摘要
为解决传统网络安全漏洞扫描受限,导致网络应用环境的安全性承载能力较差的问题,设计基于区块链技术的网络安全漏洞检测系统;利用网络爬虫模块抓取任务管理模块所需的待检测信息参量,按照漏洞数据所属的具体类别,将其分别反馈至XSS检测模块、SQL检测模块与CSRF检测模块之中;在此基础上,定义区块信息的实际交易格式,联合各项智能化合约,实现对系统功能需求的定向化分析,并完成相关用例图的构建;通过上述软、硬件设备基础,完成基于区块链技术的网络安全漏洞检测系统设计;对比实验结果显示,与C/S型网络漏洞检测系统相比,基于区块链技术检测系统的安全性等级划分条件更加细致,扫描web漏洞覆盖范围也更为广泛,有助于网络应用环境安全性承载能力的稳定提升。
In order to solve the problem that traditional network security vulnerability scanning is limited,resulting in poor security carrying capacity of network application environment,a network security vulnerability detection system based on blockchain technology is designed.The crawler module is used to capture the information parameters needed by the task management module,and the vulnerability data are fed back to XSS detection module,SQL detection module and CSRF detection module according to the specific categories of vulnerability data.On this basis,it defines the actual transaction format of block information,combines various intelligent contracts,realizes the directional analysis of system functional requirements,and completes the construction of relevant use case diagrams.Through the above-mentioned software and hardware equipment foundation,the design of network security vulnerability detection system based on blockchain technology is completed.The experimental results show that compared with C/S network vulnerability detection system,the security classification conditions of the detection system based on blockchain technology are more detailed,and the coverage of scanning web vulnerabilities is more extensive,which is conducive to the stable improvement of network application environment security carrying capacity.
作者
熊琭
Xiong Lu(Shanghai Institute for Integrated Application of Network Technology,ShangHai 200335,China)
出处
《计算机测量与控制》
2021年第5期59-63,共5页
Computer Measurement &Control
关键词
区块链技术
网络安全
漏洞检测
网络爬虫
注入漏洞
交易格式
智能合约
功能需求
block chain technology
network security
vulnerability detection
web crawler
injection vulnerability
transaction format
smart contracts
functional requirements
