信存储节点的每小时审计次数的总量可以根据如下公式计算:Among them, the total number of audit times per hour of all trusted storage nodes can be calculated according to the following formula:
blAdNum=numperh*blNum/(blNum+newNum)blAdNum=numperh*blNum/(blNum+newNum)
其中,numperh表示预设监测资源总量,newNum表示待检测数据条带中的新节点的个数。Wherein, numperh represents the total amount of preset monitoring resources, and newNum represents the number of new nodes in the data strip to be detected.
定义访问频率较高的三级存储数据块,每d天被分配审计次数为x 1,即分配到的监测资源为x 1Define the tertiary storage data block with high access frequency, and the number of audits allocated every d days is x 1 , that is, the allocated monitoring resources are x 1 :
Figure PCTCN2021071245-appb-000001
Figure PCTCN2021071245-appb-000001
其中,
Figure PCTCN2021071245-appb-000002
表示三级存储数据块的资源分配比例。 in,
Figure PCTCN2021071245-appb-000002
Indicates the resource allocation ratio of tertiary storage data blocks.
定义正常访问频率的二级存储数据块,每d天被分配审计次数为x 2即分配到的监测资源为x 2The secondary storage data block that defines the normal access frequency is allocated x 2 audit times every d days, that is, the allocated monitoring resources are x 2 :
Figure PCTCN2021071245-appb-000003
Figure PCTCN2021071245-appb-000003
其中,
Figure PCTCN2021071245-appb-000004
表示二级存储数据块的资源分配比例。 in,
Figure PCTCN2021071245-appb-000004
Indicates the resource allocation ratio of secondary storage data blocks.
定义较低访问频率的二级存储数据块,每d天被分配审计次数为x 3,即分配到的监测资源为x 3The secondary storage data block with lower access frequency is defined, and the number of audits allocated every d days is x 3 , that is, the allocated monitoring resources are x 3 :
Figure PCTCN2021071245-appb-000005
Figure PCTCN2021071245-appb-000005
其中,
Figure PCTCN2021071245-appb-000006
表示一级存储数据块的资源分配比例。 in,
Figure PCTCN2021071245-appb-000006
Indicates the resource allocation ratio of primary storage data blocks.
进一步的,以d天为单位进行分配,前x 1次选择三级存储数据块,接下来x 2次选择二级存储数据块,最后x 3次选择一级存储数据块,其中每一等级的存储数据块按照访问频率高低进行选择,访问频率高的先进行安全监测。 Further, the allocation is carried out in units of d days. The first x 1 time is to select the third-level storage data block, the next x 2 times are to select the second-level storage data block, and the last x 3 times are to select the first-level storage data block. The storage data block is selected according to the access frequency, and the security monitoring is performed first if the access frequency is high.
需要解释的是,对于本申请实施例提供的资源分配比例的确定规则,在三级存储数据块的数量较多的情况下,排序在后的存储数据块,如一级存储数据块,是得不到监测资源的,保障了三级存储数据块的安全监测效果。It should be explained that, with regard to the rules for determining the resource allocation ratio provided by the embodiments of the present application, in the case of a large number of tertiary storage data blocks, the storage data blocks that are sorted later, such as the first-level storage data blocks, are not necessary. When it comes to monitoring resources, the security monitoring effect of the tertiary storage data blocks is guaranteed.
类似的,在一实施例中,可以基于预设的监测资源分配规则和预设监测资源总量,确定待检测新节点对应的第二监测资源总量;根据待检测待检测新节点中的存储数据块的访问频率,确定存储数据块对应的数据块等级;根据各存储数据块对应的数据块等级和各数据块等级包含的存储数据块的数量,确定各存储数据块的资源分配比例;根据各存储数据块的资源分配比例和第二监测资源总量,为各存储数据块分配监测资源,以对待检测新节点进行安全监测。Similarly, in an embodiment, the second total amount of monitoring resources corresponding to the new node to be detected may be determined based on a preset monitoring resource allocation rule and a preset total amount of monitoring resources; The access frequency of the data blocks determines the data block level corresponding to the storage data block; according to the data block level corresponding to each storage data block and the number of storage data blocks contained in each data block level, the resource allocation ratio of each storage data block is determined; according to The resource allocation ratio of each storage data block and the total amount of the second monitoring resources are used to allocate monitoring resources for each storage data block, so as to perform security monitoring on the new node to be detected.
具体地,可以定义每个新节点每d天被审计的次数(第二监测资源总量) 为newadNumperw,其计算公式为:Specifically, the number of times each new node is audited every d days (the second total amount of monitoring resources) can be defined as newadNumperw, and its calculation formula is:
newadNumperw=newAdNum*24*d/newNumnewadNumperw=newAdNum*24*d/newNum
其中,newAdNum表示所有新节点的每小时审计次数的总量,newNum表示待检测数据条带中的可信存储节点的个数。Among them, newAdNum represents the total number of audit times per hour of all new nodes, and newNum represents the number of trusted storage nodes in the data strip to be detected.
其中,所有新节点的每小时审计次数的总量可以根据如下公式计算:Among them, the total number of audits per hour for all new nodes can be calculated according to the following formula:
newAdNum=numperh*newNum/(blNum+newNum)newAdNum=numperh*newNum/(blNum+newNum)
其中,numperh表示预设监测资源总量,blNum表示待检测数据条带中的可信存储节点的个数。Wherein, numperh represents the total amount of preset monitoring resources, and blNum represents the number of trusted storage nodes in the data strip to be detected.
具体地,为了保障待检测新节点中的各存储数据块都能被审计到,可以使各数据块等级对应的资源分配比例的和为1。Specifically, in order to ensure that each storage data block in the new node to be detected can be audited, the sum of the resource allocation ratios corresponding to each data block level may be 1.
进一步的,为了可以在短时间内,对多个存储数据块进行安全监测,可以先对得到的监测资源少的存储数据块进行安全监测。Further, in order to perform security monitoring on multiple storage data blocks in a short period of time, security monitoring may be performed on the obtained storage data blocks with few monitoring resources first.
类似的,在一实施例中,可以基于预设的监测资源分配规则和预设监测资源总量,确定待检测新节点对应的第二监测资源总量;将第二监测资源总量均分给待检测新节点中的各存储数据块。Similarly, in an embodiment, the second total amount of monitoring resources corresponding to the new node to be detected may be determined based on the preset monitoring resource allocation rule and the preset total amount of monitoring resources; the second total amount of monitoring resources is equally divided into Each storage data block in the new node to be detected.
进一步的,按照待检测新节点中各存储数据块的访问频率,确定各存储数据块的安全监测顺序,具体可以先对访问频率高的存储数据块进行安全监测。Further, according to the access frequency of each stored data block in the new node to be detected, the security monitoring sequence of each stored data block is determined, and specifically, the security monitoring may be performed on the stored data block with high access frequency first.
在上述实施例的基础上,作为一种可实施的方式,在一实施例中,在根据待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点之前,该方法还包括:On the basis of the above embodiment, as an implementable manner, in an embodiment, before selecting the node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data stripe to be detected, the Methods also include:
步骤401,获取各存储节点的历史监测记录;Step 401, obtaining historical monitoring records of each storage node;
步骤402,基于预设的置信度计算规则,根据历史监测记录,计算各存储节点的置信度。Step 402: Calculate the confidence of each storage node based on a preset confidence calculation rule and historical monitoring records.
示例性的,可以根据如下公式计算存储节点的置信度stConflevel:Exemplarily, the confidence level stConflevel of the storage node can be calculated according to the following formula:
stConflevel=该存储节点最近d天通过审计的次数/该存储节点最近d天总的审计次数。stConflevel=the number of times the storage node has passed the audit in the last d days/the total number of audits of the storage node in the last d days.
其中,最近d天通过审计的次数和最近d天总的审计次数可以根据历史监测记录得到。Among them, the number of audits passed in the last d days and the total number of audits in the last d days can be obtained according to the historical monitoring records.
进一步的,可信存储节点规定为:Further, the trusted storage node is defined as:
stConflevel≥0.99,且可信存储节点数量定义为blNum。stConflevel≥0.99, and the number of trusted storage nodes is defined as blNum.
相应的,不可信存储节点规定为:Correspondingly, the untrusted storage node is defined as:
stConflevel<0.99,且不可信存储节点数量定义为unblNum。stConflevel<0.99, and the number of untrusted storage nodes is defined as unblNum.
具体地,在一实施例中,为了避免在短时间内对某存储节点进行重复审计,浪费监测资源,在选取待检测节点时,可以判断当前待检测节点与上一历史监测时间的时间间隔是否小于预设时间阈值;若是,则放弃当前待检测节点。Specifically, in an embodiment, in order to avoid repeated auditing of a certain storage node in a short period of time and waste of monitoring resources, when selecting a node to be detected, it can be determined whether the time interval between the current node to be detected and the previous historical monitoring time is not is less than the preset time threshold; if so, abandon the current node to be detected.
具体地,预设时间阈值可以为一小时,若确定当前选取的待检测节点的上一次安全监测时间,距离当前时刻小于一小时,为了避免在短时间对某一存储节点进行多次安全监测(审计),而其他存储节点长时间得不到安全监测的机会,则放弃当前待检测节点,并重新选取新的待检测节点。Specifically, the preset time threshold may be one hour. If it is determined that the last security monitoring time of the currently selected node to be detected is less than one hour away from the current time, in order to avoid multiple security monitoring of a certain storage node in a short period of time ( Audit), and other storage nodes do not have the opportunity for security monitoring for a long time, they will abandon the current node to be detected, and re-select a new node to be detected.
示例性的,如图1所示,本申请实施例提供了可以构建监测序列的监测序列构建装置,具体是构建一个长度为n的stripe序列,其中数据条带也称stripe,每次取stripe序列的第一个进行审计。其中定义审计中心最长stripe序列长度为N,并定义审计中心能够提供的最大存储stripe序列的空间为adSpace,由于每个审计中心的存储空间可能不一样大,如果将adSpace设为一个固定的数值显然不合理,由于审计中心并不会只存储stripe序列,还会存储其他的内容,故不可能将整个审计中心的存储空间占满,本方法将使用审计中心存储空间的一半大小,因此可以得出adSpace的计算公式:Exemplarily, as shown in FIG. 1 , an embodiment of the present application provides a monitoring sequence construction device that can construct a monitoring sequence, specifically constructing a stripe sequence with a length of n, wherein the data strip is also called stripe, and the stripe sequence is taken each time. the first to be audited. Among them, the longest stripe sequence length of the audit center is defined as N, and the maximum storage stripe sequence space provided by the audit center is defined as adSpace. Since the storage space of each audit center may be different, if adSpace is set to a fixed value Obviously unreasonable, because the audit center does not only store stripe sequences, but also other contents, it is impossible to fill the storage space of the entire audit center. This method will use half of the storage space of the audit center, so it is possible to obtain The calculation formula of adSpace is:
adSpace=审计中心存储空间大小/2adSpace=Audit center storage space size/2
同样,由于每个审计中心的配置不同,也意味着虽然在同一个审计中心stripe大小相同,但是不同的审计中心的stripe大小不一定相同,因此,即使是不同审计中心有相同的adSpace,它们的最长stripe序列长度N也不一定相同,故本申请实施例规定N的公式如下:Similarly, because the configuration of each audit center is different, it also means that although the stripe size in the same audit center is the same, the stripe size of different audit centers is not necessarily the same. Therefore, even if different audit centers have the same adSpace, their The longest stripe sequence length N is not necessarily the same, so the formula for N specified in the embodiment of the present application is as follows:
N=adSpace/stripe大小(n≤N)N=adSpace/stripe size (n≤N)
当n<N时,便需要填充审计中心的stripe序列,具体可以将上述实施例所选取的待检测节点和待检测新节点填充至stripe序列。在初始状态的stripe序列中,填充方法为:当用户存入文件时,每次随机挑选一个segment的随机一个stripe加入stripe队列,segment的随机方法为:When n<N, the stripe sequence of the audit center needs to be filled. Specifically, the node to be detected and the new node to be detected selected in the above embodiment may be filled into the stripe sequence. In the stripe sequence in the initial state, the filling method is: when the user saves the file, a random stripe of a segment is randomly selected and added to the stripe queue. The random method of the segment is:
segment编号segment number
=(当前unix时间戳)mod(该用户文件切分的segment数量)= (current unix timestamp) mod (the number of segments the user file is divided into)
选出segment之后再选stripe的时候随机方法为:stripe编号=(当前unix时间戳)mod(该segment切分的stripe数量)After selecting a segment and then selecting a stripe, the random method is: stripe number = (current unix timestamp) mod (the number of stripes divided by the segment)
需要解释的是,用户要存储的数据会先被切分为大小相同的段(segment),然后每个segment经过加密之后被切分为更小的数据条带(stripe),每个stripe通过Erasure Encoding之后被分成几个数据块(share),存储到不同的存储节点。并且在进行切分的过程中,为各segment分配segment编号,为各stripe分配stripe编号。It needs to be explained that the data to be stored by the user will first be divided into segments (segments) of the same size, and then each segment is encrypted and divided into smaller data stripes (stripes), and each stripe is passed through Erasure After Encoding, it is divided into several data blocks (share) and stored in different storage nodes. And in the process of splitting, a segment number is allocated to each segment, and a stripe number is allocated to each stripe.
其中,上述的随机选取方式仅是一种示例性的随机选取方式,也可以采用采用其他随机选取方式,本申请实施例不做限定。The above random selection method is only an exemplary random selection method, and other random selection methods may also be adopted, which are not limited in the embodiments of the present application.
进一步的,将选好的stripe填充到stripe序列中,且填充数量不得超过N,该初始填充stripe序列方法持续d天后(这里规定d=7),采取新的填充策略,具体可以将上述实施例所选取的待检测节点、待检测新节点和存储数据块填充至stripe序列。Further, fill the selected stripe into the stripe sequence, and the number of fillings shall not exceed N. After the initial filling of the stripe sequence method lasts for d days (d=7 is specified here), a new filling strategy is adopted. Specifically, the above embodiment can be used. The selected nodes to be detected, new nodes to be detected and storage data blocks are filled into the stripe sequence.
本申请实施例提供的区块链安全监测方法,通过获取待检测数据条带及预设监测资源总量;根据待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点;基于预设的监测资源分配规则和预设监测资源总量,根据待检测节点中存储数据块的访问频率,为各存储数据块分配监测资源,以对待检测节点进行安全监测。上述技术方案提供的方法,通过根据各存储节点的置信度、检测频率和使用量选择待检测节点,进一步根据该节点中各存储数据块的访问频率,分配监测资源,平衡了各存储节点的监测频率,并对监测资源进行了合理的分配,提高了安全监测结果的可靠性,为提高区块链存储系统的安全性奠定了基础。并且,还可以对新加入的新节点进行安全监测,进一步提高了所得到的安全监测结果的可靠性。并且,可以让可信存储节点先审计,新节点后审计,这样使得用户存储的数据尽早的得到验证,同时又给新节点审计机会。The blockchain security monitoring method provided by the embodiments of the present application obtains the data strip to be detected and the total amount of preset monitoring resources; Detecting nodes; based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources, and according to the access frequency of the stored data blocks in the nodes to be detected, allocating monitoring resources to each stored data block, so as to perform security monitoring on the nodes to be detected. In the method provided by the above technical solutions, the nodes to be detected are selected according to the confidence, detection frequency and usage of each storage node, and monitoring resources are allocated according to the access frequency of each storage data block in the node, which balances the monitoring of each storage node. The frequency of monitoring resources is reasonably allocated, which improves the reliability of security monitoring results and lays a foundation for improving the security of the blockchain storage system. In addition, the security monitoring can also be performed on the newly added new node, which further improves the reliability of the obtained security monitoring result. In addition, the trusted storage node can be audited first, and the new node can be audited later, so that the data stored by the user can be verified as soon as possible, and at the same time, the new node can be audited.
本申请实施例提供了一种区块链安全监测装置,用于执行上述实施例提供的区块链安全监测方法。The embodiments of the present application provide a blockchain security monitoring device, which is used to execute the blockchain security monitoring method provided by the above embodiments.
如图3所示,为本申请实施例提供的区块链安全监测装置的结构示意图。 该区块链安全监测装置30包括获取模块301、确定模块302和监测模块303。As shown in FIG. 3 , it is a schematic structural diagram of a blockchain security monitoring device provided in an embodiment of the present application. The blockchain security monitoring device 30 includes an acquisition module 301 , a determination module 302 and a monitoring module 303 .
其中,获取模块,用于获取待检测数据条带及预设监测资源总量;确定模块,用于根据待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点;监测模块,用于基于预设的监测资源分配规则和预设监测资源总量,根据待检测节点中存储数据块的访问频率,为各存储数据块分配监测资源,以对待检测节点进行安全监测。Among them, the acquisition module is used to acquire the data strip to be detected and the total amount of preset monitoring resources; the determination module is used to select the node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data strip to be detected The monitoring module is used to allocate monitoring resources for each stored data block based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources and according to the access frequency of the stored data blocks in the nodes to be detected, so as to monitor the security of the nodes to be detected. .
具体地,在一实施例中,确定模块,具体用于:Specifically, in an embodiment, the determining module is specifically used for:
根据存储节点的置信度,在存储节点中筛选可信存储节点;According to the confidence of the storage node, filter the trusted storage nodes in the storage nodes;
根据可信存储节点的监测频率的升序排序结果,确定各可信存储节点对应的监测优先级;According to the ascending sorting result of the monitoring frequency of the trusted storage nodes, determine the monitoring priority corresponding to each trusted storage node;
对于同一监测优先级的各可信存储节点,基于各可信存储节点的使用量的降序排序结果,对各可信存储节点的监测优先级进行更新;For each trusted storage node with the same monitoring priority, update the monitoring priority of each trusted storage node based on the descending sorting result of the usage of each trusted storage node;
根据更新后的各可信存储节点的监测优先级,在可信度存储节点中选取待检测节点。According to the updated monitoring priority of each trusted storage node, a node to be detected is selected from the trusted storage nodes.
具体地,在一实施例中,确定模块,还用于:Specifically, in an embodiment, the determining module is further configured to:
在待检测数据条带对应的存储节点中,筛选在预设时间内新加入的新节点;In the storage nodes corresponding to the data stripes to be detected, filter the new nodes newly added within the preset time;
基于各新节点的监测频率和加入时间,在新节点中选取待检测新节点;Based on the monitoring frequency and joining time of each new node, a new node to be detected is selected from the new nodes;
基于预设的监测资源分配规则和预设监测资源总量,根据待检测新节点中存储数据块的监测频率,为各存储数据块分配监测资源,以对待检测新节点进行安全监测。Based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources, and according to the monitoring frequency of the data blocks stored in the new node to be detected, monitoring resources are allocated to each stored data block, so as to perform security monitoring on the new node to be detected.
具体地,在一实施例中,确定模块,具体用于:Specifically, in an embodiment, the determining module is specifically used for:
根据各新节点对应的监测频率的升序排序结果,确定各新节点对应的监测优先级;Determine the monitoring priority corresponding to each new node according to the ascending sorting result of the monitoring frequency corresponding to each new node;
对于同一监测优先级的各新节点,基于各新节点的加入时间的顺序,对各新节点的监测优先级进行更新;For each new node with the same monitoring priority, update the monitoring priority of each new node based on the order of the joining time of each new node;
根据更新后的各新节点的监测优先级,在新节点中选取待检测新节点。According to the updated monitoring priority of each new node, a new node to be detected is selected from the new nodes.
具体地,在一实施例中,监测模块,具体用于:Specifically, in one embodiment, the monitoring module is specifically used for:
基于预设的监测资源分配规则和预设监测资源总量,确定待检测节点对应的第一监测资源总量;Determine the first total amount of monitoring resources corresponding to the node to be detected based on the preset monitoring resource allocation rule and the preset total amount of monitoring resources;
根据存储数据块的访问频率,确定存储数据块对应的数据块等级;According to the access frequency of the storage data block, determine the data block level corresponding to the storage data block;
根据各存储数据块对应的数据块等级和各数据块等级包含的存储数据块的数量,确定各存储数据块的资源分配比例;Determine the resource allocation ratio of each storage data block according to the data block level corresponding to each storage data block and the number of storage data blocks included in each data block level;
根据各存储数据块的资源分配比例和第一监测资源总量,为各存储数据块分配监测资源,以对待检测节点进行安全监测。According to the resource allocation ratio of each storage data block and the total amount of first monitoring resources, monitoring resources are allocated to each storage data block, so as to perform security monitoring on the node to be detected.
具体地,在一实施例中,确定模块,还用于:Specifically, in an embodiment, the determining module is further configured to:
获取各存储节点的历史监测记录;Obtain the historical monitoring records of each storage node;
基于预设的置信度计算规则,根据历史监测记录,计算各存储节点的置信度。Based on the preset confidence calculation rules and historical monitoring records, the confidence of each storage node is calculated.
具体地,在一实施例中,确定模块,还用于:Specifically, in an embodiment, the determining module is further configured to:
判断当前待检测节点与上一历史监测时间的时间间隔是否小于预设时间阈值;Determine whether the time interval between the current node to be detected and the last historical monitoring time is less than a preset time threshold;
若是,则放弃当前待检测节点。If so, abandon the current node to be detected.
关于本实施例中的区块链安全监测装置,其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。Regarding the blockchain security monitoring device in this embodiment, the specific manner in which each module performs operations has been described in detail in the embodiment of the method, and will not be described in detail here.
本申请实施例提供的区块链安全监测装置,用于执行上述实施例提供的区块链安全监测方法,其实现方式与原理相同,不再赘述。The blockchain security monitoring device provided by the embodiment of the present application is used to execute the blockchain security monitoring method provided by the above-mentioned embodiment, and the implementation method and principle are the same, and are not repeated here.
本申请实施例提供了一种电子设备,用于执行上述实施例提供的区块链安全监测方法。The embodiment of the present application provides an electronic device for executing the blockchain security monitoring method provided by the above embodiment.
如图4所示,为本申请实施例提供的电子设备的结构示意图。该电子设备40包括:至少一个处理器41和存储器42;As shown in FIG. 4 , it is a schematic structural diagram of an electronic device provided in an embodiment of the present application. The electronic device 40 includes: at least one processor 41 and a memory 42;
存储器存储计算机执行指令;至少一个处理器执行存储器存储的计算机执行指令,使得至少一个处理器执行如上实施例提供的区块链安全监测方法。The memory stores computer-executable instructions; at least one processor executes the computer-executable instructions stored in the memory, so that the at least one processor executes the blockchain security monitoring method provided in the above embodiment.
本申请实施例提供的一种电子设备,用于执行上述实施例提供的区块链安全监测方法,其实现方式与原理相同,不再赘述。An electronic device provided by an embodiment of the present application is used to execute the blockchain security monitoring method provided by the above-mentioned embodiment, and its implementation manner is the same as the principle, which will not be repeated.
本申请实施例提供了一种计算机可读存储介质,计算机可读存储介质中存储有计算机执行指令,当处理器执行计算机执行指令时,实现如上任一实施例提供的区块链安全监测方法。Embodiments of the present application provide a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the processor executes the computer-executable instructions, the blockchain security monitoring method provided in any of the above embodiments is implemented.
本申请实施例的包含计算机可执行指令的存储介质,可用于存储前述实施例中提供的区块链安全监测方法的计算机执行指令,其实现方式与原理相同,不再赘述。The storage medium containing the computer-executable instructions of the embodiments of the present application can be used to store the computer-executable instructions of the blockchain security monitoring method provided in the foregoing embodiments.
本领域技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。上述描述的装置的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and brevity of the description, only the division of the above functional modules is used for illustration. The internal structure is divided into different functional modules to complete all or part of the functions described above. For the specific working process of the apparatus described above, reference may be made to the corresponding process in the foregoing method embodiments, and details are not described herein again.
最后应说明的是:以上各实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述各实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present application, but not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions described in the foregoing embodiments can still be modified, or some or all of the technical features thereof can be equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present application. scope.

Claims (10)

  1. 一种区块链安全监测方法,其特征在于,包括:A blockchain security monitoring method, comprising:
    获取待检测数据条带及预设监测资源总量;Obtain the data strips to be detected and the total amount of preset monitoring resources;
    根据所述待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点;selecting a node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data strip to be detected;
    基于预设的监测资源分配规则和所述预设监测资源总量,根据待检测节点中存储数据块的访问频率,为各存储数据块分配监测资源,以对待检测节点进行安全监测。Based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources, and according to the access frequency of the stored data blocks in the nodes to be detected, monitoring resources are allocated to each stored data block, so as to perform security monitoring on the nodes to be detected.
  2. 根据权利要求1所述的方法,其特征在于,所述根据所述待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点,包括:The method according to claim 1, wherein the selecting the node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data stripe to be detected comprises:
    根据所述存储节点的置信度,在所述存储节点中筛选可信存储节点;Screening trusted storage nodes in the storage nodes according to the confidence of the storage nodes;
    根据所述可信存储节点的监测频率的升序排序结果,确定各可信存储节点对应的监测优先级;Determine the monitoring priority corresponding to each trusted storage node according to the ascending sorting result of the monitoring frequency of the trusted storage node;
    对于同一监测优先级的各可信存储节点,基于各可信存储节点的使用量的降序排序结果,对各可信存储节点的监测优先级进行更新;For each trusted storage node with the same monitoring priority, update the monitoring priority of each trusted storage node based on the descending sorting result of the usage of each trusted storage node;
    根据更新后的各可信存储节点的监测优先级,在所述可信度存储节点中选取待检测节点。According to the updated monitoring priority of each trusted storage node, a node to be detected is selected from the reliability storage nodes.
  3. 根据权利要求1所述的方法,其特征在于,还包括:The method of claim 1, further comprising:
    在所述待检测数据条带对应的存储节点中,筛选在预设时间内新加入的新节点;In the storage nodes corresponding to the data stripes to be detected, filter new nodes that are newly added within a preset time;
    基于各新节点的监测频率和加入时间,在新节点中选取待检测新节点;Based on the monitoring frequency and joining time of each new node, a new node to be detected is selected from the new nodes;
    基于预设的监测资源分配规则和所述预设监测资源总量,根据待检测新节点中存储数据块的监测频率,为各存储数据块分配监测资源,以对待检测新节点进行安全监测。Based on the preset monitoring resource allocation rule and the preset total amount of monitoring resources, and according to the monitoring frequency of the stored data blocks in the new node to be detected, monitoring resources are allocated to each stored data block, so as to perform security monitoring of the new node to be detected.
  4. 根据权利要求3所述的方法,其特征在于,所述基于各新节点的监测频率和加入时间,在新节点中选取待检测新节点,包括:The method according to claim 3, wherein the selecting a new node to be detected from the new nodes based on the monitoring frequency and joining time of each new node, comprising:
    根据各新节点对应的监测频率的升序排序结果,确定各新节点对应的监测优先级;Determine the monitoring priority corresponding to each new node according to the ascending sorting result of the monitoring frequency corresponding to each new node;
    对于同一监测优先级的各新节点,基于各新节点的加入时间的顺序,对各新节点的监测优先级进行更新;For each new node with the same monitoring priority, update the monitoring priority of each new node based on the order of the joining time of each new node;
    根据更新后的各新节点的监测优先级,在所述新节点中选取待检测新节点。According to the updated monitoring priority of each new node, a new node to be detected is selected from the new nodes.
  5. 根据权利要求1所述的方法,其特征在于,所述基于预设的监测资源分配规则和所述预设监测资源总量,根据待检测节点中存储数据块的访问频率,为各存储数据块分配监测资源,以对待检测节点进行安全监测,包括:The method according to claim 1, wherein, based on a preset monitoring resource allocation rule and the preset total amount of monitoring resources, according to the access frequency of the stored data blocks in the node to be detected, for each storage data block Allocate monitoring resources for security monitoring of nodes to be detected, including:
    基于预设的监测资源分配规则和所述预设监测资源总量,确定待检测节点对应的第一监测资源总量;Determine the first total amount of monitoring resources corresponding to the node to be detected based on the preset monitoring resource allocation rule and the preset total amount of monitoring resources;
    根据所述存储数据块的访问频率,确定存储数据块对应的数据块等级;According to the access frequency of the storage data block, determine the data block level corresponding to the storage data block;
    根据各存储数据块对应的数据块等级和各数据块等级包含的存储数据块的数量,确定各存储数据块的资源分配比例;Determine the resource allocation ratio of each storage data block according to the data block level corresponding to each storage data block and the number of storage data blocks included in each data block level;
    根据所述各存储数据块的资源分配比例和所述第一监测资源总量,为各存储数据块分配监测资源,以对所述待检测节点进行安全监测。According to the resource allocation ratio of each storage data block and the total amount of the first monitoring resources, monitoring resources are allocated to each storage data block, so as to perform security monitoring on the node to be detected.
  6. 根据权利要求1所述的方法,其特征在于,在根据所述待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点之前,所述方法还包括:The method according to claim 1, wherein before selecting the node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data stripe to be detected, the method further comprises:
    获取各所述存储节点的历史监测记录;Obtain historical monitoring records of each of the storage nodes;
    基于预设的置信度计算规则,根据所述历史监测记录,计算各所述存储节点的置信度。Based on a preset confidence calculation rule, the confidence of each storage node is calculated according to the historical monitoring records.
  7. 根据权利要求1所述的方法,其特征在于,还包括:The method of claim 1, further comprising:
    判断当前待检测节点与上一历史监测时间的时间间隔是否小于预设时间阈值;Determine whether the time interval between the current node to be detected and the last historical monitoring time is less than a preset time threshold;
    若是,则放弃所述当前待检测节点。If so, abandon the current node to be detected.
  8. 一种区块链安全监测装置,其特征在于,包括:A blockchain security monitoring device, characterized in that it includes:
    获取模块,用于获取待检测数据条带及预设监测资源总量;an acquisition module, used to acquire the data strip to be detected and the total amount of preset monitoring resources;
    确定模块,用于根据所述待检测数据条带对应的存储节点的置信度、监测频率和使用量,选取待检测节点;a determination module, configured to select a node to be detected according to the confidence, monitoring frequency and usage of the storage node corresponding to the data strip to be detected;
    监测模块,用于基于预设的监测资源分配规则和所述预设监测资源总量,根据待检测节点中存储数据块的访问频率,为各存储数据块分配监测资源,以对待检测节点进行安全监测。The monitoring module is configured to allocate monitoring resources for each stored data block based on the preset monitoring resource allocation rules and the preset total amount of monitoring resources and according to the access frequency of the stored data blocks in the nodes to be detected, so as to ensure the security of the nodes to be detected monitor.
  9. 一种电子设备,其特征在于,包括:至少一个处理器和存储器;An electronic device, comprising: at least one processor and a memory;
    所述存储器存储计算机执行指令;the memory stores computer-executable instructions;
    所述至少一个处理器执行所述存储器存储的计算机执行指令,使得所述至少一个处理器执行如权利要求1至7任一项所述的方法。The at least one processor executes computer-implemented instructions stored in the memory, causing the at least one processor to perform the method of any one of claims 1-7.
  10. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有计算机执行指令,当处理器执行所述计算机执行指令时,实现如权利要求1至7任一项所述的方法。A computer-readable storage medium, wherein computer-executable instructions are stored in the computer-readable storage medium, and when a processor executes the computer-executable instructions, the computer-executable instructions as claimed in any one of claims 1 to 7 are implemented. method.
PCT/CN2021/071245 2021-01-12 2021-01-12 Blockchain security monitoring method and apparatus, electronic device and storage medium WO2022150961A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/071245 WO2022150961A1 (en) 2021-01-12 2021-01-12 Blockchain security monitoring method and apparatus, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/071245 WO2022150961A1 (en) 2021-01-12 2021-01-12 Blockchain security monitoring method and apparatus, electronic device and storage medium

Publications (1)

Publication Number Publication Date
WO2022150961A1 true WO2022150961A1 (en) 2022-07-21

Family

ID=82446373

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/071245 WO2022150961A1 (en) 2021-01-12 2021-01-12 Blockchain security monitoring method and apparatus, electronic device and storage medium

Country Status (1)

Country Link
WO (1) WO2022150961A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108235806A (en) * 2017-12-28 2018-06-29 深圳达闼科技控股有限公司 Method, device and system for safely accessing block chain, storage medium and electronic equipment
CN109033859A (en) * 2018-08-03 2018-12-18 苏州市千尺浪信息科技服务有限公司 A kind of information security storage system based on block chain technology
CN109284624A (en) * 2018-09-03 2019-01-29 佛山科学技术学院 A kind of data safety partition method and device based on the storage of block chain
US20200195448A1 (en) * 2019-06-03 2020-06-18 Alibaba Group Holding Limited Blockchain ledger authentication
CN111355705A (en) * 2020-02-08 2020-06-30 西安电子科技大学 Data auditing and safety duplicate removal cloud storage system and method based on block chain
CN112001730A (en) * 2020-08-25 2020-11-27 徐鹏飞 Data security detection method based on block chain and digital currency and cloud computing center

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108235806A (en) * 2017-12-28 2018-06-29 深圳达闼科技控股有限公司 Method, device and system for safely accessing block chain, storage medium and electronic equipment
CN109033859A (en) * 2018-08-03 2018-12-18 苏州市千尺浪信息科技服务有限公司 A kind of information security storage system based on block chain technology
CN109284624A (en) * 2018-09-03 2019-01-29 佛山科学技术学院 A kind of data safety partition method and device based on the storage of block chain
US20200195448A1 (en) * 2019-06-03 2020-06-18 Alibaba Group Holding Limited Blockchain ledger authentication
CN111355705A (en) * 2020-02-08 2020-06-30 西安电子科技大学 Data auditing and safety duplicate removal cloud storage system and method based on block chain
CN112001730A (en) * 2020-08-25 2020-11-27 徐鹏飞 Data security detection method based on block chain and digital currency and cloud computing center

Similar Documents

Publication Publication Date Title
US8751657B2 (en) Multi-client storage system and storage system management method
WO2018076791A1 (en) Resource load balancing control method and cluster scheduler
US9483288B2 (en) Method and system for running a virtual appliance
KR102290540B1 (en) Namespace/Stream Management
WO2018014566A1 (en) Load balancing method and apparatus, computer-readable storage medium, and system
JP6881575B2 (en) Resource allocation systems, management equipment, methods and programs
US8682850B2 (en) Method of enhancing de-duplication impact by preferential selection of master copy to be retained
CN110515539A (en) Cloud disk hanging method, device, equipment and storage medium based on cloud storage
WO2022134471A1 (en) Blockchain node management method and apparatus, computer device, and storage medium
US9063668B1 (en) Distributed memory allocation in multi-threaded programs
JP5324914B2 (en) Method and apparatus for allocating storage resources
WO2014046885A2 (en) Concurrency identification for processing of multistage workflows
CN110134338A (en) A kind of distributed memory system and its data redundancy protection method and relevant device
Goel et al. Approximate majorization and fair online load balancing
CN104320271B (en) A kind of network equipment safety evaluation method and device
WO2022150961A1 (en) Blockchain security monitoring method and apparatus, electronic device and storage medium
CN112783722B (en) Block chain safety monitoring method and device, electronic equipment and storage medium
CN109960565B (en) Cloud platform, and virtual machine scheduling method and device based on cloud platform
US10324765B2 (en) Predicting capacity of shared virtual machine resources
CN104850658B (en) A kind of data filling method and system
TW201439916A (en) Method for system resource management of virtual system
CN112835511B (en) Data writing method, device, equipment and medium of distributed storage cluster
CN114281256A (en) Data synchronization method, device, equipment and medium based on distributed storage system
CN113518086A (en) Network attack prediction method, device and storage medium
CN113918513B (en) Data migration method, device, equipment and storage medium based on block chain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21918179

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 30.10.2023)