ManuKrishnan07/blockchain-threat-intelligence-sharing

# 去中心化威胁情报共享平台 (DTISP) ## 快速开始 ### 1. 前置条件 - Python 3.12 - MongoDB (运行在 `localhost:27017`) - Ganache (运行在 `localhost:7545`) - Node.js (可选) ### 2. 安装依赖 ``` py -3.12 -m venv .venv .venv\Scripts\activate python -m pip install --upgrade pip python -m pip install -r requirements.txt ``` ### 3. 配置环境 将 `.env.example` 复制到 `.env` 并填写您的值。 ### 4. 部署智能合约 ``` cd backend python deploy.py # 预期："Contract Deployed to: 0xABC..." # 创建：backend/contract_config.json ``` ### 5. 启动后端 ``` cd backend python -m uvicorn main:app --reload --port 8000 # API 文档地址：http://localhost:8000/docs ``` ### 6. 填充测试数据 (可选) ``` cd backend python seed_data.py ``` ### 7. 打开前端 在浏览器中打开 `frontend/index.html`。 ## API 参考 ### 健康检查 ``` curl http://localhost:8000/health ``` ### 提交指标 ``` curl -X POST http://localhost:8000/submit-indicator \ -H "Content-Type: application/json" \ -d '{ "indicator_type": "ip", "indicator_value": "185.220.101.45", "threat_category": "botnet", "severity": "critical", "description": "Active Tor-based C2 server", "reporter_id": "org_alpha" }' ``` **响应:** ``` { "message": "Indicator submitted and anchored to blockchain.", "data_hash": "a1b2c3d4e5f6...", "tx_hash": "0xabc123...", "timestamp": "1741824000" } ``` ### 按值搜索 ``` curl http://localhost:8000/indicator/185.220.101.45 ``` ### 验证完整性 ``` curl http://localhost:8000/verify/a1b2c3d4e5f6... ``` **有效 响应:** ``` { "status": "VALID", "detail": "Data integrity confirmed. Hash matches blockchain record.", "db_hash": "a1b2c3...", "blockchain_reporter": "0xAbCd...", "blockchain_timestamp": 1741824000 } ``` **被篡改 响应:** ``` { "status": "TAMPERED", "detail": "The database record has been modified. Hashes do not match." } ``` ### 获取威胁源 (带过滤器) ``` # 全部 curl http://localhost:8000/threat-feed # 仅关键 IP curl "http://localhost:8000/threat-feed?severity=critical&ioc_type=ip" ``` ### 平台统计 ``` curl http://localhost:8000/stats ``` ### 贡献者排行榜 ``` curl http://localhost:8000/leaderboard ``` ### 报告者资料 ``` curl http://localhost:8000/reporter/org_alpha ``` ### 导出 STIX 2.1 包 ``` curl http://localhost:8000/export/stix -o threat_intel.stix.json ``` ## 安全架构 ``` User Input ──► Pydantic Validation ──► SHA256 Hash Generation │ ┌─────────┴──────────┐ │ │ MongoDB Ethereum (Full Record) (Hash Only) │ │ └─────────┬──────────┘ │ Verify: Recalculate hash Compare DB hash == Chain hash ``` ## 篡改检测证明 1. 提交一个指标并保存 `data_hash` 2. 在 MongoDB 中手动编辑记录 (例如，将严重性更改为 "low") 3. 调用 `GET /verify/{data_hash}` 4. 系统根据数据库字段重新计算哈希值，并将其与不可篡改的区块链记录进行比较 5. 响应将为 `"status": "TAMPERED"` —— 证明数据库已被更改 ``` --- ### 7. 关键架构决策解析 **Why hash only goes on-chain (not full data):** Ethereum storage (SSTORE) costs gas per 32-byte slot. Storing the full record on-chain for each IOC would be prohibitively expensive even on a private network at scale. The hash serves as a cryptographic commitment — it proves the data existed in exactly that form at that time, without storing the sensitive threat data publicly on-chain. **Why `indicator_value` duplicate is checked by hash, not raw value:** The hash includes `reporter_id` and `timestamp`, so two different organizations can independently report the same IP — both submissions are stored, each with their own hash and blockchain anchor, giving you provenance tracking rather than a naive deduplication that would hide redundant confirmations. **Rate limiting strategy:** ``10/minute` on submissions prevents bulk spam while allowing a legitimate SOC analyst to submit an incident. The read endpoints are limited to `60/minute`, which is generous for dashboards polling on a timer. ```

标签：AV绕过, Burp项目解析, FastAPI, Ganache, MongoDB, Python, RESTful API, Uvicorn, Web安全, Zenmap, 以太坊, 区块链, 去中心化, 可信计算, 哈希校验, 威胁共享, 威胁情报, 密码管理, 开发者工具, 提示词优化, 数据完整性, 无后门, 智能合约, 欺诈检测, 网络安全, 蓝队分析, 逆向工具, 防篡改, 隐私保护