CN108134780B - Intelligent home security equipment safety judgment method based on improved decision tree algorithm - Google Patents
Intelligent home security equipment safety judgment method based on improved decision tree algorithm Download PDFInfo
- Publication number
- CN108134780B CN108134780B CN201711319190.3A CN201711319190A CN108134780B CN 108134780 B CN108134780 B CN 108134780B CN 201711319190 A CN201711319190 A CN 201711319190A CN 108134780 B CN108134780 B CN 108134780B
- Authority
- CN
- China
- Prior art keywords
- data
- decision tree
- intelligent home
- security equipment
- home security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
Abstract
The invention relates to a method for judging the security of intelligent home security equipment based on an improved decision tree algorithm, and belongs to the technical field of network information security of intelligent home security equipment. The method comprises the steps of grabbing a Pcap data packet, analyzing the data packet, training a decision tree model, extracting control command data, forging transmission data, realizing control over intelligent home security equipment and further judging whether the intelligent home security equipment is safe or not. The modeling of the invention fully utilizes the mainstream intelligent household security equipment in the market, and can provide reliable technical support for consumers to judge the safety of the intelligent security equipment in the market.
Description
Technical Field
The invention belongs to the technical field of network information security of intelligent home security equipment, and relates to a security judgment method of intelligent home security equipment based on an improved decision tree algorithm.
Background
In recent years, along with the rapid development of the internet of things, intelligent homes, intelligent security and the like are also popular with consumers. In order to meet the requirements of various consumer groups, various smart home products are available, and some manufacturers are not available for reducing the product quality in order to reduce the cost. According to investigation, a plurality of unencrypted intelligent security products appear in the market, so that the safety of the intelligent security equipment is insufficient, and powerful guarantee cannot be provided for consumers.
Disclosure of Invention
In view of this, the invention aims to provide an intelligent home security equipment security judgment method based on an improved decision tree algorithm, which identifies the security of intelligent security equipment and provides a good help for users to select products.
In order to achieve the purpose, the invention provides the following technical scheme:
the intelligent home security equipment safety judgment method based on the improved decision tree algorithm comprises the following steps:
s1: constructing a wifi environment, and acquiring a Pcap data packet of the intelligent home security equipment controlled by the mobile phone by controlling the intelligent home security equipment;
s2: analyzing data carried in a TCP protocol of a transmission layer in the captured Pcap data packet, and filtering the Pcap data packet;
s3: generating a training set and a test set of the decision tree according to the obtained and analyzed result;
s4: training a decision tree model by using a training set, and checking the decision tree model by using a test set to determine an improved decision tree model;
s5: and judging whether the control command data in the Pcap data packet is encrypted or not by using the trained improved decision tree model, if so, judging that the safety of the intelligent home security equipment is high, and if not, judging that the safety of the intelligent home security equipment is low.
Further, step S1 specifically includes the following steps:
s11: starting a wifi hotspot through a personal computer;
s12: connecting a mobile phone and intelligent security equipment to the wifi hotspot;
s13: and logging in the APP through the mobile phone to perform arming or disarming control on the intelligent security equipment, and opening the wirehardk software to capture the pcap data packet.
Further, step S13 is performed to select and control the smart home security device according to the requirement in the capturing process, and meanwhile, it is ensured that the capturing time is longer than 20 minutes.
Further, step S2 specifically includes the following steps:
s21: filtering out non-TCP protocol data frames in the Pcap data packet;
s22: judging whether the data bit length of data in a TCP protocol data frame is greater than 0, and filtering out data frames with the data bit length less than or equal to 0;
s23: acquiring a timestamp in the Pcap data packet, calculating the time difference of two similar frames, and filtering out data frames with unfixed time difference;
s24: and analyzing the residual data frame of the Pcap data packet, and recording the IP and the corresponding data bit data length.
Further, step S4 specifically includes the following steps:
s41: the total number of samples in the training set and the test set is assumed to be N, and each sample comprises M characteristic attributes;
s42: randomly extracting N1 samples from N samples to be used as training sets, and taking the rest N-N1 samples to be used as testing sets;
s43: generating a decision tree T according to N1 samples of the training set;
s44: and (4) judging the accuracy of the decision tree T by using the N-N1 samples of the remaining test sets, outputting the decision tree T as a decision tree model if the accuracy can be judged, replacing error data with samples of an equal training set to form a new test set and a new training set if the accuracy cannot be judged, and repeating the step S43 until the decision tree T can be accurately judged.
Further, step S5 specifically includes the following steps:
s51: control command data in the Pcap data packet are obtained twice continuously;
s52: matching character strings of the control command data captured twice one by one, and comparing the control command data captured twice;
s53: if the number of bytes of the control command data compared with the data bit change is less than 10 bytes in the two times and the TCP data is forged by the personal computer to control the intelligent home security equipment, the control command data is judged to be unencrypted and the safety is low;
if the byte number of the control command data for two times compared with the data bit change is more than or equal to 10 bytes, and the TCP data forged by the personal computer cannot control the intelligent home security equipment, the encryption is judged, and the safety is high.
The invention has the beneficial effects that: the method provided by the invention can help consumers to accurately judge the safety of the intelligent home security equipment on the market on one hand, and can also provide technical support for a specific government department to supervise the intelligent home market on the other hand.
Drawings
In order to make the object, technical scheme and beneficial effect of the invention more clear, the invention provides the following drawings for explanation:
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a schematic diagram of an IP filtered Pcap packet;
FIG. 3 is a diagram illustrating a basic format of a captured Pcap file;
FIG. 4 is a diagram of an improved decision tree model for extracting control commands for smart home security devices.
Detailed Description
Preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
The safety of the equipment is judged according to the control command of the intelligent home security equipment acquired under the wifi environment. The control command of the intelligent home security equipment has a direct relationship according to the brand of the intelligent home security equipment, and the control command is required to be acquired to judge whether the brand is worthy of purchase.
The invention will be further described with reference to the following detailed description of embodiments and with reference to the accompanying drawings in which:
a method for identifying safety of intelligent home security equipment based on an improved decision tree algorithm. Fig. 1 is a flow chart of the entire recognition method.
1. And grabbing the Pcap data packet of the intelligent home security equipment in the wifi environment.
2. And filtering the Pcap data packet to determine which intelligent home security equipment exists in the environment.
3. Establishing a decision tree model, and analyzing and identifying the Pcap data packet
Open wifi focus simulation router with personal computer, all be connected to this wifi focus with cell-phone, computer and intelligent security protection equipment etc. on, log in the APP of intelligent security protection equipment such as sharp, millet with the cell-phone, control of deploying troops on garrison or withdrawing garrison to equipment, open the wireshark software and carry out snatching of data packet, snatch the in-process and select control intelligent house security protection equipment as required, guarantee simultaneously that the time of snatching is greater than more than 20 minutes to the data packet that will snatch is classified according to the training set and the test set of decision tree model.
And according to the IP connected to the router and the characteristic that the intelligent home security equipment is interacted with the server at regular time, determining which IP is the IP of the intelligent home security equipment. As shown in fig. 2. The heartbeat data of the device is shown explicitly, i.e. sent repeatedly and the data bit length is greater than 0.
The structure of the Pcap packet is shown in fig. 3. The timestamp carried in each data packet needs to be found according to the Pcap structure, and the heartbeat time of each corresponding intelligent home security device is found.
A decision tree model is built according to the captured data, and whether the Pcap data packet includes a corresponding control command is analyzed, as shown in fig. 4. The decision tree model is a binary tree model, and the total time length of the Pcap file is the difference value of the timestamps of the first frame and the last frame of the acquired Pcap file; the transmission layer protocol and the Frame Data size (Frame _ Data _ size) are used for acquiring the transmission protocol and the Data Frame size of each Frame in the Pcap file; through the decision filtering, extracting the timestamp of each frame, classifying according to the IP addresses, calculating the timestamp difference, and finding the source IP and the target IP with fixed timestamp difference; and the source IP and the destination IP are exchanged, a data frame containing information is searched in the data packet, and whether the data frame is a control command is judged according to whether the data information is repeated excessively.
In an initial state, carrying out software filtering and classification on a Pcap data packet acquired by the wireshark; and training the decision tree algorithm model by using a training set, and verifying the trained decision tree by using a test set. The training set is obtained by testing various market mainstream products (fluorite, sharpening, millet and the like), the decision tree model is trained, data packets of related products are used as the testing set to test the decision tree precision, then comparison is carried out, the decision tree algorithm is adjusted according to errors, and the highest precision is selected as the final decision tree. The specific steps of the improved algorithm are described as follows:
1) n samples are assumed, and each sample comprises M characteristic attributes;
2) randomly extracting N1 samples from N samples to be used as training sets, and taking the rest N-N1 samples to be used as testing sets;
3) generating a decision tree T according to the N sample training sets;
4) judging the accuracy of the decision tree T according to the N-N1 sample test sets, if the accuracy can be judged accurately, outputting a decision tree model, if the accuracy cannot be judged accurately, replacing error data with an equal amount of training set samples to form a new test set and a new training set, and turning to the step 3) until the decision tree T can be judged accurately.
According to analysis of a Pcap file structure, data analysis of intelligent security equipment and capture of a Pcap data packet in a specific intelligent home environment, a decision tree algorithm model can be established to find out whether intelligent security equipment exists in the Pcap data packet or not from the captured Pcap data packet, if yes, a control command of the intelligent security equipment is found out according to the characteristics of the intelligent security equipment, and therefore the high and low of the safety of the intelligent security equipment are judged, and defense deployment and defense withdrawal are carried out on the control command of the intelligent security equipment. The method comprises the steps of continuously obtaining two control commands, comparing the two data through a comparison function, judging that the data is encrypted or not, namely judging the complexity of the data, judging that the data is not encrypted if the number of bytes of data bit change compared for two times is less than 10 bytes, and realizing control by counterfeiting TCP data through a computer, wherein the safety is low if the data is not encrypted, and judging that the data is encrypted if the data is not encrypted.
Finally, it is noted that the above-mentioned preferred embodiments illustrate rather than limit the invention, and that, although the invention has been described in detail with reference to the above-mentioned preferred embodiments, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the scope of the invention as defined by the appended claims.
Claims (4)
1. The intelligent home security equipment safety judgment method based on the improved decision tree algorithm is characterized by comprising the following steps: the method comprises the following steps:
s1: constructing a wifi environment, and acquiring a Pcap data packet of the intelligent home security equipment controlled by the mobile phone by controlling the intelligent home security equipment;
s2: analyzing data carried in a TCP protocol of a transmission layer in the captured Pcap data packet, and filtering the Pcap data packet;
s3: generating a training set and a test set of the decision tree according to the obtained and analyzed result;
s4: training a decision tree model by using a training set, and checking the decision tree model by using a test set to determine an improved decision tree model; the method specifically comprises the following steps:
s41: the total number of samples in the training set and the test set is assumed to be N, and each sample comprises M characteristic attributes;
s42: randomly extracting N1 samples from N samples to be used as training sets, and taking the rest N-N1 samples to be used as testing sets;
s43: generating a decision tree T according to N1 samples of the training set;
s44: judging the accuracy of the decision tree T by using N-N1 samples of the remaining test sets, outputting the decision tree T as a decision tree model if the accuracy can be judged, replacing error data with samples of an equal amount of training sets to form a new test set and a new training set if the accuracy cannot be judged, and repeating the step S43 until the decision tree T can be accurately judged;
s5: judging whether control command data in the Pcap data packet is encrypted or not by using the trained improved decision tree model, if so, judging that the safety of the intelligent home security equipment is high, and if not, judging that the safety of the intelligent home security equipment is low; the method specifically comprises the following steps:
s51: control command data in the Pcap data packet are obtained twice continuously;
s52: matching character strings of the control command data captured twice one by one, and comparing the control command data captured twice;
s53: if the number of bytes of the control command data compared with the data bit change is less than 10 bytes in the two times and the TCP data is forged by the personal computer to control the intelligent home security equipment, the control command data is judged to be unencrypted and the safety is low;
if the byte number of the control command data for two times compared with the data bit change is more than or equal to 10 bytes, and the TCP data forged by the personal computer cannot control the intelligent home security equipment, the encryption is judged, and the safety is high.
2. The intelligent home security device safety judgment method based on the improved decision tree algorithm as claimed in claim 1, wherein: step S1 specifically includes the following steps:
s11: starting a wifi hotspot through a personal computer;
s12: connecting a mobile phone and intelligent security equipment to the wifi hotspot;
s13: and logging in the APP through the mobile phone to perform arming or disarming control on the intelligent security equipment, and opening the wirehardk software to capture the pcap data packet.
3. The intelligent home security device safety judgment method based on the improved decision tree algorithm as claimed in claim 2, wherein: in the step S13, the intelligent home security equipment is selectively controlled according to the requirement in the grabbing process, and meanwhile the grabbing time is ensured to be more than 20 minutes.
4. The intelligent home security device safety judgment method based on the improved decision tree algorithm as claimed in claim 2, wherein: step S2 specifically includes the following steps:
s21: filtering out non-TCP protocol data frames in the Pcap data packet;
s22: judging whether the data bit length of data in a TCP protocol data frame is greater than 0, and filtering out data frames with the data bit length less than or equal to 0;
s23: acquiring a timestamp in the Pcap data packet, calculating the time difference of two similar frames, and filtering out data frames with unfixed time difference;
s24: and analyzing the residual data frame of the Pcap data packet, and recording the IP and the corresponding data bit data length.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711319190.3A CN108134780B (en) | 2017-12-12 | 2017-12-12 | Intelligent home security equipment safety judgment method based on improved decision tree algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711319190.3A CN108134780B (en) | 2017-12-12 | 2017-12-12 | Intelligent home security equipment safety judgment method based on improved decision tree algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108134780A CN108134780A (en) | 2018-06-08 |
| CN108134780B true CN108134780B (en) | 2021-03-16 |
Family
ID=62390116
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711319190.3A Active CN108134780B (en) | 2017-12-12 | 2017-12-12 | Intelligent home security equipment safety judgment method based on improved decision tree algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108134780B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112859620B (en) * | 2019-11-12 | 2023-05-05 | 西门子(中国)有限公司 | Security protection method, security protection device, intelligent home system and computer readable medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104811444A (en) * | 2015-04-02 | 2015-07-29 | 谢杰涛 | Secure cloud control method and system |
| CN104994076A (en) * | 2015-06-01 | 2015-10-21 | 广东电网有限责任公司信息中心 | Machine-learning-based daily access model implementation method and system |
| CN105306463A (en) * | 2015-10-13 | 2016-02-03 | 电子科技大学 | Modbus TCP intrusion detection method based on support vector machine |
| CN106792877A (en) * | 2016-12-27 | 2017-05-31 | 无锡十月中宸科技有限公司 | Information capture system and wifi camouflage methods based on wifi route signals |
| CN109104441A (en) * | 2018-10-24 | 2018-12-28 | 上海交通大学 | A kind of detection system and method for the encryption malicious traffic stream based on deep learning |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10742938B2 (en) * | 2015-03-07 | 2020-08-11 | Skybell Technologies Ip, Llc | Garage door communication systems and methods |
| KR20170082937A (en) * | 2016-01-07 | 2017-07-17 | 한국인터넷진흥원 | System for detecting abnomal behaviors using personalized the whole access period use behavior second analysis |
-
2017
- 2017-12-12 CN CN201711319190.3A patent/CN108134780B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104811444A (en) * | 2015-04-02 | 2015-07-29 | 谢杰涛 | Secure cloud control method and system |
| CN104994076A (en) * | 2015-06-01 | 2015-10-21 | 广东电网有限责任公司信息中心 | Machine-learning-based daily access model implementation method and system |
| CN105306463A (en) * | 2015-10-13 | 2016-02-03 | 电子科技大学 | Modbus TCP intrusion detection method based on support vector machine |
| CN106792877A (en) * | 2016-12-27 | 2017-05-31 | 无锡十月中宸科技有限公司 | Information capture system and wifi camouflage methods based on wifi route signals |
| CN109104441A (en) * | 2018-10-24 | 2018-12-28 | 上海交通大学 | A kind of detection system and method for the encryption malicious traffic stream based on deep learning |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108134780A (en) | 2018-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Dadkhah et al. | Towards the development of a realistic multidimensional IoT profiling dataset | |
| EP3544236B1 (en) | Method and system for training and validating machine learning algorithms in data network environments | |
| CN111277578B (en) | Encrypted flow analysis feature extraction method, system, storage medium and security device | |
| CN110247930B (en) | Encrypted network flow identification method based on deep neural network | |
| CN109104441A (en) | A kind of detection system and method for the encryption malicious traffic stream based on deep learning | |
| CN109639481A (en) | A kind of net flow assorted method, system and electronic equipment based on deep learning | |
| CN113743542B (en) | Network asset identification method and system based on encrypted flow | |
| CN112887329B (en) | Hidden service tracing method and device and electronic equipment | |
| CN111224946A (en) | TLS encrypted malicious traffic detection method and device based on supervised learning | |
| CN112217763A (en) | Hidden TLS communication flow detection method based on machine learning | |
| CN110489324A (en) | Method, apparatus that test page jumps, storage medium, electronic device | |
| CN106294219A (en) | A kind of equipment identification, data processing method, Apparatus and system | |
| CN112381119B (en) | Multi-scene classification method and system based on decentralized application encryption flow characteristics | |
| He et al. | AppFA: a novel approach to detect malicious android applications on the network | |
| Bikmukhamedov et al. | Lightweight machine learning classifiers of IoT traffic flows | |
| CN110519228B (en) | Method and system for identifying malicious cloud robot in black-production scene | |
| CN108134780B (en) | Intelligent home security equipment safety judgment method based on improved decision tree algorithm | |
| CN106572486B (en) | Handheld terminal flow identification method and system based on machine learning | |
| CN110858837B (en) | Network management and control method and device and electronic equipment | |
| Agrafiotis et al. | Image-based neural network models for malware traffic classification using pcap to picture conversion | |
| CN107360062B (en) | DPI equipment identification result verification method and system and DPI equipment | |
| CN106953874A (en) | Website falsification-proof method and device | |
| CN114422207B (en) | C & C communication flow detection method and device based on multiple modes | |
| KR20130126830A (en) | System and method for creating real-time application signiture | |
| Gonzalez-Granadillo et al. | An improved live anomaly detection system (i-lads) based on deep learning algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |