Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Threat behavior processing method and device, equipment and storage medium based on block chain

A processing method and blockchain technology, applied in the field of information security, can solve problems such as weak firewall protection capabilities, and achieve the effect of improving protection capabilities

Active Publication Date: 2021-01-15
CHINA MOBILE COMM LTD RES INST +1
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the embodiment of the present invention expects to provide a block chain-based threat behavior processing method and device to solve the problem of weak protection capabilities of firewalls

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat behavior processing method and device, equipment and storage medium based on block chain
  • Threat behavior processing method and device, equipment and storage medium based on block chain
  • Threat behavior processing method and device, equipment and storage medium based on block chain

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0136] This example provides a firewall interaction method and system based on blockchain. By analyzing the threat behavior of each firewall using blockchain, and based on the generation and broadcast of blockchain to realize mutual interaction between firewalls, and then realize the overall Use firewalls to analyze threat behaviors and discover unknown and hidden attacks. Specifically, it includes a blockchain-based firewall interaction analysis method and a blockchain-based firewall interaction analysis system.

[0137] like Image 6 As shown, this example provides a block chain-based firewall interaction system including multiple firewalls, and a point-to-point communication is formed between each firewall on a logical level. The firewalls in the figure include FW1, FW2, FW3, FW n-1, and FW n; FW1 can interact with n-1 firewalls such as FW2, FW3, FW n-1, and FW n, and FW2 can interact with FW1, FW3, and FW n-1, FW n and other n-1 firewalls can interact, FW3 can interact w...

example 2

[0147] like Figure 7 As shown, the blockchain-based firewall interactive analysis method described in this technical solution includes the following steps:

[0148] Step 101: traditional firewall data processing based on attack rules. That is, the firewall receives traffic, performs data processing based on attack rules, allows normal traffic, blocks traffic matching attack rules, and proceeds to step 102 for other suspected traffic.

[0149] Step 102: For the suspected data flow, analyze the threat behavior based on the block chain. That is, the output of step 101 is received, and threat behavior analysis based on blockchain is performed.

[0150] Step 103: extract the threat behavior features stored in the blockchain, and extract the data features of the suspected data flow.

[0151] Step 104: Compare the threat behavior features and data features to obtain a judgment result, which may specifically include: performing SVM vector machine training through the threat behavi...

example 3

[0156] like Figure 8 As shown, the blockchain-based interactive analysis system for firewalls described in this technical solution includes 4 major parts: firewall traditional data processing module 201, blockchain-based threat behavior feature library module 202, blockchain-based Threat behavior analysis module 203 and block chain-based threat behavior feature library coordination module 204.

[0157] The block chain-based threat behavior analysis module 203 includes three sub-modules, namely: a block chain-based threat behavior extraction module 2031, a block chain-based threat behavior determination module 2032, and a block chain-based threat behavior aggregation module 2033 . details as follows.

[0158] The traditional data processing module 201 of the firewall is used to perform traditional data processing based on attack rules on the data packet flow to determine the suspected data flow, which can be used as a component of the aforementioned acquisition unit 110 .

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a threat behavior processing method, device and equipment based on a block chain as well as a storage medium, applied to electronic equipment including a firewall. The threat behavior processing based on the block chain comprises the following steps: analyzing a suspected data flow of a threat behavior, and acquiring data features of the suspected data flow; extracting recorded threat behavior features in the block chain, wherein the block chain is shared among multiple firewalls; and based on the data features and the threat behavior features, forminga judgment result, wherein the data features are used for updating the block chain when the suspected data flow is determined to be the data flow of the threat behavior. In the embodiment, based on the threat behavior features recorded in the block chain, the firewalls can be assisted to further determine whether the suspected data flow which can not be precisely identified by the firewalls basedon the current attack rules is a data flow of an attack behavior, an information barrier among the firewalls is broken, and interception capability of a single firewall and all the firewalls on the threat behavior is improved, so that security capability is improved.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a block chain-based threat behavior processing method, device, equipment, and storage medium. Background technique [0002] With the rapid development of the network, there are more and more types of network attacks. For example, in Advanced Persistent Treat (APT) attacks, attackers use advanced, efficient, and various attack methods to carry out long-term and persistent network attacks on specific targets. [0003] APT attacks are concealed and latent, and can usually bypass the detection of traditional network security devices such as firewalls. [0004] Therefore, how to improve the threat behavior protection capability of the firewall in the prior art is an urgent problem to be solved. Contents of the invention [0005] In view of this, the embodiments of the present invention expect to provide a block chain-based threat behavior processing method and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/1416
Inventor 程叶霞杨凯何申彭晋
Owner CHINA MOBILE COMM LTD RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com