CN110365625A - Internet of Things safety detection method, device and storage medium - Google Patents

Internet of Things safety detection method, device and storage medium Download PDF

Info

Publication number
CN110365625A
CN110365625A CN201810309531.7A CN201810309531A CN110365625A CN 110365625 A CN110365625 A CN 110365625A CN 201810309531 A CN201810309531 A CN 201810309531A CN 110365625 A CN110365625 A CN 110365625A
Authority
CN
China
Prior art keywords
internet
things
security
safety detection
signal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810309531.7A
Other languages
Chinese (zh)
Other versions
CN110365625B (en
Inventor
杨黎斌
刘中金
喻梁文
方喆君
张晓明
何跃鹰
张野
蔡晓妍
戴航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northwestern Polytechnical University
Northwest University of Technology
National Computer Network and Information Security Management Center
Original Assignee
Northwest University of Technology
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northwest University of Technology, National Computer Network and Information Security Management Center filed Critical Northwest University of Technology
Priority to CN201810309531.7A priority Critical patent/CN110365625B/en
Publication of CN110365625A publication Critical patent/CN110365625A/en
Application granted granted Critical
Publication of CN110365625B publication Critical patent/CN110365625B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Abstract

The present invention provides a kind of Internet of Things safety detection method, device and storage medium, and wherein method includes: the first signal of communication obtained in the first Internet of things system between reader and label;Reverse resolution is carried out to the first signal of communication and obtains the attribute information of the first signal of communication;Attribute information is inputted into Security Evaluation Model, obtains the security assessment result of the first Internet of Things;Safety detection report corresponding with security assessment result is exported, safety detection report includes the security risk grade of the first Internet of things system and/or the risk resolution scheme of the first Internet of things system.Internet of Things safety detection method, device and storage medium provided by the invention, the intelligence degree when safety detection to Internet of Things is improved, the security breaches of active detecting Internet of things system are capable of, attack is effectively reduced and threatens, lifting system safety, and ensure the safety of Internet of Things.

Description

Internet of Things safety detection method, device and storage medium
Technical field
The present invention relates to internet of things field more particularly to a kind of Internet of Things security flaw detection method, device and deposit Storage media.
Background technique
The hot spot that " all things on earth interconnection " has become current research and application, since technology of Internet of things is set what many scripts were isolated It is standby to be connected in network, considerably increase the risk that equipment is attacked.And radio frequency identification (Radio Frequency Identification, referred to as: RFID) as the exemplary support equipment in Internet of things system, since its is resource-constrained, communication mould Formula is open, lacks the problems such as unified standard, even more easily by unauthorized access, the malicious attacks such as forgery.In view of Internet of Things system System is usually used in the key areas such as industrial production and national defence monitoring, and it is serious that attack influences consequence.The safety problem of Internet of Things is An important factor for as hindering the Internet of Things based on RFID technique further to develop.
In the prior art, since Internet of things system is related to the multiple technologies system such as embedded, network and software, safety Demand and application environment are increasingly complex compared with conventional internet environment.The existing tool of safety analysis on the market is all based on greatly traditional interconnection Net safe practice by the various test cases of tester's manual customization, and acquires the signal of communication in Internet of things system and people The security breaches of work point analysis Internet of things system.
Using the prior art, the mode that tester manually customizes and analyzes is difficult quickly to detect and find in Internet of Things Security breaches are also unable to satisfy diversified detection demand in environment of internet of things, lack to Internet of things system global safety performance Certainty, intelligence degree when to Internet of Things safety detection is insufficient.
Summary of the invention
The present invention provides a kind of Internet of Things safety detection method, device and storage medium, improves the safety to Internet of Things Intelligence degree when detection is capable of the security breaches of active detecting Internet of things system, effectively reduces attack and threatens, lifting system Safety, and ensure the safety of Internet of Things.
The present invention provides a kind of Internet of Things safety detection method, comprising:
Obtain the first signal of communication in the first Internet of things system between reader and label;
Reverse resolution is carried out to first signal of communication and obtains the attribute information of first signal of communication;
The attribute information is inputted into Security Evaluation Model, obtains the security assessment result of first Internet of Things;
Safety detection report corresponding with the security assessment result is exported, the safety detection report includes described first The risk resolution scheme of the security risk grade of Internet of things system and/or first Internet of things system.
In an embodiment of the present invention, further includes:
Obtain the test instruction of user's input;
Corresponding test cases is instructed to handle the attribute information of the first signal according to the test.
In an embodiment of the present invention, the attribute information of first signal of communication includes:
Potentially disruptive, reproducibility, utilizability, coverage, Finding possibility, attack physics cost, attack time Cost, impact factor and success attack rate.
In an embodiment of the present invention, the Security Evaluation Model is BP neural network;
The BP neural network is input with the attribute information of first signal of communication, exports first Internet of Things Security assessment result;Wherein, the BP neural network has learnt security evaluation knot corresponding to the attribute information of unlike signal Fruit.
In an embodiment of the present invention, the risk resolution scheme includes:
For aerial frame using anti-replay mechanisms such as serial number management;
The data being locally stored are handled using encryption or obscuring.
In an embodiment of the present invention, the test case includes:
Dos attack, Sniffing Attack, forgery attack, authentication test, data tampering, key obtains and card clone.
The present invention provides a kind of Internet of Things safety detection device, comprising:
Module is obtained, for obtaining the first signal of communication in the first Internet of things system between reader and label;
Parsing module obtains the attribute of first signal of communication for carrying out reverse resolution to first signal of communication Information;
Evaluation module obtains the safety of first Internet of Things for the attribute information to be inputted Security Evaluation Model Assessment result;
Output module, for exporting safety detection report corresponding with the security assessment result, the safety detection report Accuse includes the security risk grade of first Internet of things system and/or the risk resolution scheme of first Internet of things system.
In an embodiment of the present invention, further includes: processing module;
The acquisition module is also used to, and obtains the test instruction of user's input;
The processing module is used for, according to the test instruct corresponding test cases to the attribute information of the first signal into Row processing.
The present invention also provides a kind of Internet of Things safety detection devices, comprising: processor;And
Memory, for storing the executable instruction of the processor;
Wherein, the processor is configured to execute any one of above-described embodiment institute by executing the executable instruction The Internet of Things safety detection method stated.
The present invention also provides a kind of computer readable storage mediums, are stored thereon with computer program, and described program is located Reason device realizes Internet of Things safety detection method described in any one of above-described embodiment when executing.
To sum up, the present invention provides a kind of Internet of Things safety detection method, device and storage medium, and wherein method includes: to obtain Take the first signal of communication in the first Internet of things system between reader and label;Reverse resolution is carried out to the first signal of communication to obtain To the attribute information of the first signal of communication;Attribute information is inputted into Security Evaluation Model, obtains the security evaluation of the first Internet of Things As a result;Safety detection report corresponding with security assessment result is exported, safety detection report includes the peace of the first Internet of things system The risk resolution scheme of full risk class and/or the first Internet of things system.Internet of Things safety detection method provided by the invention, dress It sets and storage medium, improves the intelligence degree when safety detection to Internet of Things, be capable of active detecting Internet of things system Security breaches effectively reduce attack and threaten, lifting system safety, and ensure the safety of Internet of Things.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And can be implemented in accordance with the contents of the specification, the following is a detailed description of the preferred embodiments of the present invention and the accompanying drawings.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art To obtain other drawings based on these drawings.
Fig. 1 is the flow diagram of Internet of Things safety detection method embodiment one of the present invention;
A kind of structural schematic diagram of Fig. 2 device of Internet of Things safety detection method to realize the present invention;
A kind of operational process schematic diagram of Fig. 3 device of Internet of Things safety detection method to realize the present invention;
Fig. 4 is the Security Evaluation Model structural schematic diagram of the BP neural network of Security Evaluation Model of the present invention;
Fig. 5 is system under test (SUT) threat modeling structure of the present invention;
Fig. 6 is the structural schematic diagram of Internet of Things safety detection device embodiment one of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the disclosure will be hereinafter described in more detail.These attached drawings It is not intended to limit the scope of this disclosure concept by any means with verbal description, but is by referring to specific embodiments Those skilled in the art illustrate the concept of the disclosure.Technical solution of the present invention is carried out specifically with specifically embodiment below It is bright.The following examples can be combined with each other, may be no longer superfluous in some embodiments for the same or similar concept or process It states.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Description and claims of this specification and term " first ", " second ", " third ", " in above-mentioned attached drawing The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage The data that solution uses in this way are interchangeable under appropriate circumstances, so that the embodiment of the present invention described herein for example can be to remove Sequence other than those of illustrating or describe herein is implemented.In addition, term " includes " and " having " and theirs is any Deformation, it is intended that cover it is non-exclusive include, for example, containing the process, method of a series of steps or units, system, production Product or equipment those of are not necessarily limited to be clearly listed step or unit, but may include be not clearly listed or for this A little process, methods, the other step or units of product or equipment inherently.
Technical solution of the present invention is described in detail with specifically embodiment below.These specific implementations below Example can be combined with each other, and the same or similar concept or process may be repeated no more in some embodiments.
Fig. 1 is the flow diagram of Internet of Things safety detection method embodiment one of the present invention.As shown in Figure 1, the present embodiment The Internet of Things safety detection method of offer includes:
S101: the first signal of communication in the first Internet of things system between reader and label is obtained.
S102: reverse resolution is carried out to the first signal of communication and obtains the attribute information of the first signal of communication.
S103: inputting Security Evaluation Model for attribute information, obtains the security assessment result of the first Internet of Things.
S104: output safety detection report corresponding with security assessment result, safety detection report includes the first Internet of Things The security risk grade of system and/or the risk resolution scheme of the first Internet of things system.
Specifically, in order to solve the prior art in Internet of Things safety detection, side that tester manually customizes and analyzes Formula is difficult quickly to detect and find the security breaches in Internet of Things, and being also unable to satisfy diversified detection in environment of internet of things needs It asks, lacks the certainty to Internet of things system global safety performance, intelligence degree when to the safety detection of Internet of Things is insufficient. Internet of Things safety detection method provided in this embodiment can be by acquiring in the first Internet of things system between reader and label The first signal of communication, and reverse resolution is carried out to it, the attribute information for the first signal of communication that reverse resolution goes out is designed real Existing Security Evaluation Model, obtains the security assessment result of the first Internet of Things, final output safety corresponding with security assessment result Examining report.Wherein, the first Internet of things system described in the present embodiment is merely illustrative, and the first Internet of things system can in practical application It is formed with the label by the reader of several numbers and several numbers, reader is used to read the information of label, and label is used for Storage information simultaneously authenticates user as transponder.It can be understood that each label in the first Internet of things system can To be read by each reader in system.First signal of communication can be the letter of the communication between any reader and any label Number, it is also possible to the signal of communication set in the first Internet of things system between multiple labels and multiple readers.
Optionally, Internet of Things safety detection method in the above-described embodiments further include: the test for obtaining user's input refers to It enables;Corresponding test cases is instructed to handle the attribute information of the first signal of communication according to test.Difference can be customized Test cases, test analysis is carried out from different demand for security angles to the first signal of communication of the first Internet of Things.And it can be with It is also a kind of test cases that understand, which is the step S101-S104 in above-described embodiment,.
Such as: a kind of structural schematic diagram of Fig. 2 device of Internet of Things safety detection method to realize the present invention.For realizing Above-mentioned Internet of Things safety detection method.Wherein the device includes: functional module 1: signal acquisition and analysis, is used for RFID protocol Signal acquisition and off-line analysis;Functional module 2: safety test use-case threatens combing and dependence test routine for RFID security It writes;Functional module 3: Security Evaluation Model, for the building of RFID security assessment models and the Realization of Simulation;Functional module 4: control Proxy interface;Functional module 5: automatic test is realized for automatic testing process design;Functional module 1-5 constitutes to be formed Prototype system, and test verifying is carried out safely to practical Internet of Things by actual scene test verifying.Device in the present embodiment Internet of Things can be carried out according to experimental result according to special scenes, after the parameter using experimental data training pattern Safety detection and risk assessment work.After i.e. above-mentioned apparatus carries out machine learning, for the safety detection of different Internet of Things Scene obtains different security scenarios and the corresponding counte-rplan of risk class.
Specifically, the operational process schematic diagram of Fig. 3 a kind of device of Internet of Things safety detection method to realize the present invention is used The safety detection of Internet of Things is executed in device shown in Fig. 2, as shown in figure 3, the operational process of the present embodiment includes:
(1) user starts main program by program interface.User can choose different test case groups in main program It closes;
(2) after user starts test, proxy module can be sent by related command.Proxy module is according to test case Different scenes, it would be possible to call the monitoring or the functions such as reader or tag analog of RFID lower computer system;
(3) if it is scene is monitored, test case can call RFID signal acquisition and off-line analysis module, to be detected The possible frequency range of RFID system carries out sector scanning, and communication process is monitored and retained;
(4) signal monitor retain finish after, monitor module by retained data be supplied to RFID system safety from Line analysis module is decoded analysis to data, and RFID signal can be obtained and eat dishes without rice or wine and the relevant informations such as Protocol layer data, and by its Feed back to user security test case;
(5) user security test case evaluates this safety test use-case result according to the decoded information of return;
(6) automatic testing process runs a series of test case, obtains integrated testability by automatic test script As a result, and feeding back to security evaluation module;
(7) integrated testability that security evaluation module is obtained according to automatic testing process is as a result, building attack threatens tree, knot The mode for closing DREAD classification evaluation system to carry out total evaluation to system under test (SUT) safety;
(8) security evaluation schemes generation module is according to assessment result, dynamic generation assessment results report, and is Security Officer Rationally effective security protection scheme is formulated for system under test (SUT), and foundation is provided.
Optionally, the security evaluation module in above-described embodiment is believed in S103 according to communication for executing in above-described embodiment Number attribute information obtain the security assessment result of Internet of Things, and Security Evaluation Model therein is BP neural network.The then BP Neural network is input with the attribute information of the first signal of communication, exports the security assessment result of the first Internet of Things, wherein BP mind Learnt security assessment result corresponding to the attribute information of unlike signal through network, then it can be by way of machine learning Security evaluation report corresponding with the attribute information is exported to the attribute information of the first signal of communication.
Specifically, the attribute information of signal of communication may include: for every attack path in the first Internet of Things, peace Full property influence factor has potentially disruptive Da, reproducibility R, utilizability E, coverage A, Finding possibility Di, attacks physics Cost Coh, attack time cost Cot, impact factor SceWith success attack rate.Then by above-mentioned attribute information input data training BP Neural network, and split data into training set and verifying collection, wherein the label of data can be the wind obtained by analysis expert Dangerous grade.
Table 1
Fig. 4 is the Security Evaluation Model structural schematic diagram of the BP neural network of Security Evaluation Model of the present invention.Such as Fig. 4 institute Show, the number of nodes of BP neural network input layer is related with impact factor, then using above-mentioned 9 attribute informations as network input layer mind Through member, i.e. input variable x1And x9.Output layer is by 3 neuron y1、y2、y3It constitutes, value is 0 or 1, (y1, y2, y3) constitute 0-1 sequence respectively represents system security level.System can be divided into safely such as 5 grades, " 000 " and represent high security, " 001 " representative is safer, and " 010 " represents medium security, and " 011 " represents lower-security, and " 100 " represent dangerous.About The selection of hidden layer is chosen using step-test procedure herein, successively test 2N+1,Etc. common hidden layer Selection method finally finds out most suitable hidden layer neuron number.Wherein N represents input layer number, and M represents output layer section Points.And it should be noted that BP neural network before being predicted, needs to utilize sample data progress learning training, training It is broadly divided into two processes: the forward-propagating of information and the backpropagation of error.When training error stablize after, input verifying collect into The analysis of row verifying model when error is stablized as a result, terminate.After model training is good, so that it may input test collection, then The risk class of system output RFID system.If system risk is higher, the counte-rplan of system are provided.And optionally, this Risk resolution scheme in embodiment can be one of below table: reset machine using serial number management etc. for aerial frame System;The data being locally stored are handled using encryption or obscuring.It is understood that being listed in each example of the application Other risk resolution schemes are also within the scope of protection of this application.Specifically shown in page table 1 as above.
Optionally, in the above-described embodiments, may include for example in test case: Dos attack, Sniffing Attack, forgery are attacked It hits, authentication test, data tampering, key obtains and the attack patterns such as card clone.Specifically,
(1) dos attack-Dostest.lua, this needs that relevant device is called to read to send powerful channel noise jamming It takes.Default returns to positive value, indicates that attack is completed;By interfering tag return signal, ceaselessly send instructions signal.Send out carrier wave, interference The dynamic range of receiver.
(2) Sniffing Attack-snifD returns false.UHF needs manually to participate in, and c# calls software 1 to stay disk-" analysis software 2- " C# reading stay disk file.
(3) forgery attack-brutesim, the attack is by forging tag information, to cheat business card reader to read successfully; If tag information can be read, true value is returned, false is otherwise returned.It needs that business test card reader is cooperated to carry out work Make;
UHF reads ID, or reads memory block, needs to access code key, it is possible to default or storage region;
C# calls test software-" if ID can be read, timestamp is stamped, then monitoring file.
(4) authentication test-authtest.lua: tester sends information to tag, to obtain id information.If energy It is enough smoothly to read, illustrate that tag for encryption, then returns to true value, otherwise returns to false.
(5) data tampering writeraw: tester forces write-in one piece of data into tag, and judging whether can be to data Illegally be written.If can be written, and read, then returns to true value, otherwise return to false.UHF, changes ID, and storage region can It can modification.
(6) key obtains checkkeys, and tester carries out explosion to tag using dictionary, if it is possible to smoothly obtain tag Use key, it is successful then return to true value, otherwise return to false.
There are relevant breaking techniques using default code key or document.
(7) card clone: tester is copied to card on blank card using existing information, and possesses card function, it is successful then True value is returned, false is otherwise returned.
Further, in the above-described embodiments, it in the embedded software system security evaluation based on threat modeling, threatens Implementation of the model as the security test of its basic guide system under test (SUT) and assessment.This patent is theoretical using unified threat modeling Analyze and indicate security threat that system under test (SUT) may face, and using threatening tree tentatively to describe model.It is fixed first The relevant basic conception of adopted threat modeling and term, and used threat tree is stated and introduced, then use The security threat that STRIDE classification method identification system under test (SUT) is faced.Later, specific threat analysis is carried out to system under test (SUT), most The threat tree of complete system under test (SUT) threat modeling is obtained eventually.
STRIDE threat taxonomy model is a kind of modeler model for threat analysis, earliest by Microsoft propose and It uses.STRIDE disaggregated model thinks that the analysis of security threat can be from the aspect of following six, as shown in table 2:
Table 2
STRIDE be pretend, distort, denying, information leakage, refusal service, privilege-escalation this six threat types lead-in It is female.STRIDE is considered covering the security threat that all systems can suffer from, and is more mature security threat point Class model.The present embodiment is sorted out using the security threat that STRIDE method is subjected to system under test (SUT), and by this six sides Face constructs respective sub- threat tree as the node of threat modeling, ultimately forms the threat modeling of system under test (SUT).
Fig. 5 is system under test (SUT) threat modeling structure of the present invention.System under test (SUT) riskless asset as shown in Figure 5 can substantially be divided into body Part, protected data, six classes threaten corresponding relationship such as table 3 in permission three classes, with STRIDE disaggregated model:
Table 3
Six threat major class, establish the root node of all kinds of threat trees, and according to safety from STRIDE disaggregated model Assets table corresponding with threat obtains system under test (SUT) threat modeling and respectively threatens tree.By threatened in threat modeling tree definition it is found that by Each threat leaf child node of examining system threat modeling is specific attack process.It is set from single leaf node to threat The backtracking path of root node is possibility attack path present in the system under test (SUT) security threat.Can be obtained based on this by Examining system respectively threatens the attack path of tree, and generates the safety test sequence suitable for system under test (SUT) with this.
In security test activity, it is wherein indispensable for carrying out assessment to system under test (SUT) safety according to test result An important link.The present embodiment improves system under test (SUT) threat modeling using DREAD evaluation system, and according to system under test (SUT) Threat modeling assesses its safety.Specifically, for the safety test of system, the work for threatening tree is established to it It for analyzing and determining the security threat in terms of which system under test (SUT) can suffer from, and is then determining to the work of its security evaluation These security threats are to the degree of harm to the system and the difficulty or ease utilized by attacker, to be directed to system under test (SUT) for Security Officer It formulates rationally effective security protection scheme and provides foundation.The present embodiment will using DREAD classification evaluation system and attack at Two kinds of appraisal procedures of sheet/probability evaluation method of failure threaten tree respectively from system under test (SUT) security threat to system in conjunction with system under test (SUT) Set out in terms of the extent of injury and the complexity two utilized by attacker, to the security evaluation scheme of system under test (SUT) carry out analysis with Design.
DREAD classification evaluation system is security classification system used in Microsoft, which thinks any one security threat It can be from its potentially disruptive (Damage Potential), reproducibility (Reproducibility), utilizability (Exploitability), this five coverage (Affected Users), Finding possibility (Discoverability) aspects It is assessed.Each assessment aspect can be divided into 0~9 totally 10 grades herein, and the threats of 9 grades of expression evaluations is commented at this Damage the most serious can be caused to system by estimating aspect, and the threat of 0 grade of expression evaluation can not be in terms of the assessment to system Cause any damage.Need to particularly point out is a bit, since system under test (SUT) is free of user management part, all operations with Operator's permission distinguishes, thus impended with DREAD classification evaluation system to system under test (SUT) assess when, for The coverage of threat will be judged and be analyzed with the influence to user's Role Identity.Each assessment aspect is for threatening institute Caused by damage defining standard, DREAD as described in Table 4 classifies evaluation system:
Table 4
Wherein, DREAD classifies evaluation system to analyze single threaten and providing criterion to harm to the system degree, with this Evaluation system threatens each specific threat in tree to be assessed and (threaten each leaf node of tree) system under test (SUT), obtains its each tool The threat weight that body threatens.Since each threat node and his father threaten node, there are subordinate relation, therefore the threat of its father node is weighed Value mainly has child node under its command by it and determines.It is threatened in tree with the system under test (SUT) of AND/OR tree representation, father threatens node to threaten power Value has logical relation between node under its command according to it, and there are two types of value modes.It defines weight collection S={ Da, R, E, A, Di }, wherein Da table Show that potentially disruptive threatens weight;R indicates reproducibility weight;E indicates utilizability weight;A indicates coverage weight;Di Indicate Finding possibility weight.If it is to have child node under its command with AND that father, which threatens node that weight is threatened to integrate to threaten weight collection as f child node, In the state that logic is attached, father node threatens weight can be by formulaObtain: wherein have j ∈ Da, R,E,A,Di}.I.e. in this case, it is that its all child node weight concentrates the weight that father node, which threatens weight to concentrate each weight, Maximum value.In the case where having child node under its command and being attached with OR logic, father node threatens weight can be by formulaIt obtains.That is, in this case, it is its all child node weight that father node, which threatens each weight in weight, Concentrate such weights sum.It can be effectively depicted in system under test (SUT) threat tree using DREAD classification evaluation system and respectively threaten section Point still can be in this, as system under test (SUT) although there are certain subjectivities for the description to the threat degree of system itself One effective foundation of security evaluation.
To the safety evaluation of goal systems, in addition to assess harm seriousness that the threat that it is faced may cause it Outside, it is also necessary to assess its each complexity for threatening generation, and its comprehensive test result obtains system under test (SUT) safety jointly Conclusion.The present embodiment will carry out the difficulty or ease journey generated to each security threat of system under test (SUT) from intrusion scene and attack two angles of probability Degree is analyzed and is assessed.
Intrusion scene is that attacker implements the cost paid required for certain attack, including physics cost and time cost two Class.Physics cost refers to that attacker is the material capital put into required for realizing target of attack, institute predominantly in attack process The special hardware equipment used, such as Flash/ ferroelectricity read-write equipment, sniffer, protocal analysis equipment.For physics cost Estimation, it is more to be related to factor, therefore for simplified model, herein for physics cost by the special hardware equipment to use Quantity is simply estimated.Time cost refers to that attacker is to realize the target of attack estimated required time spent, it is clear that It is longer to attack the spent time, it is believed that it is higher that it attacks difficulty.In safety test, time cost is often used to describe such as The extremely time-consuming attacks such as password cracking, ciphertext decryption, and the attack for non-time-consuming, do not count time cost generally It calculates.This thinking is followed, for non-time-consuming attack, time cost is considered 0;And to time-consuming attack, then according to its completion Required theoretical time-consuming is attacked to determine its time cost.
It is threatened in tree in the system under test (SUT) described with AND/OR tree, intrusion scene is in the form of the cost weight for threatening node In the presence of.It threatens and respectively threatens its value of the cost weight of node as threat weight in tree, have patrolling for node under its command also according to it Connection is collected to determine the cost weight of itself.If present node has n son under its command and threatens node, intrusion scene (including physics Cost and time cost have node attack cost under its command, in the case where having node under its command with AND logical connection, present node attack at This meets relationshipI.e. in the case where having node under its command is AND logical connection, present node intrusion scene (packet Include physics cost and time cost) it is to have the sum of node attack cost under its command.In the case where having node under its command with OR logical connection, when Front nodal point intrusion scene meets relationship Co'=max (Coi).I.e. in the case where having node under its command is OR logical connection, present node Intrusion scene (including physics and time cost) is to have maximum value in node attack cost under its command.Intrusion scene can increase attacker Ginseng is provided when assessing threat degree of the attacker to system under test (SUT) to the difficulty that system under test (SUT) is launched a offensive, and for Security Officer Foundation is examined, thus is one of the important indicator finally judged system under test (SUT) safety.
To sum up, Internet of Things safety detection method provided in this embodiment, improves the intelligence when safety detection to Internet of Things Degree can be changed, be capable of the security breaches of active detecting Internet of things system, attack is effectively reduced and threaten, lifting system safety, and Ensure the safety of Internet of Things.Internet of Things safety detection method provided in this embodiment can also threaten the attack being likely to occur It is analyzed and determined, finds out threat loophole that may be present, finally the security performance of mainstream RFID device communication process is carried out Comprehensive assessment.The further investigation of this project is conducive to promote the RFID security analysis test processes stream got through in Internet of Things industry Journey ensures critical infrastructures safe and stable operation, is formed by internet of things product safety safe and reliable, based on low-risk Analytical model, and in industry play an exemplary role.In addition, can be also China's work Internet of things system especially in intelligence manufacture system In system the construction of RFID security Secrecy system, risk assessment, standard formulation, product development and evaluation and test etc. research and application mention It is used for reference for preciousness.
Fig. 6 is the structural schematic diagram of Internet of Things safety detection device embodiment one of the present invention.As shown in fig. 6, object of the present invention Networking safety detection device includes: to obtain module 601, parsing module 602, evaluation module 603 and output module 604.Wherein, it obtains Modulus block 601 is used to obtain the first signal of communication in the first Internet of things system between reader and label;Parsing module 602 is used The attribute information of the first signal of communication is obtained in carrying out reverse resolution to the first signal of communication;Evaluation module 603 is used for attribute Information input Security Evaluation Model obtains the security assessment result of the first Internet of Things;Output module 604 is commented for exporting with safety Estimate result corresponding safety detection report, safety detection report includes the security risk grade and/or the of the first Internet of things system The risk resolution scheme of one Internet of things system.
Internet of Things safety detection device provided in this embodiment can be used for executing Internet of Things safety detection side shown in FIG. 1 Method, specific implementation and principle are identical, repeat no more.
Optionally, Internet of Things safety detection device in the above-described embodiments further includes processing module.And obtain module It is also used to obtain the test instruction of user's input;Processing module is used to instruct corresponding test cases to the first signal according to test Attribute information handled.
Optionally, the attribute information of the first signal of communication includes: potentially disruptive, reproducibility, utilizability, influences model It encloses, Finding possibility, attack physics cost, attack time cost, impact factor and success attack rate.
Optionally, security threats model is BP neural network;BP neural network is with the attribute information of the first signal of communication Input exports the security assessment result of the first Internet of Things;Wherein, BP neural network has learnt the attribute information to unlike signal Corresponding security assessment result.
Optionally, risk resolution scheme may include: for aerial frame using anti-replay mechanisms such as serial number management;For The data being locally stored are using encryption or obscuring processing.
Optionally, the attack pattern of test case include: Dos attack, Sniffing Attack, forgery attack, authentication test, Data tampering, key obtain and the attack patterns such as card clone.
The Internet of Things safety detection device that there is provided in above-described embodiment is used equally for executing and provide in foregoing embodiments Internet of Things safety detection method, specific implementation and principle are identical, repeat no more.
One embodiment of the invention also provides a kind of electronic equipment, comprising: processor;And
Memory, the executable instruction for storage processor;
Wherein, processor is configured to execute the peace of the Internet of Things in any of the above-described embodiment via executable instruction is executed Full detection method.
One embodiment of the invention also provides a kind of Internet of Things safety detection processing equipment, comprising:
Memory, processor and computer program, the computer program store in the memory, the processor It runs the computer program and executes Internet of Things safety detection method described in the various embodiments described above.
One embodiment of the invention also provides a kind of storage medium, comprising:
Readable storage medium storing program for executing and computer program, the computer program are stored on readable storage medium storing program for executing, the calculating Machine program is for realizing Internet of Things safety detection method described in the various embodiments described above.
One embodiment of the invention also provides a kind of program product, which includes:
Computer program (executes instruction), which is stored in readable storage medium storing program for executing.Encoding device is extremely A few processor can read the computer program from readable storage medium storing program for executing, at least one processor executes the computer program So that encoding device implements the Internet of Things safety detection method that various embodiments above-mentioned provide.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above-mentioned each method embodiment can lead to The relevant hardware of program instruction is crossed to complete.Program above-mentioned can be stored in a computer readable storage medium.The journey When being executed, execution includes the steps that above-mentioned each method embodiment to sequence;And storage medium above-mentioned include: ROM, RAM, magnetic disk or The various media that can store program code such as person's CD.The above described is only a preferred embodiment of the present invention, being not pair The present invention makes any form of restriction, according to the technical essence of the invention it is to the above embodiments it is any it is simple modification, Equivalent variations and modification, all of which are still within the scope of the technical scheme of the invention.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme.

Claims (10)

1. a kind of Internet of Things safety detection method characterized by comprising
Obtain the first signal of communication in the first Internet of things system between reader and label;
Reverse resolution is carried out to first signal of communication and obtains the attribute information of first signal of communication;
The attribute information is inputted into Security Evaluation Model, obtains the security assessment result of first Internet of Things;
Safety detection report corresponding with the security assessment result is exported, the safety detection report includes first Internet of Things The risk resolution scheme of the security risk grade of net system and/or first Internet of things system.
2. the method according to claim 1, wherein further include:
Obtain the test instruction of user's input;
Corresponding test cases is instructed to handle the attribute information of the first signal of communication according to the test.
3. according to the method described in claim 2, it is characterized in that, the attribute information of first signal of communication includes:
Potentially disruptive, reproducibility, utilizability, coverage, Finding possibility, attack physics cost, attack time cost, Impact factor and success attack rate.
4. according to the method described in claim 3, it is characterized in that, the Security Evaluation Model is BP neural network;
The BP neural network is input with the attribute information of first signal of communication, exports the safety of first Internet of Things Assessment result;Wherein, the BP neural network has learnt security assessment result corresponding to the attribute information of unlike signal.
5. according to the method described in claim 4, it is characterized in that, the risk resolution scheme includes:
For aerial frame using anti-replay mechanisms such as serial number management;
The data being locally stored are handled using encryption or obscuring.
6. according to the described in any item methods of claim 2-5, which is characterized in that the test case includes: Dos attack, smells Visit attack, forgery attack, authentication test, data tampering, key acquisition and card clone.
7. a kind of Internet of Things safety detection device characterized by comprising
Module is obtained, for obtaining the first signal of communication in the first Internet of things system between reader and label;
Parsing module obtains the attribute letter of first signal of communication for carrying out reverse resolution to first signal of communication Breath;
Evaluation module obtains the security evaluation of first Internet of Things for the attribute information to be inputted Security Evaluation Model As a result;
Output module, for exporting safety detection report corresponding with the security assessment result, the safety detection report packet Include the security risk grade of first Internet of things system and/or the risk resolution scheme of first Internet of things system.
8. device according to claim 7, which is characterized in that further include: processing module;
The acquisition module is also used to, and obtains the test instruction of user's input;
The processing module is used for, according to the test instruct corresponding test cases to the attribute information of the first signal at Reason.
9. a kind of Internet of Things safety detection device characterized by comprising
Processor;And
Memory, for storing the executable instruction of the processor;
Wherein, the processor is configured to require 1-6 described in any item come perform claim by executing the executable instruction Internet of Things safety detection method.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that described program is processed Device realizes Internet of Things safety detection method described in any one of claims 1-6 when executing.
CN201810309531.7A 2018-04-09 2018-04-09 Internet of things security detection method and device and storage medium Active CN110365625B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810309531.7A CN110365625B (en) 2018-04-09 2018-04-09 Internet of things security detection method and device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810309531.7A CN110365625B (en) 2018-04-09 2018-04-09 Internet of things security detection method and device and storage medium

Publications (2)

Publication Number Publication Date
CN110365625A true CN110365625A (en) 2019-10-22
CN110365625B CN110365625B (en) 2021-11-26

Family

ID=68213657

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810309531.7A Active CN110365625B (en) 2018-04-09 2018-04-09 Internet of things security detection method and device and storage medium

Country Status (1)

Country Link
CN (1) CN110365625B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112217665A (en) * 2020-09-27 2021-01-12 山东省计算中心(国家超级计算济南中心) Quantitative evaluation method for receiving and transmitting performance of terminal of Internet of things
CN113382076A (en) * 2021-06-15 2021-09-10 中国信息通信研究院 Internet of things terminal security threat analysis method and protection method
CN114205272A (en) * 2021-12-08 2022-03-18 北京恒安嘉新安全技术有限公司 Communication security test method, device, equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719249A (en) * 2009-12-01 2010-06-02 青岛海信移动通信技术股份有限公司 Mobile terminal charge/pay system and method based on FRID technology
CN102664733A (en) * 2012-03-19 2012-09-12 南宁汇软信息科技有限责任公司 Safety protection method of RFID middleware
CN102682311A (en) * 2011-06-10 2012-09-19 中国人民解放军国防科学技术大学 Passive radio frequency identification (RFID) secutiry authentication method based on cyclic redundancy check (CRC) code operation
CN103595813A (en) * 2013-11-22 2014-02-19 锦瀚智慧管网技术有限公司 Intelligent pipe network application system and obtaining method thereof
CN104766069A (en) * 2015-04-21 2015-07-08 国网河南省电力公司驻马店供电公司 Intelligent electric power safety management system based on iris algorithm
CN105100042A (en) * 2014-05-06 2015-11-25 塞纳克公司 Computer system for distributed discovery of vulnerabilities in applications
US20160227405A1 (en) * 2007-03-16 2016-08-04 Visa International Service Association System and Method for Mobile Identity Protection for Online User Authentication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160227405A1 (en) * 2007-03-16 2016-08-04 Visa International Service Association System and Method for Mobile Identity Protection for Online User Authentication
CN101719249A (en) * 2009-12-01 2010-06-02 青岛海信移动通信技术股份有限公司 Mobile terminal charge/pay system and method based on FRID technology
CN102682311A (en) * 2011-06-10 2012-09-19 中国人民解放军国防科学技术大学 Passive radio frequency identification (RFID) secutiry authentication method based on cyclic redundancy check (CRC) code operation
CN102664733A (en) * 2012-03-19 2012-09-12 南宁汇软信息科技有限责任公司 Safety protection method of RFID middleware
CN103595813A (en) * 2013-11-22 2014-02-19 锦瀚智慧管网技术有限公司 Intelligent pipe network application system and obtaining method thereof
CN105100042A (en) * 2014-05-06 2015-11-25 塞纳克公司 Computer system for distributed discovery of vulnerabilities in applications
CN104766069A (en) * 2015-04-21 2015-07-08 国网河南省电力公司驻马店供电公司 Intelligent electric power safety management system based on iris algorithm

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
唐志军等: "基于隐私保护的超高频移动无线射频识别(RFID)", 《中国安全科学学报》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112217665A (en) * 2020-09-27 2021-01-12 山东省计算中心(国家超级计算济南中心) Quantitative evaluation method for receiving and transmitting performance of terminal of Internet of things
CN113382076A (en) * 2021-06-15 2021-09-10 中国信息通信研究院 Internet of things terminal security threat analysis method and protection method
CN114205272A (en) * 2021-12-08 2022-03-18 北京恒安嘉新安全技术有限公司 Communication security test method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN110365625B (en) 2021-11-26

Similar Documents

Publication Publication Date Title
Awotunde et al. Intrusion detection in industrial internet of things network-based on deep learning model with rule-based feature selection
CN108566364B (en) Intrusion detection method based on neural network
Ektefa et al. Intrusion detection using data mining techniques
Zhu et al. Data mining for network intrusion detection: a comparison of alternative methods
CN106875078A (en) transaction risk detection method, device and equipment
CN110135166A (en) A kind of detection method and system for the attack of service logic loophole
Sarwar et al. Design of an advance intrusion detection system for IoT networks
CN110365625A (en) Internet of Things safety detection method, device and storage medium
CN116781430B (en) Network information security system and method for gas pipe network
CN103136476A (en) Mobile intelligent terminal malicious software analysis system
Neri Comparing local search with respect to genetic evolution to detect intrusions in computer networks
Karanam et al. Intrusion detection mechanism for large scale networks using CNN-LSTM
Neri Mining TCP/IP traffic for network intrusion detection by using a distributed genetic algorithm
Subbulakshmi et al. Multiple learning based classifiers using layered approach and Feature Selection for attack detection
Naidu et al. An effective approach to network intrusion detection system using genetic algorithm
CN109951484A (en) The test method and system attacked for machine learning product
Lee et al. Toward cost-sensitive modeling for intrusion detection
Kidmose et al. Correlating intrusion detection alerts on bot malware infections using neural network
Herrera-Semenets et al. A framework for intrusion detection based on frequent subgraph mining
CN113468555A (en) Method, system and device for identifying client access behavior
Neri Traffic packet based intrusion detection: decision trees and genetic based learning evaluation
Manandhar A practical approach to anomaly-based intrusion detection system by outlier mining in network traffic
Garri et al. Anomaly detection in RFID systems
Sivasankar The Review of Artificial Intelligence in Cyber Security
Corchado et al. Testing CAB-IDS through mutations: on the identification of network scans

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant