Research And Application Of Security Data Platform

In recent years,the rapid development of technologies such as cloud computing and the Internet of Things has profoundly changed people's life styles.At the same time,the rapid development of the Internet has also brought great challenges to network defense.Nowadays,the forms of cyber attacks have undergone tremendous changes,and gradually showing the trend of organization,distribution,complexity,and remoteness.The traditional static network defense can no longer meet the needs of current network defense.The emergence of Security Threat Intelligence provides a new way for network defense.Security threat intelligence is introduced into the defense ability beyond the network,which can greatly improve the defense ability of the network.At present,some security vendors have established security threat intelligence centers to share security threat intelligence.However,the current security threat intelligence is based on a centralized intelligence sharing platform,in which the integrity of the threat intelligence is easily destroyed and the intelligence loses its original value.Security data platform uses publish-subscribe mode to share security data.This thesis is to build a trusted security data sharing environment based on the existing security data platform,and design and develop a blockchain vulnerability database application based on the security data platform.The specific research content of this thesis is as follows:1.Design and implementation of trusted sharing environment and incentive mechanism of secure data platform.The core of blockchain is a decentralized distributed database,which has the characteristics of transparency,trustworthiness and non-tamperability.This thesis designs and realizes a trusted data sharing environment of secure data platform by combining blockchain technology.By storing the user data,channel information,and summary data of security data on the blockchain in the secure data platform,making the whole process of sharing security data in the security data platform is transparent and trustworthy.At the same time,based on the token mechanism of blockchain,this thesis designs and implements the incentive mechanism of sharing security data in the security data platform.2.Design and implementation of blockchain vulnerability database based on security data platform.In view of the security issues in the current blockchain technology,this thesis designs and implements the blockchain vulnerability database based on the security data platform.The vulnerability database mainly includes the blockchain platform code vulnerability and Ethereum smart contract vulnerability information.It has the ability to automatically and sustainably obtain the vulnerability information from the existing vulnerability database,and can integrate the vulnerability information to ensure a more comprehensive vulnerability information.At the same time,it also can support users to subscribe vulnerability information through the security data platform.Finally,this thesis also designs and develops a web application and mobile application based on WeChat public account for the blockchain vulnerability database.