基于区块链的日志安全存储方法研究

doi:10.11896/jsjkx.200400024

计算机科学 ›› 2020, Vol. 47 ›› Issue (11A): 388-395.doi: 10.11896/jsjkx.200400024

基于区块链的日志安全存储方法研究

刘静¹, 黄菊¹, 赖英旭¹, 秦华¹, 曾伟²

1 北京工业大学信息学部北京 100124
2 中国联通北京市分公司网络优化中心北京 101109

出版日期:2020-11-15 发布日期:2020-11-17
通讯作者: 赖英旭(laiyingxu@bjut.edu.cn)
作者简介:jingliu@bjut.edu.cn
基金资助:
北京市自然科学基金(19L2020);信息保障技术重点实验室基金(614211204031117);陕西省网络与系统安全重点实验室开放课题基金资助项目(NSSOF1900105);工业和信息化部2018年工业互联网创新发展工程;国防科研试验信息安全实验室基础研究项目(2018XXAQ08)

Study on Secure Log Storage Method Based on Blockchain

LIU Jing¹, HUANG Ju¹, LAI Ying-xu¹, QIN Hua¹, ZENG Wei²

1 Faculty of Information Technology,Beijing University of Technology,Beijing 100124,China
2 Beijing Branch of China Unicom,Beijing 101109,China

Online:2020-11-15 Published:2020-11-17
About author:LIU Jing,born in 1978,Ph.D,lecturer,is a member of China Computer Federation.Her main research interests include network security and trusted computing.
LAI Ying-xu,born in 1973,Ph.D,professor,Ph.D supervisor.Her main research interests include cloud computing,information network security and trusted computing.
Supported by:
This work was supported by the Beijing Municipal Natural Science Foundation(19L2020),Foundation of Science and Technology on Information Assurance Laboratory(614211204031117),Foundation of Shaanxi Key Laboratory of Network and System Security(NSSOF1900105),Industrial Internet Innovation and Development Project of the Ministry of Industry and Information Technology of China in 2018 and Basic Research Project of Information Security Laboratory for National Defense Scientific Research and Testing(2018XXAQ08).

摘要/Abstract

摘要： 随着计算机科学的髙速发展,告警日志的数量呈几何的增长趋势,告警日志记录着攻击行为的相关信息,容易受到数据窃取和恶意篡改,同时告警日志中包含大量的无关告警,导致日志分析的准确性不高。为解决告警日志的安全存储和数据提取两方面的问题,文中提出了一种基于区块链的日志安全存储方法,使用基于区块链的分布式存储架构保存告警日志,采用查询区块索引库的方式代替传统的区块链顺序检索,提高了告警日志的检索速度。通过对攻击源地址的威胁评估,构建密文索引结构存储在区块头中,并根据告警日志之间的相关性分析,实现攻击场景告警日志的关联检索。由实验结果可知,使用基于区块链的日志安全存储方法存储告警日志,存储过程中的区块生成效率并不会由于密文索引构建而大幅度下降,告警日志的检索效率较高并能够检索获得相关攻击场景的告警日志。

关键词: 安全存储, 告警关联, 攻击场景, 区块链, 索引构建

Abstract: With the rapid development of computer science,the number of alarm logs is increasing geometrically.Alarm logs record the correlation information of attack behavior and are vulnerable to theft and tempering,and the retrieval results contain a lot of irrelevant logs,thus interfering the correctness of log analysis.In order to solve the problems of safe storage and data extraction of alarm logs,this paper proposes a log secure storage method based on blockchain.Alarm logs are stored in distributed stora-ge system based on block chain,which index library records block storage location.The traditional block chain sequential retrievalis replaced by querying the block index library,which improves the retrieval speed of ciphertext log.Through threat assessment of attack source addresses of alarm logs,and build a ciphertext index structure,which is stored in the block header.Alarm logs classified to the same attack scenario are associate retrieved based on correlation analysis.According to the experimental results,using the log secure storage method based on blockchain to store alarm logs,the block generation efficiency will not greatly reduce due to the index construction,and the log retrieval efficiency is high and the attack scenario logs can be obtained.

Key words: Alarm correlation, Attack scenario, Blockchain, Index construction, Secure storage

中图分类号:

TP309

刘静, 黄菊, 赖英旭, 秦华, 曾伟. 基于区块链的日志安全存储方法研究[J]. 计算机科学, 2020, 47(11A): 388-395. https://doi.org/10.11896/jsjkx.200400024

LIU Jing, HUANG Ju, LAI Ying-xu, QIN Hua, ZENG Wei. Study on Secure Log Storage Method Based on Blockchain[J]. Computer Science, 2020, 47(11A): 388-395. https://doi.org/10.11896/jsjkx.200400024

参考文献

[1] LAI Y X,CHEN Y N,ZOU Q C,et al.Design and analysis on trusted network equipment access authentication protocol[J].Simulation Modelling Practice and Theory,2015,51:157-169.
[2] YUAN Y,WANG F Y.Development status and prospect ofblock chain technology[J].Acta Automatica Sinica,2016,42(4):481-494.
[3] DOU B L,ZHU Y C,SHANG L B.Research on alarm correlation method[J].Computer Applications and Software,2006,23(1):74-76.
[4] ZHANG Y H,SHU J G,YANG K,et al.TKSE:trustworthykeyword search over encrypted data with two-side verifiability via blockchain [J].IEEE Access,2018,6:31077-31087.
[5] HUCKLE S,BHATTACHARYA R,WHITE M,et al.Internet of things,blockchain and shared economy applications[J].Procedia Computer Science,2016,98:461-466.
[6] SWAN M.Blockchain:blueprint for a new economy[M].USA:O'Reilly Media inc.,2015.
[7] NAKAMOTO S.Bitcoin:a peer-to-peer electronic cash system[EB/OL].[2019-05-06].https://bitcoin.org/bitcoin.pdf.
[8] EKBLAW A,AZARIA A,HALAMKA J D,et al.A case study for blockchain in healthcare:“medrec” prototype for electronic health records and medical research data[C]//Proceedings of 2nd IEEE Open & Big Data Conference.Piscataway,NJ:IEEE,2016:25-30.
[9] WU Z Q,LIANG Y H,KANG J W.Smart grid data securitystorage and sharing system based on alliance block chain[J].Journal of Computer Applications,2017,37(10):2742-2747.
[10] WANG J Y,GAO L C,DONG A Q.Research on data securitysharing network system based on block chain[J].Journal of Computer Research and Development,2017,54(4):742-749.
[11] FEI Y,NING J,HU Q.Log storage system based on blockchain[J].Cyberspace Security,2018,9(6):80-85.
[12] TIAN F.An agri-food supply chain traceability system for China based on RFID & blockchain technology[C]//2016 13th International Conference on Service Systems and Service Management (ICSSSM).IEEE,2016:1-6.
[13] QIN X,LEE W.Attack plan recognition and prediction usingcausal networks[C]//Proceedings of the 20th Annual Computer Security Applications Conference.Piscataway,NJ:IEEE,2004.
[14] TEMPLETON S J,LEVITT K.A requires/provides model for computer attacks[C]//Proceedings of the 2000 New Security Paradigms Workshop.New York,ACM,2000:31-38.
[15] NING P,CUI Y,REEVES D S.Constructing attack scenarios through correlation of intrusion alerts[C]//Proceedings of the 9th ACM Conference on Computer and Communications Security.New York,ACM,2002:245-254.
[16] NING P,XU D.Learning attack strategies from intrusion alerts[C]//Proceedings of the 10th ACM Conference on Computer and Communications Security.New York,ACM,2003:200-209.
[17] ALSERHANI F,AKHLAQ M,AWAN I U.MARS:multi-stage attack recognition system[C]//Proceedings of the 2010 24th IEEE International Conference on Advanced Information Networking and Applications.Piscataway,NJ,IEEE,2010:753-759.
[18] PHILLIPS C,SWILER L P.A graph-based system for network-vulnerability analysis[C]//Proceedings of 1998 Workshop on New Security Paradigms.New York,ACM,1998:71-79.
[19] ZALI Z,HASHEMI M R,SAIDI H.Real-time intrusion detection alert correlation and attack scenario extraction based on the prerequisite-consequence approach[J].The ISC International Journal of Information Security,2013,4(2):126-136.
[20] VALDES A,SKINNER K.Probabilistic alert correlation[C]//Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection.Berlin:Springer,2001:54-68.
[21] MA L R,YANG L,WANG J X.Reconstruction of intrusion detection alarm association diagram by fuzzy clustering[J].Journal on Communications,2006,27(9):47-52.
[22] MEI H B,GONG J,ZHANG M H.Research on multi-step attack pattern discovery based on alarm sequence clustering[J].Journal on Communications,2011,32(5):63-69.
[23] LI H C,WU X P.Alarm multi-level aggregation and association method based on self-expanding time window[J].Advanced Engineering Sciences,2017,49(1):206-212.
[24] ZHU B,GHORBANI A A.Alert correlation for extracting attack strategies[J].International Journal of Network Security,2006,3(3):244-258.
[25] LU X G,DU X H,WANG W J.Alarm correlation algorithm based on improved FP growth[J].Computer Science,2019(8):64-70.
[26] WANG W,JIANG R,JIA Y,et al.KGBIAC:knowledge graph based intelligent alert correlation framework[C]//International Symposium on Cyberspace Safety and Security Springer.Berlin,Springer:2017:523-530.
[27] WU G J,WANG S P,CHEN M,et al.Massive structed data oriented storage and retrieve system[J].Journal of Computer Research and Development,2012(S1):1-5.
[28] CHENG M C,XU K Y.Audit log secure storage system based on trusted computing platform[J].Computer Science,2016,43(6):146-151.
[29] LU J F,LAI Y X,LIU J.Log Security Storage and Retrieval Based on Combination of On-chain and Off-chain[J].Computer Science,2020,47(3):298-303.
[30] WANG R D,JING Y N,WANG H G,et al.Research on parallel retrieval technology of log files based on timestamp index[J].Computer Applications and Software,2011,28(2):145-147.

相关文章 15

[1]	王子凯, 朱健, 张伯钧, 胡凯. 区块链与智能合约并行方法研究与实现 Research and Implementation of Parallel Method in Blockchain and Smart Contract 计算机科学, 2022, 49(9): 312-317. https://doi.org/10.11896/jsjkx.210800102
[2]	李博, 向海昀, 张宇翔, 廖浩德. 面向食品溯源场景的PBFT优化算法应用研究 Application Research of PBFT Optimization Algorithm for Food Traceability Scenarios 计算机科学, 2022, 49(6A): 723-728. https://doi.org/10.11896/jsjkx.210800018
[3]	傅丽玉, 陆歌皓, 吴义明, 罗娅玲. 区块链技术的研究及其发展综述 Overview of Research and Development of Blockchain Technology 计算机科学, 2022, 49(6A): 447-461. https://doi.org/10.11896/jsjkx.210600214
[4]	高健博, 张家硕, 李青山, 陈钟. RegLang:一种面向监管的智能合约编程语言 RegLang:A Smart Contract Programming Language for Regulation 计算机科学, 2022, 49(6A): 462-468. https://doi.org/10.11896/jsjkx.210700016
[5]	毛典辉, 黄晖煜, 赵爽. 符合监管合规性的自动合成新闻检测方法研究 Study on Automatic Synthetic News Detection Method Complying with Regulatory Compliance 计算机科学, 2022, 49(6A): 523-530. https://doi.org/10.11896/jsjkx.210300083
[6]	周航, 姜河, 赵琰, 解相朋. 适用于各单元共识交易的电力区块链系统优化调度研究 Study on Optimal Scheduling of Power Blockchain System for Consensus Transaction ofEach Unit 计算机科学, 2022, 49(6A): 771-776. https://doi.org/10.11896/jsjkx.210600241
[7]	王思明, 谭北海, 余荣. 面向6G可信可靠智能的区块链分片与激励机制 Blockchain Sharding and Incentive Mechanism for 6G Dependable Intelligence 计算机科学, 2022, 49(6): 32-38. https://doi.org/10.11896/jsjkx.220400004
[8]	孙浩, 毛瀚宇, 张岩峰, 于戈, 徐石成, 何光宇. 区块链跨链技术发展及应用 Development and Application of Blockchain Cross-chain Technology 计算机科学, 2022, 49(5): 287-295. https://doi.org/10.11896/jsjkx.210800132
[9]	阳真, 黄松, 郑长友. 基于区块链与改进CP-ABE的众测知识产权保护技术研究 Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE 计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075
[10]	任畅, 赵洪, 蒋华. 一种量子安全拜占庭容错共识机制 Quantum Secured-Byzantine Fault Tolerance Blockchain Consensus Mechanism 计算机科学, 2022, 49(5): 333-340. https://doi.org/10.11896/jsjkx.210400154
[11]	冯了了, 丁滟, 刘坤林, 马科林, 常俊胜. 区块链BFT共识算法研究进展 Research Advance on BFT Consensus Algorithms 计算机科学, 2022, 49(4): 329-339. https://doi.org/10.11896/jsjkx.210700011
[12]	王鑫, 周泽宝, 余芸, 陈禹旭, 任昊文, 蒋一波, 孙凌云. 一种面向电能量数据的联邦学习可靠性激励机制 Reliable Incentive Mechanism for Federated Learning of Electric Metering Data 计算机科学, 2022, 49(3): 31-38. https://doi.org/10.11896/jsjkx.210700195
[13]	张潆藜, 马佳利, 刘子昂, 刘新, 周睿. 以太坊Solidity智能合约漏洞检测方法综述 Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts 计算机科学, 2022, 49(3): 52-61. https://doi.org/10.11896/jsjkx.210700004
[14]	杨昕宇, 彭长根, 杨辉, 丁红发. 基于演化博弈的理性拜占庭容错共识算法 Rational PBFT Consensus Algorithm with Evolutionary Game 计算机科学, 2022, 49(3): 360-370. https://doi.org/10.11896/jsjkx.210900110
[15]	范家幸, 王志伟. 基于门限环签名的分级匿名表决方案 Hierarchical Anonymous Voting Scheme Based on Threshold Ring Signature 计算机科学, 2022, 49(1): 321-327. https://doi.org/10.11896/jsjkx.201000032

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

基于区块链的日志安全存储方法研究

Study on Secure Log Storage Method Based on Blockchain

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

Metrics

本文评价

推荐阅读 0