技术领域Technical Field
本发明涉及区块链技术领域,尤其涉及一种基于区块链的分布式节点入侵态势感知方法。The present invention relates to the technical field of blockchain, and in particular to a distributed node intrusion situation awareness method based on blockchain.
背景技术Background technique
随着大数据、物联网和人工智能等新兴技术的广泛应用,越来越多的设备连接到互联网,使得网络攻击面不断扩大,网络安全威胁的种类和数量也在迅速增长,而传统的单点防护手段已经无法满足复杂多变的网络环境需求。区块链技术基于分布式网络,具有去中心化、不可篡改和透明性等特点,为安全防护提供了全新的解决方案。但这种分布式网络结构存在信任建立、数据安全、数据共享与协同等方面的问题。With the widespread application of emerging technologies such as big data, the Internet of Things, and artificial intelligence, more and more devices are connected to the Internet, which has expanded the network attack surface. The types and number of network security threats are also growing rapidly, and traditional single-point protection methods can no longer meet the needs of complex and changing network environments. Blockchain technology is based on a distributed network and has the characteristics of decentralization, immutability, and transparency, providing a new solution for security protection. However, this distributed network structure has problems in trust establishment, data security, data sharing, and collaboration.
此外,在网络攻击日益复杂和隐蔽的今天,传统的入侵检测技术已经无法满足人们的需求。尤其是在对抗各种复杂的网络攻击和恶意行为时,存在不同设备信息壁垒导致的网络安全防护体系不协调问题。In addition, as network attacks become increasingly complex and covert, traditional intrusion detection technology can no longer meet people's needs. Especially when fighting against various complex network attacks and malicious behaviors, there is an incoordination problem of network security protection system caused by information barriers of different devices.
发明内容Summary of the invention
本发明所要解决的技术问题是如何提供一种能够提高分布式网络的安全性和可信度的分布式节点入侵态势感知方法。The technical problem to be solved by the present invention is how to provide a distributed node intrusion situation awareness method that can improve the security and credibility of a distributed network.
为解决上述技术问题,本发明所采取的技术方案是:一种基于区块链的分布式节点入侵态势感知方法,包括如下步骤:In order to solve the above technical problems, the technical solution adopted by the present invention is: a distributed node intrusion situation awareness method based on blockchain, comprising the following steps:
去中心化身份认证;Decentralized identity authentication;
入侵数据共享与协同处理;Intrusion data sharing and collaborative processing;
入侵态势感知。Intrusion situational awareness.
进一步的技术方案在于,所述去中心化身份认证方法包括如下步骤:A further technical solution is that the decentralized identity authentication method comprises the following steps:
整个认证流程分为认证初始化、分布式密钥的生成、公钥组合、身份标识注册和验证、智能合约发起身份验证请求、节点分布式签名验证请求、节点发送签名响应七个步骤。The entire authentication process is divided into seven steps: authentication initialization, distributed key generation, public key combination, identity registration and verification, smart contract initiation of identity authentication request, node distributed signature verification request, and node sending signature response.
进一步的技术方案在于,所述入侵数据共享与协同处理方法包括如下步骤:A further technical solution is that the intrusion data sharing and collaborative processing method comprises the following steps:
包括初始化、存储共识、共享协同和攻击者上链四个阶段,采用去中心化的共识算法来保证节点间的协作和数据一致性,智能合约提供一种标准化和自动化的方式来管理入侵检测数据。It includes four stages: initialization, storage consensus, shared collaboration, and attacker on-chain. A decentralized consensus algorithm is used to ensure collaboration and data consistency between nodes. Smart contracts provide a standardized and automated way to manage intrusion detection data.
进一步的技术方案在于,所述入侵态势感知包括如下步骤:A further technical solution is that the intrusion situation awareness comprises the following steps:
数据预处理与特征提取、数据分析与评估以及态势感知预测;Data preprocessing and feature extraction, data analysis and evaluation, and situational awareness prediction;
在数据预处理与特征提取阶段,采用主成分分析方法对数据进行降维和特征提取;In the data preprocessing and feature extraction stage, principal component analysis method is used to reduce the dimension and extract features of data;
在数据分析与评估阶段,使用加权综合评估法计算网络安全态势得分,并将得分映射到不同的风险等级;In the data analysis and evaluation phase, a weighted comprehensive evaluation method is used to calculate the network security situation score and map the score to different risk levels;
在态势感知预测阶段,采用LSTM神经网络模型对网络安全态势数据进行建模和预测。In the situation awareness prediction stage, the LSTM neural network model is used to model and predict network security situation data.
进一步的技术方案在于,基于LSTM进行入侵态势感知的方法如下:A further technical solution is that the method for intrusion situation awareness based on LSTM is as follows:
1)网络安全态势数据的预处理:在收集网络安全态势数据后,对异常和不良数据进行处理;将原始数据归一化到(0,1)范围,使用梯度下降算法的LSTM神经网络预测模型对(0,1)之间的数据具有较高的敏感度;1) Preprocessing of network security situation data: After collecting network security situation data, abnormal and bad data are processed; the original data is normalized to the range of (0,1), and the LSTM neural network prediction model using the gradient descent algorithm has a high sensitivity to data between (0,1);
2)数据集处理:在预测之前用时间窗策略将网络安全态势数据集转换为模型输入要求的形状;将所有的网络安全态势值数据按照4:1的比例划分为训练集和测试集;2) Dataset processing: Before prediction, the network security situation data set is converted into the shape required by the model input using the time window strategy; all network security situation value data are divided into training set and test set in a ratio of 4:1;
3)模型搭建及训练:搭建LSTM模型,将训练集的数据和对应的标签输入网络进行训练,采用随机梯度下降算法对LSTM神经网络参数进行寻优,得到最优网络安全态势预测模型;3) Model building and training: Build an LSTM model, input the training set data and corresponding labels into the network for training, and use the stochastic gradient descent algorithm to optimize the LSTM neural network parameters to obtain the optimal network security situation prediction model;
4)态势预测:将测试集的数据进行步骤1)和步骤2)的数据处理后,输入到步骤3)训练好的最优网络安全态势预测模型中,模型输出的预测结果可用于评估当前网络的安全状态。4) Situation prediction: After the data of the test set is processed in steps 1) and 2), it is input into the optimal network security situation prediction model trained in step 3). The prediction results output by the model can be used to evaluate the security status of the current network.
采用上述技术方案所产生的有益效果在于:针对分布式入侵检测中的身份认证和数据传输存储及完整性问题,本申请提出了基于椭圆曲线、分布式密钥生成和门限密码学的身份认证方案,以建立可靠的去中心化身份认证和数据安全机制,保障参与节点之间的信任关系。同时采用密钥协商、数字签名等数据安全技术,确保密钥、入侵数据等传输过程中的安全。The beneficial effects of adopting the above technical solution are: for the identity authentication and data transmission storage and integrity issues in distributed intrusion detection, this application proposes an identity authentication solution based on elliptic curves, distributed key generation and threshold cryptography to establish a reliable decentralized identity authentication and data security mechanism to ensure the trust relationship between participating nodes. At the same time, data security technologies such as key negotiation and digital signatures are used to ensure the security of keys, intrusion data, etc. during transmission.
针对传统入侵检测系统难以有效应对复杂网络攻击,本申请提出基于区块链的协同入侵检测方案。利用区块链的分布式特点实现数据共享与协同,以提高多个参与节点在应对安全威胁时的协作能力。采用IPFS将数据和计算资源分布于网络中多个节点,实现数据跨网络分布式存储,以减少单点故障和攻击风险,从而提高入侵检测网络的安全性和可信度。基于区块链的透明性,数据流转记录可以被所有节点共同验证和审计,从而帮助识别恶意节点和网络安全威胁。设计智能合约实现自动执行预置逻辑、节点资质审查和交易控制。同时,引入奖励激励和惩罚机制,以提升区块链网络的合作性和效率。In view of the difficulty of traditional intrusion detection systems to effectively respond to complex network attacks, this application proposes a collaborative intrusion detection solution based on blockchain. The distributed characteristics of blockchain are used to achieve data sharing and collaboration, so as to improve the collaborative ability of multiple participating nodes in responding to security threats. IPFS is used to distribute data and computing resources to multiple nodes in the network, and distributed storage of data across the network is realized to reduce single point failures and attack risks, thereby improving the security and credibility of the intrusion detection network. Based on the transparency of blockchain, data flow records can be jointly verified and audited by all nodes, thereby helping to identify malicious nodes and network security threats. Smart contracts are designed to automatically execute preset logic, node qualification review and transaction control. At the same time, reward incentives and punishment mechanisms are introduced to improve the cooperation and efficiency of blockchain networks.
为解决态势感知中入侵数据的信任和数据安全问题,本申请通过对区块链数据共享与协同部分产生的入侵数据进行态势分析,形成对整个网络安全状况的全面认识。首先采用主成分分析提取入侵数据的特征,并对其进行权重分配,计算网络安全态势得分,从而确定网络风险等级。然后利用长短时记忆神经网络建立网络安全态势预测模型,对未来的网络安全态势得分进行预测,得出下一时刻的网络安全风险等级预测值。In order to solve the trust and data security issues of intrusion data in situational awareness, this application forms a comprehensive understanding of the entire network security situation by performing situation analysis on the intrusion data generated by the blockchain data sharing and collaboration part. First, principal component analysis is used to extract the characteristics of the intrusion data, and weights are assigned to it to calculate the network security situation score, thereby determining the network risk level. Then, a long short-term memory neural network is used to establish a network security situation prediction model, predict the future network security situation score, and obtain the predicted value of the network security risk level at the next moment.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
下面结合附图和具体实施方式对本发明作进一步详细的说明。The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.
图1是本发明实施例中基于区块链的分布式节点入侵态势感知模型图;FIG1 is a diagram of a distributed node intrusion situation awareness model based on blockchain in an embodiment of the present invention;
图2是本发明实施例中入侵检测数据共享与协同处理的流程图;2 is a flow chart of intrusion detection data sharing and collaborative processing in an embodiment of the present invention;
图3是本发明实施例中智能合约控制节点输入和数据存储流程图;FIG3 is a flow chart of smart contract control node input and data storage in an embodiment of the present invention;
图4是本发明实施例中态势感知架构图;FIG4 is a diagram of a situation awareness architecture according to an embodiment of the present invention;
图5是本发明实施例中协议计算量开销对比图;FIG5 is a comparison diagram of protocol computation overhead in an embodiment of the present invention;
图6是本发明实施例中身份认证响应时间与节点数关系图。FIG. 6 is a graph showing the relationship between the identity authentication response time and the number of nodes in an embodiment of the present invention.
具体实施方式Detailed ways
下面结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明的一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following is a clear and complete description of the technical solutions in the embodiments of the present invention in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are only part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.
在下面的描述中阐述了很多具体细节以便于充分理解本发明,但是本发明还可以采用其他不同于在此描述的其它方式来实施,本领域技术人员可以在不违背本发明内涵的情况下做类似推广,因此本发明不受下面公开的具体实施例的限制。In the following description, many specific details are set forth to facilitate a full understanding of the present invention, but the present invention may also be implemented in other ways different from those described herein, and those skilled in the art may make similar generalizations without violating the connotation of the present invention. Therefore, the present invention is not limited to the specific embodiments disclosed below.
本申请公开了一种基于区块链的分布式节点入侵态势感知方法,所述方法利用区块链技术构建一个去中心化的分布式入侵检测系统,以提高网络的安全性和可信度,通过基于区块链的分布式入侵态势感知模型构建智能化的网络安全防护体系,提高网络安全防范的精准性和有效性。The present application discloses a distributed node intrusion situation awareness method based on blockchain. The method uses blockchain technology to build a decentralized distributed intrusion detection system to improve the security and credibility of the network, and builds an intelligent network security protection system through a distributed intrusion situation awareness model based on blockchain to improve the accuracy and effectiveness of network security prevention.
通过超级账本创建一个分布式的区块链网络层,用于节点的注册、更新、维护和监控。这些节点可以是网络安全设备或普通主机,并由去中心化的身份认证机制负责管理。入侵数据和其他文件使用去中心化的存储方式,只有文件索引存储在区块上。共识机制负责节点间的数据传输,保证所有节点上存储的数据相同,并设计奖励交易来激励良好的节点和控制恶意节点。智能合约实现自动执行预置逻辑、节点资质审查和交易控制。对区块链数据共享与协同部分产生的入侵数据进行态势分析,采用主成分分析、权重分配和长短时记忆神经网络来进行态势感知。整个方案模型如图1所示。方案包括三部分组成:去中心化身份认证和数据安全、入侵检测数据共享与协同和态势感知。A distributed blockchain network layer is created through Hyperledger for node registration, updating, maintenance and monitoring. These nodes can be network security devices or ordinary hosts and are managed by a decentralized identity authentication mechanism. Intrusion data and other files are stored in a decentralized manner, with only file indexes stored on the block. The consensus mechanism is responsible for data transmission between nodes, ensuring that the data stored on all nodes is the same, and reward transactions are designed to incentivize good nodes and control malicious nodes. Smart contracts automatically execute preset logic, node qualification review and transaction control. Situation analysis is performed on the intrusion data generated by the blockchain data sharing and collaboration part, and principal component analysis, weight distribution and long short-term memory neural network are used for situation awareness. The entire solution model is shown in Figure 1. The solution consists of three parts: decentralized identity authentication and data security, intrusion detection data sharing and collaboration, and situation awareness.
去中心化身份认证方法包括认证初始化、分布式密钥的生成、公钥组合、身份标识注册和验证、智能合约发起身份验证请求、节点分布式签名验证请求、节点发送签名响应等七个步骤。该方法基于椭圆曲线、分布式密钥生成和门限密码学技术。数据安全方法介绍了整体数据安全方案,包括数据传输安全、数据存储安全、数据完整性和节点之间的密钥更新。在数据传输和存储中,采用混合加密和IPFS分布式文件系统进行数据加密和存储,并使用数字签名技术确保数据的完整性。同时,节点之间定期更新非对称密钥对,以增强系统的安全性。The decentralized identity authentication method includes seven steps: authentication initialization, distributed key generation, public key combination, identity registration and verification, smart contract initiation of identity authentication request, node distributed signature verification request, and node sending signature response. This method is based on elliptic curve, distributed key generation and threshold cryptography technology. The data security method introduces the overall data security solution, including data transmission security, data storage security, data integrity and key update between nodes. In data transmission and storage, hybrid encryption and IPFS distributed file system are used for data encryption and storage, and digital signature technology is used to ensure data integrity. At the same time, asymmetric key pairs are regularly updated between nodes to enhance the security of the system.
入侵数据共享与协同方法提出了一个基于区块链和IPFS技术的分布式入侵检测方法,包括初始化、存储共识、共享协同、攻击者上链四个阶段。方法采用了去中心化的共识算法来保证节点间的协作和数据一致性,可以有效提高入侵检测系统的可靠性和安全性。智能合约提供了一种标准化和自动化的方式来管理入侵检测数据。Intrusion data sharing and collaboration method proposes a distributed intrusion detection method based on blockchain and IPFS technology, including four stages: initialization, storage consensus, sharing collaboration, and attacker on-chain. The method uses a decentralized consensus algorithm to ensure collaboration and data consistency between nodes, which can effectively improve the reliability and security of the intrusion detection system. Smart contracts provide a standardized and automated way to manage intrusion detection data.
态势感知方法介绍了网络安全态势感知的架构和具体实现步骤。其中,包括数据预处理与特征提取、数据分析与评估以及态势感知预测。在数据预处理与特征提取阶段,采用主成分分析方法对数据进行降维和特征提取。在数据分析与评估阶段,使用加权综合评估法计算网络安全态势得分,并将得分映射到不同的风险等级。在态势感知预测阶段,采用LSTM神经网络模型对网络安全态势数据进行建模和预测。The situation awareness method introduces the architecture and specific implementation steps of network security situation awareness. It includes data preprocessing and feature extraction, data analysis and evaluation, and situation awareness prediction. In the data preprocessing and feature extraction stage, the principal component analysis method is used to reduce the dimension and extract features of the data. In the data analysis and evaluation stage, the weighted comprehensive evaluation method is used to calculate the network security situation score, and the score is mapped to different risk levels. In the situation awareness prediction stage, the LSTM neural network model is used to model and predict the network security situation data.
去中心化身份认证Decentralized identity authentication
使用去中心化身份认证可以保护节点的隐私和安全。核心思想是将身份标识从中心化机构中解放出来,让节点完全掌控自己的身份信息,同时可以通过去中心化的方式进行验证和认证。Using decentralized identity authentication can protect the privacy and security of nodes. The core idea is to liberate identity from centralized institutions, allowing nodes to fully control their own identity information, while enabling verification and authentication in a decentralized manner.
首先利用分布式密钥生成技术思想来进行密钥生成。在密钥生成过程中,通常情况下,是由单个节点生成一个密钥并将其份额分发给其他节点。但这种过程存在风险,若该密钥生成节点被攻击,整个密钥就会被泄露。分布式密钥生成技术是通过多个参与者合作来生成一个安全的密钥,这个生成流程被分散到多个节点中,即使某些节点受到攻击,也不会泄露整个密钥。First, the idea of distributed key generation technology is used to generate keys. In the key generation process, usually a single node generates a key and distributes its shares to other nodes. However, this process is risky. If the key generation node is attacked, the entire key will be leaked. Distributed key generation technology generates a secure key through the cooperation of multiple participants. This generation process is dispersed to multiple nodes. Even if some nodes are attacked, the entire key will not be leaked.
整个认证流程分为认证初始化、分布式密钥的生成、公钥组合、身份标识注册和验证、智能合约发起身份验证请求、节点分布式签名验证请求、节点发送签名响应七个步骤。去中心化身份认证算法如下:The entire authentication process is divided into seven steps: authentication initialization, distributed key generation, public key combination, identity registration and verification, smart contract initiation of identity authentication request, node distributed signature verification request, and node sending signature response. The decentralized identity authentication algorithm is as follows:
(1)认证初始化(1) Authentication initialization
假设n个参与节点共同创建一个椭圆曲线密钥对。使用t(t<=n)来表示阈值,即至少需要t个节点共同合作才能完成密钥生成和签名。结合secp256k1椭圆曲线算法来生成密钥。Secp256k1曲线的相关参数如表1所示:Assume that n participating nodes jointly create an elliptic curve key pair. Use t (t <= n) to represent the threshold, that is, at least t nodes are required to work together to complete key generation and signing. Combine the secp256k1 elliptic curve algorithm to generate the key. The relevant parameters of the Secp256k1 curve are shown in Table 1:
表1认证初始化参数表Table 1 Authentication initialization parameter table
基点G是一个已知的在曲线上的点,它是所有点的加法运算中的单位元。阶n表示基点G相加n次后的结果为单位元。The base point G is a known point on the curve that is the identity element in the addition operation of all points. The order n means that the result of adding the base point G n times is the identity element.
(2)分布式密钥的生成(2) Generation of distributed keys
结合Shamir’s Secret Sharing(SSS)思想来提高密钥生成过程中的安全性。目的是能够在不泄露秘密的前提下,将秘密值分割成多份,提高秘密值的安全性。将一个公私钥对分割成n份,每份只保留部分信息,需要收集至少k份才能还原出完整的公私钥对。Combined with Shamir’s Secret Sharing (SSS) idea to improve the security of key generation process. The purpose is to be able to split the secret value into multiple parts without leaking the secret, so as to improve the security of the secret value. Split a public-private key pair into n parts, each of which only retains part of the information, and need to collect at least k parts to restore the complete public-private key pair.
每个参与节点都将通过以下步骤生成公钥份额和私钥份额:使用伪随机数生成器来产生一个随机数,作为私钥份额SecKeyi,i∈[1,n-1],其中i标识节点的索引;每个节点使用一个t-1次多项式来创建一个秘密分享:Each participating node will generate a public key share and a private key share through the following steps: Use a pseudo-random number generator to generate a random number as the private key share SecKeyi , i∈[1,n-1], where i identifies the index of the node; Each node uses a t-1 degree polynomial to create a secret share:
随机选取系数a1,a2,…,at-1,计算多项式fi(x)=SecKeyi+a1*x+a2*x2+…+at-1*xt-1。;计算公钥份额,PubKeyi=SecKeyi*G,其中G是椭圆曲线的基点;最后,每个节点都将其公钥份额广播给其他参与节点。Randomly select coefficients a1 , a2 , …, at-1 , calculate the polynomialfi (x) = SecKeyi + a1 *x + a2 *x2 + … + at-1 *xt-1 . ; Calculate the public key share, PubKeyi = SecKeyi *G, where G is the base point of the elliptic curve; Finally, each node broadcasts its public key share to other participating nodes.
(3)公钥组合(3) Public key combination
节点收集所有其他参与节点的公钥份额,并使用拉格朗日插值法计算组合公钥:对于每个公钥份额PubKeyi,计算插值系数λi=Π(xj/(xj-xi)),其中1≤j≤t,j≠i;计算组合公钥PubKey=Σλi*PubKeyi。The node collects the public key shares of all other participating nodes and calculates the combined public key using the Lagrange interpolation method: for each public key share PubKeyi , calculate the interpolation coefficient λi = Π(xj /(xj -xi) ), where 1≤j≤t,j≠i; calculate the combined public key PubKey = Σλi *PubKeyi .
拉格朗日插值法的核心思想是利用已知数据点,通过拉格朗日基函数来构造一个满足插值条件的多项式P(x),使得P(x)在数据点上的函数值与原函数的函数值相同。这样,就可以通过P(x)来近似原函数,从而实现插值计算。The core idea of the Lagrange interpolation method is to use known data points and Lagrange basis functions to construct a polynomial P(x) that satisfies the interpolation conditions, so that the function value of P(x) at the data point is the same as the function value of the original function. In this way, the original function can be approximated by P(x), thereby realizing interpolation calculation.
(4)身份标识注册(4) Identity Registration
将一个新的身份标识符DID创建并记录在一个分布式账本中的过程。节点生成身份标识文档后,将其注册到区块链上,以便其他人可以在区块链上查找和验证身份标识符的信息。文档包括DID、公钥、身份证验证方法和服务端点等信息。The process of creating and recording a new identity identifier DID in a distributed ledger. After the node generates the identity document, it is registered on the blockchain so that others can find and verify the information of the identity identifier on the blockchain. The document includes information such as DID, public key, ID verification method, and service endpoint.
(5)智能合约发起身份验证请求(5) Smart contract initiates identity authentication request
本申请设计智能合约为服务提供商。智能合约可以通过执行智能合约代码来验证用户的身份,实现去中心化的身份认证。智能合约作为服务提供商的优势在于,它们可以自动化地执行身份验证和授权等操作,避免了中心化身份验证服务提供商的单点故障和安全风险。This application designs smart contracts as service providers. Smart contracts can verify the identity of users by executing smart contract code to achieve decentralized identity authentication. The advantage of smart contracts as service providers is that they can automatically perform operations such as identity authentication and authorization, avoiding the single point of failure and security risks of centralized identity authentication service providers.
节点访问区块链网络发布任务时,智能合约将向该节点发起身份验证请求。这个请求包括一个随机数(nonce)。When a node accesses the blockchain network to publish a task, the smart contract will initiate an authentication request to the node. This request includes a random number (nonce).
(6)节点分布式签名验证请求(6) Node distributed signature verification request
节点使用私钥份额SecKeyi对请求进行签名。签名过程使用椭圆曲线Schnorr多重签名算法。椭圆曲线Schnorr多重签名算法是一种基于椭圆曲线密码学的多重签名方案,可以实现多个签名者对同一交易的签名,从而提高交易的安全性和可信度。签名算法步骤:The node signs the request using the private key share SecKeyi . The signing process uses the elliptic curve Schnorr multi-signature algorithm. The elliptic curve Schnorr multi-signature algorithm is a multi-signature scheme based on elliptic curve cryptography that enables multiple signers to sign the same transaction, thereby improving the security and credibility of the transaction. Signature algorithm steps:
使用SHA-256计算消息哈希值,h=SHA-256(message);每个参与者选择一个随机数ki,并计算Ri=ki*G;每个参与者将Ri广播给其他参与者,然后将收到的Ri相加,得到R=∑Ri;计算r=x(R)modn;每个参与者计算si=ki+r*SecKeyi;收集至少t个其他节点的si,计算s=∑simodn,(r,s)即为最终签名。Use SHA-256 to calculate the message hash value, h = SHA-256 (message); each participant selects a random number ki and calculates Ri = ki *G; each participant broadcasts Ri to other participants, and then adds the received Ri to obtain R = ∑Ri ; calculate r = x(R) mod n; each participant calculates si = ki + r * SecKeyi ; collect si from at least t other nodes, calculate s = ∑si mod n, (r, s) is the final signature.
(7)节点发送签名响应(7) The node sends a signed response
节点将最终签名响应发送给智能合约。智能合约收到节点发送的签名响应后,使用相应的公钥来验证签名的有效性。如果签名验证成功,则智能合约确认节点的身份,并向节点提供相应的服务或资源;否则智能合约拒绝节点的请求。The node sends the final signed response to the smart contract. After receiving the signed response from the node, the smart contract uses the corresponding public key to verify the validity of the signature. If the signature verification is successful, the smart contract confirms the identity of the node and provides the node with the corresponding services or resources; otherwise, the smart contract rejects the node's request.
该去中心化身份认证算法拥有分布式、去中心化的特性,提高了密钥生成过程中的安全性。利用椭圆曲线加密和门限密码学,实现了对同一交易的多重签名,提高了交易的安全性和可信度。通过使用智能合约作为服务提供商,避免了中心化身份验证服务提供商的单点故障和安全风险。总体而言,本申请提供了一种安全、高效且去中心化的分布式身份认证方法。The decentralized identity authentication algorithm has the characteristics of distribution and decentralization, which improves the security of the key generation process. By using elliptic curve encryption and threshold cryptography, multiple signatures for the same transaction are realized, which improves the security and credibility of the transaction. By using smart contracts as service providers, the single point of failure and security risks of centralized identity authentication service providers are avoided. In general, this application provides a secure, efficient and decentralized distributed identity authentication method.
数据安全Data Security
每个节点能够通过分布式密钥生成步骤得到一对非对称密钥,例如公钥和私钥。节点已经将公钥存储在区块链上,以便其他节点进行身份验证和加密通信。Each node is able to obtain a pair of asymmetric keys, such as a public key and a private key, through a distributed key generation step. The node has stored the public key on the blockchain for other nodes to authenticate and encrypt communications.
(1)数据传输安全(1) Data transmission security
在节点间通信时,使用混合加密方法确保数据安全。混合加密是将公钥加密算法和对称加密算法结合起来使用。为了本申请中的数据传输安全,结合AES对称加密算法对数据进行加密。When communicating between nodes, a hybrid encryption method is used to ensure data security. Hybrid encryption is the combination of public key encryption algorithm and symmetric encryption algorithm. In order to ensure the security of data transmission in this application, the data is encrypted in combination with the AES symmetric encryption algorithm.
具体步骤如下:Specific steps are as follows:
a.密钥协商a. Key negotiation
当节点A与节点B需要进行安全通信时,A生成一个随机数rA,并计算临时公钥temp_PubKeyA=rA*G。节点A发给节点B一个temp_PubKeyA,节点B生成一个随机数rB并计算临时公钥temp_PubKeyB=rB*G,并发送给节点A。节点A计算密钥协商结果:KA=rA*temp_PubKeyB。节点B计算密钥协商结果:KB=rB*temp_PubKeyA。KA和KB是相同的,并可作为AES会话密钥k。When node A and node B need to communicate securely, A generates a random number rA and calculates a temporary public key temp_PubKeyA = rA *G. Node A sends a temp_PubKeyA to node B, and node B generates a random number rB and calculates a temporary public key temp_PubKeyB = rB *G, and sends it to node A. Node A calculates the key negotiation result: KA = rA *temp_PubKeyB. Node B calculates the key negotiation result: KB = rB *temp_PubKeyA. KA and KB are the same and can be used as the AES session key k.
b.数据加密b. Data encryption
设原始数据为M。节点A使用AES会话密钥k对数据M进行加密,得到加密后的数据C。加密过程表示为:C=AES_Encrypt(M,k)Let the original data be M. Node A uses the AES session key k to encrypt data M and obtain the encrypted data C. The encryption process is expressed as: C = AES_Encrypt (M, k)
c.数据传输c. Data transmission
节点A将加密后的数据C发送给节点B。Node A sends the encrypted data C to node B.
d.数据解密d. Data decryption
要恢复出原始数据M,节点B需要使用AES会话密钥k对加密后的数据C进行解密。解密过程表示为:M=AES_Decrypt(C,k)To recover the original data M, node B needs to use the AES session key k to decrypt the encrypted data C. The decryption process is expressed as: M = AES_Decrypt (C, k)
(2)数据存储安全(2) Data storage security
使用IPFS分布式文件系统进行加密文件存储。具体步骤如下:Use the IPFS distributed file system to store encrypted files. The specific steps are as follows:
节点A需要存储数据时,选择节点B作为数据存储节点。使用上面提到的密钥协商步骤去加密文件M:C=AES_Encrypt(M,k);节点A将加密后的数据C上传到IPFS网络。IPFS将为数据生成一个唯一的哈希值H作为索引;接着节点A在区块链上存储文件索引H,以便其他节点节点检索。When node A needs to store data, it selects node B as the data storage node. Use the key agreement steps mentioned above to encrypt file M: C = AES_Encrypt (M, k); node A uploads the encrypted data C to the IPFS network. IPFS will generate a unique hash value H for the data as an index; then node A stores the file index H on the blockchain for other nodes to retrieve.
当节点D想要访问存储在IPFS中的数据时,节点D与节点B进行密钥协商,获得AES会话密钥k。节点D使用文件索引H从IPFS获取加密数据C。节点D使用AES会话密钥k对加密后的数据C进行数据解密得到原始数据M。When node D wants to access data stored in IPFS, node D negotiates a key with node B to obtain the AES session key k. Node D uses the file index H to obtain the encrypted data C from IPFS. Node D uses the AES session key k to decrypt the encrypted data C to obtain the original data M.
(3)数据完整性(3) Data integrity
数字签名技术可以确保在数据传输过程中数据完整性。使用基于椭圆曲线密码学的数字签名算法ECDSA(Elliptic Curve Digital Signature Algorithm)进行签名。ECDSA算法具有高度的安全性以及相对较短的密钥长度。假设节点A需要对入侵事件报告(报告为message)进行签名。Digital signature technology can ensure data integrity during data transmission. Use the digital signature algorithm ECDSA (Elliptic Curve Digital Signature Algorithm) based on elliptic curve cryptography for signing. The ECDSA algorithm has high security and a relatively short key length. Assume that node A needs to sign the intrusion event report (reported as a message).
签名阶段Signature Phase
首先,节点A需要生成一个椭圆曲线密钥对(私钥为dA,公钥为QA),其中QA=dA*G(G是椭圆曲线的生成元);当需要对报告进行签名时,节点A执行以下步骤:First, node A needs to generate an elliptic curve key pair (private key dA, public key QA), where QA = dA*G (G is the generator of the elliptic curve); when the report needs to be signed, node A performs the following steps:
i.选择一个随机数k(1<=k<=n-1,n为椭圆曲线的阶);ii.计算椭圆曲线上的点P=k*G,并计算x坐标的模n余数r:r=P.xmodn,如果r为0,则重新选择k并重复步骤i和ii;iii.计算k的模n乘法逆元kinv:kinv=k-1modn;iv.计算报告的哈希值h:h=hash(message)。v.计算s:s=(h+dA*r)*kinvmodn,如果s为0,则重新选择k并重复步骤i至v。i. Select a random number k (1 <= k <= n-1, n is the order of the elliptic curve); ii. Calculate the point P = k*G on the elliptic curve, and calculate the modulo n remainder r of the x coordinate: r = P.xmodn. If r is 0, reselect k and repeat steps i and ii; iii. Calculate the modulo n multiplication inverse element kinv : kinv = k-1 modn; iv. Calculate the reported hash value h: h = hash(message). v. Calculate s: s = (h+dA*r)*kinv modn. If s is 0, reselect k and repeat steps i to v.
步骤v结束后,得出节点A的签名为(r,s)。After step v is completed, the signature of node A is obtained as (r, s).
验证阶段:Verification phase:
假设节点B收到节点A发送的入侵事件报告及其签名(r,s),节点B执行以下步骤进行验证:Assuming that node B receives the intrusion event report and its signature (r, s) sent by node A, node B performs the following steps to verify:
i.确保r和s的范围有效:1<=r,s<=n-1。ii.计算报告的哈希值h:h=hash(message)。iii.计算s的模n乘法逆元sinv:sinv=s-1modn。iv.计算两个值u1和u2:u1=h*sinvmodn和u2=r*sinvmodn。v.计算椭圆曲线上的点P=u1*G+u2*QA。vi.验证条件是否成立:r%n==P.x%n。如果成立,则签名有效;否则,签名无效。i. Ensure that the range of r and s is valid: 1<=r, s<=n-1. ii. Calculate the reported hash value h: h=hash(message). iii. Calculate the modulo n multiplicative inverse of s, sinv : sinv =s-1 modn. iv. Calculate two values u1 and u2: u1=h*sinv modn and u2=r*sinv modn. v. Calculate the point P=u1*G+u2*QA on the elliptic curve. vi. Verify that the condition holds: r%n==Px%n. If so, the signature is valid; otherwise, the signature is invalid.
(4)节点之间的密钥更新(4) Key update between nodes
为了防止密钥被长期攻击和增强整个系统的安全性。节点之间需要定期更新非对称密钥对。在更新过程中,新生成的公钥将被写入区块链,替换旧的公钥。每个节点都需要监控区块链上其他节点的公钥更新,确保使用最新的公钥进行加密通信。具体步骤如下:In order to prevent the key from being attacked in the long term and enhance the security of the entire system, asymmetric key pairs need to be updated regularly between nodes. During the update process, the newly generated public key will be written into the blockchain to replace the old public key. Each node needs to monitor the public key updates of other nodes on the blockchain to ensure that the latest public key is used for encrypted communication. The specific steps are as follows:
每个节点根据自身的安全策略和需求计算密钥更新周期T。周期T可以是固定的时间间隔或根据一定规则动态调整;当一个节点的密钥使用时间达到更新周期T时,它将触发密钥更新流程;触发密钥更新的节点向其他节点广播密钥更新请求;重新执行身份认证步骤,得到密钥协商和数据加密过程中使用的新公钥并广播该公钥。Each node calculates the key update period T according to its own security policy and requirements. Period T can be a fixed time interval or dynamically adjusted according to certain rules; when a node's key usage time reaches the update period T, it will trigger the key update process; the node that triggers the key update broadcasts the key update request to other nodes; re-executes the identity authentication step, obtains the new public key used in the key negotiation and data encryption process, and broadcasts the public key.
入侵检测数据共享与协同Intrusion Detection Data Sharing and Collaboration
本申请将入侵检测任务分配给多个节点,每个节点都有本地检测算法来得出结果,然后将这些结果提交到区块链网络中进行验证和记录。这种方案实现了入侵检测结果的去中心化存储和共享。同时方案采用了去中心化的共识算法,以确保节点之间的协作和数据的一致性。This application assigns the intrusion detection task to multiple nodes. Each node has a local detection algorithm to obtain the results, and then submits these results to the blockchain network for verification and recording. This solution realizes the decentralized storage and sharing of intrusion detection results. At the same time, the solution adopts a decentralized consensus algorithm to ensure the collaboration between nodes and the consistency of data.
协同分布式结构中的每个节点都有自己的入侵检测算法和策略,并且可以根据需要进行调整和升级。当一个节点检测到可疑活动时,它可以将结果上传到中心节点或者其他相邻的节点进行进一步的分析和处理。中心节点可以收集和整合所有节点上传的信息,并且可以根据规则或者模型来判断是否存在入侵活动。Each node in the collaborative distributed structure has its own intrusion detection algorithm and strategy, and can be adjusted and upgraded as needed. When a node detects suspicious activity, it can upload the results to the central node or other adjacent nodes for further analysis and processing. The central node can collect and integrate the information uploaded by all nodes, and can determine whether there is intrusion activity based on rules or models.
存储采用IPFS文件系统。传统的入侵检测系统中,数据通常会被存储在中心化的数据库,IPFS存储时会将文件分割成块,并将这些块存储在IPFS网络的各个节点上,每个块都有其哈希值。每个文件也都有其唯一的哈希值,可以用于定位和检索文件,该哈希值将会被发布到IPFS网络上。当有节点想要访问文件时,IPFS网络会自动从最近的节点中查找该文件,并将该文件的各个块下载下来。采用IPFS文件系统,避免了中心化存储带来的问题,确保入侵数据的可追溯性和可靠性,提高数据的处理效率和响应速度。The storage uses the IPFS file system. In traditional intrusion detection systems, data is usually stored in a centralized database. When IPFS is stored, the file is divided into blocks and these blocks are stored on each node of the IPFS network. Each block has its own hash value. Each file also has its own unique hash value, which can be used to locate and retrieve the file. The hash value will be published on the IPFS network. When a node wants to access a file, the IPFS network will automatically search for the file from the nearest node and download each block of the file. The use of the IPFS file system avoids the problems caused by centralized storage, ensures the traceability and reliability of intrusion data, and improves data processing efficiency and response speed.
分布式节点的入侵检测数据共享与协同共分为四个阶段:初始化阶段、存储共识阶段、共享协同阶段和攻击者上链阶段。整体流程如图2所示:The intrusion detection data sharing and collaboration of distributed nodes is divided into four stages: initialization stage, storage consensus stage, sharing collaboration stage and attacker on-chain stage. The overall process is shown in Figure 2:
(1)初始化阶段(1) Initialization phase
当某个节点(例如节点1)监测到入侵企图等告警时,它将发起入侵检测事件。根据智能合约的要求,首先需要对节点1进行身份认证,并审查是否具备足够的资源来进行区块生成运算。如果节点1身份认证不通过,则该节点将在区块链网络中发起证书申请。如果该节点资源不足,则交易将被中止,并向其他节点广播节点1状态异常的告警信息,提醒管理员关注节点状态。只有当节点1通过所有审查后,才会成功初始化。When a node (such as node 1) detects an intrusion attempt or other alarms, it will initiate an intrusion detection event. According to the requirements of the smart contract, node 1 must first be authenticated and checked to see if it has sufficient resources to perform block generation operations. If node 1 fails to pass the authentication, the node will initiate a certificate application in the blockchain network. If the node has insufficient resources, the transaction will be terminated and an alarm message about the abnormal status of node 1 will be broadcast to other nodes to remind administrators to pay attention to the node status. Only when node 1 passes all reviews will it be successfully initialized.
(2)存储共识阶段(2) Storage consensus stage
在此阶段,节点1根据智能合约的输入参数提供原始告警数据。作为回报,节点1将获得智能合约提供的奖励。节点1会对数据添加数字签名。智能合约将数字签名后的数据打包存储到IPFS系统中,并返回唯一的哈希值作为文件索引。同时,智能合约还生成入侵数据概要,包括可疑源IP和入侵时间,以便后续快速检索。接着,交易发起节点将原始告警入侵数据的文件索引和入侵数据概要一起记录到区块1中,并广播给其他节点。其余节点在共识区块时将会获得奖励。共识时,其余节点将会根据3.2.1节中身份认证机制验证节点1的身份。通过则接受区块1。一旦超过50%的节点接受区块1,共识就算完成。智能合约规定了各节点将数据记录到区块的内容和格式,如图3所示。At this stage, node 1 provides the original alarm data according to the input parameters of the smart contract. In return, node 1 will receive the reward provided by the smart contract. Node 1 will add a digital signature to the data. The smart contract packages the digitally signed data and stores it in the IPFS system, and returns a unique hash value as the file index. At the same time, the smart contract also generates an intrusion data summary, including the suspicious source IP and intrusion time, for subsequent quick retrieval. Then, the transaction initiating node records the file index of the original alarm intrusion data and the intrusion data summary together in block 1 and broadcasts it to other nodes. The remaining nodes will receive rewards when they reach a consensus block. At the time of consensus, the remaining nodes will verify the identity of node 1 according to the identity authentication mechanism in Section 3.2.1. If it passes, block 1 is accepted. Once more than 50% of the nodes accept block 1, the consensus is completed. The smart contract stipulates the content and format of the data recorded in the block by each node, as shown in Figure 3.
(3)共享协同阶段(3) Sharing and collaboration stage
在收到广播的区块1后,节点1的相邻节点(例如节点2)将根据区块头的信息去检索自己的数据库里攻击者的入侵数据。智能合约接着使用IPFS的文件更新算法,根据文件索引追加更新节点2提供的攻击者数据到原始文件中。若节点2无攻击者相关入侵数据,则追加更新一条包含自身设备信息与“未查到该攻击者”的描述数据。同时节点2也会对新数据进行数字签名。IPFS会对新数据进行存储,并将新数据与原始告警数据进行哈希运算,这将返回一个新的唯一哈希值作为文件索引(例如文件索引2)。节点2将区块1哈希值、区块1的入侵数据概要和文件索引2写入区块2,并广播给其他节点。其他节点将对区块2进行共识。每个节点在共识时,如遇到更长的链,将会更新本地链,从而保证不再接收已共识过的区块。若有节点长期不响应广播,则其余节点不再等待其回应通信,以防止通信或作业堵塞。这个过程将不断重复,直到所有节点都提供了对攻击者数据的查找结果。After receiving the broadcasted block 1, the neighboring nodes of node 1 (such as node 2) will retrieve the attacker's intrusion data in their own databases based on the information in the block header. The smart contract then uses the file update algorithm of IPFS to append and update the attacker data provided by node 2 to the original file based on the file index. If node 2 does not have any intrusion data related to the attacker, it will append and update a description data containing its own device information and "the attacker has not been found". At the same time, node 2 will also digitally sign the new data. IPFS will store the new data and perform a hash operation on the new data and the original alarm data, which will return a new unique hash value as the file index (such as file index 2). Node 2 writes the hash value of block 1, the intrusion data summary of block 1, and file index 2 into block 2 and broadcasts it to other nodes. Other nodes will reach a consensus on block 2. When each node reaches a consensus, if it encounters a longer chain, it will update the local chain to ensure that it will no longer receive the consensus block. If a node does not respond to the broadcast for a long time, the other nodes will no longer wait for its response communication to prevent communication or job congestion. This process will be repeated until all nodes provide the search results for the attacker's data.
(4)攻击者上链阶段(4) Attacker on-chain stage
在此阶段,智能合约将监视最后一个更新攻击者数据的节点生成的区块(例如区块n),并从该区块中读取文件索引n。接着,智能合约将从IPFS文件系统中下载该文件,其中包含所有节点提供的攻击者信息。智能合约将按照时间戳的顺序整理攻击数据,梳理出攻击链条,并生成一个该攻击者的入侵数据集。随后,智能合约将把该数据集存储到IPFS文件系统中,并获得新的文件索引(例如文件索引n+1)。智能合约将根据文件索引n删除文件n,以释放存储空间。接下来,智能合约将文件索引n+1发给区块1。区块1将攻击者入侵数据概要连同文件索引一起记录到区块上,并登记发布到区块链上。这样,所有节点都能够访问和查询攻击者的入侵数据,从而实现对攻击者行为的监控和追踪。At this stage, the smart contract will monitor the block generated by the last node that updated the attacker's data (for example, block n) and read the file index n from the block. Next, the smart contract will download the file from the IPFS file system, which contains the attacker information provided by all nodes. The smart contract will organize the attack data in the order of timestamps, sort out the attack chain, and generate an intrusion data set for the attacker. Subsequently, the smart contract will store the data set in the IPFS file system and obtain a new file index (for example, file index n+1). The smart contract will delete file n according to file index n to free up storage space. Next, the smart contract sends file index n+1 to block 1. Block 1 records the attacker's intrusion data summary together with the file index on the block and registers and publishes it on the blockchain. In this way, all nodes can access and query the attacker's intrusion data, thereby monitoring and tracking the attacker's behavior.
通过以上四个阶段,区块链网络成功地实现了入侵检测事件的处理和攻击者数据的共享。这种方法有效地利用了区块链和IPFS技术的优势,提高了网络安全性和数据的可靠性。Through the above four stages, the blockchain network successfully realized the processing of intrusion detection events and the sharing of attacker data. This method effectively utilizes the advantages of blockchain and IPFS technology to improve network security and data reliability.
态势感知评估Situational Awareness Assessment
通过对前文收集的入侵数据集和其他网络状态信息的分析与挖掘,实现对恶意行为的评估与预警机制。在此过程中,将对数据源内信息进行分析,包括但不限于网络流量、主机日志和安全事件数据等。对这些数据进行预处理和特征提取,接着对数据进行分析和理解,以有力支持后续的评估和预警。态势感知架构如图4所示。By analyzing and mining the intrusion data set and other network status information collected above, the evaluation and early warning mechanism of malicious behavior is realized. In this process, the information in the data source will be analyzed, including but not limited to network traffic, host logs, and security event data. The data is preprocessed and feature extracted, and then analyzed and understood to strongly support subsequent evaluation and early warning. The situational awareness architecture is shown in Figure 4.
阶段1数据预处理与特征提取Stage 1: Data preprocessing and feature extraction
(1)数据整合(1) Data Integration
从区块链中获取数据索引,遍历区块链,找到包含攻击者信息的区块,从这些区块中提取文件索引信息。根据文件索引从IPFS文件系统中获取数据。从外部数据源收集最新威胁情报、网络服务状态等,收集网络和设备的实时情况数据。将这些实时数据与从IPFS文件系统中获取的入侵数据进行整合,形成一个完整的数据集。使用区块链的哈希值校验数据的完整性和一致性,确保数据在传输过程中未被篡改。当有新的入侵数据产生时,实时更新数据集,确保数据的及时性。Get the data index from the blockchain, traverse the blockchain, find the blocks containing the attacker information, and extract the file index information from these blocks. Get data from the IPFS file system based on the file index. Collect the latest threat intelligence, network service status, etc. from external data sources, and collect real-time data on the network and devices. Integrate these real-time data with the intrusion data obtained from the IPFS file system to form a complete data set. Use the hash value of the blockchain to verify the integrity and consistency of the data to ensure that the data has not been tampered with during transmission. When new intrusion data is generated, update the data set in real time to ensure the timeliness of the data.
(2)数据预处理(2) Data preprocessing
通过数据清洗去除异常值和噪声,保留有效的数据信息,从而提高数据质量和准确性,为后续数据分析和挖掘提供可靠的基础。下表2是部分数据处理项。By removing outliers and noise through data cleaning, valid data information is retained, thereby improving data quality and accuracy, and providing a reliable foundation for subsequent data analysis and mining. Table 2 below shows some data processing items.
表2部分数据处理项列表Table 2 List of some data processing items
从以下几个方面进行数据集成:数据格式的一致性以便进行数据集成和分析,数据源的准确性和完整性避免对分析的影响、数据重复性的处理、数据量的平衡以避免分析的偏向性、数据的标准化以保证数据的一致性和可比性。Data integration is carried out from the following aspects: consistency of data format to facilitate data integration and analysis, accuracy and completeness of data sources to avoid impact on analysis, processing of data duplication, balance of data volume to avoid bias in analysis, and data standardization to ensure data consistency and comparability.
利用主成分分析PCA来进行数据降维和特征提取。网络安全入侵事件中往往存在很多相关属性。例如一次邮件钓鱼攻击事件中,恶意邮件的时间和受控主机横向攻击范围是最重要的,就要剔除受控主机的其余正常通信行为提供的的通信ip和可信邮件。Principal component analysis (PCA) is used to perform data dimension reduction and feature extraction. There are often many related attributes in network security intrusion events. For example, in an email phishing attack, the time of the malicious email and the lateral attack range of the controlled host are the most important. The communication IP and trusted emails provided by the rest of the normal communication behavior of the controlled host must be eliminated.
PCA于从高维数据中提取出最重要的特征(主成分),并将其转换为低维空间中的新的特征表示。它通过将原始数据进行线性变换,将其转化为新的坐标系下的数据表示,使得新的坐标系下的数据具有最大的方差,并且不同维度之间彼此独立,从而达到降维的目的。下表3是PCA算法中涉及的一些定义:PCA extracts the most important features (principal components) from high-dimensional data and converts them into new feature representations in low-dimensional space. It transforms the original data into data representations in a new coordinate system by linearly transforming it, so that the data in the new coordinate system has the largest variance and different dimensions are independent of each other, thereby achieving the purpose of dimensionality reduction. Table 3 below is some definitions involved in the PCA algorithm:
表3 PCA算法相关定义Table 3 PCA algorithm related definitions
PCA的过程包括以下几个步骤:对原始数据X进行去中心化处理,得到去中心化后的数据矩阵Xc;计算协方差矩阵通过对协方差矩阵C进行特征值分解,得到特征值λ1,λ2,...,λn和特征向量v1,v2,...,vn;将特征向量按对应特征值从大到小排序,并选取前k个特征向量组成矩阵W,其中k是目标降维后的特征数;将数据矩阵Xc与矩阵W相乘,得到降维后的数据矩阵Y=XcW。返回降维后的数据矩阵Y。The PCA process includes the following steps: decentralized processing of the original data X to obtain the decentralized data matrixXc ; calculation of the covariance matrix By performing eigenvalue decomposition on the covariance matrix C, eigenvalues λ1 ,λ2 ,...,λn and eigenvectors v1 ,v2 ,...,vn are obtained; the eigenvectors are sorted from large to small according to the corresponding eigenvalues, and the first k eigenvectors are selected to form a matrix W, where k is the number of eigenvalues after the target dimension reduction; the data matrix Xc is multiplied by the matrix W to obtain the reduced dimension data matrix Y = Xc W. The reduced dimension data matrix Y is returned.
假设经过数据整合、预处理和特征提取,得到一个包含以下特征的入侵数据集:攻击类型编码,已经使用独热编码转换为数值型数据;攻击源IP地址,已经将IP地址转换为整数数值;目标设备IP地址,已经将IP地址转换为整数数值;攻击持续时间,单位为秒的数值型数据;攻击流量,单位为字节的数值型数据。如表4所示为某原始入侵数据集的部分数值型特征。Assume that after data integration, preprocessing and feature extraction, an intrusion dataset containing the following features is obtained: attack type code, which has been converted into numerical data using one-hot encoding; attack source IP address, which has been converted into an integer value; target device IP address, which has been converted into an integer value; attack duration, which is numerical data in seconds; attack traffic, which is numerical data in bytes. Table 4 shows some numerical features of an original intrusion dataset.
首先计算特征数据的协方差矩阵,然后进行特征值分解,得到特征向量和对应的特征值。在选取前两个最大特征值对应的特征向量作为投影矩阵之后,将原始数据乘以该矩阵,可以得到降维后的主成分数据,如表5所示。First, the covariance matrix of the feature data is calculated, and then the eigenvalue decomposition is performed to obtain the eigenvectors and the corresponding eigenvalues. After selecting the eigenvectors corresponding to the first two largest eigenvalues as the projection matrix, the original data is multiplied by the matrix to obtain the principal component data after dimensionality reduction, as shown in Table 5.
表4原始入侵数据集A部分特征Table 4. Characteristics of the original intrusion dataset A
表5原始入侵数据集A特征降维Table 5. Feature dimensionality reduction of the original intrusion dataset A
如上表所示,已经将原始的三个特征降维为两个主成分。这两个主成分能够解释原始数据中的大部分方差,同时减少了特征的维度。主成分分析在网络安全态势感知中的入侵数据集处理过程中,可以有助于发现数据中的潜在模式,剔除冗余和无关紧要的特征,从而提高数据处理效率并更好地识别和预测潜在的安全威胁。As shown in the table above, the original three features have been reduced to two principal components. These two principal components can explain most of the variance in the original data while reducing the dimension of the features. In the process of processing intrusion data sets in network security situation awareness, principal component analysis can help discover potential patterns in the data, eliminate redundant and insignificant features, thereby improving data processing efficiency and better identifying and predicting potential security threats.
阶段2数据分析与评估Phase 2 Data Analysis and Evaluation
根据数据来评估网络安全态势。采用加权综合评估法,通过为不同的指标分配权重,计算出一个总的安全态势得分。具体步骤如下:Evaluate the network security situation based on data. Use a weighted comprehensive evaluation method to assign weights to different indicators and calculate an overall security situation score. The specific steps are as follows:
(1)确定评估指标。(1) Determine the evaluation indicators.
需要确定用于评估网络安全态势的指标。采用上一阶段得到的主成分作为指标。It is necessary to determine the indicators used to evaluate the network security situation. The principal components obtained in the previous stage are used as indicators.
(2)分配权重(2) Assign weight
需要为每个评估指标分配一个权重。权重反映了该指标在总体安全态势中的相对重要性。权重的分配可以根据实际情况和领域知识进行调整。例如主成分1的相关性更大,说明是网络安全的重要指标。可将权重分配如下:主成分1为0.7,主成分2为0.3。Each evaluation indicator needs to be assigned a weight. The weight reflects the relative importance of the indicator in the overall security situation. The weight distribution can be adjusted according to the actual situation and domain knowledge. For example, the principal component 1 has a greater correlation, indicating that it is an important indicator of network security. The weight distribution can be as follows: principal component 1 is 0.7, and principal component 2 is 0.3.
(3)计算每项得分和评估网络安全态势结果(3) Calculate each score and evaluate the network security situation results
对于每个评估指标,需要计算一个得分。得分可以根据实际数据、标准或经验进行计算。对于每个指标,先将其得分与其对应的权重相乘,然后将所有乘积相加,可计算出一个总得分。依据总得分对网络安全态势进行评估。将得分映射到一个评估区间等级,确定其风险等级,如安全(低风险)、基本安全(中低风险)、存在风险(中风险)、高风险(中高风险)、极度危险(高风险)。For each evaluation indicator, a score needs to be calculated. The score can be calculated based on actual data, standards, or experience. For each indicator, first multiply its score by its corresponding weight, and then add all the products to calculate a total score. Evaluate the network security situation based on the total score. Map the score to an evaluation interval level to determine its risk level, such as safe (low risk), basically safe (medium-low risk), risky (medium risk), high risk (medium-high risk), extremely dangerous (high risk).
(4)动态调整(4) Dynamic Adjustment
网络安全态势是一个动态变化的过程。因此,可以不断收集新的入侵数据,实时更新网络安全态势评估权重和结果。这将有助于及时发现新的安全威胁,制定有效的应对策略。The network security situation is a dynamic process. Therefore, new intrusion data can be continuously collected to update the network security situation assessment weights and results in real time. This will help to timely discover new security threats and formulate effective response strategies.
态势感知预测Situational Awareness Prediction
采用LSTM对历史网络安全事件的数据进行建模,并使用该模型来预测用于预测网络流量的安全态势。基于LSTM进行入侵态势感知的原理和方案步骤:LSTM is used to model the data of historical network security events, and the model is used to predict the security situation of network traffic. The principle and solution steps of intrusion situation awareness based on LSTM are as follows:
(1)网络安全态势数据的预处理。在收集网络安全态势数据后,需要对异常和不良数据进行处理。为了更方便地对网络安全态势值进行求解,我们需要将原始数据归一化到(0,1)范围。使用梯度下降算法的LSTM神经网络预测模型对(0,1)之间的数据具有较高的敏感度。(1) Preprocessing of network security situation data. After collecting network security situation data, abnormal and bad data needs to be processed. In order to more conveniently solve the network security situation value, we need to normalize the original data to the range of (0,1). The LSTM neural network prediction model using the gradient descent algorithm has a high sensitivity to data between (0,1).
(2)数据集处理。在预测之前用时间窗策略将网络安全态势数据集转换为模型输入要求的形状。为了避免出现过度拟合现象,需要将所有的网络安全态势值数据按照4:1的比例划分为训练集和测试集。(2) Dataset processing. Before prediction, the network security situation dataset is converted into the shape required by the model input using the time window strategy. In order to avoid overfitting, all network security situation value data need to be divided into training set and test set in a ratio of 4:1.
(3)模型搭建及训练。搭建LSTM模型,将训练集的数据和对应的标签输入网络进行训练,采用随机梯度下降算法对LSTM神经网络参数进行寻优,得到最优网络安全态势预测模型。(3) Model building and training. Build the LSTM model, input the training set data and corresponding labels into the network for training, and use the stochastic gradient descent algorithm to optimize the LSTM neural network parameters to obtain the optimal network security situation prediction model.
(4)态势预测。将测试集的数据进行数据处理(步骤1和步骤2)后,输入到步骤(3)训练好的最优网络安全态势预测模型中,模型输出的预测结果可用于评估当前网络的安全状态。(4) Situation prediction. After the test set data is processed (steps 1 and 2), it is input into the optimal network security situation prediction model trained in step (3). The prediction results output by the model can be used to evaluate the security status of the current network.
抵抗攻击分析:Resistance to attack analysis:
(1)恶意节点冒充合法节点进行攻击(1) Malicious nodes impersonate legitimate nodes to attack
使用分布式密钥生成和基于非对称密钥对的身份验证来防止此类攻击。每个节点都有一对非对称密钥(公钥和私钥),并将公钥存储在区块链上。只有合法节点才能通过身份验证。由于私钥仅限节点自己持有,恶意攻击者无法伪造合法节点的身份。Distributed key generation and asymmetric key pair-based authentication are used to prevent such attacks. Each node has a pair of asymmetric keys (public and private keys) and stores the public key on the blockchain. Only legitimate nodes can pass authentication. Since the private key is only held by the node itself, malicious attackers cannot forge the identity of legitimate nodes.
(2)中间人攻击(2) Man-in-the-middle attack
使用混合加密方法(结合公钥加密算法和对称加密算法)来确保数据传输的安全性。通过密钥协商过程,两个节点可以生成共享的会话密钥k。由于k仅在这两个节点之间共享,恶意攻击者无法获取密钥,从而无法解密传输中的数据。A hybrid encryption method (combining public key encryption algorithm and symmetric encryption algorithm) is used to ensure the security of data transmission. Through the key negotiation process, two nodes can generate a shared session key k. Since k is only shared between these two nodes, malicious attackers cannot obtain the key and thus cannot decrypt the data in transit.
(3)数据篡改攻击(3) Data tampering attack
使用数字签名技术(例如ECDSA)确保数据在传输过程中的完整性。在发送数据之前,节点会对消息进行数字签名,然后将签名和密文一起发送给接收节点。接收节点使用发送节点的公钥来验证签名的有效性。只有在签名有效的情况下,数据在传输过程中才不会被篡改。这样可防止恶意攻击者修改传输中的数据。Use digital signature technology (such as ECDSA) to ensure the integrity of data during transmission. Before sending data, the node will digitally sign the message and then send the signature and ciphertext together to the receiving node. The receiving node uses the public key of the sending node to verify the validity of the signature. Only if the signature is valid, the data will not be tampered with during transmission. This prevents malicious attackers from modifying the data in transit.
(4)数据窃取攻击(4) Data theft attacks
使用IPFS分布式文件系统进行加密文件存储。在将数据存储到IPFS网络之前,节点会先加密数据。这样即使攻击者能够访问IPFS网络上的数据,由于数据是加密的,攻击者无法获取原始信息。Use the IPFS distributed file system for encrypted file storage. Before storing data on the IPFS network, the node will encrypt the data first. In this way, even if an attacker can access the data on the IPFS network, the attacker cannot obtain the original information because the data is encrypted.
(5)密钥泄露攻击(5) Key leakage attack
要求节点定期更新非对称密钥对,以防止密钥被长期攻击。当一个节点的密钥使用时间达到更新周期T时,它将触发密钥更新流程。新生成的公钥将被写入区块链,替换旧的公钥。这样,即使攻击者能够破解旧的密钥,也无法对新的密钥造成威胁。Nodes are required to update asymmetric key pairs regularly to prevent long-term attacks on keys. When a node's key usage time reaches the update period T, it will trigger the key update process. The newly generated public key will be written into the blockchain, replacing the old public key. In this way, even if an attacker is able to crack the old key, they cannot threaten the new key.
区块链交易与共识安全分析:Blockchain transaction and consensus security analysis:
(1)防止恶意攻击(1) Prevent malicious attacks
在节点初始化阶段,每个节点都有自己的资源限制值resLimit,防止拒绝服务攻击(DDoS)。如果交易节点没有足够的计算资源来处理交易中的计算任务,那么它就可能成为攻击者进行拒绝服务攻击的目标。通过检查节点的计算资源,可以确保节点能够承受一定的负载压力,从而防止拒绝服务攻击。During the node initialization phase, each node has its own resource limit value resLimit to prevent denial of service attacks (DDoS). If a transaction node does not have enough computing resources to process the computing tasks in the transaction, it may become a target for a denial of service attack by an attacker. By checking the computing resources of the node, it can ensure that the node can withstand a certain load pressure, thereby preventing a denial of service attack.
在每次节点发起任务时,智能合约会对其进行安全审查。同时智能合约会定期检查节点的奖励数量,低于阈值则可能是恶意节点逃避交易。Every time a node initiates a task, the smart contract will conduct a security review. At the same time, the smart contract will regularly check the node's reward amount. If it is below the threshold, it may be a malicious node evading transactions.
(2)合作攻击(2) Collaborative Attack
合作攻击是指攻击者通过合谋或协作,共同控制足够多的节点,从而掌控整个区块链网络。攻击者通常通过不断购买足够多的奖励,来增加自己在区块链网络中的权重。A collaborative attack is when an attacker controls enough nodes through collusion or collaboration to take control of the entire blockchain network. Attackers usually increase their weight in the blockchain network by continuously purchasing enough rewards.
本申请的奖励交易激励机制,可以确保诚实节点的收益高于恶意行为的收益。这将鼓励节点遵循协议,降低恶意节点发起合作攻击的动机。同时,使用数字签名技术,相当于多个节点共同对数据进行签名和加密,从而增加恶意节点篡改数据和发起合作攻击的难度。The reward transaction incentive mechanism of this application can ensure that the benefits of honest nodes are higher than the benefits of malicious behavior. This will encourage nodes to follow the protocol and reduce the motivation of malicious nodes to launch cooperative attacks. At the same time, the use of digital signature technology is equivalent to multiple nodes jointly signing and encrypting data, thereby increasing the difficulty for malicious nodes to tamper with data and launch cooperative attacks.
效率分析Efficiency Analysis
为了便于本申请与其余解决方法的统一分析,本申请从协同认证角度去与其他方案进行对比。将密钥协商、加密、传输解密的隐私保护过程,添加到去中心化身份认证,并结合节点通信时执行数字签名算法,称为入侵检测身份认证过程,再来计算其响应时间。In order to facilitate the unified analysis of this application and other solutions, this application is compared with other solutions from the perspective of collaborative authentication. The privacy protection process of key negotiation, encryption, and transmission decryption is added to the decentralized identity authentication, and the digital signature algorithm is executed during node communication, which is called the intrusion detection identity authentication process, and then its response time is calculated.
入侵检测身份认证过程中主要为点乘和点加运算。分析得共有3次点乘运算(计算公钥份额、AES列混淆、Ri和数字签名密钥生成),共有2次点加运算(计算R、轮密钥加和组合公钥、数字签名密钥生成),1次哈希运算,共有1次指数运算(构建多项式)。The main operations in the intrusion detection authentication process are point multiplication and point addition. The analysis shows that there are 3 point multiplication operations (calculation of public key shares, AES column confusion, Ri and digital signature key generation), 2 point addition operations (calculation of R, round key addition and combined public key, digital signature key generation), 1 hash operation, and 1 exponential operation (construction of polynomial).
根据相同的统计和计算原则,本申请对文献[60](Hsieh W B,Leu J S.Ananonymous mobile user authentication protocol using self-certified publickeys based on multi-server architectures[J].The Journal of Supercomputing,2014,70:133-148.)和文献[61](Yuan C,Zhang W,Wang X.EIMAKP:Heterogeneous cross-domain authenticated key agreement protocols in the EIM system[J].ArabianJournal for Science and Engineering,2017,42:3275-3287.)的运算操作及时间开销整理如表6、表7和图5所示:According to the same statistical and calculation principles, this application summarizes the operation and time overhead of the literature [60] (Hsieh W B, Leu J S. Ananonymous mobile user authentication protocol using self-certified publickeys based on multi-server architectures [J]. The Journal of Supercomputing, 2014, 70: 133-148.) and literature [61] (Yuan C, Zhang W, Wang X. EIMAKP: Heterogeneous cross-domain authenticated key agreement protocols in the EIM system [J]. Arabian Journal for Science and Engineering, 2017, 42: 3275-3287.) as shown in Table 6, Table 7 and Figure 5:
表6各类运算操作、符号Table 6 Various operations and symbols
表7协议运算操作Table 7 Protocol operation
可以看出,本申请相对于文献[60]和文献[61]的方案,在计算开销方面都要显著更低,主要原因是本申请减少了一次映射到点的运算。It can be seen that the computational overhead of this application is significantly lower than that of the solutions in references [60] and [61]. The main reason is that this application reduces the operation of mapping to points once.
编写代码实现基于RSA密钥协商的入侵检测身份认证仿真过程与本申请基于ECC密钥协商的入侵检测身份认证仿真过程对比。用Python代码实现仿真实验,基于Python的cryptography库实现数据加密解密。认证过程响应时间与节点数量的关系如图6所示,节点数量范围设置为100个以内。Compare the simulation process of intrusion detection authentication based on RSA key negotiation with the simulation process of intrusion detection authentication based on ECC key negotiation in this application. Use Python code to implement simulation experiments, and implement data encryption and decryption based on Python's cryptography library. The relationship between the response time of the authentication process and the number of nodes is shown in Figure 6, and the number of nodes is set to within 100.
根据图可以分析,随着节点数的不断增加,由于分布式身份认证对。响应时间在逐渐增大。这是因为节点数的增加,系统的开销逐渐增大,系统占用的内存,使用的处理器运算量逐渐增大,因此身份认证响应时间会增大。但往往参与者数量和阈值通常是有限的,普通用户电脑就能实现低响应时间。According to the figure, as the number of nodes continues to increase, the response time of distributed identity authentication is gradually increasing. This is because the increase in the number of nodes gradually increases the system overhead, the memory occupied by the system, and the amount of processor computing used gradually increase, so the identity authentication response time will increase. However, the number of participants and thresholds are usually limited, and ordinary user computers can achieve low response times.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310437731.1ACN116405187B (en) | 2023-04-21 | 2023-04-21 | Distributed node intrusion situation sensing method based on block chain |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310437731.1ACN116405187B (en) | 2023-04-21 | 2023-04-21 | Distributed node intrusion situation sensing method based on block chain |
| Publication Number | Publication Date |
|---|---|
| CN116405187A CN116405187A (en) | 2023-07-07 |
| CN116405187Btrue CN116405187B (en) | 2024-04-09 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310437731.1AActiveCN116405187B (en) | 2023-04-21 | 2023-04-21 | Distributed node intrusion situation sensing method based on block chain |
| Country | Link |
|---|---|
| CN (1) | CN116405187B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116567633B (en)* | 2023-07-10 | 2023-10-10 | 华侨大学 | Identity authentication method, system and equipment based on ECDSA signature algorithm |
| CN117113310B (en)* | 2023-10-16 | 2024-03-08 | 北京华鲲振宇智能科技有限责任公司 | Data transmission control method, system, equipment and medium |
| CN117221131B (en)* | 2023-11-09 | 2024-01-23 | 北京邮电大学 | Internet of things communication method, system, computer equipment and storage medium |
| CN117494218B (en)* | 2023-12-25 | 2024-04-02 | 信联科技(南京)有限公司 | A trusted data space data management and control method and system based on contract attachment |
| CN117857199B (en)* | 2024-01-18 | 2024-09-17 | 阳光凯讯(北京)科技股份有限公司 | Data security exchange system of cloud-side-end mobile communication system |
| CN118174843B (en)* | 2024-03-22 | 2024-11-29 | 国网江西省电力有限公司新余供电分公司 | Network transmission safety management system based on data analysis |
| CN118627123B (en)* | 2024-08-09 | 2024-12-17 | 江苏盖睿健康科技有限公司 | Remote medical data management method based on blockchain |
| CN119646428B (en)* | 2024-11-05 | 2025-09-12 | 华北电力大学 | A blockchain-based smart contract data analysis method and system |
| CN119226576B (en)* | 2024-12-04 | 2025-02-11 | 中国人民解放军国防科技大学 | A situation playback method and device based on jump list index file |
| CN119675935B (en)* | 2024-12-05 | 2025-09-23 | 国网福建省电力有限公司信息通信分公司 | Extensible blockchain identity authentication method and system for distributed resource aggregation scene |
| CN119628974B (en)* | 2025-02-14 | 2025-06-27 | 江苏意源科技有限公司 | Industrial data safety transmission method based on block chain |
| CN120181790B (en)* | 2025-03-12 | 2025-10-03 | 北京华软世纪科技有限公司 | Digital asset load early warning management method and system based on machine learning |
| CN119922019B (en)* | 2025-04-03 | 2025-05-30 | 西安云湾科技有限公司 | Dynamic verification method and system for security effectiveness of complex network system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019113495A1 (en)* | 2017-12-08 | 2019-06-13 | Solana Labs, Inc. | Systems and methods for cryptographic provision of synchronized clocks in distributed systems |
| CN110705859A (en)* | 2019-09-25 | 2020-01-17 | 三峡大学 | Evaluation method of operating status of medium and low voltage distribution network based on PCA-self-organizing neural network |
| CN111079136A (en)* | 2019-11-07 | 2020-04-28 | 北京科技大学 | A fog computing intrusion detection feature sharing system based on blockchain technology |
| CN111586013A (en)* | 2020-04-29 | 2020-08-25 | 数网金融有限公司 | Network intrusion detection method, device, node terminal and storage medium |
| CN112100659A (en)* | 2020-09-14 | 2020-12-18 | 电子科技大学 | A blockchain federated learning system and Byzantine attack detection method |
| CN113194469A (en)* | 2021-04-28 | 2021-07-30 | 四川师范大学 | 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain |
| CN113472547A (en)* | 2021-09-06 | 2021-10-01 | 湖南和信安华区块链科技有限公司 | Safety monitoring system based on block chain |
| CN113536382A (en)* | 2021-08-09 | 2021-10-22 | 北京理工大学 | Blockchain-based medical data sharing privacy-preserving method using federated learning |
| CN113904862A (en)* | 2021-10-22 | 2022-01-07 | 中车株洲电力机车有限公司 | Distributed train control network intrusion detection method, system and storage medium |
| CN114971638A (en)* | 2022-05-17 | 2022-08-30 | 中国银行股份有限公司 | Transaction authentication method and device based on risk identification |
| CN115242559A (en)* | 2022-09-23 | 2022-10-25 | 北京航空航天大学 | Network traffic intrusion detection method based on blockchain and federated learning |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US12058260B2 (en)* | 2019-02-24 | 2024-08-06 | Nili Philipp | System and method for securing data |
| US11436615B2 (en)* | 2020-08-28 | 2022-09-06 | Anchain.ai Inc. | System and method for blockchain transaction risk management using machine learning |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019113495A1 (en)* | 2017-12-08 | 2019-06-13 | Solana Labs, Inc. | Systems and methods for cryptographic provision of synchronized clocks in distributed systems |
| CN110705859A (en)* | 2019-09-25 | 2020-01-17 | 三峡大学 | Evaluation method of operating status of medium and low voltage distribution network based on PCA-self-organizing neural network |
| CN111079136A (en)* | 2019-11-07 | 2020-04-28 | 北京科技大学 | A fog computing intrusion detection feature sharing system based on blockchain technology |
| CN111586013A (en)* | 2020-04-29 | 2020-08-25 | 数网金融有限公司 | Network intrusion detection method, device, node terminal and storage medium |
| CN112100659A (en)* | 2020-09-14 | 2020-12-18 | 电子科技大学 | A blockchain federated learning system and Byzantine attack detection method |
| CN113194469A (en)* | 2021-04-28 | 2021-07-30 | 四川师范大学 | 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain |
| CN113536382A (en)* | 2021-08-09 | 2021-10-22 | 北京理工大学 | Blockchain-based medical data sharing privacy-preserving method using federated learning |
| CN113472547A (en)* | 2021-09-06 | 2021-10-01 | 湖南和信安华区块链科技有限公司 | Safety monitoring system based on block chain |
| CN113904862A (en)* | 2021-10-22 | 2022-01-07 | 中车株洲电力机车有限公司 | Distributed train control network intrusion detection method, system and storage medium |
| CN114971638A (en)* | 2022-05-17 | 2022-08-30 | 中国银行股份有限公司 | Transaction authentication method and device based on risk identification |
| CN115242559A (en)* | 2022-09-23 | 2022-10-25 | 北京航空航天大学 | Network traffic intrusion detection method based on blockchain and federated learning |
| Publication number | Publication date |
|---|---|
| CN116405187A (en) | 2023-07-07 |
| Publication | Publication Date | Title |
|---|---|---|
| CN116405187B (en) | Distributed node intrusion situation sensing method based on block chain | |
| Meng et al. | Enhancing medical smartphone networks via blockchain-based trust management against insider attacks | |
| Zhang et al. | Blockchain-assisted public-key encryption with keyword search against keyword guessing attacks for cloud storage | |
| KR102696425B1 (en) | Collaborative Risk Awareness Certification | |
| CN110008720B (en) | Method and device for traceability of Internet of things dynamic data based on alliance chain | |
| Khaliq et al. | A secure and privacy preserved parking recommender system using elliptic curve cryptography and local differential privacy | |
| Feng et al. | A blockchain-based collocation storage architecture for data security process platform of WSN | |
| Luo et al. | A dynamic trust management system for wireless sensor networks | |
| Carullo et al. | Feeltrust: providing trustworthy communications in ubiquitous mobile environment | |
| Cho et al. | Composite trust-based public key management in mobile ad hoc networks | |
| Premarathne et al. | Secure and reliable surveillance over cognitive radio sensor networks in smart grid | |
| CN106101092A (en) | A kind of information evaluation processing method and first instance | |
| CN118748619B (en) | A secure communication verification method and system for the Internet of Things | |
| CN118784300A (en) | Cross-platform secure login method and system based on privacy computing and intelligent context | |
| CN119603079B (en) | Multi-system password security management method based on equipment authentication | |
| Pon et al. | Blockchain based cloud service security architecture with distributed machine learning for smart device traffic record transaction | |
| CN118713892A (en) | A multi-factor authentication instant message processing method and system | |
| CN113079140A (en) | Cooperative spectrum sensing position privacy protection method based on block chain | |
| Xiang et al. | Secure authentication and trust management scheme for edge Ai-enabled cyber-physical systems | |
| Raza et al. | Blockchain-based reputation and trust management for smart grids, healthcare, and transportation: a review | |
| Reidt et al. | The fable of the bees: incentivizing robust revocation decision making in ad hoc networks | |
| Syed et al. | Dickson polynomial-based secure group authentication scheme for Internet of Things | |
| Moghariya et al. | Blockchain-enabled IoT (B-IoT): overview, security, scalability & challenges | |
| CN113869901A (en) | Key generation method, key generation device, computer-readable storage medium and computer equipment | |
| CN118316718A (en) | Data processing method, device, storage medium and computer equipment |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |