[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114980103A - Host behavior monitoring method and device based on block chain - Google Patents

Host behavior monitoring method and device based on block chain Download PDF

Info

Publication number
CN114980103A
CN114980103A CN202210593384.7A CN202210593384A CN114980103A CN 114980103 A CN114980103 A CN 114980103A CN 202210593384 A CN202210593384 A CN 202210593384A CN 114980103 A CN114980103 A CN 114980103A
Authority
CN
China
Prior art keywords
host
access request
intranet
access
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210593384.7A
Other languages
Chinese (zh)
Inventor
赵旭东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202210593384.7A priority Critical patent/CN114980103A/en
Publication of CN114980103A publication Critical patent/CN114980103A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/61Time-dependent

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a host behavior monitoring method and a host behavior monitoring device based on a block chain, wherein the method comprises the following steps: receiving an access request of a first host for requesting to access a second host, wherein the first host and the second host are located in the same intranet; calling a pre-stored intranet communication white list from the block chain; verifying the access request through the intranet communication white list; and in the case of failed verification, sending the access request to a processing node in the form of a 5G message, and processing the access request by the processing node. By means of the scheme, the technical problem that the safety of the intranet cannot be effectively guaranteed due to the fact that the abnormal access cannot be accurately and efficiently determined in the prior art is solved, and the technical effect of guaranteeing the data safety of the intranet is achieved.

Description

Host behavior monitoring method and device based on block chain
Technical Field
The invention relates to the technical field of network security, in particular to a host behavior monitoring method and device based on a block chain.
Background
The data leakage prevention is an important safety problem of a plurality of large-scale enterprises at present, the mode generally adopted for avoiding data leakage is to carry out safety isolation on the network of the data leakage prevention device, specifically, the internal and external network separation is generally implemented inside, namely, the internet and the internal network are isolated, so that the data safety in the enterprises is ensured.
However, the intranet environment is relatively weak, and although it is generally difficult to access the intranet, if the isolation between the intranet and the internet is broken through a network bug or the like, the data security of the intranet will be seriously affected.
An effective solution is not provided at present aiming at effectively monitoring the safety problem of the intranet.
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
Disclosure of Invention
The embodiment of the invention provides a host behavior monitoring method and device based on a block chain, which are used for effectively discovering abnormal access behaviors in time and ensuring the data security of an intranet.
The embodiment of the invention provides a host behavior monitoring method based on a block chain, which comprises the following steps:
receiving an access request of a first host for requesting to access a second host, wherein the first host and the second host are located in the same intranet;
calling a pre-stored intranet communication white list from the block chain;
verifying the access request through the intranet communication white list;
and in the case of failed verification, sending the access request to a processing node in the form of a 5G message, and processing the access request by the processing node.
In one embodiment, in case the check fails, sending the access request to a processing node in the form of a 5G message, the processing node processing the access request, including:
forming a 5G message by the access request and the verification result, wherein the 5G carries text content and an interactive component;
sending the 5G message to a processing node;
receiving a trigger operation of the processing node on an interactive component in the 5G message;
converting the trigger operation into a machine instruction, and transmitting the machine instruction to the first host for execution.
In one embodiment, receiving an access request from a first host requesting access to a second host comprises:
receiving the access request forwarded by the router in the intranet;
correspondingly, the transmitting the machine instruction to the first host for execution includes:
and transmitting the machine instruction to the first host through the router for execution.
In one embodiment, after the access request is verified through the intranet communication white list, the method further includes:
and writing the access request and a verification result of the access request into a block chain.
In one embodiment, the intranet communication white list includes at least one of: the host identity of each host in the intranet environment, a list of hosts that each host allows access, a list of ports that each host allows access, a frequency that each host allows access, and a time period that each host allows access.
The embodiment of the present invention further provides a device for monitoring host behavior based on a block chain, including:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving an access request of a first host for requesting to access a second host, and the first host and the second host are positioned in the same intranet;
the calling module is used for calling a pre-stored intranet communication white list from the block chain;
the verification module is used for verifying the access request through the intranet communication white list;
and the sending module is used for sending the access request to a processing node in a 5G message mode under the condition that the verification fails, and the processing node processes the access request.
In one embodiment, the sending module comprises:
a generating unit, configured to form a 5G message with the access request and a verification result, where the 5G carries text content and an interactive component;
the sending unit is used for sending the 5G message to a processing node;
a receiving unit, configured to receive a trigger operation of the processing node on an interactive component in the 5G message;
and the conversion unit is used for converting the trigger operation into a machine instruction and transmitting the machine instruction to the first host for execution.
The embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the method when executing the computer program.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the method for monitoring host behavior based on a block chain is implemented.
An embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program, and when executed by a processor, the method for monitoring host behavior based on a block chain is implemented.
In the embodiment of the invention, the intranet communication white list is set, and the restriction rules of the same communication between the hosts are recorded in the white list, so that the access request from each host to the host is verified, normal communication can be realized only through the verified request, and if the verified request is not passed, the processing is carried out through the processing node.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts. In the drawings:
fig. 1 is a flowchart of a method of an embodiment of a block chain-based host behavior monitoring method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an embodiment of an intranet architecture according to the present invention;
FIG. 3 is a flow diagram of a method for one embodiment of sending an access request to a processing node in an embodiment of the present invention;
fig. 4 is a block diagram of an embodiment of a host behavior monitoring device based on a block chain according to an embodiment of the present invention;
fig. 5 is a block diagram of an embodiment of a sending module according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
Aiming at the existing way of entering the intranet from the internet, isolation between the internet and the intranet is opened through a leak, and great influence is generated on data security of the intranet. Therefore, in the embodiment of the invention, the communication white list of the intranet can be set, then whether the access request from the host is in compliance is determined on the basis of checking the communication white list, if the access request can be checked, the access is operated, if the access request cannot be checked, the host initiating the access request can be considered to have a problem, and at the moment, the host initiating the abnormal access can be processed through the processing node, so that the intranet host initiating the abnormal access can be found and processed in time.
Fig. 1 is a flowchart of a method of an embodiment of a host behavior monitoring method based on a blockchain provided in the present application. Although the present application provides method operational steps or apparatus configurations as illustrated in the following examples or figures, more or fewer operational steps or modular units may be included in the methods or apparatus based on conventional or non-inventive efforts. In the case of steps or structures which do not logically have the necessary cause and effect relationship, the execution sequence of the steps or the module structure of the apparatus is not limited to the execution sequence or the module structure described in the embodiments and shown in the drawings of the present application. When the described method or module structure is applied in an actual device or end product, the method or module structure according to the embodiments or shown in the drawings can be executed sequentially or executed in parallel (for example, in a parallel processor or multi-thread processing environment, or even in a distributed processing environment).
Specifically, as shown in fig. 1, the above host behavior monitoring method based on a block chain may include the following steps:
step 101: receiving an access request of a first host for requesting to access a second host, wherein the first host and the second host are located in the same intranet;
that is, the intranet structure may include, as shown in fig. 2: first host computer, second host computer, router, monitoring end, this monitoring end can independent setting, also can integrate in the router, specifically adopts which kind of mode setting, can set for according to actual need, and this application does not limit this.
Step 102: calling a pre-stored intranet communication white list from the block chain;
the intranet communication white list may include, but is not limited to, at least one of the following: the host identity of each host in the intranet environment, a list of hosts that each host allows access, a list of ports that each host allows access, a frequency that each host allows access, and a time period that each host allows access.
Step 103: verifying the access request through the intranet communication white list;
step 104: and in the case of failed verification, sending the access request to a processing node in the form of a 5G message, and processing the access request by the processing node.
Through setting up intranet communication white list, the restriction rule of the same communication between the record host computer in the white list to check to every host computer to the access request of host computer, only can realize normal communication through the request of check-up, if the request of not passing the check-up, then handle through processing node, solved the current technical problem that can't accurately confirm the intranet safety that leads to and can't obtain effective guarantee through above-mentioned scheme that unusually visits with high efficiency, reached the technological effect of guaranteeing intranet data security.
In order to enable the processing node to quickly and efficiently discover the abnormal host, the access request failing to be checked may be sent to the processing node through a 5G message, and specifically, as shown in fig. 3, the method includes the following steps:
step 301: forming a 5G message by the access request and the verification result, wherein the 5G carries text content and interactive components;
step 302: sending the 5G message to a processing node;
step 303: receiving a trigger operation of the processing node on an interactive component in the 5G message;
step 304: and converting the trigger operation into a machine instruction, and transmitting the machine instruction to the first host for execution.
That is, the 5G message may not only carry text information, but also carry an interactive plug-in, for example, whether to block the host, whether to log off the host, ignore a reminder, and the like, which may be carried in the 5G message, so that the processing node may implement control based on the plug-in.
For the 5G reply message returned from the monitoring end, the message may be converted into a machine instruction, and the machine instruction is transmitted to the first host for execution, that is, the control of the first host is realized through the machine instruction, for example, the host may be controlled to be disabled or offline, so as to ensure the security of intranet data.
For the data transmission between the host and the monitoring end in the intranet and between the host and the monitoring end, the data transmission can be realized through the router, that is, the access request of the first host requesting to access the second host is received, and the access request forwarded by the router in the intranet can be received; accordingly, the machine instruction is transmitted to the first host for execution, and the machine instruction may be transmitted to the first host for execution through the router.
In order to ensure that data is not tampered and confidentiality is required, the intranet communication white list, the access request and the like can be stored in a block chain, namely, uplink storage is performed. After the access request is verified through the intranet communication white list, the access request and a verification result of the access request can be written into a block chain.
The above method is described below with reference to a specific example, however, it should be noted that the specific example is only for better describing the present application and is not to be construed as limiting the present application.
Considering that the existing detection technology cannot meet the requirements and can not accurately and efficiently detect the scanning behavior along with diversification of network attack methods, many existing detection technologies analyze each IP address, but do not analyze the condition of a port, some attackers already master part information of an intranet and do not need to scan but directly perform post-penetration attack, and the detection rate of the existing scanning detection technology is low.
Therefore, the invention provides an intranet safety monitoring system (namely, the monitoring end) based on host behaviors, which can pre-embed user information (such as names, identity cards, mobile phone numbers and the like) and authority of a safety manager (namely, the processing node) in a block chain before application so as to inform the manager to process when an early warning requirement is generated.
Specifically, an intranet communication white list may be maintained, and the intranet communication white list may include: each host in the intranet environment, and their list of hosts allowed to access, list of ports allowed to access, frequency of allowed to access, and time period allowed to access, is maintained by an administrator. The intranet communication white list is encrypted and written into a block chain, the intranet safety monitoring system is accessed into an intranet router, when a certain host in an intranet needs to communicate with other hosts, the intranet safety monitoring system can be forwarded to the intranet safety monitoring system through the router, the intranet safety monitoring system performs verification, the intranet safety monitoring system verifies whether the current request meets the requirement of the intranet communication white list, the current request is asynchronously written into the block chain, and if the current request meets the requirement, the current request is released; if the request information does not meet the requirement, the request information is sent to a safety responsible person in a 5G message form to inform that a new host abnormal behavior is generated, so that the aim of early warning in time is fulfilled. Further, if only one rule is missed, the problem can be regarded as low risk problem sending, and if a plurality of rules are missed, the risk level can be improved.
For the safety responsible person, the Chatbot component in the 5G message can be clicked, the warning information can be viewed, and the operations of a blocking host, an off-line host and the like can be directly selected at the client so as to react in time.
From the system level, the following constituent modules can be included:
1) and when a certain host in the intranet needs to communicate with other hosts, the host needs to be forwarded to the intranet safety monitoring system by the router for verification.
2) The 5G message generation module is used for generating early warning when the white list rule is not hit, generating a 5G message and sending the 5G message to a security administrator for processing;
3) and the 5G message receiving module is used for receiving the returned 5G message, resolving the returned 5G message into a machine instruction and sending the machine instruction to the target host for execution when the security administrator clicks the chatbot component in the 5G message for responding.
4) And the block chain driving module is used for encrypting and storing intranet communication white list information and writing the communication request between the hosts into the block chain.
In the above example, the host behavior is monitored through the intranet communication white list, and judgment is performed by combining multiple dimensions such as an access address, an access port, access frequency, access time and the like, so that the detection rate can be improved, and the false alarm rate can be reduced. Furthermore, the system is directly connected with the router, checks are carried out on a transaction link, the system is unaware to users, a white list of an intranet and an intranet communication request are stored by using a block chain, the system can be prevented from being tampered, the system is easy to trace, 5G message interaction is used, convenience and rapidness are achieved, and a series of complicated steps such as downloading, registering, logging-in and the like are not needed.
Based on the same inventive concept, the embodiment of the present application further provides a device for monitoring host behavior based on a block chain, as described in the following embodiments. Because the principle of solving the problem of the host behavior monitoring device based on the blockchain is similar to that of the host behavior monitoring method based on the blockchain, the implementation of the host behavior monitoring device based on the blockchain can refer to the implementation of the host behavior monitoring method based on the blockchain, and repeated parts are not described again. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated. Fig. 4 is a block diagram of a configuration of a host behavior monitoring device based on a blockchain according to an embodiment of the present application, and as shown in fig. 4, the host behavior monitoring device may include: a receiving module 401, a retrieving module 402, a checking module 403 and a sending module 404, and the structure will be described below.
A receiving module 401, configured to receive an access request of a first host requesting to access a second host, where the first host and the second host are located in a same intranet;
a retrieving module 402, configured to retrieve a pre-stored intranet communication white list from a blockchain;
a verification module 403, configured to verify the access request through the intranet communication white list;
a sending module 404, configured to send the access request to a processing node in the form of a 5G message in the case that the verification fails, where the processing node processes the access request.
In an embodiment, the sending module 404 as shown in fig. 5 may include: a generating unit 501, configured to form a 5G message with the access request and the verification result, where the 5G carries text content and an interactive component; a sending unit 502, configured to send the 5G message to a processing node; a receiving unit 503, configured to receive a trigger operation of the processing node on an interactable component in the 5G message; a conversion unit 504, configured to convert the trigger operation into a machine instruction, and transmit the machine instruction to the first host for execution.
In an embodiment, the receiving of the access request that the first host requests to access the second host may specifically be receiving the access request forwarded by a router in the intranet; accordingly, communicating the machine instruction to the first host for execution may include: and transmitting the machine instruction to the first host through the router for execution.
In an embodiment, after the access request is verified through the intranet communication white list, the access request and a verification result of the access request may be written into a block chain.
In one embodiment, the intranet communication white list may include, but is not limited to, at least one of the following: the host identity of each host in the intranet environment, a list of hosts that each host allows access, a list of ports that each host allows access, a frequency that each host allows access, and a time period that each host allows access.
An embodiment of the present application further provides a specific implementation manner of an electronic device, which is capable of implementing all steps in the block chain-based host behavior monitoring method in the foregoing embodiment, where the electronic device specifically includes the following contents: a processor (processor), a memory (memory), a communication Interface (Communications Interface), and a bus; the processor, the memory and the communication interface complete mutual communication through the bus; the processor is configured to call a computer program in the memory, and when executing the computer program, the processor implements all the steps in the method for monitoring host behavior based on a blockchain in the foregoing embodiments, for example, when executing the computer program, the processor implements the following steps:
step 1: receiving an access request of a first host for requesting to access a second host, wherein the first host and the second host are located in the same intranet;
step 2: calling a pre-stored intranet communication white list from the block chain;
and step 3: verifying the access request through the intranet communication white list;
and 4, step 4: and in the case of failed verification, sending the access request to a processing node in the form of a 5G message, and processing the access request by the processing node.
As can be seen from the above description, in the embodiment of the present application, the intranet communication white list is set, and the restriction rules of the same communication between hosts are recorded in the white list, so that the access request from each host to the host is verified, normal communication can be realized only through the verified request, and if the verified request is not passed, processing is performed through the processing node.
Embodiments of the present application further provide a computer-readable storage medium capable of implementing all steps in the method for monitoring host behavior based on a block chain in the foregoing embodiments, where the computer-readable storage medium stores thereon a computer program, and when the computer program is executed by a processor, the computer program implements all steps of the method for monitoring host behavior based on a block chain in the foregoing embodiments, for example, when the processor executes the computer program, the processor implements the following steps:
step 1: receiving an access request of a first host for requesting to access a second host, wherein the first host and the second host are located in the same intranet;
step 2: calling a pre-stored intranet communication white list from the block chain;
and step 3: verifying the access request through the intranet communication white list;
and 4, step 4: and in the case of failed verification, sending the access request to a processing node in the form of a 5G message, and processing the access request by the processing node.
An embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program, and when executed by a processor, the method for monitoring host behavior based on a block chain is implemented.
As can be seen from the above description, in the embodiment of the present application, the intranet communication white list is set, and the restriction rules of the same communication between hosts are recorded in the white list, so that the access request from each host to the host is verified, normal communication can be realized only through the verified request, and if the verified request is not passed, processing is performed through the processing node.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A host behavior monitoring method based on a block chain is characterized by comprising the following steps:
receiving an access request of a first host for requesting to access a second host, wherein the first host and the second host are located in the same intranet;
calling a pre-stored intranet communication white list from the block chain;
verifying the access request through the intranet communication white list;
and in the case of failed verification, sending the access request to a processing node in the form of a 5G message, and processing the access request by the processing node.
2. The method of claim 1, wherein in the event that the check fails, sending the access request to a processing node in the form of a 5G message, the processing node processing the access request comprising:
forming a 5G message by the access request and the verification result, wherein the 5G carries text content and an interactive component;
sending the 5G message to a processing node;
receiving a trigger operation of the processing node on an interactive component in the 5G message;
converting the trigger operation into a machine instruction, and transmitting the machine instruction to the first host for execution.
3. The method of claim 2, wherein receiving an access request from a first host requesting access to a second host comprises:
receiving the access request forwarded by the router in the intranet;
correspondingly, the transmitting the machine instruction to the first host for execution includes:
and transmitting the machine instruction to the first host through the router for execution.
4. The method according to claim 1, further comprising, after checking the access request through the intranet communication white list:
and writing the access request and a verification result of the access request into a block chain.
5. The method according to any one of claims 1 to 4, wherein the intranet communication white list includes at least one of: the host identity of each host in the intranet environment, a list of hosts that each host allows access, a list of ports that each host allows access, a frequency that each host allows access, and a time period that each host allows access.
6. A host behavior monitoring device based on a blockchain, comprising:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving an access request of a first host for requesting to access a second host, and the first host and the second host are positioned in the same intranet;
the calling module is used for calling a pre-stored intranet communication white list from the block chain;
the verification module is used for verifying the access request through the intranet communication white list;
and the sending module is used for sending the access request to a processing node in a 5G message mode under the condition that the verification fails, and the processing node processes the access request.
7. The apparatus of claim 6, wherein the sending module comprises:
a generating unit, configured to form a 5G message with the access request and a verification result, where the 5G carries text content and an interactive component;
the sending unit is used for sending the 5G message to a processing node;
a receiving unit, configured to receive a trigger operation of the processing node on an interactive component in the 5G message;
and the conversion unit is used for converting the trigger operation into a machine instruction and transmitting the machine instruction to the first host for execution.
8. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 5 when executing the computer program.
9. A computer-readable storage medium, characterized in that it stores a computer program which, when executed by a processor, implements the method of any one of claims 1 to 5.
10. A computer program product, characterized in that the computer program product comprises a computer program which, when being executed by a processor, carries out the method of any one of claims 1 to 5.
CN202210593384.7A 2022-05-27 2022-05-27 Host behavior monitoring method and device based on block chain Pending CN114980103A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210593384.7A CN114980103A (en) 2022-05-27 2022-05-27 Host behavior monitoring method and device based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210593384.7A CN114980103A (en) 2022-05-27 2022-05-27 Host behavior monitoring method and device based on block chain

Publications (1)

Publication Number Publication Date
CN114980103A true CN114980103A (en) 2022-08-30

Family

ID=82958143

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210593384.7A Pending CN114980103A (en) 2022-05-27 2022-05-27 Host behavior monitoring method and device based on block chain

Country Status (1)

Country Link
CN (1) CN114980103A (en)

Similar Documents

Publication Publication Date Title
US9336385B1 (en) System for real-time threat detection and management
US10701097B2 (en) Application security testing
US11637856B2 (en) Implementation comparison-based security system
US11108803B2 (en) Determining security vulnerabilities in application programming interfaces
CN106911648B (en) Environment isolation method and equipment
CN108337266B (en) Efficient protocol client vulnerability discovery method and system
CN110943984B (en) Asset safety protection method and device
CN104348578B (en) The method and device of data processing
CN111061685A (en) Log query method and device, node equipment and storage medium
CN111343176A (en) Network attack countering device, method, storage medium and computer equipment
Kwon et al. Protocol fuzzing to find security vulnerabilities of RabbitMQ
CN109450888B (en) Service calling method and device, electronic equipment and storage medium
CN110309645A (en) A kind of couple of API carries out the method, apparatus and system of security protection
CN111385253B (en) Vulnerability detection system for network security of power distribution automation system
Malik et al. An empirical study of vulnerabilities in edge frameworks to support security testing improvement
CN114980103A (en) Host behavior monitoring method and device based on block chain
CN113922975A (en) Security control method, server, terminal, system and storage medium
CN108347411B (en) Unified security guarantee method, firewall system, equipment and storage medium
CN116579019A (en) Computer information safety supervision system based on artificial intelligence
CN112130932B (en) Single-instance operation method and device and electronic equipment
CN112751807B (en) Secure communication method, device, system and storage medium
CN111221764B (en) Cross-link data transmission method and system
CN114328216A (en) Vulnerability mining method and device
Marhefka et al. Dfuzzer: A D-bus service fuzzing tool
CN117648262B (en) Fuzzy test method, storage medium and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination