CN114039739B - Method for fast failure by optimizing node communication - Google Patents
Method for fast failure by optimizing node communication Download PDFInfo
- Publication number
- CN114039739B CN114039739B CN202011368707.XA CN202011368707A CN114039739B CN 114039739 B CN114039739 B CN 114039739B CN 202011368707 A CN202011368707 A CN 202011368707A CN 114039739 B CN114039739 B CN 114039739B
- Authority
- CN
- China
- Prior art keywords
- node
- malicious
- nodes
- source data
- normal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000004891 communication Methods 0.000 title claims abstract description 12
- 238000012545 processing Methods 0.000 claims description 8
- 238000013524 data verification Methods 0.000 claims description 3
- 238000007689 inspection Methods 0.000 abstract description 5
- 238000012216 screening Methods 0.000 abstract description 4
- 230000009471 action Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of blockchain, and discloses a method for rapidly failing by optimizing node communication, wherein the rapidly failing method is used for screening the nodes with wrong operation or malicious operation, so that the spread of error data is effectively avoided. According to the method for rapidly failing through optimizing node communication, the nodes are screened through the rapidly failing method, malicious nodes are prevented from broadcasting data, normal logic is prevented from being polluted or influenced after the malicious nodes reach other nodes, the safety of source data is guaranteed, meanwhile, the safety of users when accessing the source data is guaranteed, the system performs three-layer inspection through the IP address, identity information and trust certificates used when the users log in, the malicious nodes cannot escape, once the malicious nodes are detected by the system, the system immediately pulls the malicious nodes into a blacklist, and the connection of the malicious nodes is disconnected, so that the damage of the malicious nodes to the source data and the normal nodes is effectively avoided.
Description
Technical Field
The invention relates to the technical field of blockchain, in particular to a method for rapidly failing by optimizing node communication.
Background
Blockchains are a term of art in information technology. Essentially, the system is a shared database, data or information stored in the shared database has the characteristics of 'non-falsifiability', 'whole trace', 'traceability', 'disclosure transparency', 'collective maintenance', and the like, based on the characteristics, a solid 'trust' foundation is laid by a blockchain technology, a reliable 'cooperation' mechanism is created, the system has wide application prospect, and the characteristics ensure 'honest' and 'transparency' of the blockchain and lay a foundation for creating trust for the blockchain. The application scene with rich blockchain is basically based on the blockchain, so that the problem of information asymmetry can be solved, and collaborative trust and consistent actions among a plurality of subjects are realized.
A fast failure is when traversing a collection object with an iterator, which directly accesses the contents of the collection during traversal, throws Concurrent Modification Exception if the structure of the collection object is modified (added, deleted) during traversal, and uses a modCount variable during traversal. The set changes the value of modCount if the structure changes during the traversal. Every time before the iterator traverses the next element by using hashNext ()/Next (), detecting whether the modCount variable is an expectedmodCount value, and if so, returning to traversal; otherwise, the exception is thrown out and the traversal is terminated.
When a user accesses data, due to the continuous increase of nodes, the nodes can access the data, but operation errors or malicious nodes inevitably exist in the nodes, and for the operation errors or malicious nodes, no effective measures exist for processing the operation errors or malicious nodes, so that the malicious nodes broadcast data, the normal logic can be polluted or influenced after the malicious nodes reach other nodes, the internal network is disturbed, the normal nodes cannot access the data normally, and the data can be leaked or modified to a certain extent.
Disclosure of Invention
The invention provides a method for rapidly failing by optimizing node communication, which can timely discriminate the operation error or malicious node, and blacklist and disconnect the operation error or malicious node, has the effective advantage of avoiding error data spreading and damage of the malicious node, and solves the problems in the background technology.
The invention provides the following technical scheme: a method for rapidly failing by optimizing node communication, which is used for screening the nodes with wrong operation or malicious operation, thereby effectively avoiding the spread of wrong data, comprises the following steps:
the first step: establishing source data
The accessible source data is established in the blockchain.
And a second step of: node access
The nodes are accessed by different nodes, and the nodes are accessed sequentially by a certain priority.
And a third step of: data verification
When the node accesses, the system automatically checks the IP address, identity information and trust certificate of the user according to the node logged in by the user.
Fourth step: judging whether it is malicious node
The system automatically judges whether the node is a malicious node or not by checking the IP address and the identity information used when the user logs in the node and the trust certificate used when the user logs in.
Fifth step: processing of normal nodes
After the system judges the normal node, the system passes through, so that the normal node can normally access the source data, and the normal node is recorded so as to be accessed by the normal node next time.
Sixth step: processing of malicious nodes
After the system judges, the malicious node is not passed, the system pulls the malicious node into a blacklist, the system deprives the link node of the malicious node and disconnects the node, and meanwhile, the system permanently records the malicious node to prevent the malicious node from logging in every time later.
Preferably, the source data access is performed by first performing a fast failure, and the fast failure adds a layer of secure channel to the source data.
Preferably, when the user logs in, the trust certificate of the system and the identity information of the user are needed to be used by the system so that the system can verify the node used by the user.
Preferably, the destructive performance of the malicious nodes is extremely strong, the inspection of the system on the nodes is more strict, and the malicious nodes are prevented from being destroyed in a layer-by-layer inspection mode.
Preferably, when the system checks, the user with lower certificate level checks the system through the priority of the certificate, so that some people are prevented from maliciously logging in the node through the lower certificate level, thereby generating malicious nodes and preventing the malicious nodes from being destroyed.
The invention has the following beneficial effects:
1. according to the method for rapidly failing through optimizing node communication, the nodes are screened through the rapidly failing method, malicious nodes are prevented from broadcasting data, normal logic is prevented from being polluted or influenced after the malicious nodes reach other nodes, the safety of source data is guaranteed, meanwhile, the safety of users when accessing the source data is guaranteed, the system performs three-layer inspection through the IP address, identity information and trust certificates used when the users log in, the malicious nodes cannot escape, once the malicious nodes are detected by the system, the system immediately pulls the malicious nodes into a blacklist, and the connection of the malicious nodes is disconnected, so that the damage of the malicious nodes to the source data and the normal nodes is effectively avoided.
2. According to the method for quickly failing by optimizing node communication, the source data is established in the form of the blockchain, so that the safety of the source data is greatly improved, and because the user in the blockchain logs in the blockchain and carries identity information and certificate verification, the method for quickly failing is more beneficial to implementation in the blockchain, so that the safety of the source data is ensured, meanwhile, when the user accesses the source data, malicious modification on the source data is avoided, once a malicious user is detected by a system, long-time blocking processing is carried out on the malicious user, and damage of an unknown person to the source data and a normal node is effectively prevented.
Drawings
FIG. 1 is a schematic flow chart of the method of the invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, a method for fast failure by optimizing node communication, and screening a running error or malicious node by the fast failure method, so as to effectively avoid error data propagation, includes the following steps:
the first step: establishing source data
The accessible source data is established in the blockchain.
And a second step of: node access
The nodes are accessed by different nodes, and the nodes are accessed sequentially by a certain priority.
And a third step of: data verification
When the node accesses, the system automatically checks the IP address, identity information and trust certificate of the user according to the node logged in by the user.
Fourth step: judging whether it is malicious node
The system automatically judges whether the node is a malicious node or not by checking the IP address and the identity information used when the user logs in the node and the trust certificate used when the user logs in, thereby ensuring that the node is a normal node and ensuring that the system can normally operate.
Fifth step: processing of normal nodes
After the system judges the normal node, the system passes through, so that the normal node can normally access the source data, and the normal node is recorded so as to be accessed by the normal node next time.
Sixth step: processing of malicious nodes
After the system judges, the malicious node is not passed, the system pulls the malicious node into a blacklist, the system deprives the link node of the malicious node and disconnects the node, and meanwhile, the system permanently records the malicious node to prevent the malicious node from logging in every time later.
When the source data is accessed, the access can be performed through quick failure, and a layer of security channel is added for the source data to protect the source data.
When a user logs in, a trust certificate of the system and identity information of the user are needed, so that the system can check the node used by the user and effectively check the node logged in by the user.
The system is more strict in checking the nodes, and the malicious nodes are prevented from being damaged in a layer-by-layer checking mode.
When the system checks, the user with lower certificate level checks the system through the priority of the certificate, so that some people are prevented from maliciously logging in the node through the lower certificate level, and the malicious node is prevented from being damaged.
The method is used for screening the nodes through a quick failure method, prevents malicious nodes from broadcasting data and polluting or affecting normal logic after reaching other nodes, ensures the safety of source data, and simultaneously ensures the safety of users when accessing the source data, and the system performs three-layer inspection through the IP address, identity information and trust certificates used when the users log in, so that the malicious nodes cannot escape.
The method is more beneficial to implementation in the blockchain, so that the safety of the source data is ensured, and meanwhile, when the user accesses the source data, malicious modification of the source data is avoided.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (2)
1. A method for rapidly failing by optimizing node communication, which is used for discriminating the nodes with wrong operation or malicious operation, comprises the following steps:
the first step: establishing source data
Establishing accessible source data in a blockchain;
and a second step of: node access
Accessing through different nodes, and accessing among the nodes in sequence through priorities;
and a third step of: data verification
When the node accesses, the system automatically checks the IP address and identity information of the user and the trust certificate used when the user logs in according to the node which the user logs in;
fourth step: judging whether it is malicious node
Checking through an IP address and identity information used when a user logs in a node and a trust certificate used when the user logs in, and automatically judging whether the system is a malicious node or not;
fifth step: processing of normal nodes
After the system judges, the normal node, the system passes, so that the normal node can normally access the source data, and the normal node is recorded so as to access the normal node next time;
sixth step: processing of malicious nodes
After the system judges, the malicious node is not passed, the system pulls the malicious node into a blacklist, the system deprives the link node of the malicious node and disconnects the node, and meanwhile, the system permanently records the malicious node to prevent the malicious node from logging in every time later.
2. A method for rapid failure by optimizing node communication as recited in claim 1, wherein: when the system checks, the user with low certificate level checks the system firstly by checking the priority of the certificate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011368707.XA CN114039739B (en) | 2020-11-30 | 2020-11-30 | Method for fast failure by optimizing node communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011368707.XA CN114039739B (en) | 2020-11-30 | 2020-11-30 | Method for fast failure by optimizing node communication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114039739A CN114039739A (en) | 2022-02-11 |
| CN114039739B true CN114039739B (en) | 2024-04-16 |
Family
ID=80134155
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011368707.XA Active CN114039739B (en) | 2020-11-30 | 2020-11-30 | Method for fast failure by optimizing node communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114039739B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102355663A (en) * | 2011-06-30 | 2012-02-15 | 北京交通大学 | Credible inter-domain rapid authentication method on basis of separation mechanism network |
| CN102724172A (en) * | 2011-07-28 | 2012-10-10 | 北京天地互连信息技术有限公司 | System and method supporting rapid access authentication |
| CN108737501A (en) * | 2018-04-23 | 2018-11-02 | 北京海华鑫安生物信息技术有限责任公司 | A kind of DNA date storage methods, equipment and system based on block chain |
| CN111787073A (en) * | 2020-06-18 | 2020-10-16 | 多加网络科技(北京)有限公司 | Current-limiting fusing platform and method for unified service |
| CN111901338A (en) * | 2020-07-28 | 2020-11-06 | 安徽高山科技有限公司 | Data security protection method for application block chain |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2533639B (en) * | 2014-12-24 | 2017-11-22 | Imagination Tech Ltd | Low density parity check decoder |
| US10419218B2 (en) * | 2016-09-20 | 2019-09-17 | United States Postal Service | Methods and systems for a digital trust architecture |
-
2020
- 2020-11-30 CN CN202011368707.XA patent/CN114039739B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102355663A (en) * | 2011-06-30 | 2012-02-15 | 北京交通大学 | Credible inter-domain rapid authentication method on basis of separation mechanism network |
| CN102724172A (en) * | 2011-07-28 | 2012-10-10 | 北京天地互连信息技术有限公司 | System and method supporting rapid access authentication |
| CN108737501A (en) * | 2018-04-23 | 2018-11-02 | 北京海华鑫安生物信息技术有限责任公司 | A kind of DNA date storage methods, equipment and system based on block chain |
| CN111787073A (en) * | 2020-06-18 | 2020-10-16 | 多加网络科技(北京)有限公司 | Current-limiting fusing platform and method for unified service |
| CN111901338A (en) * | 2020-07-28 | 2020-11-06 | 安徽高山科技有限公司 | Data security protection method for application block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114039739A (en) | 2022-02-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8256002B2 (en) | Tool, method and apparatus for assessing network security | |
| US9794285B1 (en) | System and method for detecting hacked modems | |
| CN103701795B (en) | The recognition methods of the attack source of Denial of Service attack and device | |
| CN114978584A (en) | Network security protection safety method and system based on unit cell | |
| CN109756589A (en) | A kind of domain-name information maintenance system controlled altogether in many ways based on block chain | |
| CN106789935A (en) | A kind of terminal abnormal detection method | |
| CN106452955B (en) | A kind of detection method and system of abnormal network connection | |
| JP2010512585A (en) | Method to investigate and mitigate vulnerabilities caused by qualification acquisition | |
| US20100080239A1 (en) | Technique for combating loops in communication network | |
| CN106034054A (en) | Redundant access control list ACL rule file detection method and apparatus thereof | |
| CN112202812A (en) | Water conservancy Internet of things terminal access authentication method and system based on block chain | |
| CN108632267A (en) | A kind of topology pollution attack defense method and system | |
| Jiang et al. | BFLS: Blockchain and Federated Learning for sharing threat detection models as Cyber Threat Intelligence | |
| CN104486320A (en) | Intranet sensitive information disclosure evidence collection system and method based on honeynet technology | |
| CN114039739B (en) | Method for fast failure by optimizing node communication | |
| CN112468464B (en) | State machine integrity verification system and method based on service chain | |
| Abreu et al. | An effective attack detection approach in wireless mesh networks | |
| CN114006699B (en) | Certificate issuing method in zero trust architecture | |
| Chan et al. | The role of SLAs in reducing vulnerabilities and recovering from disasters | |
| CN102457476A (en) | Security defend method and system for peer-to-peer network | |
| Gnatyuk et al. | Method of Forming the Functional Security Profile for the Sectoral Information and Telecommunication Systems. | |
| D’Antonio et al. | Increasing security and protection through infrastructure resilience: the INSPIRE project | |
| CN101355462B (en) | Management information base for network equipment as well as method for monitoring network station and users | |
| CN112653587B (en) | Network connectivity state detection method and device | |
| KR102580469B1 (en) | Method for management for cyber security threat and attack surface and apparatus for performing the method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |