CN112039858A - Block chain service security reinforcement system and method - Google Patents
Block chain service security reinforcement system and method Download PDFInfo
- Publication number
- CN112039858A CN112039858A CN202010820033.6A CN202010820033A CN112039858A CN 112039858 A CN112039858 A CN 112039858A CN 202010820033 A CN202010820033 A CN 202010820033A CN 112039858 A CN112039858 A CN 112039858A
- Authority
- CN
- China
- Prior art keywords
- security
- reinforcement
- data
- service
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000002787 reinforcement Effects 0.000 title claims abstract description 151
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000001514 detection method Methods 0.000 claims abstract description 102
- 230000003014 reinforcing effect Effects 0.000 claims abstract description 25
- 238000004458 analytical method Methods 0.000 claims abstract description 16
- 238000012545 processing Methods 0.000 claims abstract description 14
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 38
- 239000003795 chemical substances by application Substances 0.000 claims description 36
- 230000006399 behavior Effects 0.000 claims description 35
- 238000007781 pre-processing Methods 0.000 claims description 28
- 238000012549 training Methods 0.000 claims description 12
- 230000002159 abnormal effect Effects 0.000 claims description 11
- 230000004044 response Effects 0.000 claims description 11
- 238000004891 communication Methods 0.000 claims description 10
- 238000005457 optimization Methods 0.000 claims description 10
- 238000012098 association analyses Methods 0.000 claims description 8
- 238000010801 machine learning Methods 0.000 claims description 8
- 238000007726 management method Methods 0.000 claims description 7
- 230000005284 excitation Effects 0.000 claims description 6
- 238000010223 real-time analysis Methods 0.000 claims description 5
- 238000011160 research Methods 0.000 claims description 5
- 238000013475 authorization Methods 0.000 claims description 4
- 238000004140 cleaning Methods 0.000 claims description 4
- 239000012744 reinforcing agent Substances 0.000 claims description 4
- 238000009412 basement excavation Methods 0.000 claims description 3
- 238000010219 correlation analysis Methods 0.000 claims description 3
- 238000001914 filtration Methods 0.000 claims description 3
- 230000009545 invasion Effects 0.000 claims description 3
- 230000002688 persistence Effects 0.000 claims description 2
- 238000012795 verification Methods 0.000 claims description 2
- 238000007596 consolidation process Methods 0.000 claims 1
- 238000003032 molecular docking Methods 0.000 claims 1
- 238000012544 monitoring process Methods 0.000 description 10
- 238000002955 isolation Methods 0.000 description 5
- 230000008439 repair process Effects 0.000 description 4
- 238000005065 mining Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000011897 real-time detection Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000004445 quantitative analysis Methods 0.000 description 2
- 238000012502 risk assessment Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a system and a method for reinforcing block chain service safety, wherein the system for reinforcing block chain service safety comprises the following steps: the system comprises a node intelligent security reinforcement agent and a security threat detection and reinforcement center, wherein the node intelligent security reinforcement agent is deployed on each block chain service node, is used for sensing the block chain service node environment and detecting the security threat, performs reinforcement processing, and sends detected node environment information and security threat reinforcement processing information to the security threat detection and reinforcement center; the security threat detection and reinforcement center is deployed on a central server and used for receiving information sent by the node intelligent security reinforcement agent, comprehensively evaluating block chain service security threats of the whole network, automatically optimizing a security protection reinforcement strategy according to an analysis result, and then returning the optimized security protection reinforcement strategy to the node intelligent security reinforcement agent. By adopting the technical scheme, the protection capability of the block chain service can be improved.
Description
Technical Field
The invention relates to the field of block chain service information security, in particular to a system and a method for reinforcing block chain service security.
Background
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm, and the application of block chain services is increasing.
At present open source and commercial block chain platform at its data layer, the network layer, the consensus layer, excitation layer and contract layer still have a great deal of information security protection not in place problem, lead to the government affairs data to reveal easily, the loss of responsibility, infringement scheduling problem and security risk, block chain service self security reinforcement technique is urgently needed to be researched, the block chain basis service platform that high security can be supervised is built, support high security and high reliable data cooperative application, block chain service self security reinforcement is the important problem that awaits solution urgently.
Disclosure of Invention
The invention aims to provide a system and a method for reinforcing block chain service security, aiming at the problem that the safety of a data layer, a network layer, a consensus layer, an excitation layer and a contract layer cannot be effectively guaranteed by various block chain service nodes deployed on a physical host and a virtual host.
In an embodiment of the present invention, a system for reinforcing block chain service security is provided, which includes: a node intelligent security reinforcement agent and a security threat detection and reinforcement center,
the node intelligent security reinforcement agent is deployed on each block chain service node and used for sensing the block chain service node environment and detecting security threats, reinforcing the detected security threats and sending the detected node environment information and security threat reinforcing information to the security threat detection and reinforcing center;
the security threat detection and reinforcement center is deployed on a central server and used for receiving information sent by the node intelligent security reinforcement agent, comprehensively evaluating block chain service security threats of the whole network, analyzing block chain service security threats and situations of the whole network, automatically optimizing a security protection reinforcement strategy according to an analysis result, and then returning the optimized security protection reinforcement strategy to the node intelligent security reinforcement agent.
In an embodiment of the present invention, the system for reinforcing block chain service security further includes:
and the unified management and security service center is used for visually managing and displaying the security alarm information detected by the security threat detection and reinforcement center.
In the embodiment of the invention, the node intelligent security reinforcement agent comprises a node data real-time acquisition module and a data preprocessing module,
the node data real-time acquisition module is used for capturing a data packet generated in a block chain service node;
the data preprocessing module is used for filtering the data packet, decoding, standardizing and formatting the data according to different protocol layers, and performing correlation analysis and classification on the formatted data according to time correlation and influence factors of specified attributes to realize data preprocessing.
In the embodiment of the invention, the node intelligent security reinforcement agent further comprises an abnormal behavior detection module and a cooperative detection module for detecting security threats to a block chain service node environment, wherein the abnormal behavior detection module and the cooperative detection module are used for matching different protocol layers of a network data packet, analyzing various protocols of a data layer, a network layer, a consensus layer, an excitation layer and a contract layer data, and judging whether abnormal behaviors or intrusion events exist.
In the embodiment of the invention, the node intelligent security reinforcement agent also comprises a local security reinforcement execution service module, a security reinforcement knowledge base, a strategy base and a communication module,
the local security reinforcement execution service module is used for receiving the information of the detected abnormal or intrusion event by the abnormal behavior detection module, taking corresponding security response and reinforcement measures to the security threat event according to the security policies provided in the security reinforcement knowledge base and the policy base, and uploading the detected abnormal/intrusion behavior and reinforcement results to the security threat detection and reinforcement center through the communication module.
In the embodiment of the invention, the security threat detection and reinforcement center comprises a data leading and preprocessing module, a data pipeline service module, a distributed storage service module and a real-time security threat detection service module,
the data leading and preprocessing module is used for leading the log information such as the operation state information, the authentication and authorization information, the access control information, the user operation behavior information, the security vulnerability information, the node security configuration information, the abnormity warning information, the attack invasion information and the malicious probing information of the block chain service cluster nodes, the block chain software components and the block chain application which are acquired by the node intelligent security reinforcing agent in a real-time stream mode by adopting a distributed big data real-time analysis processing framework;
the data pipeline service module duplicates the data accessed by the data leading and preprocessing module, one part of data is stored in the distributed storage service module in a block form, and the other part of data is sent to the real-time security threat detection service module in real time;
the distributed storage service module is used for storing the data accessed by the data leading and preprocessing module;
the real-time security threat detection service module is used for carrying out violation operation identification and suspicious behavior detection according to a rule base and a security threat detection model preset by a system, storing suspicious data into a suspicious behavior base, generating abnormal behavior and normal behavior data through manual research and judgment, and directly storing violation events into the abnormal behavior base.
In the embodiment of the invention, the security threat detection and reinforcement center also comprises a security association analysis service module,
the real-time security threat detection service module sends data which cannot be identified to the data leading and preprocessing module for data formatting processing and cleaning, and the security association analysis service module is used for associating various types of data with the cleaned data through rules preset by the system and automatically identifying the associated data according to samples preset by the system or an expert knowledge base.
In the embodiment of the invention, the security threat detection and reinforcement center also comprises a security vulnerability detection service module, a security baseline check service module and a security risk continuous reinforcement optimization service module,
the security vulnerability detection service module and the security baseline check service module are used for carrying out batch analysis on data subjected to log formatting and automatic identification processing, identifying abnormal behaviors/attack events in the data and storing the abnormal behaviors/attack events into a suspicious behavior library, carrying out manual study and judgment on the suspicious behavior library data to generate abnormal behaviors and normal behaviors, and taking the two types of data as positive and negative samples to provide massive training sample data for training or improving an advanced machine learning model;
and the security risk continuous reinforcement optimization service module is used for carrying out deep excavation and machine learning analysis on the training sample data so as to optimize a security reinforcement strategy.
In an embodiment of the present invention, a method for reinforcing block chain service security is further provided, which is characterized by including:
the intelligent node security reinforcement agent deployed on each blockchain service node senses and detects the security threat of the blockchain service node environment, reinforces the detected security threat, and sends the detected node environment information and security threat reinforcement information to a security threat detection and reinforcement center deployed on a central server;
and the security threat detection and reinforcement center receives the information sent by the node intelligent security reinforcement agent, analyzes the block chain service threats and situations of the whole network, automatically optimizes the security protection reinforcement strategy according to the analysis result, and returns the optimized security protection reinforcement strategy to the node intelligent security reinforcement agent.
In the embodiment of the present invention, the method for reinforcing block chain service security further includes:
and after the node intelligent security reinforcement agent obtains the optimized security protection reinforcement strategy, the optimized security protection reinforcement strategy is further adopted to carry out security protection on the block chain service node.
In conclusion, the system and the method for reinforcing block chain service safety are designed by a self-adaptive active safety architecture system integrating defense, detection, self-adaptive reinforcement, response and prediction, and can provide safety threat detection, abnormal behavior monitoring, safety event positioning and root cause tracing, isolation repair, self-adaptive safety reinforcement, quick response and safety evaluation service for block chain link point hosts, software components and block chain application in a complex and dynamically-changing network environment; the method supports the security reinforcement of physical and virtual machines in a cloud environment, and can realize mandatory access control and minimum privileged resource access of a block chain service platform; supporting basic configuration detection, vulnerability depth mining and intelligent identification of potential threats of various software components of a block chain, providing a security reinforcement knowledge base, formulating a security strategy, and realizing risk analysis and identification, abnormal real-time detection, accurate root cause positioning, fault isolation and intelligent repair; a customizable multi-level and multi-dimensional large-scale block chain real-time monitoring service, a safety quantitative analysis model and a data safety event hub engine are constructed, a complex IT environment block chain safety monitoring and evaluating service is provided for a user, and the overall safety reinforcement level of the block chain service in a complex network environment is effectively improved.
Drawings
Fig. 1 is a schematic structural diagram of a block chain service security reinforcement system according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating the operation of the system for securing and reinforcing the blockchain service according to the embodiment of the present invention.
Detailed Description
As shown in fig. 1, an embodiment of the present invention provides a system for reinforcing block chain service security, including a node intelligent security reinforcing agent, a security threat detection and reinforcing center, and a unified management and security service center. The following description will be made separately.
The node intelligent security reinforcement agent is deployed on each block chain service node and used for sensing the block chain service node environment and detecting security threats, reinforcing the detected security threats and sending the detected node environment information and security threat reinforcing information to the security threat detection and reinforcing center. The node intelligent security reinforcement agent comprises a node data real-time acquisition module, a data preprocessing module, an abnormal behavior detection module, a cooperative detection module, a local knowledge base and strategy base, a local security reinforcement execution service module and a communication module.
And the node data real-time acquisition module is used for capturing data packets generated in the block chain service node.
The data preprocessing module is used for filtering the data packet, decoding, standardizing and formatting the data according to different protocol layers, and performing correlation analysis and classification on the formatted data according to time correlation and influence factors of specified attributes to realize data preprocessing.
The abnormal behavior detection module and the cooperation detection module are used for matching different protocol layers of a network data packet, analyzing various protocols of a data layer, a network layer, a consensus layer, an excitation layer and a contract layer data, and judging whether an abnormal behavior or an intrusion event exists.
The local security reinforcement execution service module is used for receiving the information of the detected abnormal or intrusion event by the abnormal behavior detection module, taking corresponding security response and reinforcement measures to the security threat event according to the security policies provided in the security reinforcement knowledge base and the policy base, and uploading the detected abnormal/intrusion behavior and reinforcement results to the security threat detection and reinforcement center through the communication module.
The security threat detection and reinforcement center is deployed on a central server and used for receiving information sent by the node intelligent security reinforcement agent, comprehensively evaluating block chain service security threats of the whole network, analyzing block chain service security threats and situations of the whole network, automatically optimizing a security protection reinforcement strategy according to an analysis result, and then returning the optimized security protection reinforcement strategy to the node intelligent security reinforcement agent. The security threat detection and reinforcement center comprises a data leading and preprocessing module, a data pipeline service module, a distributed storage service module, a security threat detection service module, a security association analysis service module, a security vulnerability detection service module, a security baseline check service module and a security risk continuous reinforcement optimization service module.
The data leading and preprocessing module is used for leading the log information such as the operation state information, the authentication and authorization information, the access control information, the user operation behavior information, the security vulnerability information, the node security configuration information, the abnormity warning information, the attack invasion information and the malicious probing information of the block chain service cluster nodes, the block chain software components and the block chain application which are acquired by the node intelligent security reinforcing agent in a real-time stream mode by adopting a distributed big data real-time analysis processing framework.
And the data pipeline service module duplicates the data accessed by the data leading-in module and the preprocessing module, one part of data is stored in the distributed storage service module in a block form, and the other part of data is sent to the real-time security threat detection service module in real time.
And the distributed storage service module is used for storing the data accessed by the data leading and preprocessing module.
The real-time security threat detection service module is used for carrying out violation operation identification and suspicious behavior detection according to a rule base and a security threat detection model preset by a system, storing suspicious data into a suspicious behavior base, generating abnormal behavior and normal behavior data through manual research and judgment, and directly storing violation events into the abnormal behavior base.
The real-time security threat detection service module sends data which cannot be identified to the data leading and preprocessing module for data formatting processing and cleaning, and the security association analysis service module is used for associating various types of data with the cleaned data through rules preset by the system and automatically identifying the associated data according to samples preset by the system or an expert knowledge base.
The security vulnerability detection service module and the security baseline check service module are used for carrying out batch analysis on data subjected to log formatting and automatic identification processing, identifying abnormal behaviors/attack events in the data and storing the abnormal behaviors/attack events into a suspicious behavior library, carrying out manual study and judgment on the suspicious behavior library data to generate abnormal behaviors and normal behaviors, and taking the two types of data as positive and negative samples to provide massive training sample data for training or improving an advanced machine learning model.
And the security risk continuous reinforcement optimization service module is used for carrying out deep excavation and machine learning analysis on the training sample data so as to optimize a security reinforcement strategy.
The unified management and security service center is used for visually managing and displaying the security alarm information detected by the security threat detection and reinforcement center. The unified management and security service center comprises a security overview module, a block link point object monitoring module, an attack monitoring module, a vulnerability monitoring module, a security early warning module, a security report module and a security reinforcing configuration module. The unified management and safety service center serves as a unified human-computer interface of the whole block chain service safety reinforcement system, and provides functional services such as centralized management of block chain information service resources, event monitoring, early warning, safety event query, safety event positioning, auditing, safety response and reinforcement for block chain service safety operation and maintenance personnel.
As shown in fig. 2, the workflow of the block chain service security reinforcement system is specifically as follows:
first, block chain service node perception environment information
The block chain service node security agent captures data packets generated by users, networks and processes through an environment sensing component in a node data real-time acquisition module, filters the data according to a threat detection data fusion model in an abnormal behavior detection module, decodes, standardizes and formats the data according to different protocol layers, integrates and arranges the formatted data according to time-related and attribute-designated influence factors, related analysis, classification and the like, and achieves data preprocessing.
Block chain service node threat detection
And the block chain service node security agent performs different protocol layer matching on the data packet and performs various protocol analyses on a data layer, a network layer, a consensus layer, an excitation layer and a contract layer data according to rules through a threat detection engine in the abnormal behavior detection module and the cooperative detection module, and judges whether an abnormal behavior or an intrusion event exists.
Third, reinforcing and threat reporting in real time by block chain service node
The abnormal behavior detection module of the safety agent of the block chain service node notifies the safety agent of the block chain service node and a local safety reinforcement execution service module of the block chain service node to the detected abnormal or intrusion event, the local safety reinforcement execution service takes corresponding warning, safe response and reinforcement measures such as threat killing process, connection resetting, node isolation, file executable authority modification and the like according to weight factors such as the influence, the harm degree and the like of a safety reinforcement knowledge base and a strategy base on the safety threat event, and simultaneously uploads the detected abnormal/intrusion behavior and reinforcement result to the safety threat detection and reinforcement center through a communication module.
Fourthly, the center aggregates the threats reported by the nodes to generate log library information
And the security threat detection and reinforcement center receives event information such as logs, behaviors, intrusion and the like uploaded by different node agents and aggregates the event information.
Fifthly, leading, copying and storing the log information of the center to the node
A data leading and preprocessing module of a security threat detection and reinforcement center adopts a distributed big data real-time analysis processing framework to lead the block chain service cluster nodes, the block chain software components and the running state information of the block chain application, the authentication and authorization information, the access control information, the user operation behavior information, the security vulnerability information, the node security configuration information, the abnormal alarm information, the attack intrusion information, the malicious probing information and other log information which are collected by a block chain service node security agent according to the strategy in a real-time stream mode; the original data introduced into the platform are respectively copied into two parts through a data copying function provided by a Kafka component of a data pipeline service module integrated in the center; and storing the copied original data in a HDFS distributed storage system in a distributed storage service module of the center in a block form, and providing the original data for offline batch processing calculation and tracing and evidence obtaining of future occurring security events.
Sixthly, real-time detection and analysis of node threats by center
The security threat detection and reinforcement center sends the copied another original data to a real-time security threat detection service module of the system in a streaming manner in real time, illegal operation identification and suspicious behavior detection are carried out according to a rule base (a security reinforcement resource base and an attack index base (IOC)) preset by the system and a security threat detection model, suspicious data are stored in a suspicious behavior base, abnormal behavior and normal behavior data are generated through manual research and judgment, and illegal events are directly stored in the abnormal behavior base.
Seventh, center-to-node log data preprocessing
Data which cannot be identified by a real-time threat detection module of the security threat detection and reinforcement center is sent to a data preprocessing module to extract effective information from a real-time stream, and data formatting and cleaning are carried out on the effective information; associating the cleaned data with various data through rules (such as user ID, spatio-temporal sequence, quintuple-containing data and the like) preset by a system through a security association analysis service module, and realizing operations of fitting, associating, replacing and the like of users/spatio-temporal/subjects/objects/events/behaviors; and automatically identifying the associated data such as spatial position, region, information direction, data sensitivity level and the like according to a sample preset by the system or an expert knowledge base.
Eight, center generation training sample library
The security threat detection and reinforcement center distributes data subjected to log formatting and automatic identification processing to a high-speed distributed storage system of the platform through a communication module of the central platform, performs batch analysis on the data by periodically executing various data analysis operators through modules such as security vulnerability detection service, security baseline verification service, security threat detection service and security association analysis service, identifies abnormal behaviors/attack events in the data and stores the abnormal behaviors/attack events into a suspicious behavior library, generates abnormal behaviors and normal behaviors through manual research and judgment on the suspicious behavior library data, and provides massive training sample data for training or improving an advanced machine learning model by taking the two types of data as positive and negative samples.
Nine, the center carries out optimization upgrading on the security reinforcement strategy
The security risk persistence enforcement optimization service module optimizes the new security enforcement policy by means of deep mining and machine learning analysis to discover higher-level, more complex, previously undiscovered distributed exception/intrusion behavior.
Ten, block chain service node real-time downloading optimization strategy from center
The distributed node intelligent security reinforcement agent and the security threat detection and reinforcement center cooperate to complete security reinforcement of the block chain service platform, and the security threat detection and reinforcement center and the block chain service node security agent communicate with each other to perform cooperation detection and real-time response, so that the high-efficiency threat detection and timely response capability of large-scale block chain service nodes in a complex network environment is realized. The block chain service node security agent completes registration in the security threat detection and reinforcement center through the communication module, downloads security reinforcement knowledge and security threat detection rules provided by the security threat detection and reinforcement center, and loads the rules into the node memory.
Eleven, block chain service node executes continuous optimization reinforcement measure
The block chain service node security agent scans whether a loophole, a malicious program and a security configuration defect exist in a bottom operating system/component/application of the block chain service node through a scanning component in the threat detection module, performs reinforcement measures such as software upgrading, virtual patch application, security configuration parameter modification and the like on the system according to a downloaded security reinforcement knowledge base for the detected security loophole/configuration defect/malicious software, and uploads a scanning result/reinforcement condition to a security threat detection and reinforcement center through a communication module.
Compared with the prior art, the system and the method for reinforcing the block chain service safety have the advantages that the self-adaptive active safety architecture system design integrating defense, detection, self-adaptive reinforcement, response and prediction is adopted, and safety threat detection, abnormal behavior monitoring, safety event positioning and root cause tracing, isolation repair, self-adaptive safety reinforcement, quick response and safety evaluation service can be provided for the block chain link point host, the software component and the block chain application in a complex and dynamically-changing network environment; the method supports the security reinforcement of physical and virtual machines in the cloud environment, and can realize mandatory access control and minimum privileged resource access of a block chain service platform; supporting basic configuration detection, vulnerability depth mining and intelligent identification of potential threats of various software components of a block chain, providing a security reinforcement knowledge base, formulating a security strategy, and realizing risk analysis and identification, abnormal real-time detection, accurate root cause positioning, fault isolation and intelligent repair; a customizable multi-level and multi-dimensional large-scale block chain real-time monitoring service, a safety quantitative analysis model and a data safety event hub engine are constructed, a complex IT environment block chain safety monitoring and evaluating service is provided for a user, and the overall safety reinforcement level of the block chain service in a complex network environment is effectively improved.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. A blockchain service security reinforcement system, comprising: a node intelligent security reinforcement agent and a security threat detection and reinforcement center,
the node intelligent security reinforcement agent is deployed on each block chain service node and used for sensing the block chain service node environment and detecting security threats, reinforcing the detected security threats and sending the detected node environment information and security threat reinforcing information to the security threat detection and reinforcing center;
the security threat detection and reinforcement center is deployed on a central server and used for receiving information sent by the node intelligent security reinforcement agent, comprehensively evaluating block chain service security threats of the whole network, analyzing block chain service security threats and situations of the whole network, automatically optimizing a security protection reinforcement strategy according to an analysis result, and then returning the optimized security protection reinforcement strategy to the node intelligent security reinforcement agent.
2. The blockchain service security reinforcement system of claim 1, further comprising:
and the unified management and security service center is used for visually managing and displaying the security alarm information detected by the security threat detection and reinforcement center.
3. The blockchain service security reinforcement system of claim 1, wherein the node intelligent security reinforcement agent includes a node data real-time collection module and a data pre-processing module,
the node data real-time acquisition module is used for capturing a data packet generated in a block chain service node;
the data preprocessing module is used for filtering the data packet, decoding, standardizing and formatting the data according to different protocol layers, and performing correlation analysis and classification on the formatted data according to time correlation and influence factors of specified attributes to realize data preprocessing.
4. The system of claim 3, wherein the node intelligent security consolidation agent further comprises an abnormal behavior detection module and a cooperative detection module for performing security threat on the environment of the blockchain service node, and the abnormal behavior detection module and the cooperative detection module are configured to perform different protocol layer matching on the network data packet and perform various protocol resolutions on the data layer, the network layer, the consensus layer, the excitation layer and the contract layer data to determine whether there is an abnormal behavior or an intrusion event.
5. The blockchain service security reinforcement system of claim 4, wherein the node intelligent security reinforcement agent further includes a local security reinforcement enforcement service module and a security reinforcement knowledge base and policy base and communication module,
the local security reinforcement execution service module is used for receiving the information of the detected abnormal or intrusion event by the abnormal behavior detection module, taking corresponding security response and reinforcement measures to the security threat event according to the security policies provided in the security reinforcement knowledge base and the policy base, and uploading the detected abnormal/intrusion behavior and reinforcement results to the security threat detection and reinforcement center through the communication module.
6. The blockchain service security reinforcement system of claim 1, wherein the security threat detection and reinforcement center includes a data docking and preprocessing module, a data pipe service module, a distributed storage service module, and a real-time security threat detection service module,
the data leading and preprocessing module is used for leading the log information such as the operation state information, the authentication and authorization information, the access control information, the user operation behavior information, the security vulnerability information, the node security configuration information, the abnormity warning information, the attack invasion information and the malicious probing information of the block chain service cluster nodes, the block chain software components and the block chain application which are acquired by the node intelligent security reinforcing agent in a real-time stream mode by adopting a distributed big data real-time analysis processing framework;
the data pipeline service module duplicates the data accessed by the data leading and preprocessing module, one part of data is stored in the distributed storage service module in a block form, and the other part of data is sent to the real-time security threat detection service module in real time;
the distributed storage service module is used for storing the data accessed by the data leading and preprocessing module;
the real-time security threat detection service module is used for carrying out violation operation identification and suspicious behavior detection according to a rule base and a security threat detection model preset by a system, storing suspicious data into a suspicious behavior base, generating abnormal behavior and normal behavior data through manual research and judgment, and directly storing violation events into the abnormal behavior base.
7. The blockchain service security reinforcement system of claim 6, wherein the security threat detection and reinforcement center further includes a security association analysis service module,
the real-time security threat detection service module sends data which cannot be identified to the data leading and preprocessing module for data formatting processing and cleaning, and the security association analysis service module is used for associating various types of data with the cleaned data through rules preset by the system and automatically identifying the associated data according to samples preset by the system or an expert knowledge base.
8. The blockchain services security reinforcement system of claim 7, wherein the security threat detection and reinforcement center further includes a security breach detection service module, a security baseline verification service module, and a security risk persistence reinforcement optimization service module,
the security vulnerability detection service module and the security baseline check service module are used for carrying out batch analysis on data subjected to log formatting and automatic identification processing, identifying abnormal behaviors/attack events in the data and storing the abnormal behaviors/attack events into a suspicious behavior library, carrying out manual study and judgment on the suspicious behavior library data to generate abnormal behaviors and normal behaviors, and taking the two types of data as positive and negative samples to provide massive training sample data for training or improving an advanced machine learning model;
and the security risk continuous reinforcement optimization service module is used for carrying out deep excavation and machine learning analysis on the training sample data so as to optimize a security reinforcement strategy.
9. A method for reinforcing block chain service security is characterized by comprising the following steps:
the intelligent node security reinforcement agent deployed on each blockchain service node senses and detects the security threat of the blockchain service node environment, reinforces the detected security threat, and sends the detected node environment information and security threat reinforcement information to a security threat detection and reinforcement center deployed on a central server;
and the security threat detection and reinforcement center receives the information sent by the node intelligent security reinforcement agent, analyzes the block chain service threats and situations of the whole network, automatically optimizes the security protection reinforcement strategy according to the analysis result, and returns the optimized security protection reinforcement strategy to the node intelligent security reinforcement agent.
10. The method for blockchain service security reinforcement of claim 9, further comprising:
and after the node intelligent security reinforcement agent obtains the optimized security protection reinforcement strategy, the optimized security protection reinforcement strategy is further adopted to carry out security protection on the block chain service node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010820033.6A CN112039858A (en) | 2020-08-14 | 2020-08-14 | Block chain service security reinforcement system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010820033.6A CN112039858A (en) | 2020-08-14 | 2020-08-14 | Block chain service security reinforcement system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112039858A true CN112039858A (en) | 2020-12-04 |
Family
ID=73578618
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010820033.6A Pending CN112039858A (en) | 2020-08-14 | 2020-08-14 | Block chain service security reinforcement system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112039858A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113923036A (en) * | 2021-10-18 | 2022-01-11 | 北京八分量信息科技有限公司 | Block chain information management method and device of continuous immune safety system |
| CN114760155A (en) * | 2022-06-15 | 2022-07-15 | 济南法诺商贸有限公司 | Block chain intelligent control network data security vulnerability mining method and system |
| CN116566654A (en) * | 2023-04-12 | 2023-08-08 | 南京玖时科技有限公司 | Protection system for block chain management server |
| CN117113199A (en) * | 2023-10-23 | 2023-11-24 | 浙江星汉信息技术股份有限公司 | File security management system and method based on artificial intelligence |
| CN113923036B (en) * | 2021-10-18 | 2024-05-28 | 北京八分量信息科技有限公司 | Block chain information management method and device of continuous immune safety system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
| CN108055270A (en) * | 2017-12-21 | 2018-05-18 | 王可 | Network security composite defense method |
| CN109309687A (en) * | 2018-11-27 | 2019-02-05 | 杭州迪普科技股份有限公司 | Network security defence method, device and the network equipment |
| CN110209683A (en) * | 2019-06-05 | 2019-09-06 | 北京清大智信科技有限公司 | A kind of real-time system for obtaining environmental data and being written into block chain |
| US20200084242A1 (en) * | 2018-06-07 | 2020-03-12 | Unifyvault, LLC | Systems and methods for blockchain security data intelligence |
| WO2020149790A1 (en) * | 2019-01-18 | 2020-07-23 | Uppsala Pte. Ltd. | Apparatus and method for cybersecurity |
| CN111478912A (en) * | 2020-04-10 | 2020-07-31 | 厦门慢雾科技有限公司 | Block chain intrusion detection system and method |
-
2020
- 2020-08-14 CN CN202010820033.6A patent/CN112039858A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
| CN108055270A (en) * | 2017-12-21 | 2018-05-18 | 王可 | Network security composite defense method |
| US20200084242A1 (en) * | 2018-06-07 | 2020-03-12 | Unifyvault, LLC | Systems and methods for blockchain security data intelligence |
| CN109309687A (en) * | 2018-11-27 | 2019-02-05 | 杭州迪普科技股份有限公司 | Network security defence method, device and the network equipment |
| WO2020149790A1 (en) * | 2019-01-18 | 2020-07-23 | Uppsala Pte. Ltd. | Apparatus and method for cybersecurity |
| CN110209683A (en) * | 2019-06-05 | 2019-09-06 | 北京清大智信科技有限公司 | A kind of real-time system for obtaining environmental data and being written into block chain |
| CN111478912A (en) * | 2020-04-10 | 2020-07-31 | 厦门慢雾科技有限公司 | Block chain intrusion detection system and method |
Non-Patent Citations (3)
| Title |
|---|
| 张文祥等: "《计算机应用基础 第四版》", 31 August 2018, pages: 268 * |
| 马晓亮: "基于Hadoop的网络异常流量分布式检测研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 马晓亮: "基于Hadoop的网络异常流量分布式检测研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》, no. 1, 15 January 2020 (2020-01-15), pages 20 - 30 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113923036A (en) * | 2021-10-18 | 2022-01-11 | 北京八分量信息科技有限公司 | Block chain information management method and device of continuous immune safety system |
| CN113923036B (en) * | 2021-10-18 | 2024-05-28 | 北京八分量信息科技有限公司 | Block chain information management method and device of continuous immune safety system |
| CN114760155A (en) * | 2022-06-15 | 2022-07-15 | 济南法诺商贸有限公司 | Block chain intelligent control network data security vulnerability mining method and system |
| CN116566654A (en) * | 2023-04-12 | 2023-08-08 | 南京玖时科技有限公司 | Protection system for block chain management server |
| CN117113199A (en) * | 2023-10-23 | 2023-11-24 | 浙江星汉信息技术股份有限公司 | File security management system and method based on artificial intelligence |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108494810B (en) | Attack-oriented network security situation prediction method, device and system | |
| EP2040435B1 (en) | Intrusion detection method and system | |
| KR102225460B1 (en) | Method of detecting threat based on threat hunting using multi sensor data and apparatus using the same | |
| CN111245793A (en) | Method and device for analyzing abnormity of network data | |
| US9369484B1 (en) | Dynamic security hardening of security critical functions | |
| CN113965404A (en) | Network security situation self-adaptive active defense system and method | |
| CN112039858A (en) | Block chain service security reinforcement system and method | |
| US20150301515A1 (en) | Method, Device and Computer Program for Monitoring an Industrial Control System | |
| CN106209826A (en) | A kind of safety case investigation method of Network Security Device monitoring | |
| CN104509034A (en) | Pattern consolidation to identify malicious activity | |
| CN112766672A (en) | Network security guarantee method and system based on comprehensive evaluation | |
| US9961047B2 (en) | Network security management | |
| US20150172302A1 (en) | Interface for analysis of malicious activity on a network | |
| CN115996146A (en) | Numerical control system security situation sensing and analyzing system, method, equipment and terminal | |
| CN111327601A (en) | Abnormal data response method, system, device, computer equipment and storage medium | |
| CN113794276A (en) | Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence | |
| CN116662989A (en) | Security data analysis method and system | |
| CN115001934A (en) | Industrial control safety risk analysis system and method | |
| WO2023239812A1 (en) | Endpoint agents and scalable cloud architecture for low latency classification | |
| CN115378711A (en) | Industrial control network intrusion detection method and system | |
| CN115941317A (en) | Network security comprehensive analysis and situation awareness platform | |
| CN117439916A (en) | Network security test evaluation system and method | |
| CN115618353A (en) | Identification system and method for industrial production safety | |
| Fessi et al. | Data collection for information security system | |
| CN112988327A (en) | Container safety management method and system based on cloud edge cooperation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201204 |