CN105488385A - Simulation monitoring method and system used for wearable intelligent equipment - Google Patents
Simulation monitoring method and system used for wearable intelligent equipment Download PDFInfo
- Publication number
- CN105488385A CN105488385A CN201410844981.8A CN201410844981A CN105488385A CN 105488385 A CN105488385 A CN 105488385A CN 201410844981 A CN201410844981 A CN 201410844981A CN 105488385 A CN105488385 A CN 105488385A
- Authority
- CN
- China
- Prior art keywords
- sequence
- event
- events
- library
- storehouse
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention belongs to the field of the information security of the wearable intelligent equipment, and particularly relates to a simulation monitoring method and system used for wearable intelligent equipment. The method comprises the following steps: firstly, comparing an event with a blacklist and whitelist library; then, independently combining the event and each result which is possibly generated by the event, independently comparing an obtained combination result with an event sequence threshold value library, simulating a true execution environment, executing the event according to an instruction set way to generate a simulation result, and comparing the simulation result with the event sequence threshold value library; and finally, under the true execution environment, executing the event to obtain a true result, and comparing the true result with the event sequence threshold value library to finish the interception or release work of the event. The system comprises a blacklist and whitelist library comparison module, an event association comparison module, a simulation execution comparison module and a true execution comparison module, wherein all the above modules are used for realizing the above method. Malicious events can be effectively intercepted.
Description
Technical field
The invention belongs to wearable intelligent facility information security fields, be specifically related to a kind of analog monitoring method and system for wearable intelligent equipment.
Background technology
Along with the development of technology of Internet of things, wearable intelligent equipment is the important development direction of 21 century information industry.The top IT enterprises in the world have participated in the R&D work of wearable intelligent equipment all, such as: the Googleglass of Google, the AppleWatch of Apple, the GalaxyGear of Samsung, in addition, Intel, TI, Mei Xindeng semiconductor manufacturer also participate in the research and development of wearable intelligent equipment one after another.
Information security is the important component part of wearable intelligent equipment research and development.Although traditional information security technology defines system, traditional information security technology for be PC or server, tackle mainly for file or network data.And wearable intelligent equipment is except file or network data, also comprises the alternate manners such as sensor information acquisition, make traditional information security technology not be suitable for wearable intelligent apparatus field.
But the research for wearable intelligent facility information safety is also little, makes the safety problem of wearable intelligent equipment day by day highlight.In this case, by wearable intelligent equipment, obtain the information such as user behavior, vital sign, custom, steal, utilize the behaviors such as name in an account book password, potential threat will be formed safely to wearable intelligent facility information.
Summary of the invention
In order to solve the problem, the invention discloses a kind of analog monitoring method and system for wearable intelligent equipment, the method and system effectively can tackle malicious event.
The object of the present invention is achieved like this:
For an analog monitoring method for wearable intelligent equipment, comprise the following steps:
S01, event and black and white lists storehouse to be compared, if:
Mate with white list storehouse, let pass;
Mate with blacklist storehouse, interception;
It fails to match, enters step S02;
S02, event itself and described event each result issuable combined respectively, the combined result obtained is compared with sequence of events threshold library respectively, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, enter step S03;
S03, execution environment that is virtually reality like reality, perform event according to the mode of instruction set, produces analog result, compare with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, enter step S04;
S04, under real execution environment, perform event, obtain legitimate reading, compare with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, let pass, the white list storehouse part in write black and white lists storehouse.
The above-mentioned analog monitoring method for wearable intelligent equipment, the sequence of events threshold library described in step S02, step S03 and step S04 is same storehouse.
The above-mentioned analog monitoring method for wearable intelligent equipment, the event described in step S01, comprises network event and local event.
The above-mentioned analog monitoring method for wearable intelligent equipment, in step S04, obtains each intermediate result before legitimate reading, all compares with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, continue execution event.
Realize the analog monitoring system for wearable intelligent equipment of the above-mentioned analog monitoring method for wearable intelligent equipment, comprising:
Black and white lists storehouse comparing module: event and black and white lists storehouse are compared, if:
Mate with white list storehouse, let pass;
Mate with blacklist storehouse, interception;
It fails to match, enters event correlation comparing module;
Event correlation comparing module: event itself and described event each result issuable are combined respectively, the combined result obtained is compared with sequence of events threshold library respectively, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, enter simulation and perform comparing module;
Simulation performs comparing module: execution environment that is virtually reality like reality, performs event according to the mode of instruction set, produces analog result, compares with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, enter and truly perform comparing module;
True execution comparing module: under real execution environment, performs event, obtains legitimate reading, compare with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, let pass, the white list storehouse part in write black and white lists storehouse.
Beneficial effect:
Because the present invention is provided with quadruple safety monitoring, comprise and event and black and white lists storehouse are compared, event itself and the issuable combination of described event and sequence of events threshold library are compared, event simulation result and sequence of events threshold library are compared, event legitimate reading and sequence of events threshold library are compared, in each link, event is monitored, therefore effectively can tackle malicious event.
Accompanying drawing explanation
Fig. 1 is the analog monitoring method flow diagram of the present invention for wearable intelligent equipment.
Fig. 2 is the analog monitoring system schematic of the present invention for wearable intelligent equipment.
In figure: 1 black and white lists storehouse comparing module, 2 event correlation comparing module, 3 simulations perform comparing module, 4 and truly perform comparing module.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the invention is described in further detail.
Specific embodiment one
The present embodiment is the analog monitoring embodiment of the method for wearable intelligent equipment.
The analog monitoring method for wearable intelligent equipment of the present embodiment, process flow diagram as shown in Figure 1.The method comprises the following steps:
S01, event and black and white lists storehouse to be compared, if:
Mate with white list storehouse, let pass;
Mate with blacklist storehouse, interception;
It fails to match, enters step S02;
Described black and white lists stock has single incident series, wherein, white list storehouse be have upgrade with official designated links, the file operation of signing with official, and official's Cloud Server carry out data communication etc. and determine safe behavioral data; Blacklist storehouse is have the server data wireless transmission of unofficial appointment or mandate, file operation with signature or version information, initiatively frequently carry out information pry to wearable intelligent equipment and connect and determine unsafe behavioral data with interference etc.
Described event, comprises network event and local event, the event that wherein, network event is 3G transmission, 4G transmission, Wifi transmission, Bluetooth transmission, NFC transmission etc. take network as transmission channel; Local event is the non-network events such as software upgrading, file change, file read-write, service function;
S02, event itself and described event each result issuable combined respectively, the combined result obtained is compared with sequence of events threshold library respectively, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, enter step S03;
Illustrate the concrete mode that event itself and described event each result issuable combine respectively.
Described sequence of events threshold library comprises sequence of events, and according to the threshold value that described sequence of events calculates.
Illustrate the sequence of events in sequence of events threshold library and the threshold value corresponding to it, such as:
S03, execution environment that is virtually reality like reality, perform event according to the mode of instruction set, produces analog result, compare with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, enter step S04;
Such as intercept the write operation of file, draw after instruction concentrative implementation: the Core part of write device, data content are the signed data that non-wearable device is caught.So this sequence of events is:
The write operation of file
Write device Core part
Data content is unknown source
Find not mate with sequence of events threshold library, therefore enter next link.
S04, under real execution environment, perform event, obtain legitimate reading, compare with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, let pass, the white list storehouse part in write black and white lists storehouse.
In this step, obtain each intermediate result before legitimate reading, all compare with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, continue execution event.
It should be noted that, this step performs has some to be interacting aspects, and can carry out the mutual of physical device, also can carry out event description and be sent to present system cloud server, it is mutual that Information Security Engineer carries out high in the clouds.
Specific embodiment two
The present embodiment is the analog monitoring system embodiment for wearable intelligent equipment.
The analog monitoring system for wearable intelligent equipment of the present embodiment, schematic diagram as shown in Figure 2.This system comprises:
Black and white lists storehouse comparing module 1: event and black and white lists storehouse are compared, if:
Mate with white list storehouse, let pass;
Mate with blacklist storehouse, interception;
It fails to match, enters event correlation comparing module 2;
Event correlation comparing module 2: event itself and described event each result issuable are combined respectively, the combined result obtained is compared with sequence of events threshold library respectively, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, enter simulation and perform comparing module 3;
Simulation performs comparing module 3: execution environment that is virtually reality like reality, performs event according to the mode of instruction set, produces analog result, compares with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, enter true execution comparing module 4;
True execution comparing module 4: under real execution environment, performs event, obtains legitimate reading, compare with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, let pass, the white list storehouse part in write black and white lists storehouse.
Claims (5)
1., for an analog monitoring method for wearable intelligent equipment, it is characterized in that, comprise the following steps:
S01, event and black and white lists storehouse to be compared, if:
Mate with white list storehouse, let pass;
Mate with blacklist storehouse, interception;
It fails to match, enters step S02;
S02, event itself and described event each result issuable combined respectively, the combined result obtained is compared with sequence of events threshold library respectively, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, enter step S03;
S03, execution environment that is virtually reality like reality, perform event according to the mode of instruction set, produces analog result, compare with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, enter step S04;
S04, under real execution environment, perform event, obtain legitimate reading, compare with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, let pass, the white list storehouse part in write black and white lists storehouse.
2. the analog monitoring method for wearable intelligent equipment according to claim 1, is characterized in that, the sequence of events threshold library described in step S02, step S03 and step S04 is same storehouse.
3. the analog monitoring method for wearable intelligent equipment according to claim 1 and 2, is characterized in that,
Event described in step S01, comprises network event and local event.
4. the analog monitoring method for wearable intelligent equipment according to claim 1 and 2, is characterized in that, in step S04, obtains each intermediate result before legitimate reading, all compares with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, continue execution event.
5. realize the analog monitoring system for wearable intelligent equipment of the analog monitoring method for wearable intelligent equipment according to claim 1, it is characterized in that, comprising:
Black and white lists storehouse comparing module (1): event and black and white lists storehouse are compared, if:
Mate with white list storehouse, let pass;
Mate with blacklist storehouse, interception;
It fails to match, enters event correlation comparing module (2);
Event correlation comparing module (2): event itself and described event each result issuable are combined respectively, the combined result obtained is compared with sequence of events threshold library respectively, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, enter simulation and perform comparing module (3);
Simulation performs comparing module (3): execution environment that is virtually reality like reality, performs event according to the mode of instruction set, produces analog result, compares with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, enter and truly perform comparing module (4);
True execution comparing module (4): under real execution environment, performs event, obtains legitimate reading, compare with sequence of events threshold library, if:
With the sequences match in sequence of events threshold library or the threshold value exceeding sequence of events threshold library, report to the police or interception, the blacklist storehouse part in write black and white lists storehouse;
Do not mate with the sequence in sequence of events threshold library, and do not exceed the threshold value of sequence of events threshold library, let pass, the white list storehouse part in write black and white lists storehouse.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410844981.8A CN105488385A (en) | 2014-12-31 | 2014-12-31 | Simulation monitoring method and system used for wearable intelligent equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410844981.8A CN105488385A (en) | 2014-12-31 | 2014-12-31 | Simulation monitoring method and system used for wearable intelligent equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105488385A true CN105488385A (en) | 2016-04-13 |
Family
ID=55675358
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410844981.8A Pending CN105488385A (en) | 2014-12-31 | 2014-12-31 | Simulation monitoring method and system used for wearable intelligent equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105488385A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100031361A1 (en) * | 2008-07-21 | 2010-02-04 | Jayant Shukla | Fixing Computer Files Infected by Virus and Other Malware |
CN101924761A (en) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | Method for detecting malicious program according to white list |
CN101924762A (en) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | Cloud security-based active defense method |
CN103077353A (en) * | 2013-01-24 | 2013-05-01 | 北京奇虎科技有限公司 | Method and device for actively defending rogue program |
CN102254120B (en) * | 2011-08-09 | 2014-05-21 | 华为数字技术(成都)有限公司 | Method, system and relevant device for detecting malicious codes |
-
2014
- 2014-12-31 CN CN201410844981.8A patent/CN105488385A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100031361A1 (en) * | 2008-07-21 | 2010-02-04 | Jayant Shukla | Fixing Computer Files Infected by Virus and Other Malware |
CN101924761A (en) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | Method for detecting malicious program according to white list |
CN101924762A (en) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | Cloud security-based active defense method |
CN102254120B (en) * | 2011-08-09 | 2014-05-21 | 华为数字技术(成都)有限公司 | Method, system and relevant device for detecting malicious codes |
CN103077353A (en) * | 2013-01-24 | 2013-05-01 | 北京奇虎科技有限公司 | Method and device for actively defending rogue program |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200175200A1 (en) | Privacy detection of a mobile application program | |
US9111081B2 (en) | Remote direct memory access authentication of a device | |
Johnson et al. | Review of electric vehicle charger cybersecurity vulnerabilities, potential impacts, and defenses | |
CN103516511B (en) | A kind of method and device that AES and key are detected | |
Cam-Winget et al. | Can IoT be secured: Emerging challenges in connecting the unconnected | |
JP2017516181A5 (en) | ||
WO2013106094A3 (en) | System and method for device registration and authentication | |
WO2014052505A3 (en) | Biometric identification to authenticate user identity | |
RU2013136976A (en) | SYSTEM AND METHOD FOR TEMPORARY PROTECTION OF OPERATING SYSTEM OF SOFTWARE AND HARDWARE DEVICES FROM APPLICATIONS CONTAINING VULNERABILITY | |
MX362630B (en) | Methods and apparatus for dealing with malware. | |
CN109564609A (en) | It mitigates and corrects using the detection of the computer attack of advanced computers decision-making platform | |
Tedeschi et al. | A design approach to IoT endpoint security for production machinery monitoring | |
WO2014182787A3 (en) | Systems and methods for high fidelity multi-modal out-of-band biometric authentication | |
WO2014144126A3 (en) | Provisioning wireless communication profiles in a headless device | |
US20180205749A1 (en) | Detecting A Rogue Access Point Using Network-Independent Machine Learning Models | |
CN112511512A (en) | Vulnerability scanning engine and risk management system of threat detection engine | |
MY189174A (en) | Network based management of protected data sets | |
GB2556435A8 (en) | Authorization in a distributed system using access control lists and groups | |
MY184439A (en) | Terminal authentication method, apparatus, and system in passive optical network | |
GB201307478D0 (en) | Systems and methods for data access protection | |
Marian et al. | Experimenting with digital signatures over a DNP3 protocol in a multitenant cloud-based SCADA architecture | |
CN106773785B (en) | Method for realizing nuclear safety level intelligent simulation verification platform based on FPGA technology | |
US11706192B2 (en) | Integrated behavior-based infrastructure command validation | |
CN105488385A (en) | Simulation monitoring method and system used for wearable intelligent equipment | |
EP3504597A1 (en) | Identification of deviant engineering modifications to programmable logic controllers |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160413 |