CN115967697A - Mail blacklist sharing method based on block chain - Google Patents
Mail blacklist sharing method based on block chain Download PDFInfo
- Publication number
- CN115967697A CN115967697A CN202211706575.6A CN202211706575A CN115967697A CN 115967697 A CN115967697 A CN 115967697A CN 202211706575 A CN202211706575 A CN 202211706575A CN 115967697 A CN115967697 A CN 115967697A
- Authority
- CN
- China
- Prior art keywords
- node
- blacklist
- data
- reporting
- report
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 230000007246 mechanism Effects 0.000 claims abstract description 19
- 238000012544 monitoring process Methods 0.000 claims abstract description 12
- 230000001360 synchronised effect Effects 0.000 claims abstract description 7
- 238000012163 sequencing technique Methods 0.000 claims description 20
- 238000012790 confirmation Methods 0.000 claims description 15
- 230000002159 abnormal effect Effects 0.000 claims description 12
- 239000004744 fabric Substances 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 6
- 238000011160 research Methods 0.000 claims description 4
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 238000012216 screening Methods 0.000 claims description 3
- 238000013524 data verification Methods 0.000 claims description 2
- 230000000737 periodic effect Effects 0.000 claims description 2
- 230000010354 integration Effects 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a mail blacklist sharing method based on a block chain, wherein an alliance chain comprises a reporting node, a billing node, a service node and a monitoring node; when the report node submits the blacklist data, the report node is supervised by the supervision node, the supervision node correspondingly evaluates the report node, and when a certain judgment index is met, the report node is rewarded or punished; the sharing method of the mail blacklist comprises blacklist reporting data generation, blacklist data accounting, synchronous blacklist data updating, service and blacklist member node supervision. The invention applies the block chain technology to the mail blacklist system, fully utilizes the properties of decentralization, non-tamper property and the like of the block chain, increases the blacklist node scoring mechanism, realizes the integration of the blacklist data, and ensures the open, transparent and non-tamper of the blacklist data and the overall safety of the system.
Description
Technical Field
The invention belongs to the technical field of mail systems, and particularly relates to a mail blacklist sharing method based on a block chain.
Background
In order to effectively control the amount of spam and protect the security of a server and a user, a mail service provider often adopts an anti-spam system to prevent the intrusion of spam. One effective technique is to monitor the source of spam by monitoring the sending IP or email address, i.e., IP blacklist. The IP blacklist can judge whether the IP is a spammer or not through a corresponding rule, and all the mails which belong to the IP and are sent in the future can be returned for the IP address which is included in the IP blacklist. However, the current IP blacklist technology still has the following defects: at present, related mechanisms provide over 100 blacklists in the global range, each blacklist has a data format, and the blacklist does not have a unified standard format; the provision of the blacklist service and the maintenance of the blacklist are provided and maintained by a blacklist service provider, the authority and reliability of the blacklist depending on the provider; the blacklist range of each channel is limited, and often only a blacklist for identifying specific language mails can be sent, and the blacklist does not have the identification capability for global multilingual mails; the sharing range and data timeliness of the blacklist are opaque, and a necessary supervision mechanism is lacked; each channel usually shares the blacklist through interfaces, text item publishing and other modes, a plurality of blacklists are paid and shared, and the timeliness and the utilization rate of data are low; all mechanisms completely and spontaneously share blacklist data, no effective reward and punishment mechanism is agreed, and certain potential threats exist.
Therefore, how to openly and transparently manage the shared blacklist becomes a new technical research point on the basis of guaranteeing the soundness of the blacklist mechanism function.
Disclosure of Invention
The invention mainly aims to overcome the defects of the prior art and provides a mail blacklist sharing method based on a block chain.
In order to achieve the purpose, the invention adopts the following technical scheme:
a mail blacklist sharing method based on a block chain is disclosed, wherein an alliance chain comprises a reporting node, a billing node, a service node and a monitoring node;
the report node is responsible for generating and submitting blacklist data;
the accounting node is responsible for processing the submitted blacklist information and screening the data;
the service node is responsible for extracting real-time blacklist information and providing blacklist service for products and law enforcement business;
the supervision node is responsible for supervising the reporting node and provides guarantee for the fairness of the blacklist alliance;
when submitting blacklist data, the reporting node is supervised by the supervision node, the supervision node evaluates the reporting node correspondingly, and when a certain judgment index is met, the reporting node is rewarded or punished;
the sharing method of the mail blacklist comprises blacklist report data generation, blacklist data accounting, synchronous blacklist data updating, service and blacklist member node supervision.
Furthermore, the reporting node consists of a blacklist generating and issuing mechanism and a mail service provider;
the accounting node consists of a mail service provider, a university and a research institution;
the service node consists of a mail service provider, a security manufacturer and a law enforcement agency;
the mail service system further comprises an endorsement node, a sequencing node and a confirmation node, wherein the three nodes are responsible for the mail service provider.
Further, the generating of the blacklist report data includes:
receiving blacklist report data, verifying the blacklist report data and generating blacklist data;
the blacklist report data receiving specifically comprises the following steps:
the reporting node receives blacklist original Data _ raw = (Ip, dns, type, source, time) provided by a local service provider and a user;
wherein Ip is blacklist IP address information, dns is blacklist DNS information, type is blacklist Type, source is reporter information, and Time is actual Time of submission;
the blacklist report data verification specifically comprises the following steps:
extracting corresponding blacklist IP addresses IP, dns and Type in the report Data _ raw by the report node, splicing IP, dns and Type information, comparing the spliced information with existing IP, dns and Type combined information on a chain, and generating blacklist Data when IP, dns and Type combined information does not appear in the report Data;
the generation of the blacklist data specifically comprises the following steps:
when the blacklist reported data information is verified to be appeared for the first time and the format is normal and correct, the data is combined according to the 5-tuple information to generate a blacklist related contract identifier N i Contract method M i And report information R i And a signature S i 。
Further, the blacklist data accounting specifically includes:
reporting node blacklist data submission, endorsement node blacklist data feedback, reporting node blacklist data reconfirmation, sequencing node data sequencing, confirming node blacklist data confirmation and blacklist data announcement.
Further, the submitting of the blacklist data of the report node specifically comprises the following steps:
the report node identifies the blacklist contract N i Contract method M i And report information R i And a signature S i Packaging the information to generate a transaction proposal and sending the transaction proposal to an endorsement node;
the feedback of the blacklist data of the endorsement node is specifically as follows:
after the endorsement node receives the proposal, the signature S is verified i And determining whether the submitter is authorized to execute the operation, simulating to execute an intelligent contract according to the endorsement policy, and signing the Result and the respective CA certificate S ca Hair restorerReporting the nodes;
the report node blacklist data reconfirmation specifically comprises the following steps:
after receiving the information returned by the endorsement node, the reporting node judges whether the transaction proposal result is consistent and whether the transaction proposal result is executed according to a certain endorsement strategy, and if not, the processing is stopped; if the endorsement quantity is met, the reporting node packs the data together to form a transaction and signs, and sends the transaction and the signature to the sequencing node;
the sequencing node data sequencing specifically comprises the following steps:
the sequencing node sequences the received transactions, packs a batch of transactions together according to a block generation strategy, generates a new block and sends the new block to the confirmation node;
the node blacklist data confirmation is specifically as follows:
after confirming that the node receives the block, checking each transaction in the block by adopting BFT consensus, checking whether the input and output depending on the transaction are in accordance with the state of a current block chain, and after the check is finished, adding the block to a local block chain;
the blacklist data announcement specifically includes:
after the confirmation node completes the state of the local alliance chain, the node announces the whole alliance chain, completes the updating of the whole state and realizes the accounting of blacklist data;
after the report node blacklist data is submitted, carrying out blacklist uplink, and adopting Fabric 1.0 in Hyperhedger Fabric to realize;
in the report of the blacklist data of the report node, the transaction proposal is at least sent to 3 endorsement nodes;
in reporting node blacklist data reconfirmation, sufficient endorsement results include at least 3 mail facilitators to agree.
Further, the synchronous update and service of the blacklist data specifically include:
updating the state of each member node of the alliance chain, updating the mail data of the member nodes of the alliance chain and performing subsequent treatment;
the state updating of each member node of the alliance chain specifically comprises the following steps:
each member node on the alliance chain synchronizes the latest alliance chain block data through the updating state, and each member on the alliance chain acquires the latest mail blacklist contract mark N through the updating state i Contract method M i And report information R i And a signature S i ;
The updating of the mail data of the member nodes of the alliance chain is specifically as follows:
each node in the alliance traverses the block reversely to report the latest report information R i Performing interpretation, obtaining the latest blacklist Data _ raw = (Ip, dns, type, source, time) Data, and storing the Ip, dns, type Data into the database of the coalition members;
the subsequent treatment specifically comprises:
and the service node in the alliance chain performs subsequent treatment on the blacklist data information according to the service requirement, wherein the subsequent treatment comprises but is not limited to combining a mail blacklist with a mail system and constructing a mail blacklist inquiry link.
Further, the node supervision of the blacklist member comprises:
the method comprises the steps of initial supervision node selection, abnormal tolerance threshold setting, reporting node normal threshold setting, reporting node classification, reporting node reward and punishment and reporting node updating.
Further, the initial supervision node selection specifically includes:
k supervision nodes are selected by using a DPos consensus mechanism and used for evaluating and scoring the reporting nodes;
the setting of the anomaly tolerance threshold specifically comprises:
the anomaly tolerance threshold is:
k is the number of times of reporting the blacklist by the reporting node in an abnormal mode, and when the number of reporting exceptions submitted by a user is less than or equal to 1000, the threshold value of the abnormal tolerance is stabilized at 1 and is kept unchanged; when the number of times of the abnormal occurrences exceeds 1000 and the trend of increasing number is presented, w 1 The threshold will exhibit a downward trend.
Further, the setting of the reporting node normal threshold specifically includes:
in the blacklist system, there are K monitoring nodes and M reporting nodes, and by counting the scores of the M reporting nodes in the K monitoring nodes, s is recorded i,j Scoring the jth reporting node for the ith supervision node; wherein s is i,j The updating is carried out according to the following formula:
s new =s+a*w 1
wherein s is new Scoring obtained for the current latest reporting node, scoring the reporting node when the reporting node is successfully submitted last time, finally confirming a blacklist data submitted by the reporting node, multiplying the obtained reference score a by tolerance threshold w 1 Fractional addition of (c);
normal threshold w of currently reporting node 2 The formula is as follows:
the reporting node classification specifically comprises:
definition s j The average score of the jth reported node is expressed as follows
When s j Satisfies s j ≥w 2 When the node is normal, the node is good, and a certain reward can be given;
when s is j <w 2 When the number of the reporting nodes is larger than the threshold value, namely the score of the current jth reporting node is below the average value, and a certain penalty can be given according to a score criterion;
and the supervision node scores the reporting nodes, selects to periodically execute scoring and gives reward punishment.
Further, reporting node reward and punishment, namely tolerance threshold value adjustment and node adjustment;
the tolerance threshold adjustment is specifically as follows:
when the reporting node w times is higher than the average value, the tolerance threshold k is increased, and k is increased from 1000 to 1000+ w 100:
when the reporting node w times is lower than the average value, the tolerance threshold is adjusted down, and k is reduced from 10 by 1000-w x 100:
the node adjustment specifically comprises the following steps:
when the number w of reporting nodes is higher than the average value, the total number of reporting nodes of the reporting nodes to the mechanism can be increased;
when the number w of reporting nodes is lower than the average value, the total number of reporting nodes of the mechanism can be reduced;
the report node updating specifically comprises the following steps:
and updating the reporting nodes according to the reward and punishment conditions and the actual conditions, and assigning values to the M reporting nodes again to update the tolerance threshold value of each node.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. the invention reasonably plans the composition and positioning of various nodes in the blacklist system in the mail field based on the block chain technology, and takes overall local information into account, so that the mail blacklist system can make overall decision taking into account under the condition of collecting the local information of each node in the whole alliance chain, thereby ensuring the disclosure, transparency and non-falsification of the blacklist in the mail blacklist system and the stability of each node of the blacklist.
2. The block chain architecture is realized by adopting the union chain technology of the block chain and utilizing Hyperhedger Fabric, and different social members (blacklist industry organizations, mail service providers, law enforcement departments and the like are taken as nodes in the union chain) in different mail fields are included in the union chain, so that the integrity of the whole mail blacklist system is ensured.
3. The invention provides a node scoring mechanism, and a supervision node is added in a alliance chain in consideration of certain difference of the credit degrees in each node, so that the whole mail blacklist system can ensure that each node has higher reliability on the basis of ensuring the safety and stability of the mail blacklist information, and the whole safety of the whole mail blacklist system is improved.
Drawings
FIG. 1 is a schematic illustration of a method according to an embodiment of the invention;
FIG. 2 is a diagram of blacklisted node role information in an embodiment;
FIG. 3 is a node role information diagram after the fusion of blacklisted nodes and Fabric in the embodiment;
FIG. 4 is a flow diagram of blacklist data submission in an embodiment.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but the present invention is not limited thereto.
Examples
As shown in fig. 1 and fig. 2, the present invention provides a mail blacklist sharing method based on a block chain, wherein a federation chain includes a Reporting node (Reporting node), a billing node (bookmaking node), a Service node (Service node), and a supervisory node (supervisory node);
the report node is responsible for generating and submitting blacklist data;
the accounting node is responsible for processing the submitted blacklist information and screening data and comprises a mail service provider, a university, a research institution and the like;
the service node is responsible for extracting real-time blacklist information and providing blacklist service for products, law enforcement business and the like and comprises a mail service provider, a security manufacturer, a law enforcement organization and the like;
the monitoring node is responsible for monitoring the reporting node and providing guarantee for the fairness of the blacklist alliance;
after submitting the blacklist data of the reported nodes, performing blacklist uplink, and implementing by adopting Fabric 1.0 in Hyperhedger Fabric, wherein the roles of the nodes after the blacklist nodes and the Fabric are fused are shown in FIG. 3 and include:
the reporting node mainly comprises an industry organization (blacklist generation and release mechanism) and a mail service provider.
The roles of endorsement node (Endorser), sort node (Orderers) and confirmation node (committers) are mainly played by mail service providers.
When submitting blacklist data, the reporting node is supervised by the supervision node, the supervision node evaluates the reporting node correspondingly, and when a certain judgment index is met, the reporting node is rewarded or punished;
the sharing method of the mail blacklist comprises blacklist reporting data generation, blacklist data accounting, synchronous blacklist data updating, service and blacklist member node supervision.
In this embodiment, the generating of the blacklist report data includes:
receiving blacklist report data, verifying the blacklist report data and generating blacklist data;
the blacklist report data receiving specifically comprises the following steps:
the reporting node receives blacklist original Data _ raw = (Ip, dns, type, source, time) provided by a local service provider and a user;
wherein Ip is blacklist IP address information, dns is blacklist DNS information, type is blacklist Type, source is reporter information, and Time is actual Time of submission;
the verification of the blacklist report data specifically comprises the following steps:
extracting corresponding blacklist IP addresses IP, dns and Type in the report Data _ raw by the report node, splicing IP, dns and Type information, comparing the spliced information with existing IP, dns and Type combined information on a chain, and generating blacklist Data when IP, dns and Type combined information does not appear in the report Data;
the generation of the blacklist data specifically comprises the following steps:
when the blacklist report data information is verified to be firstly appeared and the format is normal and correct, the data is combined according to the 5-tuple information to generateBlacklisting related contract identification N i Contract method M i And report information R i And a signature S i 。
For example, coremail reports an IP blacklist, and the report information is: "192.168.XXX.XXX, WWW.XXX.COM, IPv4, coremail,11-30-2021, 32.
In this embodiment, the blacklist data accounting specifically includes:
reporting node blacklist data submission, endorsement node blacklist data feedback, reporting node blacklist data reconfirmation, sequencing node data sequencing, confirming node blacklist data confirmation and blacklist data announcement.
As shown in fig. 4, the submission of the blacklist data of the reporting node specifically includes:
the report node identifies the blacklist contract N i Contract method M i And report information R i And a signature S i Packaging the information to generate a transaction proposal and sending the transaction proposal to endorsement nodes (at least 3 endorsement nodes);
the data feedback of the blacklist of the endorsement node is specifically as follows:
after the endorsement node receives the proposal, the signature S is verified i And determining whether the submitter is authorized to execute the operation, simulating to execute an intelligent contract according to the endorsement policy, and signing the Result and the respective CA certificate S ca Sending the report to a reporting node;
the report node blacklist data reconfirmation specifically comprises the following steps:
after receiving the information returned by the endorsement node, the reporting node judges whether the transaction proposal result is consistent and whether the transaction proposal result is executed according to a certain endorsement strategy, and if not, the reporting node stops processing (at least 3 mail service providers agree); if the endorsement quantity is met, the reporting node packs the data together to form a transaction and signs, and sends the transaction and the signature to the sequencing node;
the sequencing node data sequencing specifically comprises the following steps:
the sequencing node sequences the received transactions, packs a batch of transactions together according to a block generation strategy, generates a new block and sends the new block to the submission confirmation node;
the node blacklist data confirmation is specifically as follows:
after confirming that the node receives the block, checking each transaction in the block by adopting BFT consensus, checking whether the input and output depending on the transaction are in accordance with the state of a current block chain, and after the check is finished, adding the block to a local block chain;
the blacklist data announcement specifically includes:
and after the confirmation node finishes the state of the local alliance chain, announcing the whole alliance chain, finishing the updating of the whole state and realizing the account recording of the blacklist data.
In this embodiment, the synchronous update and service of the blacklist data specifically include:
updating the state of each member node of the alliance chain, updating the mail data of the member nodes of the alliance chain and performing subsequent treatment;
the state updating of each member node of the alliance chain specifically comprises the following steps:
each member node on the alliance chain synchronizes the latest alliance chain block data through the updating state, and each member on the alliance chain acquires the latest mail blacklist contract mark N through the updating state i Contract method M i And report information R i And a signature S i ;
The updating of the mail data of the member nodes of the alliance chain is specifically as follows:
each node in the alliance traverses the block reversely to send the latest report information R i Performing interpretation, obtaining the latest blacklist Data _ raw = (Ip, dns, type, source, time) quintuple Data, and storing the Ip, dns and Type Data into a database of the coalition members;
the subsequent treatment specifically comprises:
and the service node in the alliance chain performs subsequent treatment on the blacklist data information according to the service requirement, wherein the subsequent treatment comprises the operations of combining a mail blacklist with a mail system, constructing a mail blacklist inquiry link and the like.
In this embodiment, the node supervision of the blacklist member includes:
the method comprises the steps of initial supervision node selection, abnormal tolerance threshold setting, reporting node normal threshold setting, reporting node classification, reporting node reward and punishment and reporting node updating.
The initial supervision node selection specifically comprises:
k supervision nodes are selected by using a DPos consensus mechanism and are used for evaluating and scoring the report nodes;
the setting of the anomaly tolerance threshold specifically comprises:
the anomaly tolerance threshold is defined as:
wherein k is the number of times of reporting the blacklist by the reporting node in an abnormal way, and when the number of reporting exceptions submitted by the user is less than or equal to 1000, the threshold value of the abnormal tolerance is stabilized at 1 and is kept unchanged; when the number of times of the abnormal occurrences exceeds 1000 and the trend of increasing number is presented, w 1 The threshold will exhibit a downward trend.
The setting of the normal threshold of the reporting node specifically comprises the following steps:
in the blacklist system, there are K monitoring nodes and M reporting nodes, and by counting the scores of the M reporting nodes in the K monitoring nodes, s is recorded i,j Scoring the jth reporting node for the ith supervision node; wherein s is i,j The following formula is updated to obtain:
s new =s+a*w 1
wherein s is new Reporting node scores for the score obtained by the current latest reporting node, wherein s is the score of the reporting node when the reporting node is successfully submitted last time, and when a blacklist data submitted by the reporting node is finally confirmed, the obtained reference score a is multiplied by a tolerance threshold value w 1 Fractional addition of (c);
normal threshold w of currently reported node 2 The formula is as follows:
the reporting node classification specifically comprises:
definition s j The average score of the jth reported node is expressed as follows
When s is j Satisfies s j ≥w 2 In time, the score of the current jth reporting node is above the average value, and the node belongs to a normal and good node and can give a certain reward;
when s is j <w 2 In time, the score of the previous jth reporting node is below the average value, and a certain penalty can be given according to the score criterion;
and the supervision node scores the reporting nodes, selects periodic scoring and gives reward and punishment.
Reporting node reward and punishment, namely tolerance threshold value adjustment and node adjustment;
the tolerance threshold adjustment is specifically as follows:
when the reporting node w is higher than the average value for times, the tolerance threshold k is increased, and k is increased from 1000 to 1000+ w 100:
when the reporting node w times is lower than the average value, the tolerance threshold is reduced, and k is reduced from 10 to 1000-w 100:
the node adjustment specifically comprises the following steps:
when the number w of reporting nodes is higher than the average value, the total number of reporting nodes of the reporting nodes to the mechanism can be increased;
when the number w of reporting nodes is lower than the average value, the total number of reporting nodes of the mechanism can be reduced;
the report node updating specifically comprises the following steps:
and updating the reporting nodes according to the reward and punishment conditions and the actual conditions, and assigning values to the M reporting nodes again to update the tolerance threshold value of each node.
It should also be noted that in this specification, terms such as "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A mail blacklist sharing method based on a block chain is characterized in that a alliance chain comprises a reporting node, a bookkeeping node, a service node and a monitoring node;
the report node is responsible for generating and submitting blacklist data;
the accounting node is responsible for processing the submitted blacklist information and screening the data;
the service node is responsible for extracting real-time blacklist information and providing blacklist service for products and law enforcement business;
the supervision node is responsible for supervising the reporting node and provides guarantee for the fairness of the blacklist alliance;
when the report node submits the blacklist data, the report node is supervised by the supervision node, the supervision node correspondingly evaluates the report node, and when a certain judgment index is met, the report node is rewarded or punished;
the sharing method of the mail blacklist comprises blacklist reporting data generation, blacklist data accounting, synchronous blacklist data updating, service and blacklist member node supervision.
2. The method of claim 1, wherein the reporting node comprises a blacklist generation and distribution mechanism and a mail service provider;
the accounting node consists of a mail service provider, a university and a research institution;
the service node consists of a mail service provider, a security manufacturer and a law enforcement agency;
the mail service system further comprises an endorsement node, a sequencing node and a confirmation node, and the three nodes are responsible for the mail service provider.
3. The method of claim 2, wherein the generating of the blacklist report data comprises:
receiving blacklist report data, verifying the blacklist report data and generating blacklist data;
the blacklist report data receiving specifically comprises the following steps:
the reporting node receives blacklist original Data _ raw = (Ip, dns, type, source, time) provided by a local service provider and a user;
wherein Ip is blacklist IP address information, dns is blacklist DNS information, type is blacklist Type, source is reporter information, and Time is actual Time of submission;
the blacklist report data verification specifically comprises the following steps:
extracting corresponding blacklist IP addresses IP, dns and Type in report Data _ raw by the report node, splicing IP, dns and Type information, comparing the spliced blacklist IP addresses IP, dns and Type information with existing IP, dns and Type combined information on a chain, and generating blacklist Data when IP, dns and Type combined information does not appear in the report Data;
the generation of the blacklist data specifically comprises the following steps:
when the blacklist reported data information is verified to be appeared for the first time and the format is normal and correct, the data is combined according to the 5-tuple information to generate a blacklist related contract identifier N i Contract method M i And report information R i And a signature S i 。
4. The method of claim 3, wherein the blacklist data accounting specifically comprises:
reporting node blacklist data submission, endorsement node blacklist data feedback, reporting node blacklist data reconfirmation, sequencing node data sequencing, confirming node blacklist data confirmation and blacklist data announcement.
5. The method according to claim 4, wherein the reporting of the blacklist data of the nodes is specifically:
the report node identifies the blacklist contract N i Contract method M i And report information R i And a signature S i Packaging the information to generate a transaction proposal and sending the transaction proposal to the endorsement node;
the data feedback of the blacklist of the endorsement node is specifically as follows:
after the endorsement node receives the proposal, the signature S is verified i And determining whether the submitter is authorized to execute the operation, simulating and executing an intelligent contract according to the endorsement policy, and signing the Result and the CA certificate thereof ca Sending the report back to a reporting node;
the report node blacklist data reconfirmation specifically comprises the following steps:
after receiving the information returned by the endorsement node, the reporting node judges whether the transaction proposal result is consistent and whether the transaction proposal result is executed according to a certain endorsement strategy, and if not, the processing is stopped; if the endorsement quantity is met, the reporting node packs the data together to form a transaction and signs, and sends the transaction and the signature to the sequencing node;
the sequencing node data sequencing specifically comprises the following steps:
the sequencing node sequences the received transactions, packs a batch of transactions together according to a block generation strategy, generates a new block and sends the new block to the confirmation node;
the node blacklist data confirmation is specifically as follows:
after confirming that the node receives the block, checking each transaction in the block by adopting BFT consensus, checking whether the input and output depending on the transaction are in accordance with the state of a current block chain, and after the check is finished, adding the block to a local block chain;
the blacklist data announcement specifically includes:
after the confirmation node completes the state of the local alliance chain, the node announces the whole alliance chain, completes the updating of the whole state and realizes the accounting of blacklist data;
after the report node blacklist data is submitted, carrying out blacklist uplink, and adopting Fabric 1.0 in Hyperhedger Fabric to realize;
in the report of the blacklist data of the report node, the transaction proposal is at least sent to 3 endorsement nodes;
in reporting node blacklist data reconfirmation, sufficient endorsement results include at least 3 mail facilitators to agree.
6. The method for sharing the blacklist of emails according to claim 5, wherein the synchronous update and service of the blacklist data specifically comprises:
updating the state of each member node of the alliance chain, updating the mail data of the member nodes of the alliance chain and performing subsequent treatment;
the state updating of each member node of the alliance chain specifically comprises the following steps:
each member node on the alliance chain synchronizes the latest alliance chain block data through the updating state, and each member on the alliance chain acquires the latest mail blacklist contract mark N through the updating state i Contract method M i And report information R i And a signature S i ;
The updating of the mail data of the member nodes of the alliance chain is specifically as follows:
each node in the alliance traverses the block reversely to report the latest report information R i Performing interpretation, obtaining the latest blacklist Data _ raw = (Ip, dns, type, source, time) Data, and storing the Ip, dns, type Data into the database of the coalition members;
the subsequent treatment specifically comprises:
and the service node in the alliance chain performs subsequent treatment on the blacklist data information according to the service requirement, wherein the subsequent treatment comprises but is not limited to combining a mail blacklist with a mail system and constructing a mail blacklist inquiry link.
7. The method of claim 1, wherein blacklist member node supervision comprises:
the method comprises the steps of initial supervision node selection, abnormal tolerance threshold setting, reporting node normal threshold setting, reporting node classification, reporting node reward and punishment and reporting node updating.
8. The method according to claim 7, wherein the initial supervisory node selects specifically:
k supervision nodes are selected by using a DPos consensus mechanism and are used for evaluating and scoring the report nodes;
the setting of the anomaly tolerance threshold specifically comprises:
the anomaly tolerance threshold is:
k is the number of times of reporting the blacklist by the reporting node in an abnormal mode, and when the number of reporting exceptions submitted by a user is less than or equal to 1000, the threshold value of the abnormal tolerance is stabilized at 1 and is kept unchanged; when the number of times of the abnormal occurrences exceeds 1000 and the trend of increasing number is presented, w 1 The threshold will exhibit a downward trend.
9. The method according to claim 7, wherein the setting of the reporting node normal threshold specifically comprises:
in the blacklist system, there are K monitoring nodes and M reporting nodes, and by counting the scores of the M reporting nodes in the K monitoring nodes, s is recorded i,j Scoring the jth reporting node for the ith supervision node; wherein s is i,j The following formula is updated to obtain:
s new =s+a*w 1
wherein s is new Scoring obtained for the current latest reporting node, scoring the reporting node when the reporting node is successfully submitted last time, finally confirming a blacklist data submitted by the reporting node, and multiplying the obtained reference score a by the tolerance threshold value w 1 Fractional addition of (c);
normal threshold w of currently reported node 2 The formula is as follows:
the reporting node classification specifically comprises:
definition s j The average score of the jth reporting node is expressed as follows
When s j Satisfies s j ≥w 2 When the node is normal, the node is good, and a certain reward can be given;
when s is j <w 2 When the number of the reporting nodes is larger than the threshold value, namely the score of the current jth reporting node is below the average value, and a certain penalty can be given according to a score criterion;
and the supervision node scores the reporting nodes, selects periodic scoring and gives reward and punishment.
10. The block chain based mail blacklist sharing method of claim 7, wherein reporting node reward punishment is tolerance threshold adjustment and node adjustment;
the tolerance threshold adjustment is specifically as follows:
when the reporting node w is higher than the average value for times, the tolerance threshold k is increased, and k is increased from 1000 to 1000+ w 100:
when the reporting node w times is lower than the average value, the tolerance threshold is adjusted down, and k is reduced from 10 by 1000-w x 100:
the node adjustment specifically comprises the following steps:
when the number w of reporting nodes is higher than the average value, the total number of reporting nodes of the reporting nodes to the mechanism can be increased;
when the number of times w of the reporting nodes is lower than the average value, the total number of the reporting nodes of the mechanism can be reduced;
the report node updating specifically comprises the following steps:
and updating the reporting nodes according to actual conditions according to the reward and punishment conditions, and assigning values to the M reporting nodes again to update the tolerance threshold value of each node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211706575.6A CN115967697A (en) | 2022-12-27 | 2022-12-27 | Mail blacklist sharing method based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211706575.6A CN115967697A (en) | 2022-12-27 | 2022-12-27 | Mail blacklist sharing method based on block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115967697A true CN115967697A (en) | 2023-04-14 |
Family
ID=87352511
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211706575.6A Pending CN115967697A (en) | 2022-12-27 | 2022-12-27 | Mail blacklist sharing method based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115967697A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117834655A (en) * | 2024-03-04 | 2024-04-05 | 暨南大学 | Method and system for sharing rejected fraudulent data based on blockchain |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110049063A (en) * | 2019-04-30 | 2019-07-23 | 中国科学院计算机网络信息中心 | A kind of phishing data sharing method and system based on block chain |
CN111200584A (en) * | 2018-11-20 | 2020-05-26 | 慧盾信息安全科技(苏州)股份有限公司 | System and method for optimizing black and white list mechanism based on block chain technology |
CN111899019A (en) * | 2020-07-28 | 2020-11-06 | 朱玮 | Method and system for cross validation and sharing of blacklist and multiple parties |
KR20200137818A (en) * | 2019-05-31 | 2020-12-09 | 주식회사 구하다 | Blockchain-based community operating methods and systems for shopping mall and therefore |
WO2021018088A1 (en) * | 2019-07-30 | 2021-02-04 | 华为技术有限公司 | Trusted authentication method, network device, system and storage medium |
-
2022
- 2022-12-27 CN CN202211706575.6A patent/CN115967697A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111200584A (en) * | 2018-11-20 | 2020-05-26 | 慧盾信息安全科技(苏州)股份有限公司 | System and method for optimizing black and white list mechanism based on block chain technology |
CN110049063A (en) * | 2019-04-30 | 2019-07-23 | 中国科学院计算机网络信息中心 | A kind of phishing data sharing method and system based on block chain |
KR20200137818A (en) * | 2019-05-31 | 2020-12-09 | 주식회사 구하다 | Blockchain-based community operating methods and systems for shopping mall and therefore |
WO2021018088A1 (en) * | 2019-07-30 | 2021-02-04 | 华为技术有限公司 | Trusted authentication method, network device, system and storage medium |
CN111899019A (en) * | 2020-07-28 | 2020-11-06 | 朱玮 | Method and system for cross validation and sharing of blacklist and multiple parties |
Non-Patent Citations (1)
Title |
---|
曾光辉;高一然;: "基于区块链的红黑名单共享管理***", 物联网技术, no. 08, 19 August 2020 (2020-08-19) * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117834655A (en) * | 2024-03-04 | 2024-04-05 | 暨南大学 | Method and system for sharing rejected fraudulent data based on blockchain |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109426543B (en) | Robot operation control system for mixed labor force | |
EP2943889B1 (en) | Systems and methods for access-controlled interactions | |
CN104272268B (en) | For the system of communication security management, apparatus and method | |
US7293065B2 (en) | Method of electronic message delivery with penalties for unsolicited messages | |
CA2722286C (en) | Method and device for securing data transfers | |
US20130104237A1 (en) | Managing Risk Associated With Various Transactions | |
US20090030751A1 (en) | Threat Modeling and Risk Forecasting Model | |
US20100281535A1 (en) | Electronic message delivery with estimation approaches | |
US20070124579A1 (en) | Method and system for online trust management using statistical and probability modeling | |
Shakibayifar et al. | Stochastic optimization of an urban rail timetable under time‐dependent and uncertain demand | |
Seymour et al. | Generative models for spear phishing posts on social media | |
US20120042354A1 (en) | Entitlement conflict enforcement | |
US8170929B1 (en) | Transaction support system | |
CN115967697A (en) | Mail blacklist sharing method based on block chain | |
CN110069637A (en) | Online way of invitation for bid and system based on block chain | |
Sangeetha et al. | Blockchain for IoT enabled supply chain management-A systematic review | |
US20230020623A1 (en) | Deriving and surfacing insights regarding security threats | |
Chakraborty | Fintech: evolution or revolution | |
AU766313B2 (en) | Transaction support system | |
CN109213806A (en) | Pollutant discharge of enterprise data processing method and system based on block chain | |
Chen et al. | Blockchain applications and challenges for supply chain and Industry 4.0: a literature review | |
Shih et al. | Collaborative spam filtering with heterogeneous agents | |
Michalopoulos et al. | A V2X reputation system with privacy considerations | |
CN108234434B (en) | Detection method based on email address identification | |
Livshitz et al. | The evaluation of the electronic services with accordance to IT-security requirements based on ISO/IEC 27001 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |