CN110365625A - Internet of Things safety detection method, device and storage medium - Google Patents
Internet of Things safety detection method, device and storage medium Download PDFInfo
- Publication number
- CN110365625A CN110365625A CN201810309531.7A CN201810309531A CN110365625A CN 110365625 A CN110365625 A CN 110365625A CN 201810309531 A CN201810309531 A CN 201810309531A CN 110365625 A CN110365625 A CN 110365625A
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- security
- safety detection
- signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Abstract
The present invention provides a kind of Internet of Things safety detection method, device and storage medium, and wherein method includes: the first signal of communication obtained in the first Internet of things system between reader and label;Reverse resolution is carried out to the first signal of communication and obtains the attribute information of the first signal of communication;Attribute information is inputted into Security Evaluation Model, obtains the security assessment result of the first Internet of Things;Safety detection report corresponding with security assessment result is exported, safety detection report includes the security risk grade of the first Internet of things system and/or the risk resolution scheme of the first Internet of things system.Internet of Things safety detection method, device and storage medium provided by the invention, the intelligence degree when safety detection to Internet of Things is improved, the security breaches of active detecting Internet of things system are capable of, attack is effectively reduced and threatens, lifting system safety, and ensure the safety of Internet of Things.
Description
Technical field
The present invention relates to internet of things field more particularly to a kind of Internet of Things security flaw detection method, device and deposit
Storage media.
Background technique
The hot spot that " all things on earth interconnection " has become current research and application, since technology of Internet of things is set what many scripts were isolated
It is standby to be connected in network, considerably increase the risk that equipment is attacked.And radio frequency identification (Radio Frequency
Identification, referred to as: RFID) as the exemplary support equipment in Internet of things system, since its is resource-constrained, communication mould
Formula is open, lacks the problems such as unified standard, even more easily by unauthorized access, the malicious attacks such as forgery.In view of Internet of Things system
System is usually used in the key areas such as industrial production and national defence monitoring, and it is serious that attack influences consequence.The safety problem of Internet of Things is
An important factor for as hindering the Internet of Things based on RFID technique further to develop.
In the prior art, since Internet of things system is related to the multiple technologies system such as embedded, network and software, safety
Demand and application environment are increasingly complex compared with conventional internet environment.The existing tool of safety analysis on the market is all based on greatly traditional interconnection
Net safe practice by the various test cases of tester's manual customization, and acquires the signal of communication in Internet of things system and people
The security breaches of work point analysis Internet of things system.
Using the prior art, the mode that tester manually customizes and analyzes is difficult quickly to detect and find in Internet of Things
Security breaches are also unable to satisfy diversified detection demand in environment of internet of things, lack to Internet of things system global safety performance
Certainty, intelligence degree when to Internet of Things safety detection is insufficient.
Summary of the invention
The present invention provides a kind of Internet of Things safety detection method, device and storage medium, improves the safety to Internet of Things
Intelligence degree when detection is capable of the security breaches of active detecting Internet of things system, effectively reduces attack and threatens, lifting system
Safety, and ensure the safety of Internet of Things.
The present invention provides a kind of Internet of Things safety detection method, comprising:
Obtain the first signal of communication in the first Internet of things system between reader and label;
Reverse resolution is carried out to first signal of communication and obtains the attribute information of first signal of communication;
The attribute information is inputted into Security Evaluation Model, obtains the security assessment result of first Internet of Things;
Safety detection report corresponding with the security assessment result is exported, the safety detection report includes described first
The risk resolution scheme of the security risk grade of Internet of things system and/or first Internet of things system.
In an embodiment of the present invention, further includes:
Obtain the test instruction of user's input;
Corresponding test cases is instructed to handle the attribute information of the first signal according to the test.
In an embodiment of the present invention, the attribute information of first signal of communication includes:
Potentially disruptive, reproducibility, utilizability, coverage, Finding possibility, attack physics cost, attack time
Cost, impact factor and success attack rate.
In an embodiment of the present invention, the Security Evaluation Model is BP neural network;
The BP neural network is input with the attribute information of first signal of communication, exports first Internet of Things
Security assessment result;Wherein, the BP neural network has learnt security evaluation knot corresponding to the attribute information of unlike signal
Fruit.
In an embodiment of the present invention, the risk resolution scheme includes:
For aerial frame using anti-replay mechanisms such as serial number management;
The data being locally stored are handled using encryption or obscuring.
In an embodiment of the present invention, the test case includes:
Dos attack, Sniffing Attack, forgery attack, authentication test, data tampering, key obtains and card clone.
The present invention provides a kind of Internet of Things safety detection device, comprising:
Module is obtained, for obtaining the first signal of communication in the first Internet of things system between reader and label;
Parsing module obtains the attribute of first signal of communication for carrying out reverse resolution to first signal of communication
Information;
Evaluation module obtains the safety of first Internet of Things for the attribute information to be inputted Security Evaluation Model
Assessment result;
Output module, for exporting safety detection report corresponding with the security assessment result, the safety detection report
Accuse includes the security risk grade of first Internet of things system and/or the risk resolution scheme of first Internet of things system.
In an embodiment of the present invention, further includes: processing module;
The acquisition module is also used to, and obtains the test instruction of user's input;
The processing module is used for, according to the test instruct corresponding test cases to the attribute information of the first signal into
Row processing.
The present invention also provides a kind of Internet of Things safety detection devices, comprising: processor;And
Memory, for storing the executable instruction of the processor;
Wherein, the processor is configured to execute any one of above-described embodiment institute by executing the executable instruction
The Internet of Things safety detection method stated.
The present invention also provides a kind of computer readable storage mediums, are stored thereon with computer program, and described program is located
Reason device realizes Internet of Things safety detection method described in any one of above-described embodiment when executing.
To sum up, the present invention provides a kind of Internet of Things safety detection method, device and storage medium, and wherein method includes: to obtain
Take the first signal of communication in the first Internet of things system between reader and label;Reverse resolution is carried out to the first signal of communication to obtain
To the attribute information of the first signal of communication;Attribute information is inputted into Security Evaluation Model, obtains the security evaluation of the first Internet of Things
As a result;Safety detection report corresponding with security assessment result is exported, safety detection report includes the peace of the first Internet of things system
The risk resolution scheme of full risk class and/or the first Internet of things system.Internet of Things safety detection method provided by the invention, dress
It sets and storage medium, improves the intelligence degree when safety detection to Internet of Things, be capable of active detecting Internet of things system
Security breaches effectively reduce attack and threaten, lifting system safety, and ensure the safety of Internet of Things.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And can be implemented in accordance with the contents of the specification, the following is a detailed description of the preferred embodiments of the present invention and the accompanying drawings.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art
To obtain other drawings based on these drawings.
Fig. 1 is the flow diagram of Internet of Things safety detection method embodiment one of the present invention;
A kind of structural schematic diagram of Fig. 2 device of Internet of Things safety detection method to realize the present invention;
A kind of operational process schematic diagram of Fig. 3 device of Internet of Things safety detection method to realize the present invention;
Fig. 4 is the Security Evaluation Model structural schematic diagram of the BP neural network of Security Evaluation Model of the present invention;
Fig. 5 is system under test (SUT) threat modeling structure of the present invention;
Fig. 6 is the structural schematic diagram of Internet of Things safety detection device embodiment one of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the disclosure will be hereinafter described in more detail.These attached drawings
It is not intended to limit the scope of this disclosure concept by any means with verbal description, but is by referring to specific embodiments
Those skilled in the art illustrate the concept of the disclosure.Technical solution of the present invention is carried out specifically with specifically embodiment below
It is bright.The following examples can be combined with each other, may be no longer superfluous in some embodiments for the same or similar concept or process
It states.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Description and claims of this specification and term " first ", " second ", " third ", " in above-mentioned attached drawing
The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage
The data that solution uses in this way are interchangeable under appropriate circumstances, so that the embodiment of the present invention described herein for example can be to remove
Sequence other than those of illustrating or describe herein is implemented.In addition, term " includes " and " having " and theirs is any
Deformation, it is intended that cover it is non-exclusive include, for example, containing the process, method of a series of steps or units, system, production
Product or equipment those of are not necessarily limited to be clearly listed step or unit, but may include be not clearly listed or for this
A little process, methods, the other step or units of product or equipment inherently.
Technical solution of the present invention is described in detail with specifically embodiment below.These specific implementations below
Example can be combined with each other, and the same or similar concept or process may be repeated no more in some embodiments.
Fig. 1 is the flow diagram of Internet of Things safety detection method embodiment one of the present invention.As shown in Figure 1, the present embodiment
The Internet of Things safety detection method of offer includes:
S101: the first signal of communication in the first Internet of things system between reader and label is obtained.
S102: reverse resolution is carried out to the first signal of communication and obtains the attribute information of the first signal of communication.
S103: inputting Security Evaluation Model for attribute information, obtains the security assessment result of the first Internet of Things.
S104: output safety detection report corresponding with security assessment result, safety detection report includes the first Internet of Things
The security risk grade of system and/or the risk resolution scheme of the first Internet of things system.
Specifically, in order to solve the prior art in Internet of Things safety detection, side that tester manually customizes and analyzes
Formula is difficult quickly to detect and find the security breaches in Internet of Things, and being also unable to satisfy diversified detection in environment of internet of things needs
It asks, lacks the certainty to Internet of things system global safety performance, intelligence degree when to the safety detection of Internet of Things is insufficient.
Internet of Things safety detection method provided in this embodiment can be by acquiring in the first Internet of things system between reader and label
The first signal of communication, and reverse resolution is carried out to it, the attribute information for the first signal of communication that reverse resolution goes out is designed real
Existing Security Evaluation Model, obtains the security assessment result of the first Internet of Things, final output safety corresponding with security assessment result
Examining report.Wherein, the first Internet of things system described in the present embodiment is merely illustrative, and the first Internet of things system can in practical application
It is formed with the label by the reader of several numbers and several numbers, reader is used to read the information of label, and label is used for
Storage information simultaneously authenticates user as transponder.It can be understood that each label in the first Internet of things system can
To be read by each reader in system.First signal of communication can be the letter of the communication between any reader and any label
Number, it is also possible to the signal of communication set in the first Internet of things system between multiple labels and multiple readers.
Optionally, Internet of Things safety detection method in the above-described embodiments further include: the test for obtaining user's input refers to
It enables;Corresponding test cases is instructed to handle the attribute information of the first signal of communication according to test.Difference can be customized
Test cases, test analysis is carried out from different demand for security angles to the first signal of communication of the first Internet of Things.And it can be with
It is also a kind of test cases that understand, which is the step S101-S104 in above-described embodiment,.
Such as: a kind of structural schematic diagram of Fig. 2 device of Internet of Things safety detection method to realize the present invention.For realizing
Above-mentioned Internet of Things safety detection method.Wherein the device includes: functional module 1: signal acquisition and analysis, is used for RFID protocol
Signal acquisition and off-line analysis;Functional module 2: safety test use-case threatens combing and dependence test routine for RFID security
It writes;Functional module 3: Security Evaluation Model, for the building of RFID security assessment models and the Realization of Simulation;Functional module 4: control
Proxy interface;Functional module 5: automatic test is realized for automatic testing process design;Functional module 1-5 constitutes to be formed
Prototype system, and test verifying is carried out safely to practical Internet of Things by actual scene test verifying.Device in the present embodiment
Internet of Things can be carried out according to experimental result according to special scenes, after the parameter using experimental data training pattern
Safety detection and risk assessment work.After i.e. above-mentioned apparatus carries out machine learning, for the safety detection of different Internet of Things
Scene obtains different security scenarios and the corresponding counte-rplan of risk class.
Specifically, the operational process schematic diagram of Fig. 3 a kind of device of Internet of Things safety detection method to realize the present invention is used
The safety detection of Internet of Things is executed in device shown in Fig. 2, as shown in figure 3, the operational process of the present embodiment includes:
(1) user starts main program by program interface.User can choose different test case groups in main program
It closes;
(2) after user starts test, proxy module can be sent by related command.Proxy module is according to test case
Different scenes, it would be possible to call the monitoring or the functions such as reader or tag analog of RFID lower computer system;
(3) if it is scene is monitored, test case can call RFID signal acquisition and off-line analysis module, to be detected
The possible frequency range of RFID system carries out sector scanning, and communication process is monitored and retained;
(4) signal monitor retain finish after, monitor module by retained data be supplied to RFID system safety from
Line analysis module is decoded analysis to data, and RFID signal can be obtained and eat dishes without rice or wine and the relevant informations such as Protocol layer data, and by its
Feed back to user security test case;
(5) user security test case evaluates this safety test use-case result according to the decoded information of return;
(6) automatic testing process runs a series of test case, obtains integrated testability by automatic test script
As a result, and feeding back to security evaluation module;
(7) integrated testability that security evaluation module is obtained according to automatic testing process is as a result, building attack threatens tree, knot
The mode for closing DREAD classification evaluation system to carry out total evaluation to system under test (SUT) safety;
(8) security evaluation schemes generation module is according to assessment result, dynamic generation assessment results report, and is Security Officer
Rationally effective security protection scheme is formulated for system under test (SUT), and foundation is provided.
Optionally, the security evaluation module in above-described embodiment is believed in S103 according to communication for executing in above-described embodiment
Number attribute information obtain the security assessment result of Internet of Things, and Security Evaluation Model therein is BP neural network.The then BP
Neural network is input with the attribute information of the first signal of communication, exports the security assessment result of the first Internet of Things, wherein BP mind
Learnt security assessment result corresponding to the attribute information of unlike signal through network, then it can be by way of machine learning
Security evaluation report corresponding with the attribute information is exported to the attribute information of the first signal of communication.
Specifically, the attribute information of signal of communication may include: for every attack path in the first Internet of Things, peace
Full property influence factor has potentially disruptive Da, reproducibility R, utilizability E, coverage A, Finding possibility Di, attacks physics
Cost Coh, attack time cost Cot, impact factor SceWith success attack rate.Then by above-mentioned attribute information input data training BP
Neural network, and split data into training set and verifying collection, wherein the label of data can be the wind obtained by analysis expert
Dangerous grade.
Table 1
Fig. 4 is the Security Evaluation Model structural schematic diagram of the BP neural network of Security Evaluation Model of the present invention.Such as Fig. 4 institute
Show, the number of nodes of BP neural network input layer is related with impact factor, then using above-mentioned 9 attribute informations as network input layer mind
Through member, i.e. input variable x1And x9.Output layer is by 3 neuron y1、y2、y3It constitutes, value is 0 or 1, (y1, y2, y3) constitute
0-1 sequence respectively represents system security level.System can be divided into safely such as 5 grades, " 000 " and represent high security,
" 001 " representative is safer, and " 010 " represents medium security, and " 011 " represents lower-security, and " 100 " represent dangerous.About
The selection of hidden layer is chosen using step-test procedure herein, successively test 2N+1,Etc. common hidden layer
Selection method finally finds out most suitable hidden layer neuron number.Wherein N represents input layer number, and M represents output layer section
Points.And it should be noted that BP neural network before being predicted, needs to utilize sample data progress learning training, training
It is broadly divided into two processes: the forward-propagating of information and the backpropagation of error.When training error stablize after, input verifying collect into
The analysis of row verifying model when error is stablized as a result, terminate.After model training is good, so that it may input test collection, then
The risk class of system output RFID system.If system risk is higher, the counte-rplan of system are provided.And optionally, this
Risk resolution scheme in embodiment can be one of below table: reset machine using serial number management etc. for aerial frame
System;The data being locally stored are handled using encryption or obscuring.It is understood that being listed in each example of the application
Other risk resolution schemes are also within the scope of protection of this application.Specifically shown in page table 1 as above.
Optionally, in the above-described embodiments, may include for example in test case: Dos attack, Sniffing Attack, forgery are attacked
It hits, authentication test, data tampering, key obtains and the attack patterns such as card clone.Specifically,
(1) dos attack-Dostest.lua, this needs that relevant device is called to read to send powerful channel noise jamming
It takes.Default returns to positive value, indicates that attack is completed;By interfering tag return signal, ceaselessly send instructions signal.Send out carrier wave, interference
The dynamic range of receiver.
(2) Sniffing Attack-snifD returns false.UHF needs manually to participate in, and c# calls software 1 to stay disk-" analysis software
2- " C# reading stay disk file.
(3) forgery attack-brutesim, the attack is by forging tag information, to cheat business card reader to read successfully;
If tag information can be read, true value is returned, false is otherwise returned.It needs that business test card reader is cooperated to carry out work
Make;
UHF reads ID, or reads memory block, needs to access code key, it is possible to default or storage region;
C# calls test software-" if ID can be read, timestamp is stamped, then monitoring file.
(4) authentication test-authtest.lua: tester sends information to tag, to obtain id information.If energy
It is enough smoothly to read, illustrate that tag for encryption, then returns to true value, otherwise returns to false.
(5) data tampering writeraw: tester forces write-in one piece of data into tag, and judging whether can be to data
Illegally be written.If can be written, and read, then returns to true value, otherwise return to false.UHF, changes ID, and storage region can
It can modification.
(6) key obtains checkkeys, and tester carries out explosion to tag using dictionary, if it is possible to smoothly obtain tag
Use key, it is successful then return to true value, otherwise return to false.
There are relevant breaking techniques using default code key or document.
(7) card clone: tester is copied to card on blank card using existing information, and possesses card function, it is successful then
True value is returned, false is otherwise returned.
Further, in the above-described embodiments, it in the embedded software system security evaluation based on threat modeling, threatens
Implementation of the model as the security test of its basic guide system under test (SUT) and assessment.This patent is theoretical using unified threat modeling
Analyze and indicate security threat that system under test (SUT) may face, and using threatening tree tentatively to describe model.It is fixed first
The relevant basic conception of adopted threat modeling and term, and used threat tree is stated and introduced, then use
The security threat that STRIDE classification method identification system under test (SUT) is faced.Later, specific threat analysis is carried out to system under test (SUT), most
The threat tree of complete system under test (SUT) threat modeling is obtained eventually.
STRIDE threat taxonomy model is a kind of modeler model for threat analysis, earliest by Microsoft propose and
It uses.STRIDE disaggregated model thinks that the analysis of security threat can be from the aspect of following six, as shown in table 2:
Table 2
STRIDE be pretend, distort, denying, information leakage, refusal service, privilege-escalation this six threat types lead-in
It is female.STRIDE is considered covering the security threat that all systems can suffer from, and is more mature security threat point
Class model.The present embodiment is sorted out using the security threat that STRIDE method is subjected to system under test (SUT), and by this six sides
Face constructs respective sub- threat tree as the node of threat modeling, ultimately forms the threat modeling of system under test (SUT).
Fig. 5 is system under test (SUT) threat modeling structure of the present invention.System under test (SUT) riskless asset as shown in Figure 5 can substantially be divided into body
Part, protected data, six classes threaten corresponding relationship such as table 3 in permission three classes, with STRIDE disaggregated model:
Table 3
Six threat major class, establish the root node of all kinds of threat trees, and according to safety from STRIDE disaggregated model
Assets table corresponding with threat obtains system under test (SUT) threat modeling and respectively threatens tree.By threatened in threat modeling tree definition it is found that by
Each threat leaf child node of examining system threat modeling is specific attack process.It is set from single leaf node to threat
The backtracking path of root node is possibility attack path present in the system under test (SUT) security threat.Can be obtained based on this by
Examining system respectively threatens the attack path of tree, and generates the safety test sequence suitable for system under test (SUT) with this.
In security test activity, it is wherein indispensable for carrying out assessment to system under test (SUT) safety according to test result
An important link.The present embodiment improves system under test (SUT) threat modeling using DREAD evaluation system, and according to system under test (SUT)
Threat modeling assesses its safety.Specifically, for the safety test of system, the work for threatening tree is established to it
It for analyzing and determining the security threat in terms of which system under test (SUT) can suffer from, and is then determining to the work of its security evaluation
These security threats are to the degree of harm to the system and the difficulty or ease utilized by attacker, to be directed to system under test (SUT) for Security Officer
It formulates rationally effective security protection scheme and provides foundation.The present embodiment will using DREAD classification evaluation system and attack at
Two kinds of appraisal procedures of sheet/probability evaluation method of failure threaten tree respectively from system under test (SUT) security threat to system in conjunction with system under test (SUT)
Set out in terms of the extent of injury and the complexity two utilized by attacker, to the security evaluation scheme of system under test (SUT) carry out analysis with
Design.
DREAD classification evaluation system is security classification system used in Microsoft, which thinks any one security threat
It can be from its potentially disruptive (Damage Potential), reproducibility (Reproducibility), utilizability
(Exploitability), this five coverage (Affected Users), Finding possibility (Discoverability) aspects
It is assessed.Each assessment aspect can be divided into 0~9 totally 10 grades herein, and the threats of 9 grades of expression evaluations is commented at this
Damage the most serious can be caused to system by estimating aspect, and the threat of 0 grade of expression evaluation can not be in terms of the assessment to system
Cause any damage.Need to particularly point out is a bit, since system under test (SUT) is free of user management part, all operations with
Operator's permission distinguishes, thus impended with DREAD classification evaluation system to system under test (SUT) assess when, for
The coverage of threat will be judged and be analyzed with the influence to user's Role Identity.Each assessment aspect is for threatening institute
Caused by damage defining standard, DREAD as described in Table 4 classifies evaluation system:
Table 4
Wherein, DREAD classifies evaluation system to analyze single threaten and providing criterion to harm to the system degree, with this
Evaluation system threatens each specific threat in tree to be assessed and (threaten each leaf node of tree) system under test (SUT), obtains its each tool
The threat weight that body threatens.Since each threat node and his father threaten node, there are subordinate relation, therefore the threat of its father node is weighed
Value mainly has child node under its command by it and determines.It is threatened in tree with the system under test (SUT) of AND/OR tree representation, father threatens node to threaten power
Value has logical relation between node under its command according to it, and there are two types of value modes.It defines weight collection S={ Da, R, E, A, Di }, wherein Da table
Show that potentially disruptive threatens weight;R indicates reproducibility weight;E indicates utilizability weight;A indicates coverage weight;Di
Indicate Finding possibility weight.If it is to have child node under its command with AND that father, which threatens node that weight is threatened to integrate to threaten weight collection as f child node,
In the state that logic is attached, father node threatens weight can be by formulaObtain: wherein have j ∈ Da,
R,E,A,Di}.I.e. in this case, it is that its all child node weight concentrates the weight that father node, which threatens weight to concentrate each weight,
Maximum value.In the case where having child node under its command and being attached with OR logic, father node threatens weight can be by formulaIt obtains.That is, in this case, it is its all child node weight that father node, which threatens each weight in weight,
Concentrate such weights sum.It can be effectively depicted in system under test (SUT) threat tree using DREAD classification evaluation system and respectively threaten section
Point still can be in this, as system under test (SUT) although there are certain subjectivities for the description to the threat degree of system itself
One effective foundation of security evaluation.
To the safety evaluation of goal systems, in addition to assess harm seriousness that the threat that it is faced may cause it
Outside, it is also necessary to assess its each complexity for threatening generation, and its comprehensive test result obtains system under test (SUT) safety jointly
Conclusion.The present embodiment will carry out the difficulty or ease journey generated to each security threat of system under test (SUT) from intrusion scene and attack two angles of probability
Degree is analyzed and is assessed.
Intrusion scene is that attacker implements the cost paid required for certain attack, including physics cost and time cost two
Class.Physics cost refers to that attacker is the material capital put into required for realizing target of attack, institute predominantly in attack process
The special hardware equipment used, such as Flash/ ferroelectricity read-write equipment, sniffer, protocal analysis equipment.For physics cost
Estimation, it is more to be related to factor, therefore for simplified model, herein for physics cost by the special hardware equipment to use
Quantity is simply estimated.Time cost refers to that attacker is to realize the target of attack estimated required time spent, it is clear that
It is longer to attack the spent time, it is believed that it is higher that it attacks difficulty.In safety test, time cost is often used to describe such as
The extremely time-consuming attacks such as password cracking, ciphertext decryption, and the attack for non-time-consuming, do not count time cost generally
It calculates.This thinking is followed, for non-time-consuming attack, time cost is considered 0;And to time-consuming attack, then according to its completion
Required theoretical time-consuming is attacked to determine its time cost.
It is threatened in tree in the system under test (SUT) described with AND/OR tree, intrusion scene is in the form of the cost weight for threatening node
In the presence of.It threatens and respectively threatens its value of the cost weight of node as threat weight in tree, have patrolling for node under its command also according to it
Connection is collected to determine the cost weight of itself.If present node has n son under its command and threatens node, intrusion scene (including physics
Cost and time cost have node attack cost under its command, in the case where having node under its command with AND logical connection, present node attack at
This meets relationshipI.e. in the case where having node under its command is AND logical connection, present node intrusion scene (packet
Include physics cost and time cost) it is to have the sum of node attack cost under its command.In the case where having node under its command with OR logical connection, when
Front nodal point intrusion scene meets relationship Co'=max (Coi).I.e. in the case where having node under its command is OR logical connection, present node
Intrusion scene (including physics and time cost) is to have maximum value in node attack cost under its command.Intrusion scene can increase attacker
Ginseng is provided when assessing threat degree of the attacker to system under test (SUT) to the difficulty that system under test (SUT) is launched a offensive, and for Security Officer
Foundation is examined, thus is one of the important indicator finally judged system under test (SUT) safety.
To sum up, Internet of Things safety detection method provided in this embodiment, improves the intelligence when safety detection to Internet of Things
Degree can be changed, be capable of the security breaches of active detecting Internet of things system, attack is effectively reduced and threaten, lifting system safety, and
Ensure the safety of Internet of Things.Internet of Things safety detection method provided in this embodiment can also threaten the attack being likely to occur
It is analyzed and determined, finds out threat loophole that may be present, finally the security performance of mainstream RFID device communication process is carried out
Comprehensive assessment.The further investigation of this project is conducive to promote the RFID security analysis test processes stream got through in Internet of Things industry
Journey ensures critical infrastructures safe and stable operation, is formed by internet of things product safety safe and reliable, based on low-risk
Analytical model, and in industry play an exemplary role.In addition, can be also China's work Internet of things system especially in intelligence manufacture system
In system the construction of RFID security Secrecy system, risk assessment, standard formulation, product development and evaluation and test etc. research and application mention
It is used for reference for preciousness.
Fig. 6 is the structural schematic diagram of Internet of Things safety detection device embodiment one of the present invention.As shown in fig. 6, object of the present invention
Networking safety detection device includes: to obtain module 601, parsing module 602, evaluation module 603 and output module 604.Wherein, it obtains
Modulus block 601 is used to obtain the first signal of communication in the first Internet of things system between reader and label;Parsing module 602 is used
The attribute information of the first signal of communication is obtained in carrying out reverse resolution to the first signal of communication;Evaluation module 603 is used for attribute
Information input Security Evaluation Model obtains the security assessment result of the first Internet of Things;Output module 604 is commented for exporting with safety
Estimate result corresponding safety detection report, safety detection report includes the security risk grade and/or the of the first Internet of things system
The risk resolution scheme of one Internet of things system.
Internet of Things safety detection device provided in this embodiment can be used for executing Internet of Things safety detection side shown in FIG. 1
Method, specific implementation and principle are identical, repeat no more.
Optionally, Internet of Things safety detection device in the above-described embodiments further includes processing module.And obtain module
It is also used to obtain the test instruction of user's input;Processing module is used to instruct corresponding test cases to the first signal according to test
Attribute information handled.
Optionally, the attribute information of the first signal of communication includes: potentially disruptive, reproducibility, utilizability, influences model
It encloses, Finding possibility, attack physics cost, attack time cost, impact factor and success attack rate.
Optionally, security threats model is BP neural network;BP neural network is with the attribute information of the first signal of communication
Input exports the security assessment result of the first Internet of Things;Wherein, BP neural network has learnt the attribute information to unlike signal
Corresponding security assessment result.
Optionally, risk resolution scheme may include: for aerial frame using anti-replay mechanisms such as serial number management;For
The data being locally stored are using encryption or obscuring processing.
Optionally, the attack pattern of test case include: Dos attack, Sniffing Attack, forgery attack, authentication test,
Data tampering, key obtain and the attack patterns such as card clone.
The Internet of Things safety detection device that there is provided in above-described embodiment is used equally for executing and provide in foregoing embodiments
Internet of Things safety detection method, specific implementation and principle are identical, repeat no more.
One embodiment of the invention also provides a kind of electronic equipment, comprising: processor;And
Memory, the executable instruction for storage processor;
Wherein, processor is configured to execute the peace of the Internet of Things in any of the above-described embodiment via executable instruction is executed
Full detection method.
One embodiment of the invention also provides a kind of Internet of Things safety detection processing equipment, comprising:
Memory, processor and computer program, the computer program store in the memory, the processor
It runs the computer program and executes Internet of Things safety detection method described in the various embodiments described above.
One embodiment of the invention also provides a kind of storage medium, comprising:
Readable storage medium storing program for executing and computer program, the computer program are stored on readable storage medium storing program for executing, the calculating
Machine program is for realizing Internet of Things safety detection method described in the various embodiments described above.
One embodiment of the invention also provides a kind of program product, which includes:
Computer program (executes instruction), which is stored in readable storage medium storing program for executing.Encoding device is extremely
A few processor can read the computer program from readable storage medium storing program for executing, at least one processor executes the computer program
So that encoding device implements the Internet of Things safety detection method that various embodiments above-mentioned provide.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above-mentioned each method embodiment can lead to
The relevant hardware of program instruction is crossed to complete.Program above-mentioned can be stored in a computer readable storage medium.The journey
When being executed, execution includes the steps that above-mentioned each method embodiment to sequence;And storage medium above-mentioned include: ROM, RAM, magnetic disk or
The various media that can store program code such as person's CD.The above described is only a preferred embodiment of the present invention, being not pair
The present invention makes any form of restriction, according to the technical essence of the invention it is to the above embodiments it is any it is simple modification,
Equivalent variations and modification, all of which are still within the scope of the technical scheme of the invention.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (10)
1. a kind of Internet of Things safety detection method characterized by comprising
Obtain the first signal of communication in the first Internet of things system between reader and label;
Reverse resolution is carried out to first signal of communication and obtains the attribute information of first signal of communication;
The attribute information is inputted into Security Evaluation Model, obtains the security assessment result of first Internet of Things;
Safety detection report corresponding with the security assessment result is exported, the safety detection report includes first Internet of Things
The risk resolution scheme of the security risk grade of net system and/or first Internet of things system.
2. the method according to claim 1, wherein further include:
Obtain the test instruction of user's input;
Corresponding test cases is instructed to handle the attribute information of the first signal of communication according to the test.
3. according to the method described in claim 2, it is characterized in that, the attribute information of first signal of communication includes:
Potentially disruptive, reproducibility, utilizability, coverage, Finding possibility, attack physics cost, attack time cost,
Impact factor and success attack rate.
4. according to the method described in claim 3, it is characterized in that, the Security Evaluation Model is BP neural network;
The BP neural network is input with the attribute information of first signal of communication, exports the safety of first Internet of Things
Assessment result;Wherein, the BP neural network has learnt security assessment result corresponding to the attribute information of unlike signal.
5. according to the method described in claim 4, it is characterized in that, the risk resolution scheme includes:
For aerial frame using anti-replay mechanisms such as serial number management;
The data being locally stored are handled using encryption or obscuring.
6. according to the described in any item methods of claim 2-5, which is characterized in that the test case includes: Dos attack, smells
Visit attack, forgery attack, authentication test, data tampering, key acquisition and card clone.
7. a kind of Internet of Things safety detection device characterized by comprising
Module is obtained, for obtaining the first signal of communication in the first Internet of things system between reader and label;
Parsing module obtains the attribute letter of first signal of communication for carrying out reverse resolution to first signal of communication
Breath;
Evaluation module obtains the security evaluation of first Internet of Things for the attribute information to be inputted Security Evaluation Model
As a result;
Output module, for exporting safety detection report corresponding with the security assessment result, the safety detection report packet
Include the security risk grade of first Internet of things system and/or the risk resolution scheme of first Internet of things system.
8. device according to claim 7, which is characterized in that further include: processing module;
The acquisition module is also used to, and obtains the test instruction of user's input;
The processing module is used for, according to the test instruct corresponding test cases to the attribute information of the first signal at
Reason.
9. a kind of Internet of Things safety detection device characterized by comprising
Processor;And
Memory, for storing the executable instruction of the processor;
Wherein, the processor is configured to require 1-6 described in any item come perform claim by executing the executable instruction
Internet of Things safety detection method.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that described program is processed
Device realizes Internet of Things safety detection method described in any one of claims 1-6 when executing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810309531.7A CN110365625B (en) | 2018-04-09 | 2018-04-09 | Internet of things security detection method and device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810309531.7A CN110365625B (en) | 2018-04-09 | 2018-04-09 | Internet of things security detection method and device and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110365625A true CN110365625A (en) | 2019-10-22 |
CN110365625B CN110365625B (en) | 2021-11-26 |
Family
ID=68213657
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810309531.7A Active CN110365625B (en) | 2018-04-09 | 2018-04-09 | Internet of things security detection method and device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110365625B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112217665A (en) * | 2020-09-27 | 2021-01-12 | 山东省计算中心(国家超级计算济南中心) | Quantitative evaluation method for receiving and transmitting performance of terminal of Internet of things |
CN113382076A (en) * | 2021-06-15 | 2021-09-10 | 中国信息通信研究院 | Internet of things terminal security threat analysis method and protection method |
CN114205272A (en) * | 2021-12-08 | 2022-03-18 | 北京恒安嘉新安全技术有限公司 | Communication security test method, device, equipment and storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101719249A (en) * | 2009-12-01 | 2010-06-02 | 青岛海信移动通信技术股份有限公司 | Mobile terminal charge/pay system and method based on FRID technology |
CN102664733A (en) * | 2012-03-19 | 2012-09-12 | 南宁汇软信息科技有限责任公司 | Safety protection method of RFID middleware |
CN102682311A (en) * | 2011-06-10 | 2012-09-19 | 中国人民解放军国防科学技术大学 | Passive radio frequency identification (RFID) secutiry authentication method based on cyclic redundancy check (CRC) code operation |
CN103595813A (en) * | 2013-11-22 | 2014-02-19 | 锦瀚智慧管网技术有限公司 | Intelligent pipe network application system and obtaining method thereof |
CN104766069A (en) * | 2015-04-21 | 2015-07-08 | 国网河南省电力公司驻马店供电公司 | Intelligent electric power safety management system based on iris algorithm |
CN105100042A (en) * | 2014-05-06 | 2015-11-25 | 塞纳克公司 | Computer system for distributed discovery of vulnerabilities in applications |
US20160227405A1 (en) * | 2007-03-16 | 2016-08-04 | Visa International Service Association | System and Method for Mobile Identity Protection for Online User Authentication |
-
2018
- 2018-04-09 CN CN201810309531.7A patent/CN110365625B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160227405A1 (en) * | 2007-03-16 | 2016-08-04 | Visa International Service Association | System and Method for Mobile Identity Protection for Online User Authentication |
CN101719249A (en) * | 2009-12-01 | 2010-06-02 | 青岛海信移动通信技术股份有限公司 | Mobile terminal charge/pay system and method based on FRID technology |
CN102682311A (en) * | 2011-06-10 | 2012-09-19 | 中国人民解放军国防科学技术大学 | Passive radio frequency identification (RFID) secutiry authentication method based on cyclic redundancy check (CRC) code operation |
CN102664733A (en) * | 2012-03-19 | 2012-09-12 | 南宁汇软信息科技有限责任公司 | Safety protection method of RFID middleware |
CN103595813A (en) * | 2013-11-22 | 2014-02-19 | 锦瀚智慧管网技术有限公司 | Intelligent pipe network application system and obtaining method thereof |
CN105100042A (en) * | 2014-05-06 | 2015-11-25 | 塞纳克公司 | Computer system for distributed discovery of vulnerabilities in applications |
CN104766069A (en) * | 2015-04-21 | 2015-07-08 | 国网河南省电力公司驻马店供电公司 | Intelligent electric power safety management system based on iris algorithm |
Non-Patent Citations (1)
Title |
---|
唐志军等: "基于隐私保护的超高频移动无线射频识别(RFID)", 《中国安全科学学报》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112217665A (en) * | 2020-09-27 | 2021-01-12 | 山东省计算中心(国家超级计算济南中心) | Quantitative evaluation method for receiving and transmitting performance of terminal of Internet of things |
CN113382076A (en) * | 2021-06-15 | 2021-09-10 | 中国信息通信研究院 | Internet of things terminal security threat analysis method and protection method |
CN114205272A (en) * | 2021-12-08 | 2022-03-18 | 北京恒安嘉新安全技术有限公司 | Communication security test method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110365625B (en) | 2021-11-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Awotunde et al. | Intrusion detection in industrial internet of things network-based on deep learning model with rule-based feature selection | |
CN108566364B (en) | Intrusion detection method based on neural network | |
Ektefa et al. | Intrusion detection using data mining techniques | |
Zhu et al. | Data mining for network intrusion detection: a comparison of alternative methods | |
CN106875078A (en) | transaction risk detection method, device and equipment | |
CN110135166A (en) | A kind of detection method and system for the attack of service logic loophole | |
Sarwar et al. | Design of an advance intrusion detection system for IoT networks | |
CN110365625A (en) | Internet of Things safety detection method, device and storage medium | |
CN116781430B (en) | Network information security system and method for gas pipe network | |
CN103136476A (en) | Mobile intelligent terminal malicious software analysis system | |
Neri | Comparing local search with respect to genetic evolution to detect intrusions in computer networks | |
Karanam et al. | Intrusion detection mechanism for large scale networks using CNN-LSTM | |
Neri | Mining TCP/IP traffic for network intrusion detection by using a distributed genetic algorithm | |
Subbulakshmi et al. | Multiple learning based classifiers using layered approach and Feature Selection for attack detection | |
Naidu et al. | An effective approach to network intrusion detection system using genetic algorithm | |
CN109951484A (en) | The test method and system attacked for machine learning product | |
Lee et al. | Toward cost-sensitive modeling for intrusion detection | |
Kidmose et al. | Correlating intrusion detection alerts on bot malware infections using neural network | |
Herrera-Semenets et al. | A framework for intrusion detection based on frequent subgraph mining | |
CN113468555A (en) | Method, system and device for identifying client access behavior | |
Neri | Traffic packet based intrusion detection: decision trees and genetic based learning evaluation | |
Manandhar | A practical approach to anomaly-based intrusion detection system by outlier mining in network traffic | |
Garri et al. | Anomaly detection in RFID systems | |
Sivasankar | The Review of Artificial Intelligence in Cyber Security | |
Corchado et al. | Testing CAB-IDS through mutations: on the identification of network scans |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |