CN116015966B - User information processing system based on block chain - Google Patents
User information processing system based on block chain Download PDFInfo
- Publication number
- CN116015966B CN116015966B CN202310017766.XA CN202310017766A CN116015966B CN 116015966 B CN116015966 B CN 116015966B CN 202310017766 A CN202310017766 A CN 202310017766A CN 116015966 B CN116015966 B CN 116015966B
- Authority
- CN
- China
- Prior art keywords
- user
- information
- identity information
- blockchain
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 13
- 238000012795 verification Methods 0.000 claims abstract description 61
- 230000002265 prevention Effects 0.000 claims abstract description 30
- 239000011159 matrix material Substances 0.000 claims description 23
- 238000012545 processing Methods 0.000 claims description 19
- 238000013135 deep learning Methods 0.000 claims description 11
- 238000001914 filtration Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 10
- 238000012549 training Methods 0.000 claims description 10
- 210000005036 nerve Anatomy 0.000 claims description 7
- 238000000034 method Methods 0.000 abstract description 31
- 230000008569 process Effects 0.000 abstract description 20
- 238000003672 processing method Methods 0.000 abstract description 9
- 230000009545 invasion Effects 0.000 abstract description 3
- 238000001514 detection method Methods 0.000 description 26
- 230000006870 function Effects 0.000 description 19
- 238000000605 extraction Methods 0.000 description 9
- 238000004422 calculation algorithm Methods 0.000 description 8
- 230000008859 change Effects 0.000 description 8
- 238000007781 pre-processing Methods 0.000 description 6
- ZPUCINDJVBIVPJ-LJISPDSOSA-N ***e Chemical compound O([C@H]1C[C@@H]2CC[C@@H](N2C)[C@H]1C(=O)OC)C(=O)C1=CC=CC=C1 ZPUCINDJVBIVPJ-LJISPDSOSA-N 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000007123 defense Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001537 neural effect Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a user information processing method and a system based on a block chain, wherein the processing method comprises the following steps: a user sends a user registration request to an application program node through a user terminal, wherein the user registration request comprises third identity information and user information of the user; the application program node sends third identity information to the blockchain, and after the blockchain verifies and stores the third identity information, verification results are sent to each application program node through a specified ISP link; when the information is stored in the blockchain, the configuration security policy references the intrusion prevention configuration file, and the data information released by the security policy is detected. The application keeps the information modified by the user in the blockchain, and updates the information to each application program node by designating ISP link, and detects the data information released by the security policy in the updating process, thereby avoiding the user information leakage caused by the invasion of the server and having good security.
Description
Technical Field
The application relates to the technical field of information processing, in particular to a user information processing method and system based on a block chain.
Background
With the development of the internet, a user can log in a plurality of application programs by using the same user information, and the user information can be an account name, an account password, a mobile phone number and the like, however, when the user wants to change the user information, the user needs to change the original user information into new user information in each registered application program respectively, the operation is complex, and the user information is inconvenient to change.
Therefore, the China patent publication No. CN111783049A discloses a user information processing method and system based on a blockchain, and belongs to the technical field of blockchains. The method is applied to any application node in a blockchain, the blockchain including a plurality of application nodes, the method comprising: receiving a user information changing request sent by a user terminal, wherein the user information changing request carries first identity information of a user and new user information to be changed; verifying the first identity information and the new user information through a plurality of verification application nodes respectively, wherein the verification application nodes are application nodes in the blockchain; and if the first identity information and the new user information pass verification, changing the user information of the user stored in the blockchain based on the new user information. By adopting the technical scheme provided by the application, the problem of inconvenient user information change can be solved.
The above-mentioned technique has the following disadvantages: according to the information processing method, the user information of the user stored in the blockchain is changed through new user information, so that after the user password is modified, the user password is automatically changed in an application program which is logged in by the user and logged in, the user does not need to log in other application programs in sequence, however, the modified user password is updated to other application program nodes in the blockchain, and in the process, the user password is not subjected to safety protection, so that the user information is easy to leak, and the safety is poor.
Disclosure of Invention
The application aims to provide a user information processing method and system based on a block chain, which are used for solving the defects in the background technology.
In order to achieve the above object, the present application provides the following technical solutions: a blockchain-based user information processing method, the processing method comprising the steps of:
s1: a user sends a user registration request to an application program node through a user terminal, wherein the user registration request comprises third identity information and user information of the user;
s2: the application program node sends third identity information to the blockchain, and after the blockchain verifies and stores the third identity information, verification results are sent to each application program node through a specified ISP link;
s3: if the verification result is that the third identity information and the user information pass the verification, the third identity information and the user information are stored in the blockchain, and if the verification result is that the third identity information does not pass the verification, the application program node sends prompt information that the third identity information is wrong to the user terminal;
s4: when the information is stored in the blockchain, the configuration security policy references the intrusion prevention configuration file, and the data information released by the security policy is detected.
In a preferred embodiment, the user information includes a name of the user, an identification card number, and an image of a facial feature of the user, the identity information used when the user changes the user information is first identity information, the identity information of the user stored in the blockchain is second identity information, and the identity information sent when the user registers the application is called third identity information.
In a preferred embodiment, the blockchain includes an identity information verification node, the identity information verification node storing identity information of each user, the identity information verification node being configured to verify the third identity information.
In a preferred embodiment, the identity information verification node compares the face features in the third identity information with the face features stored in the blockchain through face comparison pre-configured in the blockchain, and the identity information verification node sends a verification result to the application node;
when the verification result is that the verification is passed, the application program node stores the third identity information and the user information into the blockchain;
and if the verification result is that the verification is not passed, the application program node sends prompt information with error of the third identity information to the user terminal.
In a preferred embodiment, in the blockchain, an intranet user accesses a message of an external network, a source address of the message is converted into a public network address by NAT, a source port is converted into a random unknown port by NAT, and a plurality of intranet users use the public network address at the same time.
The application also provides a user information processing system based on the block chain, which comprises a configuration module, a transmission module, a protection module and a processing module;
the user registers a user account through the configuration module, a user registration request is sent to the application program node, the application program node sends third identity information to the blockchain, when information is stored in the blockchain, the protection module configures the security policy to refer to the intrusion prevention configuration file, data information released by the security policy is detected, after the blockchain verifies and stores the third identity information, a verification result is sent to the application program node through the transmission module, and the verification result is sent to each application program node through a specified ISP link.
In a preferred embodiment, the processing module is configured to process and store the user account information, where the verification result indicates that the user account information is verified, store the third identity information and the user information into the blockchain, and send, to the configuration module, a prompt message that the third identity information is wrong if the verification result indicates that the user account information is not verified.
In a preferred embodiment, the protection module includes a security policy unit and an intrusion protection unit, the security policy unit is used for filtering network data packets, the intrusion protection unit is used for solving the protection problem of network attack initiated by an intranet, and the intrusion protection unit performs network intrusion detection based on shallow learning or deep learning.
In a preferred embodiment, the intrusion prevention unit detects network intrusion based on shallow learning, comprising the steps of:
(1) Setting the circulation times t, the layer number as L and the weight matrix W l And bias q l Randomly setting that L is more than or equal to 2 and less than or equal to L;
(2) Solving an error according to the actual output and the expected output;
(3) Calculating gradient DeltaW of weight matrix of nerve units of each layer by using nerve network l (i) And the gradient Δq of the offset vector l (i);
(4) Calculating the gradient delta W of the overall weight matrix l And bias vector gradient Δq l ;
(5) Updating weight matrixAnd offset vector->
(3) Repeating the steps (2), (3), (4) and (5) until training is finished.
In a preferred embodiment, the intrusion prevention unit detects network intrusion based on deep learning, comprising the steps of:
(1) Setting the circulation times t, the layer number as L and the weight matrixW l And bias q l Randomly setting that L is more than or equal to 2 and less than or equal to L;
(2) Calculating an error of a kth hidden layer;
(3) Calculating gradient of weight matrix of nerve unit according to error of kth hidden layerAnd gradient of offset vector->
(4) Calculating the gradient delta W of the weight matrix l And bias vector gradient Δq l ;
(5) Updating weight matrixAnd offset vector->
(6) After the k-th layer training is finished, if k+1 hidden layers exist, k=k+1, and repeating the steps (2), (3), (4) and (5);
(7) And fine tuning the overall weight and the bias.
In the technical scheme, the application has the technical effects and advantages that:
1. the application keeps the information modified by the user in the blockchain, and updates the information to each application program node by designating ISP link, and detects the data information released by the security policy in the updating process, thereby avoiding the user information leakage caused by the invasion of the server and having good security.
2. When the message of the intranet user accessing the extranet passes through the system by deploying the source NAT function, the source address of the message is converted into the public network address by the NAT, and the source port is converted into the random unknown port by the NAT, so that one public network address can be used by a plurality of intranet users at the same time, multiplexing of the public network address is realized, the problem that a large number of users access the extranet at the same time is solved, and the updating speed of data is improved.
3. The application reduces the transmission quantity of data by fusing and compressing the multi-user information, and can further improve the detection quantity of the protection module on the data when the transmission quantity of the data is reduced, thereby not only reducing the workload of the protection module, but also reducing the detection error of the protection module and further improving the safety of the system.
4. The intrusion detection algorithm based on shallow learning uses a marked training set to train a shallow learning network, unmarked data is used for testing after training, initial input and output are required to be preset, the input data reach an output layer after operation of a plurality of hidden layers, errors of an output result and an expected result are reversely transmitted, weights of all the hidden layers are modified, and finally the weights tend to be stable, and the errors are within an acceptable range.
5. The data can meet the input standard by carrying out necessary processing on the original data, the data is input by inputting the preprocessed data according to the input requirement, the feature extraction is carried out by using the feature extraction, the abstract feature extracted by deep learning is classified by using a classifier, the result of classification by the classifier is further arranged, the result of intrusion data detection by the model is obtained, the deep learning has strong feature extraction capability, and abstract feature attributes in intrusion data can be extracted.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a flow chart of the process of the present application.
FIG. 2 is a block diagram of a system according to the present application.
FIG. 3 is a flow chart of the operation of the processing system of the present application.
FIG. 4 is a schematic diagram of a protection module according to the present application.
Fig. 5 is a flow chart of the operation of the security policy unit of the application.
Fig. 6 is a flowchart of the operation of the intrusion prevention unit of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Example 1
Referring to fig. 1, the method for processing user information based on blockchain according to the present embodiment includes the following steps:
a user sends a user registration request to an application node through a user terminal;
the user registration request carries third identity information of the user and user information.
When a user wants to register a certain application program, the user can execute a preset registration operation on the user end, the preset registration operation can be that after the preset registration page of the application program fills in the third identity information and the user information of the user, a preset submitting icon is clicked, or after the preset registration page of the application program fills in the third identity information and the user information of the user, a command code representing submitting is input, the user end can generate a user registration request in response to the preset registration operation, and then the user registration request is sent to an application program node corresponding to the application program.
The identity information may be a name of a user, an identity card number, an image containing a face feature of the user, etc., for convenience of distinction, the identity information used when the user changes the user information is referred to as first identity information, the identity information of the user stored in the blockchain is referred to as second identity information, the identity information sent when the user registers an application program is referred to as third identity information, and the first identity information, the second identity information and the third identity information may be the same identity information or different identity information.
The application node sends third identity information to the identity information verifying node in the blockchain.
The blockchain may also include an identity information verification node, where the identity information verification node may store identity information of each user, and the identity information verification node may be a server side of the national resident identity information query system.
The application node may send third identity information to the identity information verification node in the blockchain after receiving the user registration request.
The identity information verifying node verifies the third identity information.
If the third identity information comprises an image containing the face features of the user, the identity information verification node can compare the face features contained in the third identity information with the face features stored in the blockchain through a face comparison algorithm pre-configured in the blockchain, so that whether the third identity information passes verification is judged.
If the third identity information includes a name, the process of verifying the name by the identity information verifying node is similar to the process of verifying the name by any electronic device in the related art, and will not be described herein.
Similarly, if the third identity information includes an identification card number, the process of verifying the identification card number by the identity information verification node is similar to the process of verifying the identification card number by any electronic device in the related art, and will not be described herein.
The identity information verification node sends a verification result to the application node.
The verification result is pass verification or fail verification.
If the verification result is that the verification is passed, the application node may store the third identity information and the user information into the blockchain.
If the verification result is that the verification is not passed, the application program node can send a prompt message that the third identity information is wrong to the user terminal.
After the authentication of the authentication node passes the third authentication information, the application program node can initiate authentication on the user information, the application program node can store the third authentication information and the user information into the blockchain after the user information passes the authentication, the application program node can receive the third authentication information and the user information of the user sent by the user terminal, and then the third authentication information is sent to the authentication node in the blockchain, so that the authentication node can authenticate the third authentication information. If the identity information verification node verifies that the third identity information is passed, the application node may store the third identity information and the user information into the blockchain.
Therefore, on one hand, the third identity information and the user information of the user are packaged and stored in the blockchain, so that after registering a certain application program contained in the blockchain, the user can log in other application programs contained in the blockchain by using the same user information, and the user can conveniently and quickly register and use each application program. On the other hand, the user information modification is convenient to realize based on the block chain.
Because private information of users such as identity information and user information of the users is stored in the blockchain, the private information is forwarded through a specific ISP link, an address conversion function is required to be deployed, and specific packets are directly converted to interfaces corresponding to the ISP.
In order to prevent network attacks initiated by the public network, an intrusion prevention function needs to be deployed, and the intrusion prevention function is realized by referencing an intrusion prevention configuration file when a security policy is configured, namely, detecting data released by the security policy.
In order to ensure that a large number of users in an intranet can access an external network through limited public network addresses, a source NAT function needs to be deployed, when a message of the users in the intranet for accessing the external network passes through the system, the source address of the message can be converted into the public network address by the NAT, and a source port can be converted into a random unknown port by the NAT, so that one public network address can be used by a plurality of users in the intranet at the same time, multiplexing of the public network addresses is realized, and the problem that a large number of users access the external network at the same time is solved.
In order to provide the intranet server resources for public network users to access, a destination address conversion function needs to be deployed on the system, and the private network service of the server is mapped to the public network. The user accesses the intranet server through the domain name, the server area deploys the DNS server to resolve the domain name into the public network address of the intranet server for the user, and the information processing method keeps the information modified by the user in the blockchain, updates the information to each application program node through the appointed ISP link, and detects the data information released by the security policy in the updating process, thereby avoiding the user information leakage caused by the invasion of the server and having good security.
Each authentication application node may send an authentication result indicating that authentication is passed to the responding application node in case both the first identity information and the new user information are authenticated. If the first identity information or the new user information is not authenticated, the authentication application node may send an authentication result to the responding application node indicating that the authentication is not authenticated.
The responding application node may determine, after receiving the authentication results sent by the respective authentication application nodes, whether the first identity information and the new user information pass authentication based on the received plurality of authentication results.
If the responding application node determines that both the first identity information and the new user information are authenticated based on the received authentication result, the responding application node may alter the user information of the user stored in the blockchain based on the new user information. If the first identity information or the new user information fails to pass the verification, the response application node may send a prompt message indicating that the verification fails to the user terminal.
The application program node can receive a user information changing request sent by a user terminal, wherein the user information changing request carries first identity information of a user and new user information to be changed; verifying the first identity information and the new user information through a plurality of verification application nodes in the blockchain respectively; if the first identity information and the new user information pass the verification, user information of the user stored in the blockchain is changed based on the new user information.
Because the user information of the user in each application program can be changed only by changing the new user information once in the block chain, the user is not required to change the user information in each application program, and the problem of inconvenient user information change can be solved.
Example 2
Referring to fig. 2 and 3, the blockchain-based user information processing system according to the present embodiment includes a configuration module, a transmission module, a protection module, and a processing module;
wherein,
and (3) a configuration module: the user registers a user account through the configuration module, a user registration request is sent to the application program node, and the application program node sends third identity information to the blockchain.
When a user wants to register a certain application program, the user can execute a preset registration operation on the user end, the preset registration operation can be that after the preset registration page of the application program fills in the third identity information and the user information of the user, a preset submitting icon is clicked, or after the preset registration page of the application program fills in the third identity information and the user information of the user, a command code representing submitting is input, the user end can generate a user registration request in response to the preset registration operation, and then the user registration request is sent to an application program node corresponding to the application program.
The identity information may be a name of a user, an identity card number, an image containing a face feature of the user, etc., for convenience of distinction, the identity information used when the user changes the user information is referred to as first identity information, the identity information of the user stored in the blockchain is referred to as second identity information, the identity information sent when the user registers an application program is referred to as third identity information, and the first identity information, the second identity information and the third identity information may be the same identity information or different identity information.
If the third identity information comprises an image containing the face features of the user, the identity information verification node can compare the face features contained in the third identity information with the face features stored in the blockchain through a face comparison algorithm pre-configured in the blockchain, so that whether the third identity information passes verification is judged.
If the third identity information includes a name, the process of verifying the name by the identity information verifying node is similar to the process of verifying the name by any electronic device in the related art, and will not be described herein.
Similarly, if the third identity information includes an identification card number, the process of verifying the identification card number by the identity information verification node is similar to the process of verifying the identification card number by any electronic device in the related art, and will not be described herein.
And a transmission module: after the block chain verifies and stores the third identity information, the verification result is sent to the application nodes through the transmission module, and the verification result is sent to each application node through the appointed ISP links.
And a protection module: when the information is stored in the blockchain, the configuration security policy references the intrusion prevention configuration file, and the data information released by the security policy is detected.
The processing module is used for: the system is used for processing and storing user account information, the verification result is that the third identity information and the user information are stored in the blockchain, the verification result is that the third identity information and the user information are not verified, the application program node sends prompt information of the third identity information with errors to the configuration module, the prompt information is sent to each application program node through a designated ISP link, the privacy of data information transmission can be improved, the configuration security policy refers to an intrusion prevention configuration file, the data information released by the security policy is detected, the system can be further prevented from being intruded by an external network, and therefore the security of the processing system is improved.
Each authentication application node may send an authentication result indicating that authentication is passed to the responding application node in case both the first identity information and the new user information are authenticated. If the first identity information or the new user information is not authenticated, the authentication application node may send an authentication result to the responding application node indicating that the authentication is not authenticated.
The responding application node may determine, after receiving the authentication results sent by the respective authentication application nodes, whether the first identity information and the new user information pass authentication based on the received plurality of authentication results.
If the responding application node determines that both the first identity information and the new user information are authenticated based on the received authentication result, the responding application node may alter the user information of the user stored in the blockchain based on the new user information. If the first identity information or the new user information fails to pass the verification, the response application node may send a prompt message indicating that the verification fails to the user terminal.
The application program node can receive a user information changing request sent by a user terminal, wherein the user information changing request carries first identity information of a user and new user information to be changed; verifying the first identity information and the new user information through a plurality of verification application nodes in the blockchain respectively; if the first identity information and the new user information pass the verification, user information of the user stored in the blockchain is changed based on the new user information.
Because the user information of the user in each application program can be changed only by changing the new user information once in the block chain, the user is not required to change the user information in each application program, and the problem of inconvenient user information change can be solved.
Example 3
Referring to fig. 4, when the protection module stores information into a blockchain, the protection module configures a security policy reference intrusion protection configuration file to detect data information released by the security policy;
the protection module comprises a security policy unit and an intrusion prevention unit;
wherein,
(1) Security policy unit: for implementing filtering of network data packets based on host addresses, filtering of network data packets based on subnets, filtering of network data based on interfaces, filtering of network data based on protocols;
the filtering function of the network data packet based on the host address can solve the problem of access control on certain IP of the intranet, the access control on the host address enables the division of access authority based on the host address, if a large number of users in the same network segment need to be subjected to access control, it is obviously not advisable to add the host addresses one by one, so that the network data filtering option based on the subnet can be utilized, and the access control on the data packet in a certain network segment can be conveniently carried out;
the method is divided into a plurality of parts, the access rights corresponding to different services among a plurality of users are also different, the security domain can be divided through interfaces at this time, different users correspond to different interfaces, and after the security domain is divided, the rights among the users can be well divided through configuration based on the interface access control strategy.
Referring to fig. 5, the security policy unit implements a filtering function on a network data packet, and by adding a corresponding filtering rule, access control on an address, an interface, a service, a protocol and a port can be implemented, the security policy access control is dependent on an ip_conntrack_info class, the ip_conntrack __ info class includes connection tracking all connection states, a packet system in an ESTABLISHED state is directly released, processing is performed according to a processing manner of a previous packet, an access control policy on data is implemented mainly through a target and a match, so that the access control function is implemented mainly through a Netfilter 201 framework, a Netfilter framework is that a number of detection points (hoos) are placed on a flow path of the network data packet, processing is performed by registering a number of callback functions at each detection point, for example, filtering, converting functions and the like, and a user may further add a self-defined processing module according to requirements of a user address.
(2) Intrusion prevention unit: the method is used for solving the defending problem of network attack initiated by an intranet, the intrusion defending mainly comprises four aspects of data acquisition, data preprocessing, data detection and alarm log generation, data are acquired from the network through an interface, the acquired data packet is analyzed, preprocessing is carried out after the analysis is finished, the data packet is encoded into a uniform format, then the data packet is matched according to an added defending rule, and if the current data packet is matched with a configured intrusion defending strategy, the alarm log is generated;
and (3) data acquisition: the network data packet is acquired from the network card, and the electronic government information security system is deployed as an intranet outlet where the gateway is deployed, so that the network data packet for accessing the intranet is mainly acquired from an inlet interface, and the network card should work in a promiscuous mode at the moment so as to ensure that the intrusion prevention module can acquire complete data;
data preprocessing: after the data is acquired, a unified format is converted into a subsequent matching rule for preparation;
and (3) data detection: the number of intrusion prevention rules is an important aspect for measuring the intrusion prevention function, the data detection item mainly judges whether the intrusion prevention rules are matched with the configured defense rules through analysis of network data packets, and if the intrusion prevention rules are matched with the configured defense rules, logs are started to be generated, so that network maintainers are prompted that the network is under attack, and the intrusion prevention function realizes a network attack prevention function aiming at an intranet.
The intrusion prevention unit is realized based on a Snort intrusion prevention engine, wherein Snort is a main engine and depends on Pfring class, parser class, decoding class, encode class detection class and Log class;
the Pfring class is used for capturing data packets from the network card by combining with the Libcap library, the parser class mainly analyzes the data packets captured from the network card, analyzes the captured data packets according to the formats of various protocols, decodes the network data packets layer by layer from bottom to top according to the hierarchical model of the network protocol, and is placed in a corresponding data structure;
the Decode class is to process the data packet before preprocessing;
and calling a detection class Detect to perform rule matching detection, and if matching is realized, calling a class log to perform alarm log generation.
Referring to fig. 6, the intrusion prevention unit is implemented by using an open source tool, a network data intrusion prevention system based on the collected data of the libpcap can be constructed by using the snort, the snort monitors network data, implements detection of network intrusion by using intrusion prevention rules, implements defense of network intrusion by configuring and adding the intrusion prevention rules, and matches the sort.
The open source tool snort includes the following functions:
data packet sniffing: acquiring a data packet, and then identifying a network;
pretreatment: analyzing the acquired data through the corresponding plug-in units, analyzing IP fragments, port scanning and other behaviors in the acquired data, and detecting the next link after the analysis is completed;
and (3) detection: after the data processed by the preprocessor is received by the detection engine, the detection of the data packet is carried out according to the detection rule added before, if a certain rule is matched with the content in the data packet, the alarm module is immediately informed to alarm, after the processing of the data packet is completed by the processor, the detection engine matches the data packet through the added detection rule, and if the matching item between the current network data packet and the rule in the rule base is found, the alarm is carried out.
Alarm/log: and the detection module is used for outputting detection results, and an alarm module is triggered when a certain network data packet matching rule is adopted.
Example 4
The intrusion prevention unit performs network intrusion detection based on a shallow learning algorithm or a deep learning algorithm;
wherein,
(1) The neural network (BP) belongs to shallow learning, and the algorithm steps are as follows:
(1.1) setting the circulation times t, the layer number is L, and the weight matrix W l And bias q l Randomly setting that L is more than or equal to 2 and less than or equal to L;
(1.2) calculating an error based on the actual output and the desired output;
(1.3) calculation of each Using BP AlgorithmGradient ΔW of weight matrix of layer nerve unit l (i) And the gradient Δq of the offset vector l (i);
(1.4) calculating the overall weight matrix gradient ΔW l And bias vector gradient Δq l ;
(1.5) updating the weight matrixAnd offset vector->
(1.6) repeating the steps (1.2), (1.3), (1.4) and (1.5) until training is finished.
The intrusion detection algorithm based on shallow learning uses a marked training set to train a shallow learning network, unmarked data is used for testing after training, initial input and output are preset, input data reach an output layer after operation of a plurality of hidden layers, errors of output results and expected results are reversely transmitted, weights of all the hidden layers are modified, and finally the weights tend to be stable, and the errors are within an acceptable range.
(2) The intrusion data has the characteristic of multidimensional, the deep learning has strong feature extraction capability, and abstract feature attributes in intrusion data can be extracted; the intrusion detection structure model can know that the structure is divided into five parts, namely data preprocessing, data input, feature extraction, classification and result arrangement;
the process of feature extraction for deep learning is as follows:
(2.1) setting the circulation times t, the layer number is L, and the weight matrix W l And bias q l Randomly setting that L is more than or equal to 2 and L is more than or equal to L.
(2.2) calculating an error of the kth hidden layer;
(2.3) calculating the gradient of the weight matrix of the neural unit of the kth hidden layer based on the error of the layerAnd gradient of offset vector->
(2.4) calculating a weight matrix gradient ΔW l And bias vector gradient Δq l ;
(2.5) updating the weight matrixAnd offset vector->
(2.6) repeating the steps (2.2), (2.3), (2.4) and (2.5) if k+1 hidden layers exist after the k-th layer training is finished, wherein k=k+1;
(7) And fine tuning the overall weight and the bias.
The data preprocessing performs necessary processing on the original data to enable the data to meet the input standard, the data input is to input the preprocessed data according to the input requirement, the feature extraction is performed by feature extraction, the classification is to classify the abstract features extracted through deep learning by using a classifier, and the classification result of the classifier is then arranged to obtain the intrusion data detection result of the model, so that the deep learning has strong feature extraction capability and can extract abstract feature attributes in intrusion data.
The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more sets of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
It should be understood that the term "and/or" is merely an association relationship describing the associated object, and means that three relationships may exist, for example, a and/or B may mean: there are three cases, a alone, a and B together, and B alone, wherein a, B may be singular or plural. In addition, the character "/" herein generally indicates that the associated object is an "or" relationship, but may also indicate an "and/or" relationship, and may be understood by referring to the context.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (1)
1. A blockchain-based user information processing system, characterized by: the system comprises a configuration module, a transmission module, a protection module and a processing module;
the user registers a user account through a configuration module, a user registration request is sent to an application program node, the application program node sends third identity information to a blockchain, when information is stored in the blockchain, a protection module configures a security policy reference intrusion prevention configuration file, data information released by the security policy is detected, after the blockchain verifies and stores the third identity information, a verification result is sent to the application program node through a transmission module, and the verification result is sent to each application program node through a specified ISP link;
the protection module comprises a security policy unit and an intrusion protection unit, wherein the security policy unit is used for filtering network data packets, the intrusion protection unit is used for solving the protection problem of network attack initiated by an intranet, and the intrusion protection unit is used for detecting network intrusion based on shallow learning or deep learning;
the processing module is used for processing and storing user account information, the verification result is that the user account information passes verification, the third identity information and the user information are stored in the block chain, the verification result is that the user account information does not pass verification, and the application program node sends prompt information that the third identity information is wrong to the configuration module;
the intrusion prevention unit detects network intrusion based on shallow learning, comprising the following steps:
(1) Setting the circulation times t, the layer number as L and the weight matrix W l And bias q l Randomly setting that L is more than or equal to 2 and less than or equal to L;
(2) Solving an error according to the actual output and the expected output;
(3) Calculating gradient DeltaW of weight matrix of nerve units of each layer by using nerve network l (i) And the gradient Δq of the offset vector l (i);
(4) Calculating the gradient delta W of the overall weight matrix l And bias vector gradient Δq l ;
(5) Updating weight matrixAnd offset vector->
(6) Repeating the steps (2), (3), (4) and (5) until training is finished;
the intrusion prevention unit detects network intrusion based on deep learning, comprising the steps of:
(1) Setting the circulation times t, the layer number as L and the weight matrix W l And bias q l Randomly setting that L is more than or equal to 2 and less than or equal to L;
(2) Calculating an error of a kth hidden layer;
(3) Calculating gradient of weight matrix of nerve unit according to error of kth hidden layerAnd gradient of offset vector->
(4) Calculating the gradient delta W of the weight matrix l And bias vector gradient Δq l ;
(5) Updating weight matrixAnd offset vector->
(6) After the k-th layer training is finished, if k+1 hidden layers exist, k=k+1, and repeating the steps (2), (3), (4) and (5);
(7) And fine tuning the overall weight and the bias.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310017766.XA CN116015966B (en) | 2023-01-06 | 2023-01-06 | User information processing system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310017766.XA CN116015966B (en) | 2023-01-06 | 2023-01-06 | User information processing system based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116015966A CN116015966A (en) | 2023-04-25 |
| CN116015966B true CN116015966B (en) | 2023-11-10 |
Family
ID=86031565
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310017766.XA Active CN116015966B (en) | 2023-01-06 | 2023-01-06 | User information processing system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116015966B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10778705B1 (en) * | 2019-04-05 | 2020-09-15 | Hoseo University Academic Cooperation Foundation | Deep-learning-based intrusion detection method, system and computer program for web applications |
| CN111783049A (en) * | 2020-06-30 | 2020-10-16 | 北京海益同展信息科技有限公司 | User information processing method and system based on block chain |
| CN113794675A (en) * | 2021-07-14 | 2021-12-14 | 中国人民解放军战略支援部队信息工程大学 | Distributed Internet of things intrusion detection method and system based on block chain and federal learning |
| CN114826698A (en) * | 2022-04-08 | 2022-07-29 | 湖南旗语科技有限公司 | Network security intrusion detection system based on block chain technology |
-
2023
- 2023-01-06 CN CN202310017766.XA patent/CN116015966B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10778705B1 (en) * | 2019-04-05 | 2020-09-15 | Hoseo University Academic Cooperation Foundation | Deep-learning-based intrusion detection method, system and computer program for web applications |
| CN111783049A (en) * | 2020-06-30 | 2020-10-16 | 北京海益同展信息科技有限公司 | User information processing method and system based on block chain |
| CN113794675A (en) * | 2021-07-14 | 2021-12-14 | 中国人民解放军战略支援部队信息工程大学 | Distributed Internet of things intrusion detection method and system based on block chain and federal learning |
| CN114826698A (en) * | 2022-04-08 | 2022-07-29 | 湖南旗语科技有限公司 | Network security intrusion detection system based on block chain technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116015966A (en) | 2023-04-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111586025B (en) | SDN-based SDP security group implementation method and security system | |
| CN110730175B (en) | Botnet detection method and detection system based on threat information | |
| US10721244B2 (en) | Traffic feature information extraction method, traffic feature information extraction device, and traffic feature information extraction program | |
| Vetterl et al. | Bitter harvest: Systematically fingerprinting low-and medium-interaction honeypots at internet scale | |
| US20070214504A1 (en) | Method And System For Network Intrusion Detection, Related Network And Computer Program Product | |
| CN106961419A (en) | WebShell detection methods, apparatus and system | |
| US20030028808A1 (en) | Network system, authentication method and computer program product for authentication | |
| US20090129288A1 (en) | Network traffic identification by waveform analysis | |
| CN111709009A (en) | Detection method and device for networked industrial control system, computer equipment and medium | |
| JP7388613B2 (en) | Packet processing method and apparatus, device, and computer readable storage medium | |
| CN110881024B (en) | Vulnerability detection method and device, storage medium and electronic device | |
| CN103297433A (en) | HTTP botnet detection method and system based on net data stream | |
| CN110768949B (en) | Vulnerability detection method and device, storage medium and electronic device | |
| CN106850571A (en) | The recognition methods of Botnet family and device | |
| Xu et al. | Multidimensional behavioral profiling of internet-of-things in edge networks | |
| CN110768947B (en) | Penetration test password sending method and device, storage medium and electronic device | |
| CN111756716A (en) | Flow detection method and device and computer readable storage medium | |
| CN111182002A (en) | Zombie network detection device based on HTTP (hyper text transport protocol) first question-answer packet clustering analysis | |
| Yan et al. | Real-time identification of rogue WiFi connections in the wild | |
| JPH09266475A (en) | Address information management equipment and network system | |
| CN116015966B (en) | User information processing system based on block chain | |
| CN114760216B (en) | Method and device for determining scanning detection event and electronic equipment | |
| CN115604162A (en) | Detection method of network security equipment | |
| CN201789524U (en) | Device for detecting trojan programs by analyzing network behaviors | |
| JP3986871B2 (en) | Anti-profiling device and anti-profiling program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20231017 Address after: Room 1202, Building 05, No. 60 Xiankun Road, Jianye District, Nanjing City, Jiangsu Province, 210000 Applicant after: Jiangsu Jiashudu Technology Co.,Ltd. Address before: Room 209, 2nd Floor, Building 1, Yard 1, Liangshuihe Road, Changping District, Beijing 102200 Applicant before: Beijing Zongliang Network Technology Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |