CN113452668B - Internet of things terminal access monitoring method, computer program and storage medium - Google Patents

Internet of things terminal access monitoring method, computer program and storage medium Download PDF

Info

Publication number
CN113452668B
CN113452668B CN202110273776.0A CN202110273776A CN113452668B CN 113452668 B CN113452668 B CN 113452668B CN 202110273776 A CN202110273776 A CN 202110273776A CN 113452668 B CN113452668 B CN 113452668B
Authority
CN
China
Prior art keywords
entity
internet
things
data
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110273776.0A
Other languages
Chinese (zh)
Other versions
CN113452668A (en
Inventor
庄小雄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Baijiahua Network Technology Co ltd
Original Assignee
Shenzhen Baijiahua Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Baijiahua Network Technology Co ltd filed Critical Shenzhen Baijiahua Network Technology Co ltd
Priority to CN202110273776.0A priority Critical patent/CN113452668B/en
Publication of CN113452668A publication Critical patent/CN113452668A/en
Application granted granted Critical
Publication of CN113452668B publication Critical patent/CN113452668B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to the technical field of Internet of things, and particularly relates to an Internet of things terminal access monitoring method, a computer program and a storage medium, wherein the method comprises the following steps: step 1: carrying out first grading on entities in the Internet of things according to position distribution, wherein the entities comprise: the system comprises an Internet of things terminal device, an Internet of things sensing device, an Internet of things data processing device and an Internet of things routing device; the multi-level management of the Internet of things is realized by grading all equipment in the Internet of things twice, access control of features and identities is carried out in the same-domain entity groups to ensure legality and compliance of the accessed equipment, and the monitoring server is used for monitoring sensitive behaviors and sensitive contents between the same-domain entity groups of different levels to ensure the compliance and legality of the accessed equipment in the Internet of things during operation, so that the overall safety of a physical network is improved, and the management efficiency of the Internet of things access is improved.

Description

Internet of things terminal access monitoring method, computer program and storage medium
Technical Field
The invention belongs to the technical field of Internet of things, and particularly relates to an Internet of things terminal access monitoring method, a computer program and a storage medium.
Background
The Internet of Things (Internet of Things, IOT for short) is used for collecting any object or process needing monitoring, connection and interaction in real time and collecting various required information such as sound, light, heat, electricity, mechanics, chemistry, biology and position through various devices and technologies such as various information sensors, radio frequency identification technologies, global positioning systems, infrared sensors and laser scanners, and realizing the ubiquitous connection of objects and people through various possible network accesses and the intelligent sensing, identification and management of the objects and the processes. The internet of things is an information bearer based on the internet, a traditional telecommunication network and the like, and all common physical objects which can be independently addressed form an interconnected network.
The traditional internet is mature in development and wide in application, and security holes still exist. As a new product, the Internet of things has a more complex system structure and no unified standard, and the safety problem in all aspects is more prominent. The key realization technology is that a sensing network is exposed to a natural environment, particularly some sensors placed in a severe environment, how to maintain the integrity of the network for a long time puts new requirements on the sensing technology, and the sensing network must have a self-healing function. This is not only influenced by environmental factors, but also more severely by human factors. The RFID is another key implementation technology, namely, the electronic tag is put into an article in advance to achieve a real-time monitoring state, so that some personal privacy is exposed to some owners of part of tagged articles, and the safety of personal information has a problem. Not only personal information security, but also cooperation between enterprises and countries is quite common nowadays, and once a network is attacked, the consequences are much less imaginable. How to balance informatization and security in the process of using the Internet of things is very important.
Disclosure of Invention
The invention mainly aims to provide an Internet of things terminal access monitoring method, a computer program and a storage medium, which realize multi-level management of the Internet of things by grading all equipment in the Internet of things twice, perform access control on features and identities in a same-domain entity group to ensure legality and compliance of the accessed equipment, and use a monitoring server to monitor sensitive behaviors and sensitive contents between different levels of the same-domain entity group to ensure the compliance and legality of the equipment accessed in the Internet of things during operation, thereby improving the overall safety of a physical network and simultaneously improving the management efficiency of the Internet of things access.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
an Internet of things terminal access monitoring method comprises the following steps:
step 1: carrying out first grading on entities in the Internet of things according to position distribution, wherein the entities comprise: the system comprises an Internet of things terminal device, an Internet of things sensing device, an Internet of things data processing device and an Internet of things routing device; the first grading comprises: the method comprises the steps that an Internet of things routing device is used as a central point, a circular domain is constructed by a set radius, and all entities covered in the circular domain are divided into entities in the same domain;
step 2: setting a weight value for each entity according to the authority of the entity, wherein the higher the authority is, the higher the weight value corresponding to the higher authority is;
and step 3: carrying out secondary classification on the same-domain entity groups divided after the primary classification according to entity authority; the second grading comprises: counting the sum of the authority weight values of all entities in the same domain entity group; setting a grading interval, and grading the corresponding same-domain entity group according to the position of the sum value in the grading interval;
and 4, step 4: in the same-domain entity group, using the routing equipment of the Internet of things to carry out dual access control on other entities in the same-domain entity group; the dual access control includes: performing feature recognition on other entities in the same-domain entity group, and performing identity verification if the feature recognition is passed;
and 5: accessing a monitoring server in a same-domain entity group at the same level, wherein the monitoring server performs behavior monitoring and content monitoring on all entities in the same-domain entity group; the behavior monitoring package is as follows: monitoring the operation behaviors of all entities in the same-domain entity group; the content monitoring is as follows: the content of all entities in the set of entities of the same domain is monitored.
Further, the method for the internet of things routing device to perform feature recognition on other entities in the same-domain entity group in step 3 includes: presetting a list of legal entity information in the routing equipment of the Internet of things; the Internet of things routing equipment is used for controlling the safety of the Internet of things routing equipment connected with the Internet of things routing equipment, and the list of legal entity information comprises the unique identification mark of an entity allowed to be accessed; when the routing equipment of the Internet of things monitors the access of an entity, calculating the unique identification of the entity; sending the unique identification to Internet of things routing equipment, judging whether the unique identification exists in the list of legal entity information or not by the Internet of things routing equipment, and if so, allowing the entity to access; if not, the access of the entity is refused; when the routing equipment of the Internet of things monitors the access of an entity, the step of calculating the unique identification of the entity comprises the following steps: acquiring hardware attribute information of the entity; judging whether the entity has a characteristic mark; if yes, extracting a feature identifier from the entity; if not, calculating a feature identifier according to the hardware attribute information, and writing the feature identifier into an entity; and calculating the unique identification of the entity according to the hardware attribute information and the characteristic identification of the entity.
Further, if the operation of writing the feature identifier into the entity fails, sending the information of the writing operation failure to the routing equipment of the internet of things; and the routing equipment of the Internet of things refuses the access of the entity according to the information of the write-in operation failure.
Further, the Internet of things routing equipment is preset with a time interval for allowing an entity to access, and the method also comprises the steps of judging whether the entity is accessed in the time interval for allowing the access; if the entity is accessed within the access-allowed time interval, the routing equipment of the Internet of things allows the access of the entity; and if the entity is not accessed within the time interval allowing access, the routing equipment of the Internet of things refuses the access of the entity.
Further, the method for the internet of things routing device to authenticate the entity passing the feature recognition includes: receiving a plurality of items of identity information sent by an entity when the entity accesses; comparing the plurality of items of identity information with recorded historical identity information respectively; obtaining the identity feature matching value of the current user according to the comparison result of the plurality of items of identity information, wherein obtaining the identity feature matching value of the current user according to the comparison result of the plurality of items of identity information comprises: acquiring a weight value of each item of identity information, wherein the weight value of each item of identity information is defined according to different scenes needing identity verification; calculating the identity characteristic matching value according to whether each item of identity information is matched and the corresponding weight value in a weighting mode; acquiring an identity verification mode corresponding to the identity characteristic matching value of the current user according to the corresponding relation between the preset identity characteristic matching value and the identity verification mode; and performing identity authentication according to the corresponding identity authentication mode.
Further, the method for monitoring the behavior of the monitoring server in step 5 includes: recording behaviors in an entity of the Internet of things to generate a behavior log; dynamically analyzing the structure of the behavior log; capturing a function call sequence corresponding to a preset sensitive behavior in the running process of an entity in a polling mode based on a structural analysis result of a behavior log; and comparing the function call sequence corresponding to the preset sensitive behavior with the function call sequence corresponding to the preset malicious behavior to identify the malicious behavior in the entity, wherein the malicious behavior comprises the combination of at least three specific sensitive behaviors.
Further, the structure of the dynamic analysis behavior log specifically includes: dynamically analyzing the format of the behavior log; dynamically analyzing the source code of the behavior log based on the format analysis result of the behavior log to obtain the sub-elements of the software application program and the calling relationship among the sub-elements; the application logic and content of the software application is dynamically analyzed.
Further, the method for monitoring the content by the monitoring server in step 5 includes: acquiring data in an entity of the Internet of things, and performing data inner edge variation calculation on the data; the intra-data edge variation calculation uses the following formula:
Figure GDA0003672809880000031
Figure GDA0003672809880000032
wherein AECR is the data inner edge change rate; x m Indicating the number of data lower than a set threshold value, X m-1 The number of data items lower than a predetermined threshold value among data m-1 adjacent to data m,
Figure GDA0003672809880000033
indicates the number of newly added data in the data m,
Figure GDA0003672809880000034
a data m-1 representing the number of data m adjacent to the data m; and calculating the data correlation change rate by using the following formula:
Figure GDA0003672809880000035
Figure GDA0003672809880000036
wherein, d (AECR) 1 ,AECR 2 ) For data-dependent rate of change, AECR 1 Representing rates of change of data inner edges in a monitoring server, AECR 2 Representing the rate of change of the inner edge of data within a certain entity; i is the number of data; and comparing the calculated data related change rate with a set threshold, and if the calculated data related change rate exceeds the set threshold, judging the data to be sensitive data.
A computer program comprising computer readable code which, when run on a device, a processor in the device executes instructions for carrying out the steps of any of the methods described above.
A computer storage medium storing computer readable instructions which, when executed, perform any of the operations described above.
The internet of things terminal access monitoring method, the computer program and the storage medium have the following beneficial effects: the multi-level management of the Internet of things is realized by grading all equipment in the Internet of things twice, access control of features and identities is carried out in the same-domain entity groups to ensure legality and compliance of the accessed equipment, and the monitoring server is used for monitoring sensitive behaviors and sensitive contents between the same-domain entity groups of different levels to ensure the compliance and legality of the accessed equipment in the Internet of things during operation, so that the overall safety of a physical network is improved, and the management efficiency of the Internet of things access is improved. The method is mainly realized by the following steps: 1. the division of the same-domain entity group is realized through the first grading: according to the method, the routing equipment of the Internet of things is used as a central point, the circular domain is constructed by the set radius, all entities covered in the circular domain are divided into the same-domain entity groups, and the obtained same-domain entity groups are distributed based on positions during management, so that the efficiency is higher; 2. the invention carries out double verification on the equipment in the same-domain entity group, on one hand, carries out the characteristic recognition to ensure that the accessed equipment has the authority to access, and simultaneously carries out the identity verification to ensure that the user using the accessed equipment has the authority, thus greatly improving the safety of the Internet of things; 3. and performing content identification and behavior identification on the same-domain entity groups of different levels: according to the method, content identification and behavior identification are respectively carried out on the same-domain entity groups of different levels, and through the content identification, data in the same-domain entity groups can be ensured to be free from abnormity, so that the accessed equipment is ensured to be free from data abnormity in the operation process, and the operation of the Internet of things is influenced; on the other hand, through behavior recognition, connection can be guaranteedWhether the entering equipment has abnormal behavior in the running process or not is ensured, and the equipment is ensured not to have abnormal running; 4. the content identification method comprises the following steps: when the content is identified, the used identification algorithm is realized by adopting a method for carrying out data inner edge change calculation based on data; the intra-data edge variation calculation uses the following formula:
Figure GDA0003672809880000041
wherein AECR is the data inner edge change rate; x m Indicating the number of data lower than a set threshold value, X m-1 The number of data items lower than a predetermined threshold value among data m-1 adjacent to data m,
Figure GDA0003672809880000042
indicates the number of newly added data in the data m,
Figure GDA0003672809880000043
a data m-1 representing the number of data m adjacent to the data m; and calculating the data correlation change rate by using the following formula:
Figure GDA0003672809880000044
Figure GDA0003672809880000045
wherein, d (AECR) 1 ,AECR 2 ) For data-dependent rates of change, AECR 1 Representing rates of change of data inner edges in a monitoring server, AECR 2 Representing the rate of change of the inner edge of data within a certain entity; i is the number of data; comparing the calculated data related change rate with a set threshold, and if the calculated data related change rate exceeds the set threshold, judging the data to be sensitive data; compared with the prior art, the method is realized by directly identifying the sensitive content and comparing the data in the monitoring server and the entity, and the efficiency is improved without identifying each data.
Drawings
Fig. 1 is a schematic flow chart of a method for monitoring access of an internet of things terminal according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a co-domain entity group of an internet of things terminal access monitoring method, a computer program and a storage medium according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a connection structure of co-domain entity groups at different levels of an internet of things terminal access monitoring method, a computer program, and a storage medium according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an experiment curve of the identity management efficiency of the internet of things terminal access monitoring method, the computer program and the storage medium, which is changed along with the number of experiments, and a schematic diagram of a comparison experiment effect in the prior art.
Detailed Description
The technical solution of the present invention is further described in detail below with reference to the following detailed description and the accompanying drawings:
example 1
As shown in fig. 1, a method for monitoring access of a terminal of internet of things performs the following steps:
step 1: carrying out first grading on entities in the Internet of things according to position distribution, wherein the entities comprise: the system comprises an Internet of things terminal device, an Internet of things sensing device, an Internet of things data processing device and an Internet of things routing device; the first grading comprises: the method comprises the steps that an Internet of things routing device is used as a central point, a circular domain is constructed by a set radius, and all entities covered in the circular domain are divided into entities in the same domain;
step 2: setting a weight value for each entity according to the authority of the entity, wherein the higher the authority is, the higher the weight value corresponding to the higher authority is;
and step 3: carrying out secondary classification on the same-domain entity groups divided after the primary classification according to entity authority; the second grading comprises: counting the sum of the authority weight values of all entities in the same domain entity group; setting a grading interval, and grading the corresponding same-domain entity group according to the position of the sum value in the grading interval;
and 4, step 4: in the same-domain entity group, using the routing equipment of the Internet of things to carry out dual access control on other entities in the same-domain entity group; the dual access control comprises: performing feature recognition on other entities in the same-domain entity group, and performing identity verification if the feature recognition is passed;
and 5: accessing a monitoring server in a same-domain entity group at the same level, wherein the monitoring server performs behavior monitoring and content monitoring on all entities in the same-domain entity group; the behavior monitoring package is as follows: monitoring the operation behaviors of all entities in the same-domain entity group; the content monitoring is as follows: the content of all entities in the set of entities of the same domain is monitored.
Adopt above-mentioned technical scheme: according to the method and the system, all the devices in the Internet of things are classified twice, so that multi-level management of the Internet of things is realized, access control of features and identities is performed in the same-domain entity groups, so that legality and compliance of the accessed devices are guaranteed, the monitoring server is used for monitoring sensitive behaviors and sensitive contents between the different-level same-domain entity groups, the compliance and legality of the accessed devices in the Internet of things during operation are guaranteed, the overall safety of a physical network is improved, and the management efficiency of the Internet of things access is improved. The method is mainly realized by the following steps: 1. the division of the same-domain entity group is realized through the first grading: according to the method, the routing equipment of the Internet of things is used as a central point, the circular domain is constructed by the set radius, all entities covered in the circular domain are divided into the same-domain entity groups, and the obtained same-domain entity groups are distributed based on positions during management, so that the efficiency is higher; 2. the invention carries out double verification on the equipment in the same-domain entity group, on one hand, carries out the characteristic recognition to ensure that the accessed equipment has the authority to access, and simultaneously carries out the identity verification to ensure that the user using the accessed equipment has the authority, thus greatly improving the safety of the Internet of things; 3. and performing content identification and behavior identification on the same-domain entity groups of different levels: aiming at the same-domain entity groups with different levels, the method respectively carries out content identification and behavior identification, and can ensure that the data in the same-domain entity group is not abnormal through the content identification, thereby ensuring that the accessed equipment does not have data in the operation processThe operation of the Internet of things is influenced due to the abnormity; on the other hand, through behavior identification, whether the accessed equipment has abnormal behavior in the operation process or not can be ensured, and the equipment is ensured not to have abnormal operation; 4. the content identification method comprises the following steps: when the content is identified, the used identification algorithm is realized by adopting a method for carrying out data inner edge change calculation based on data; the intra-data edge variation calculation uses the following formula:
Figure GDA0003672809880000061
wherein AECR is the data inner edge change rate; x m Indicates the number of data lower than a set threshold value, X m-1 The number of data items lower than a predetermined threshold value among data m-1 adjacent to data m,
Figure GDA0003672809880000062
indicates the number of newly added data in the data m,
Figure GDA0003672809880000063
a data m-1 representing the number of data m adjacent to the data m; and calculating the data correlation change rate by using the following formula:
Figure GDA0003672809880000064
wherein, d (AECR) 1 ,AECR 2 ) For data-dependent rate of change, AECR 1 Representing rates of change of data inner edges in a monitoring server, AECR 2 Representing the rate of change of the inner edge of data within a certain entity; i is the number of data; comparing the calculated data related change rate with a set threshold, and if the calculated data related change rate exceeds the set threshold, judging the data to be sensitive data; compared with the prior art, the method is realized by directly identifying the sensitive content and comparing the data in the monitoring server and the entity, and the efficiency is improved without identifying each data.
Example 2
On the basis of the previous embodiment, the method for the internet of things routing device to perform feature recognition on other entities in the same-domain entity group in step 3 includes: presetting a list of legal entity information in the routing equipment of the Internet of things; the Internet of things routing equipment is used for controlling the safety of the Internet of things routing equipment connected with the Internet of things routing equipment, and the list of legal entity information comprises the unique identification mark of an entity which is allowed to be accessed; when the routing equipment of the Internet of things monitors the access of an entity, calculating the unique identification of the entity; sending the unique identification mark to Internet of things routing equipment, judging whether the unique identification mark exists in the list of the legal entity information or not by the Internet of things routing equipment, and if so, allowing the entity to access; if not, the access of the entity is refused; when the routing equipment of the Internet of things monitors the access of an entity, the step of calculating the unique identification of the entity comprises the following steps: acquiring hardware attribute information of the entity; judging whether the entity has a characteristic mark; if yes, extracting a feature identifier from the entity; if not, calculating a feature identifier according to the hardware attribute information, and writing the feature identifier into an entity; and calculating the unique identification of the entity according to the hardware attribute information and the characteristic identification of the entity.
Specifically, routing refers to the network-wide process of determining an end-to-end path as a packet travels from a source to a destination. And routing the data packet forwarding equipment working at the third layer of the OSI reference model, namely the network layer. Routers implement network interconnections by forwarding packets. Although routers can support multiple protocols (such as protocols of TCP/IP, IPX/SPX, AppleTalk and the like), most routers in China run the TCP/IP protocol. A router typically connects two or more logical ports, identified by IP subnets or point-to-point protocols, with at least 1 physical port. The router determines an output port and a next hop address according to a network layer address in the received data packet and a routing table maintained inside the router, and rewrites a link layer data packet header to realize forwarding of the data packet. Routers maintain routing tables to reflect the current network topology by dynamically maintaining routing tables, and to exchange routing and link information through other routers on the network.
Example 3
On the basis of the previous embodiment, if the operation of writing the feature identifier into the entity fails, the information of the failure of the writing operation is sent to the routing equipment of the internet of things; and the routing equipment of the Internet of things refuses the access of the entity according to the information of the write-in operation failure.
Example 4
On the basis of the previous embodiment, the time interval of access permission of an entity is preset in the routing equipment of the Internet of things, and the method also comprises the steps of judging whether the entity is accessed in the time interval of access permission; if the entity is accessed within the access-allowed time interval, the routing equipment of the Internet of things allows the access of the entity; and if the entity is not accessed within the time interval allowing access, the routing equipment of the Internet of things refuses the access of the entity.
Example 5
On the basis of the previous embodiment, the method for the internet of things routing device to authenticate the entity passing the feature recognition includes: receiving a plurality of items of identity information sent by an entity when the entity accesses; comparing the plurality of items of identity information with recorded historical identity information respectively; obtaining the identity feature matching value of the current user according to the comparison result of the plurality of items of identity information, wherein obtaining the identity feature matching value of the current user according to the comparison result of the plurality of items of identity information comprises: acquiring a weight value of each item of identity information, wherein the weight value of each item of identity information is defined according to different scenes needing identity verification; calculating the identity characteristic matching value according to whether each item of identity information is matched and the corresponding weight value in a weighting mode; acquiring an identity verification mode corresponding to the identity characteristic matching value of the current user according to the corresponding relation between the preset identity characteristic matching value and the identity verification mode; and performing identity authentication according to the corresponding identity authentication mode.
Specifically, there are many methods for authentication, which can be basically divided into: shared key based authentication, biometric based authentication, and public key encryption algorithm based authentication. The security of different identity authentication methods is high and low respectively.
Authentication based on a shared key means that the server and the user have one or a group of passwords in common. When the user needs to perform authentication, the user submits the password commonly owned by the user and the server through inputting or through the device in which the password is kept. After receiving the password submitted by the user, the server checks whether the password submitted by the user is consistent with the password stored by the server side, and if so, the user is judged to be a legal user. And if the password submitted by the user is inconsistent with the password stored by the server, judging that the authentication fails.
There are many services that use shared key based authentication, such as: most network access services, most BBSs, and wikipedia, among others.
Biometric-based authentication refers to authentication based on physically unique characteristics of each individual, such as fingerprints, irises, etc.
For example, the solutions of synthetic Natural ID fingerprint sensors perform AES 256-bit encryption on fingerprint template data, and the encryption method plays a key role in rapidly deploying biometric authentication technology on smart phones. [2]
The authentication based on the public key encryption algorithm means that two parties in communication respectively hold a public key and a private key, one party encrypts specific data by using the private key, the other party decrypts the data by using the public key, if the decryption is successful, the user is considered to be a legal user, otherwise, the authentication is considered to be failed.
Services using public key encryption algorithm based authentication are: SSL, digital signatures, etc.
Example 6
On the basis of the above embodiment, the method for monitoring the behavior of the monitoring server in step 5 includes: recording behaviors in an entity of the Internet of things to generate a behavior log; dynamically analyzing the structure of the behavior log; capturing a function call sequence corresponding to a preset sensitive behavior in the running process of an entity in a polling mode based on a structural analysis result of a behavior log; and comparing the function call sequence corresponding to the preset sensitive behavior with the function call sequence corresponding to the preset malicious behavior to identify the malicious behavior in the entity, wherein the malicious behavior comprises the combination of at least three specific sensitive behaviors.
In particular, in a computer, a log file is a file that records events that occur while the operating system or other software is running or messages between different users of the communication software. Logging is the act of keeping a log. In the simplest case, the messages are written to a single log file.
Many operating systems, software frameworks and programs include logging systems. A widely used logging standard is syslog defined in the Internet Engineering Task Force (IETF) RFC 5424. The syslog standard enables a specialized standardized subsystem to generate, filter, log, and analyze log messages.
Example 7
On the basis of the previous embodiment, the structure of the dynamic analysis behavior log specifically includes: dynamically analyzing the format of the behavior log; dynamically analyzing the source code of the behavior log based on the format analysis result of the behavior log to obtain the sub-elements of the software application program and the calling relationship among the sub-elements; the application logic and content of the software application is dynamically analyzed.
Referring to fig. 2, the AP in fig. 2 is an internet of things routing device, and the internet of things routing device is used as you, and R is used as a radius, to divide the same-domain entity group;
referring to fig. 3, E in fig. 3 represents a group of entities of the same domain at the same level, and R represents a monitoring server.
Example 8
On the basis of the previous embodiment, the method for monitoring the content by the monitoring server in step 5 includes: acquiring data in an entity of the Internet of things, and performing data inner edge change calculation on the data; the intra-data edge variation calculation uses the following formula:
Figure GDA0003672809880000091
wherein AECR is the data inner edge change rate; x m In the presentation dataNumber of data lower than the set threshold value, X m-1 The number of data items lower than a predetermined threshold value among data m-1 adjacent to data m,
Figure GDA0003672809880000092
indicates the number of newly added data in the data m,
Figure GDA0003672809880000093
a data m-1 representing the number of data m adjacent to the data m; and calculating the data correlation change rate by using the following formula:
Figure GDA0003672809880000094
Figure GDA0003672809880000095
wherein, d (AECR) 1 ,AECR 2 ) For data-dependent rate of change, AECR 1 Representing rates of change of data inner edges in a monitoring server, AECR 2 Representing the rate of change of the inner edge of data within a certain entity; i is the number of data; and comparing the calculated data related change rate with a set threshold, and if the calculated data related change rate exceeds the set threshold, judging the data to be sensitive data.
Identity management efficiency refer to fig. 4.
Example 9
A computer program comprising computer readable code which, when run on a device, a processor in the device executes instructions for carrying out the steps of any of the methods described above.
Example 10
A computer storage medium storing computer readable instructions that, when executed, perform any of the operations described above.
The above description is only an embodiment of the present invention, but not intended to limit the scope of the present invention, and any structural changes made according to the present invention should be considered as being limited within the scope of the present invention without departing from the spirit of the present invention.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process and related description of the system described above may refer to the corresponding process in the foregoing method embodiments, and will not be described herein again.
It should be noted that, the system provided in the foregoing embodiment is only illustrated by dividing the functional modules, and in practical applications, the functions may be distributed by different functional modules according to needs, that is, the modules or steps in the embodiment of the present invention are further decomposed or combined, for example, the modules in the foregoing embodiment may be combined into one module, or may be further split into multiple sub-modules, so as to complete all or part of the functions described above. The names of the modules and steps involved in the embodiments of the present invention are only for distinguishing the modules or steps, and are not to be construed as unduly limiting the present invention.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes and related descriptions of the storage device and the processing device described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
Those of skill in the art would appreciate that the various illustrative modules, method steps, and modules described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that programs corresponding to the software modules, method steps may be located in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. To clearly illustrate this interchangeability of electronic hardware and software, various illustrative components and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as electronic hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The terms "first," "second," and the like are used for distinguishing between similar elements and not necessarily for describing or implying a particular order or sequence.
The terms "comprises," "comprising," or any other similar term are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.

Claims (9)

1. The Internet of things terminal access monitoring method is characterized by comprising the following steps:
step 1: carrying out first grading on entities in the Internet of things according to position distribution, wherein the entities comprise: the system comprises an Internet of things terminal device, an Internet of things sensing device, an Internet of things data processing device and an Internet of things routing device; the first grading comprises: the method comprises the steps that an Internet of things routing device is used as a central point, a circular domain is constructed by a set radius, and all entities covered in the circular domain are divided into entities in the same domain;
step 2: setting a weight value for each entity according to the authority of the entity, wherein the higher the authority is, the higher the weight value corresponding to the higher authority is;
and step 3: carrying out secondary classification on the same-domain entity groups divided after the primary classification according to entity authority; the second grading comprises: counting the sum of the authority weight values of all entities in the same domain entity group; setting a grading interval, and grading the corresponding same-domain entity group according to the position of the sum value in the grading interval;
and 4, step 4: in the same-domain entity group, using the routing equipment of the Internet of things to carry out dual access control on other entities in the same-domain entity group; the dual access control comprises: performing feature recognition on other entities in the same-domain entity group, and performing identity verification if the feature recognition is passed;
and 5: accessing a monitoring server in a same-domain entity group at the same level, wherein the monitoring server performs behavior monitoring and content monitoring on all entities in the same-domain entity group; the behavior monitoring is as follows: monitoring the operation behaviors of all entities in the same-domain entity group; the content monitoring is as follows: the content of all entities in the set of entities of the same domain is monitored.
2. The method of claim 1, wherein the step 3, in which the method for the internet of things routing device to perform feature recognition on other entities in the same-domain entity group comprises: presetting a list of legal entity information in the routing equipment of the Internet of things; the Internet of things routing equipment is used for controlling the safety of the Internet of things routing equipment connected with the Internet of things routing equipment, and the list of legal entity information comprises the unique identification mark of an entity allowed to be accessed; when the routing equipment of the Internet of things monitors the access of an entity, calculating the unique identification of the entity; sending the unique identification to Internet of things routing equipment, judging whether the unique identification exists in the list of legal entity information or not by the Internet of things routing equipment, and if so, allowing the entity to access; if not, the access of the entity is refused; when the routing equipment of the Internet of things monitors the access of an entity, the step of calculating the unique identification of the entity comprises the following steps: acquiring hardware attribute information of the entity; judging whether the entity has a characteristic mark; if yes, extracting a feature identifier from the entity; if not, calculating a feature identifier according to the hardware attribute information, and writing the feature identifier into an entity; and calculating the unique identification of the entity according to the hardware attribute information and the characteristic identification of the entity.
3. The method of claim 2, wherein if the operation of writing the feature identifier into the entity fails, sending information of the failure of the writing operation to routing equipment of the internet of things; and the routing equipment of the Internet of things refuses the access of the entity according to the information of the write-in operation failure.
4. The method of claim 3, wherein the Internet of things routing device is preset with a time interval for which an entity allows access, and the method further comprises the steps of judging whether the entity is accessed in the time interval for which access is allowed; if the entity is accessed within the access-allowed time interval, the routing equipment of the Internet of things allows the access of the entity; and if the entity is not accessed in the time interval allowing the access, the routing equipment of the Internet of things rejects the access of the entity.
5. The method of claim 1, wherein the method for the internet of things routing device to authenticate the entity passing the feature recognition comprises: receiving a plurality of items of identity information sent by an entity when the entity accesses; comparing the plurality of items of identity information with recorded historical identity information respectively; obtaining an identity feature matching value of the current user according to the comparison result of the plurality of items of identity information, wherein the obtaining of the identity feature matching value of the current user according to the comparison result of the plurality of items of identity information comprises: acquiring a weight value of each item of identity information, wherein the weight value of each item of identity information is defined according to different scenes needing identity verification; calculating the identity characteristic matching value according to whether each item of identity information is matched and the corresponding weight value in a weighting mode; acquiring an identity verification mode corresponding to the identity characteristic matching value of the current user according to the corresponding relation between the preset identity characteristic matching value and the identity verification mode; and performing identity authentication according to the corresponding identity authentication mode.
6. The method of claim 1, wherein the method for monitoring the behavior of the monitoring server in the step 5 comprises: recording behaviors in an entity of the Internet of things to generate a behavior log; dynamically analyzing the structure of the behavior log; capturing a function call sequence corresponding to a preset sensitive behavior in the running process of an entity in a polling mode based on a structural analysis result of a behavior log; and comparing the function call sequence corresponding to the preset sensitive behavior with the function call sequence corresponding to the preset malicious behavior to identify the malicious behavior in the entity, wherein the malicious behavior comprises the combination of at least three specific sensitive behaviors.
7. The method of claim 6, wherein the structure of the dynamic analysis behavior log is specifically: dynamically analyzing the format of the behavior log; dynamically analyzing the source code of the behavior log based on the format analysis result of the behavior log to obtain the sub-elements of the software application program and the calling relationship among the sub-elements; the application logic and content of the software application is dynamically analyzed.
8. The method of claim 1, wherein the method for monitoring the content by the monitoring server in the step 5 comprises: acquiring data in an entity of the Internet of things, and performing data inner edge variation calculation on the data; the intra-data edge variation calculation uses the following formula:
Figure FDA0003672809870000021
wherein AECR is the data inner edge change rate; x m Indicates the number of data lower than a set threshold value, X m-1 The number of data items lower than a predetermined threshold value among data m-1 adjacent to data m,
Figure FDA0003672809870000022
indicates the number of newly added data in the data m,
Figure FDA0003672809870000023
a data m-1 representing the number of data m adjacent to the data m; and calculating the data correlation change rate by using the following formula:
Figure FDA0003672809870000024
Figure FDA0003672809870000025
wherein, d (AECR) 1 ,AECR 2 ) For data-dependent rate of change, AECR 1 Representing rates of change of data inner edges in a monitoring server, AECR 2 Representing the rate of change of the inner edge of data within a certain entity; i is the number of data; and comparing the calculated data related change rate with a set threshold, and if the calculated data related change rate exceeds the set threshold, judging the data to be sensitive data.
9. A computer storage medium storing computer readable instructions which when executed perform the operations of any of claims 1 to 8.
CN202110273776.0A 2021-03-12 2021-03-12 Internet of things terminal access monitoring method, computer program and storage medium Active CN113452668B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110273776.0A CN113452668B (en) 2021-03-12 2021-03-12 Internet of things terminal access monitoring method, computer program and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110273776.0A CN113452668B (en) 2021-03-12 2021-03-12 Internet of things terminal access monitoring method, computer program and storage medium

Publications (2)

Publication Number Publication Date
CN113452668A CN113452668A (en) 2021-09-28
CN113452668B true CN113452668B (en) 2022-08-09

Family

ID=77808974

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110273776.0A Active CN113452668B (en) 2021-03-12 2021-03-12 Internet of things terminal access monitoring method, computer program and storage medium

Country Status (1)

Country Link
CN (1) CN113452668B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114760334B (en) * 2022-03-15 2023-09-12 江苏贺鸿电子有限公司 Electric power data transmission control system and method in Internet of things environment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110784491A (en) * 2019-11-13 2020-02-11 深圳前海智安信息科技有限公司 Internet of things safety management system
CN111082940A (en) * 2019-11-19 2020-04-28 泰康保险集团股份有限公司 Internet of things equipment control method and device, computing equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10270748B2 (en) * 2013-03-22 2019-04-23 Nok Nok Labs, Inc. Advanced authentication techniques and applications
CN111373704B (en) * 2019-01-28 2022-03-29 北京大学深圳研究生院 Method, system and storage medium for supporting multimode identification network addressing progressive-entry IP
CN111865879B (en) * 2019-04-29 2022-12-20 阿里巴巴集团控股有限公司 Internet of things access method and system and corresponding Internet of things equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110784491A (en) * 2019-11-13 2020-02-11 深圳前海智安信息科技有限公司 Internet of things safety management system
CN111082940A (en) * 2019-11-19 2020-04-28 泰康保险集团股份有限公司 Internet of things equipment control method and device, computing equipment and storage medium

Also Published As

Publication number Publication date
CN113452668A (en) 2021-09-28

Similar Documents

Publication Publication Date Title
Nguyen et al. Search: A collaborative and intelligent nids architecture for sdn-based cloud iot networks
Babun et al. Z-iot: Passive device-class fingerprinting of zigbee and z-wave iot devices
US9923913B2 (en) System and method for malware detection learning
US6415321B1 (en) Domain mapping method and system
CN109347830B (en) Network dynamic defense system and method
US10581880B2 (en) System and method for generating rules for attack detection feedback system
Shi et al. Dynamic distributed honeypot based on blockchain
WO2012166194A1 (en) Network asset information management
US10116538B2 (en) Attributing network address translation device processed traffic to individual hosts
Damghani et al. Classification of attacks on IoT
CN113614718A (en) Abnormal user session detector
Brandt et al. Security analysis of software defined networking protocols—openflow, of-config and ovsdb
CN113051570A (en) Server access monitoring method and device
Ajayi et al. Blockchain-based architecture for secured cyber-attack features exchange
CN113452668B (en) Internet of things terminal access monitoring method, computer program and storage medium
CN114268505B (en) Method and device for adjusting fraud policy of honeynet, electronic equipment and storage medium
Wang et al. ID-Based SDN for the Internet of Things
da Cruz et al. Detecting compromised IOT devices through XGBoost
CN106537962B (en) Wireless network configuration, access and access method, device and equipment
Salim et al. Preventing ARP spoofing attacks through gratuitous decision packet
KR101017015B1 (en) Network based high performance contents security system and method thereof
Zhou et al. [Retracted] An Adaptive Authenticated Model for Big Data Stream SAVI in SDN‐Based Data Center Networks
AU2022203844A1 (en) Method for detecting anomalies in ssl and/or tls communications, corresponding device, and computer program product
KR20190111010A (en) Network Mapping with Fingerprints
CN112968891A (en) Network attack defense method and device and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant