基于区块链的日志安全存储方法研究  被引量：6

作　　者：刘静 黄菊 赖英旭 秦华 曾伟[2] LIU Jing;HUANG Ju;LAI Ying-xu;QIN Hua;ZENG Wei(Faculty of Information Technology,Beijing University of Technology,Beijing 100124,China;Beijing Branch of China Unicom,Beijing 101109,China)

机构地区：[1]北京工业大学信息学部,北京100124 [2]中国联通北京市分公司网络优化中心,北京101109

出　　处：《计算机科学》2020年第S02期388-395,共8页Computer Science

基　　金：北京市自然科学基金(19L2020);信息保障技术重点实验室基金(614211204031117);陕西省网络与系统安全重点实验室开放课题基金资助项目(NSSOF1900105);工业和信息化部2018年工业互联网创新发展工程;国防科研试验信息安全实验室基础研究项目(2018XXAQ08)。

摘　　要：随着计算机科学的高速发展,告警日志的数量呈几何的增长趋势,告警日志记录着攻击行为的相关信息,容易受到数据窃取和恶意篡改,同时告警日志中包含大量的无关告警,导致日志分析的准确性不高。为解决告警日志的安全存储和数据提取两方面的问题,文中提出了一种基于区块链的日志安全存储方法,使用基于区块链的分布式存储架构保存告警日志,采用查询区块索引库的方式代替传统的区块链顺序检索,提高了告警日志的检索速度。通过对攻击源地址的威胁评估,构建密文索引结构存储在区块头中,并根据告警日志之间的相关性分析,实现攻击场景告警日志的关联检索。由实验结果可知,使用基于区块链的日志安全存储方法存储告警日志,存储过程中的区块生成效率并不会由于密文索引构建而大幅度下降,告警日志的检索效率较高并能够检索获得相关攻击场景的告警日志。With the rapid development of computer science,the number of alarm logs is increasing geometrically.Alarm logs record the correlation information of attack behavior and are vulnerable to theft and tempering,and the retrieval results contain a lot of irrelevant logs,thus interfering the correctness of log analysis.In order to solve the problems of safe storage and data extraction of alarm logs,this paper proposes a log secure storage method based on blockchain.Alarm logs are stored in distributed stora-ge system based on block chain,which index library records block storage location.The traditional block chain sequential retrieval is replaced by querying the block index library,which improves the retrieval speed of ciphertext log.Through threat assessment of attack source addresses of alarm logs,and build a ciphertext index structure,which is stored in the block header.Alarm logs classified to the same attack scenario are associate retrieved based on correlation analysis.According to the experimental results,using the log secure storage method based on blockchain to store alarm logs,the block generation efficiency will not greatly reduce due to the index construction,and the log retrieval efficiency is high and the attack scenario logs can be obtained.

关 键 词：安全存储 区块链 告警关联 攻击场景 索引构建 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]