Blockchain network attack detection method, apparatus, device, medium, and program product
By constructing a blockchain network access feature set and utilizing linear predictive coding spectrum features and time series prediction networks, the problem of rapidly changing network attack patterns is solved, achieving high-precision network attack detection.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- XIANGYANG BRANCH CHINA MOBILE GRP HUBEI CO LTD
- Filing Date
- 2024-02-28
- Publication Date
- 2026-06-05
AI Technical Summary
Existing technologies are ill-suited to the rapid and dynamic changes in network attack patterns, and static behavior pattern mining methods are ineffective in detecting novel network attacks.
By acquiring network access behavior between blockchain nodes, a set of network access features is constructed. Then, by utilizing linear predictive coding spectrum features and time series prediction networks, the temporal evolution pattern features are determined for network attack detection, including feature optimization and classification model training.
It improves the accuracy of network attack detection, adapts to the rapid and dynamic changes in network attack patterns, and enhances detection precision.
Smart Images

Figure CN118802274B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of cybersecurity technology, and in particular to a blockchain network attack detection method, apparatus, device, medium, and program product. Background Technology
[0002] Blockchain, as an integrated innovation of peer-to-peer networks, cryptography, sharing mechanisms, and smart contracts, provides a trusted channel for the exchange of information and value in untrusted networks. Whether in building an internet where value flows freely or in enterprises establishing collaborative, multi-center data sharing mechanisms, blockchain technology has become a globally popular concept with broad market prospects. Blockchain data security is fundamental to data applications. To ensure data security, existing technologies typically monitor cyberattacks targeting critical blockchain data to enhance security levels.
[0003] Current network attack detection technologies primarily employ static behavioral pattern mining methods, which can effectively distinguish between network attacks and normal network access behavior patterns. However, the stability of these pattern characteristics is poor, requiring constant updates to the network attack behavior pattern database. Most network attacks are characterized by constantly evolving attack methods and upgraded patterns, making new and unknown behavioral patterns difficult to predict and warn against, thus posing challenges to network attack detection. This means that static behavioral pattern mining cannot simply rely on past behavioral pattern experience to meet the requirements of detecting new network attacks, nor can it adapt to the rapid and dynamic changes in network attack patterns. Summary of the Invention
[0004] This application provides a blockchain network attack detection method, apparatus, device, medium, and program product to address the shortcomings of using static behavior pattern mining, which makes it difficult to simply rely on past behavior pattern experience to meet the requirements of new network attack detection and cannot adapt to the rapid dynamic changes in network attack patterns.
[0005] Firstly, this application provides a method for detecting blockchain network attacks, including:
[0006] Obtain network access behavior between blockchain nodes, extract network access features from the network access behavior, and construct a network access feature set;
[0007] Based on the preset network access target and time slice, determine the linear predictive coding spectrum features of the network access feature set;
[0008] The linear predictive coding spectrum features are input into the time series prediction network, and the output state of the time series prediction network is used as the temporal evolution pattern features of the network access target.
[0009] Network attack detection is performed based on the characteristics of the time-series evolution pattern.
[0010] In one embodiment, determining the linear predictive coding spectrum features of the network access feature set based on a preset network access target and time slice includes:
[0011] The network access features are sampled according to the network access target and the time slice, and the sampled network access features are encoded based on linear predictive coding to obtain the feature spectrum features corresponding to each time slice;
[0012] By concatenating all the feature spectral features of the same time slice, the linear predictive coding spectral features of the network access feature set are determined.
[0013] In one embodiment, before determining the linear predictive coding spectrum features of the network access feature set based on a preset network access target and time slice, the method further includes:
[0014] Feature optimization is performed on the network access feature set to remove redundant and irrelevant network access features.
[0015] In one embodiment, the step of performing feature optimization on the network access feature set, removing redundant and irrelevant network access features from the network access feature set, includes:
[0016] The network access features are normalized to obtain normalized network access features;
[0017] A network attack identification and classification model is constructed based on the normalized network access characteristics, the preset feature weight vector, and the preset blockchain node identity marker.
[0018] The network attack identification and classification model is trained based on the maximum likelihood function and parameter optimization algorithm to obtain the updated feature weight vector;
[0019] Based on the updated feature weight vector and the preset weight vector threshold, redundant and irrelevant network access features in the network access feature set are removed.
[0020] In one embodiment, training the network attack identification and classification model based on maximizing the likelihood function and a parameter optimization algorithm to obtain the updated feature weight vector includes:
[0021] The loss function of the network attack identification and classification model is determined based on the maximized likelihood function;
[0022] The maximum value of the loss function is determined based on the gradient ascent algorithm;
[0023] The maximum value of the loss function is converted into a gradient descent task based on the gradient descent algorithm. The loss function is then minimized according to the gradient descent task to obtain the updated feature weight vector.
[0024] In one embodiment, the network access behavior includes access time, access source node, target node, and access characteristics, wherein the access characteristics include source IP, destination IP, source port, and destination port.
[0025] Secondly, this application also provides a blockchain network attack detection device, comprising:
[0026] The extraction module is used to acquire network access behavior between blockchain nodes, extract network access features from the network access behavior, and construct a network access feature set.
[0027] The determination module is used to determine the linear predictive coding spectrum features of the network access feature set based on the preset network access target and time slice;
[0028] The prediction module is used to input the linear prediction coding spectrum features into the time series prediction network and use the output state of the time series prediction network as the temporal evolution pattern features of the network access target.
[0029] The detection module is used to detect network attacks based on the characteristics of the time-series evolution pattern.
[0030] Thirdly, this application also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the program to implement any of the blockchain network attack detection methods described above.
[0031] Fourthly, this application provides a non-transitory computer-readable storage medium storing a computer program thereon, which, when executed by a processor, implements the blockchain network attack detection method as described above.
[0032] Fifthly, the present invention also provides a computer program product, including a computer program that, when executed by a processor, implements any of the blockchain network attack detection methods described above.
[0033] The blockchain network attack detection method, apparatus, device, medium, and program products provided in this application determine the temporal evolution pattern characteristics of network access targets through the linear predictive coding spectrum characteristics of the network access feature set. This can adapt to the rapid dynamic changes in network attack patterns, thereby improving the accuracy of network attack detection and identification. Attached Figure Description
[0034] To more clearly illustrate the technical solutions in this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0035] Figure 1 This is one of the flowcharts illustrating the blockchain network attack detection method provided in this application;
[0036] Figure 2 This is the second flowchart of the blockchain network attack detection method provided in this application;
[0037] Figure 3 This is a schematic diagram of the feature optimization process provided in this application;
[0038] Figure 4 This is a schematic diagram of the linear predictive coding spectral feature determination process provided in this application;
[0039] Figure 5 This is a schematic diagram of the blockchain network attack detection device provided in this application;
[0040] Figure 6 This is a schematic diagram of the structure of the electronic device provided in this application. Detailed Implementation
[0041] To make the objectives, technical solutions, and advantages of this application clearer, the technical solutions of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0042] Figure 1 This is one of the flowcharts illustrating the blockchain network attack detection method provided in this application, such as... Figure 1 As shown, this application provides a blockchain network attack detection method, including:
[0043] Step S110: Obtain network access behavior between blockchain nodes, extract network access features from the network access behavior, and construct a network access feature set;
[0044] The network access behavior includes access time, access source node, target node, and access characteristics, wherein the access characteristics include source IP, destination IP, source port, and destination port.
[0045] Given U = {u1, u2, u3... u... M Let} represent a set of blockchain nodes of size M, where V = {v1, v2, v3...v...} N} represents the set of target nodes accessed by N blockchain nodes. Where (u i ,v j ,t,a) represents a time event occurring at node u at time t. i Network access behavior ∈U, where v j ∈V represents the target node being accessed, where the network access feature can be represented as a, and the network access feature includes the source IP, destination IP, source port, and destination port.
[0046] The set of network access behaviors between blockchain nodes can be represented as F=(U∪V,E), where E is the connecting edge.
[0047] Extracting network access features from the network access behaviors and constructing a network access feature set includes extracting the corresponding network access features from each network access behavior and combining all the network access features to obtain the network access feature set.
[0048] Step S120: Determine the linear predictive coding spectrum features of the network access feature set based on the preset network access target and time slice;
[0049] The preset network access target is blockchain node u i The access target node, the time slice is the time slice obtained by dividing the time into preset time T, which can be represented as T={t1,t2,t3...t τ}, where T can be a day or an hour, etc.
[0050] Determining the linear predictive coding spectral features of the network access feature set includes time-slice analysis of blockchain node u i The network access features corresponding to the network access target are sampled and divided into discrete data. Then, the frequency characteristic estimate of the discrete data of the network access features is calculated by Linear Predictive Coding (LPC), and the frequency characteristic estimate is used as the spectral feature of the linear predictive coding.
[0051] Step S130: Input the linear predictive coding spectrum features into the time series prediction network, and use the output state of the time series prediction network as the temporal evolution pattern features of the network access target; the temporal evolution pattern features of the network access target include the temporal evolution pattern features corresponding to normal access and network attacks.
[0052] Time series prediction networks can employ Long Short-Term Memory (LSTM) networks. Temporal evolution pattern characteristics are used to characterize blockchain node u. i The changes in the network access characteristics of the target node and the network access characteristics over time.
[0053] Step S140: Detect network attacks based on the time-series evolution pattern characteristics.
[0054] The temporal evolution pattern is characterized by the changes in normal network access over time. If the temporal evolution pattern does not conform to the characteristics of the temporal evolution pattern, it can be identified as a network attack.
[0055] Optionally, the temporal evolution pattern features can be updated in real time to improve the accuracy of network attack identification, or they can be updated periodically to reduce computational load.
[0056] It is understood that this application determines the temporal evolution pattern characteristics of network access targets by using the linear predictive coding spectrum characteristics of the network access feature set, which can adapt to the rapid dynamic changes in network attack patterns, thereby improving the accuracy of network attack detection and identification.
[0057] Figure 2 This is the second flowchart of the blockchain network attack detection method provided in this application, as shown below. Figure 2 As shown, based on the above embodiments, as an optional embodiment, before determining the linear predictive coding spectrum features of the network access feature set according to the preset network access target and time slice, the method further includes:
[0058] Feature optimization is performed on the network access feature set to remove redundant and irrelevant network access features. Feature optimization can improve the accuracy of linear predictive coding spectrum features, thereby enhancing the accuracy of network attack detection and identification.
[0059] Figure 3 This is a schematic diagram of the feature optimization process provided in this application, such as... Figure 3 As shown, optionally, the step of performing feature optimization on the network access feature set, removing redundant and irrelevant network access features from the network access feature set, includes:
[0060] Step S310: Normalize the network access features to obtain normalized network access features; normalize the network access features in the network access feature set according to feature terms to obtain normalized network access features f={a1,a2,a3...a ......a......a......a......a......a......a......a......a......a......a......a.........a.........a.................................... p}
[0061] Step S320: Construct a network attack identification and classification model based on the normalized network access features, the preset feature weight vector, and the preset blockchain node identity marker.
[0062] The preset feature weight vector can be represented as θ = {θ1, θ2, θ3... θ} p}, and f={a1,a2,a3...a p A one-to-one correspondence exists. The preset blockchain node identity tag is the tag of the blockchain node corresponding to the network access target, y=1 (marked as network attack), y=0 (marked as normal network access); the node identity tag label marks the network access behavior and the corresponding access node.
[0063] The construction of a network attack identification and classification model includes building a classification prediction model for blockchain nodes based on the sigmoid function, and then constructing a network attack identification and classification model based on the classification prediction model.
[0064] The classification prediction model is shown below:
[0065]
[0066] Where, θ1a1+θ2a2+...+θ p a p =θ T f.
[0067] The network attack identification and classification model is shown below:
[0068] P(y|f;θ)=(h θ (f)) y (1-h θ (f)) 1-y ;
[0069] Where P(y|f;θ) represents the probability of output classification and recognition given input features f and model parameters θ.
[0070] Step S330: Train the network attack identification and classification model based on the maximum likelihood function and parameter optimization algorithm to obtain the updated feature weight vector;
[0071] Maximizing the likelihood function is used to calculate the loss function for model training, while parameter optimization algorithms are used to optimize the parameters of the loss function.
[0072] Step S340: Based on the updated feature weight vector and the preset weight vector threshold, remove redundant network access features and irrelevant network access features from the network access feature set.
[0073] By setting a threshold η, feature terms with weights less than η are filtered out, thus eliminating redundant features and obtaining the optimized feature set f. new ={a1,a2,a3...a s}
[0074] In one embodiment, training the network attack identification and classification model based on maximizing the likelihood function and a parameter optimization algorithm to obtain the updated feature weight vector includes:
[0075] Step S331: Determine the loss function of the network attack identification and classification model based on the maximized likelihood function;
[0076] The loss function L(θ) is expressed as follows:
[0077]
[0078] Maximizing the likelihood function is a statistical method used to estimate the optimal values of parameters. In maximizing the likelihood function, the goal is to find a set of parameter values that maximizes the probability of a given set of observations.
[0079] Step S332: Determine the maximum value of the loss function based on the gradient ascent algorithm;
[0080] Find the maximum value by taking the logarithm on both sides and using the gradient ascent algorithm:
[0081]
[0082] Gradient ascent is an optimization algorithm used to maximize a function. Unlike gradient descent, the goal of gradient ascent is to find a local or global maximum, rather than a minimum, of a function. The basic idea of gradient ascent is to iteratively update the parameter values, causing the function value to gradually increase. This is achieved by adjusting along the direction of the function's gradient, as the gradient is the direction in which the function grows fastest.
[0083] Step S333: Based on the gradient descent algorithm, the maximum value of the loss function is converted into a gradient descent task, and the loss function is minimized according to the gradient descent task to obtain the updated feature weight vector.
[0084] Introduction This is transformed into a gradient descent task. By minimizing the loss function during training, the updated attribute feature weight parameters are obtained:
[0085]
[0086] In the formula, α is the model learning rate.
[0087] Gradient descent is an optimization algorithm used to minimize a function. The basic idea is to iteratively update the values of the parameters so that the function value gradually decreases until it reaches its minimum value.
[0088] The model is trained by minimizing the loss function to obtain the attribute feature weight vector θ, and then the weights of θ are normalized:
[0089]
[0090] By setting a threshold η, feature terms with weights less than η are filtered out, thus removing redundant features and obtaining the optimized feature set f. new ={a1,a2,a3...a s}
[0091] It is understood that this application provides a feature optimization technical solution, which can improve the accuracy of linear predictive coding spectrum features, thereby improving the accuracy of network attack detection and identification.
[0092] Figure 4 This is a schematic diagram of the linear predictive coding spectral feature determination process provided in this application, such as... Figure 4 As shown, based on the above embodiments, as an optional embodiment, determining the linear predictive coding spectrum features of the network access feature set according to the preset network access target and time slice includes:
[0093] Step S410: Sample the network access features according to the network access target and the time slice, and encode the sampled network access features based on linear predictive coding to obtain the feature spectrum features corresponding to each time slice;
[0094] Step S420: Concatenate all the feature spectral features of the same time slice to determine the linear predictive coding spectral features of the network access feature set.
[0095] In other embodiments, step S410 may further sample the optimized network access features. Specifically, based on the obtained feature set f new The optimized feature term a is processed sequentially. i Sampling is performed based on a preset time interval, which is related to the time slice. The time slice t is extracted based on LPC encoding. i Based on feature a i LPC spectral characteristics By splicing and obtaining the time slice t i Next node u i Network access target LPC spectrum characteristics: node u iThe LPC spectral features at each time slice are represented as follows:
[0096] It is understood that this application provides a technical solution for calculating the spectral features of linear predictive coding. By calculating the frequency characteristic estimate of network access features through linear predictive coding, it is convenient to determine the periodicity and oscillation features in the signal, remove noise in the signal, and reduce computational complexity.
[0097] Based on the above embodiments, as an optional embodiment, the formula for calculating the output state of the time series prediction network is as follows:
[0098]
[0099] In the formula, h o and c o These represent the initial hidden unit and the state unit of the model input, respectively. This represents the output state of the LSTM network.
[0100] Based on the temporal evolution pattern characteristics, network attack detection includes inputting the temporal evolution pattern characteristics into a sigmoid function to realize node u i Network attack identification and detection:
[0101]
[0102] If y u =1, set node u i Identified as a network attack; if y u =0, set node u i It was identified as a normal network access.
[0103] Understandably, this application proposes a network attack detection algorithm based on the characteristics of network attack change patterns by analyzing and comparing the differences between network attack and normal network access structure transition patterns, thereby improving the accuracy of network attack detection and identification.
[0104] The blockchain network attack detection device provided in this application is described below. The blockchain network attack detection device described below can be referred to in correspondence with the blockchain network attack detection method described above.
[0105] Figure 5 This is a schematic diagram of the blockchain network attack detection device provided in this application, such as... Figure 5 As shown, this application also provides a blockchain network attack detection device, including:
[0106] Extraction module 510 is used to obtain network access behavior between blockchain nodes, extract network access features from the network access behavior, and construct a network access feature set;
[0107] The determination module 520 is used to determine the linear predictive coding spectrum features of the network access feature set based on the preset network access target and time slice;
[0108] Prediction module 530 is used to input the linear prediction coding spectrum features into the time series prediction network and use the output state of the time series prediction network as the temporal evolution pattern features of the network access target.
[0109] The detection module 540 is used to perform network attack detection based on the characteristics of the time-series evolution pattern.
[0110] In one embodiment, the determining module 520 is further configured to:
[0111] The network access features are sampled according to the network access target and the time slice, and the sampled network access features are encoded based on linear predictive coding to obtain the feature spectrum features corresponding to each time slice;
[0112] By concatenating all the feature spectral features of the same time slice, the linear predictive coding spectral features of the network access feature set are determined.
[0113] In one embodiment, it also includes:
[0114] The optimization module is used to perform feature optimization on the network access feature set, removing redundant and irrelevant network access features from the network access feature set.
[0115] In one embodiment, the optimization module is further configured to:
[0116] The network access features are normalized to obtain normalized network access features;
[0117] A network attack identification and classification model is constructed based on the normalized network access characteristics, the preset feature weight vector, and the preset blockchain node identity marker.
[0118] The network attack identification and classification model is trained based on the maximum likelihood function and parameter optimization algorithm to obtain the updated feature weight vector;
[0119] Based on the updated feature weight vector and the preset weight vector threshold, redundant and irrelevant network access features in the network access feature set are removed.
[0120] In one embodiment, the optimization module is further configured to:
[0121] The loss function of the network attack identification and classification model is determined based on the maximized likelihood function;
[0122] The maximum value of the loss function is determined based on the gradient ascent algorithm;
[0123] The maximum value of the loss function is converted into a gradient descent task based on the gradient descent algorithm. The loss function is then minimized according to the gradient descent task to obtain the updated feature weight vector.
[0124] In one embodiment, the network access behavior includes access time, access source node, target node, and access characteristics, wherein the access characteristics include source IP, destination IP, source port, and destination port.
[0125] Figure 6 An example is a schematic diagram of the physical structure of an electronic device, such as... Figure 6 As shown, the electronic device may include: a processor 610, a communications interface 620, a memory 630, and a communication bus 640, wherein the processor 610, the communications interface 620, and the memory 630 communicate with each other via the communication bus 640. The processor 610 can call logical instructions in the memory 630 to execute a blockchain network attack detection method, which includes:
[0126] Obtain network access behavior between blockchain nodes, extract network access features from the network access behavior, and construct a network access feature set;
[0127] Based on the preset network access target and time slice, determine the linear predictive coding spectrum features of the network access feature set;
[0128] The linear predictive coding spectrum features are input into the time series prediction network, and the output state of the time series prediction network is used as the temporal evolution pattern features of the network access target.
[0129] Network attack detection is performed based on the characteristics of the time-series evolution pattern.
[0130] Furthermore, the logical instructions in the aforementioned memory 630 can be implemented as software functional units and, when sold or used as independent products, can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or a portion of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0131] On the other hand, this application also provides a computer program product, which includes a computer program that can be stored on a non-transitory computer-readable storage medium. When the computer program is executed by a processor, the computer is able to execute the blockchain network attack detection method provided by the above methods, the method including:
[0132] Obtain network access behavior between blockchain nodes, extract network access features from the network access behavior, and construct a network access feature set;
[0133] Based on the preset network access target and time slice, determine the linear predictive coding spectrum features of the network access feature set;
[0134] The linear predictive coding spectrum features are input into the time series prediction network, and the output state of the time series prediction network is used as the temporal evolution pattern features of the network access target.
[0135] Network attack detection is performed based on the characteristics of the time-series evolution pattern.
[0136] Furthermore, this application also provides a non-transitory computer-readable storage medium storing a computer program thereon, which, when executed by a processor, is implemented to perform the blockchain network attack detection method provided by the methods described above, the method comprising:
[0137] Obtain network access behavior between blockchain nodes, extract network access features from the network access behavior, and construct a network access feature set;
[0138] Based on the preset network access target and time slice, determine the linear predictive coding spectrum features of the network access feature set;
[0139] The linear predictive coding spectrum features are input into the time series prediction network, and the output state of the time series prediction network is used as the temporal evolution pattern features of the network access target.
[0140] Network attack detection is performed based on the characteristics of the time-series evolution pattern.
[0141] The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this embodiment according to actual needs. Those skilled in the art can understand and implement this without any creative effort.
[0142] Through the above description of the embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus necessary general-purpose hardware platforms, and of course, it can also be implemented by hardware. Based on this understanding, the above technical solutions, in essence or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product can be stored in a computer-readable storage medium, such as ROM / RAM, magnetic disk, optical disk, etc., and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute the methods described in the various embodiments or some parts of the embodiments.
[0143] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of this application, and are not intended to limit them. Although this application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of this application.
Claims
1. A method for detecting blockchain network attacks, characterized in that, include: Obtain network access behavior between blockchain nodes, extract network access features from the network access behavior, and construct a network access feature set; Based on the preset network access target and time slice, determine the linear predictive coding spectrum features of the network access feature set; The linear predictive coding spectrum features are input into the time series prediction network, and the output state of the time series prediction network is used as the temporal evolution pattern features of the network access target. Based on the characteristics of the time-series evolution pattern, network attack detection is performed; The step of determining the linear predictive coding spectrum features of the network access feature set based on preset network access targets and time slices includes: Based on the network access target and the time slice, the network access feature or the optimized network access feature is sampled, and the sampled network access feature is encoded based on linear predictive coding to obtain the feature spectrum feature corresponding to each time slice. By splicing together all the feature spectrum features of the same time slice, the linear predictive coding spectrum features of the network access feature set are determined, and the periodicity and oscillation features in the signal are determined.
2. The blockchain network attack detection method according to claim 1, characterized in that, Before determining the linear predictive coding spectral features of the network access feature set based on the preset network access target and time slice, the method further includes: Feature optimization is performed on the network access feature set to remove redundant and irrelevant network access features.
3. The blockchain network attack detection method according to claim 2, characterized in that, The step of optimizing the network access feature set by removing redundant and irrelevant network access features includes: The network access features are normalized to obtain normalized network access features; A network attack identification and classification model is constructed based on the normalized network access characteristics, the preset feature weight vector, and the preset blockchain node identity marker. The network attack identification and classification model is trained based on the maximum likelihood function and parameter optimization algorithm to obtain the updated feature weight vector; Based on the updated feature weight vector and the preset weight vector threshold, redundant and irrelevant network access features in the network access feature set are removed.
4. The blockchain network attack detection method according to claim 3, characterized in that, The process of training the network attack identification and classification model based on the maximum likelihood function and parameter optimization algorithm to obtain the updated feature weight vector includes: The loss function of the network attack identification and classification model is determined based on the maximized likelihood function; The maximum value of the loss function is determined based on the gradient ascent algorithm; The maximum value of the loss function is converted into a gradient descent task based on the gradient descent algorithm. The loss function is then minimized according to the gradient descent task to obtain the updated feature weight vector.
5. The blockchain network attack detection method according to any one of claims 1-4, characterized in that, The network access behavior includes access time, access source node, target node, and access characteristics, wherein the access characteristics include source IP, destination IP, source port, and destination port.
6. A blockchain network attack detection device, characterized in that, include: The extraction module is used to acquire network access behavior between blockchain nodes, extract network access features from the network access behavior, and construct a network access feature set. The determination module is used to determine the linear predictive coding spectrum features of the network access feature set based on the preset network access target and time slice; The prediction module is used to input the linear prediction coding spectrum features into the time series prediction network and use the output state of the time series prediction network as the temporal evolution pattern features of the network access target. The detection module is used to detect network attacks based on the characteristics of the time-series evolution pattern. The step of determining the linear predictive coding spectrum features of the network access feature set based on preset network access targets and time slices includes: Based on the network access target and the time slice, the network access feature or the optimized network access feature is sampled, and the sampled network access feature is encoded based on linear predictive coding to obtain the feature spectrum feature corresponding to each time slice. By splicing together all the feature spectrum features of the same time slice, the linear predictive coding spectrum features of the network access feature set are determined, and the periodicity and oscillation features in the signal are determined.
7. An electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, When the processor executes the program, it implements the blockchain network attack detection method as described in any one of claims 1 to 5.
8. A non-transitory computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by the processor, it implements the blockchain network attack detection method as described in any one of claims 1 to 5.
9. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by the processor, it implements the blockchain network attack detection method as described in any one of claims 1 to 5.