CN113507456B - Illegal attack monitoring method for Internet of things platform - Google Patents

Illegal attack monitoring method for Internet of things platform Download PDF

Info

Publication number
CN113507456B
CN113507456B CN202110710574.8A CN202110710574A CN113507456B CN 113507456 B CN113507456 B CN 113507456B CN 202110710574 A CN202110710574 A CN 202110710574A CN 113507456 B CN113507456 B CN 113507456B
Authority
CN
China
Prior art keywords
terminal
things platform
target internet
value
uplink
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110710574.8A
Other languages
Chinese (zh)
Other versions
CN113507456A (en
Inventor
余丹
兰雨晴
王丹星
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongbiao Huian Information Technology Co Ltd
Original Assignee
Zhongbiao Huian Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongbiao Huian Information Technology Co Ltd filed Critical Zhongbiao Huian Information Technology Co Ltd
Priority to CN202110710574.8A priority Critical patent/CN113507456B/en
Publication of CN113507456A publication Critical patent/CN113507456A/en
Application granted granted Critical
Publication of CN113507456B publication Critical patent/CN113507456B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/26Flow control; Congestion control using explicit feedback to the source, e.g. choke packets
    • H04L47/266Stopping or restarting the source, e.g. X-on or X-off
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an illegal attack monitoring method for an Internet of things platform, which is used for solving the problems of high manual dependence, long time difference between danger monitoring and danger control and low system safety in the prior art. The method comprises the following steps: calculating a virus attack degree value of each terminal in a target Internet of things platform according to uplink and downlink data traffic, data calculation amount and network speed of each terminal in the target Internet of things platform; calculating the range specific gravity value of the target Internet of things platform attacked by the virus according to the virus attack degree value of each terminal; and calculating the power-on enabling control value of each terminal in the target Internet of things platform according to the virus attack degree value of each terminal in the target Internet of things platform and the virus attack range specific gravity value of the target Internet of things platform, and controlling the power-on/off of each terminal according to the power-on enabling control value and the control strategy. The method provided by the invention can monitor the illegal attack of the Internet of things platform in time and has high safety.

Description

Illegal attack monitoring method for Internet of things platform
Technical Field
The invention relates to the technical field of Internet of things, in particular to an illegal attack monitoring method for an Internet of things platform.
Background
With the development of information technology and Internet, the Internet of Things (IOT) has come to the fore, which is an extended and expanded network based on the Internet, and collects any object or process needing monitoring, connection and interaction in real time through various devices and technologies such as various information sensors, radio frequency identification technology, global positioning system, infrared sensor, laser scanner, etc., collects various required information such as sound, light, heat, electricity, mechanics, chemistry, biology, position, etc., and realizes interconnection and intercommunication of people, machines and objects at any time and any place through various possible network accesses.
The internet of things is an important field of network information technology, and the safety problem cannot be ignored at any time. Particularly, after the technology of the internet of things is generally applied, various different devices are connected to the network, once problems occur, the consequences are not reasonable, and higher requirements are put forward on the safety of the internet of things. At present, the illegal attack of the internet of things platform mainly focuses on infecting a terminal in the internet of things platform through a virus (such as a system virus, a worm virus, a trojan horse and the like), then attacking a terminal network, consuming the processing capacity of the terminal, or maliciously stealing data and the like, meanwhile, the virus is generally infectious, and when a large number of terminals in the internet of things are infected with the virus, the whole internet of things is in a paralysis state. However, since the technology of internet of things is an emerging technology in recent years, no scheme for monitoring illegal attacks particularly effectively exists at present, and monitoring is generally performed in a manual mode. Even if a system capable of automatically monitoring virus attack exists, the existing system can only record related data or send out warning information and wait for a user to process when the attack is monitored, so that the dependence on human is strong, the attack behavior may damage an internet of things platform greatly in a time interval when the virus invades to react to the user, and the system safety is low.
Disclosure of Invention
In view of this, the embodiment of the invention provides an illegal attack monitoring method for an internet of things platform, which is used for solving the problems that no especially effective illegal attack (especially virus attack) monitoring scheme for the internet of things platform exists at present, the dependence on monitoring labor is high, the time difference between danger monitoring and danger control is long, and the system security is not high. The method and the system can monitor the state of all terminals in the Internet of things platform attacked by the virus in real time, and then automatically close the corresponding terminals infected by the virus according to the state, so that the safety of the Internet of things platform can be improved.
The invention provides an illegal attack monitoring method for an Internet of things platform, which comprises the following steps:
calculating a virus attack degree value of each terminal in a target Internet of things platform according to uplink and downlink data traffic, data calculation amount and network speed of each terminal in the target Internet of things platform;
calculating the specific gravity value of the target Internet of things platform in the range attacked by the virus according to the virus attack degree value of each terminal in the target Internet of things platform;
calculating a power-on enabling control value of each terminal in the target Internet of things platform according to the virus attack degree value of each terminal in the target Internet of things platform and the virus attack range specific gravity value of the target Internet of things platform;
and controlling the power on/off of each terminal according to the power on enabling control value and the control strategy of each terminal in the target Internet of things platform.
In an optional embodiment, before the uplink and downlink data traffic, the data calculation amount, and the network speed of each terminal in the platform for internet of things according to the standard, the method further includes: detecting uplink and downlink data flow, data calculated amount and network speed of each terminal in the target Internet of things platform;
the method for calculating the virus attack degree value of each terminal in the target Internet of things platform according to the uplink and downlink data traffic, the data calculation amount and the network speed of each terminal in the target Internet of things platform comprises the following steps:
calculating a decision value of virus data encroaching an uplink and downlink data transmission channel of each terminal in the target Internet of things platform according to the uplink and downlink data traffic and the network speed of each terminal in the target Internet of things platform; calculating a judgment value of whether the data calculated amount of each terminal in the target Internet of things platform is consistent with the uplink and downlink data flow or not according to the uplink and downlink data flow and the data calculated amount of each terminal in the target Internet of things platform;
and calculating a virus attack degree value of each terminal in the target Internet of things platform according to a judgment value of the virus data invading an uplink and downlink data transmission channel of each terminal in the target Internet of things platform and a judgment value of whether the data calculation amount of each terminal in the target Internet of things platform is consistent with the uplink and downlink data traffic of the terminal.
In an optional embodiment, the calculating, according to the uplink and downlink data traffic and the network speed of each terminal in the target internet of things platform, a determination value that the virus data invades an uplink and downlink data transmission channel of each terminal in the target internet of things platform includes:
calculating a judgment value of the virus data invading an uplink and downlink data transmission channel of the ith terminal in the target Internet of things platform according to the following formula:
Figure BDA0003133564090000031
wherein p is i A judgment value representing that virus data invades an uplink and downlink data transmission channel of the ith terminal in the target Internet of things platform; q i (t) represents the network speed of the ith terminal in the target Internet of things platform, t 0 The starting time of starting to detect the uplink and downlink data flow of the ith terminal in the target Internet of things platform is shown, and T is the starting time from T 0 Duration from time to current detection time, S j,up Representing the uplink data traffic of j channels of the ith terminal in the target Internet of things platform within T time; s. the j,down Representing downlink data traffic of j channels of an ith terminal in the target internet of things platform in T time, wherein n represents the total number of the channels of the ith terminal in the target internet of things platform, and j is 1,2, 3. δ () represents a unit impulse function, and the function value is 1 when the value in parentheses is equal to 0 and 0 when the value in parentheses is not equal to 0.
In an optional embodiment, the calculating, according to the uplink and downlink data traffic and the data calculated amount of each terminal in the target internet of things platform, a determination value of whether the data calculated amount of each terminal in the target internet of things platform is consistent with the uplink and downlink data traffic thereof includes:
calculating a judgment value of whether the ith terminal data calculated amount in the target Internet of things platform is consistent with the uplink and downlink data flow according to the following formula:
Figure BDA0003133564090000032
wherein, W i A judgment value representing whether the ith terminal data calculated amount in the target Internet of things platform is consistent with the uplink and downlink data flow of the ith terminal data calculated amount; d i Representing the data calculation times of the ith terminal in the target Internet of things platform; j () is the extract function, J (S) j,up ) The total data number participating in calculation in the uplink data flow of the jth channel of the ith terminal in the target Internet of things platform in the T time is extracted; j (S) j,down ) Representing and extracting the ith terminal in the target Internet of things platformThe j th channel of (2) participates in the total number of data calculated in the downlink data flow in the T time; n represents the total number of channels of the ith terminal in the target internet of things platform, and j is 1,2, 3. a represents the quantity of uplink data required by the operation of the ith terminal in the target Internet of things platform; b represents the quantity of downlink data required by the operation of the ith terminal in the target Internet of things platform.
In an optional embodiment, the calculating a virus attack degree value of each terminal in the target internet of things platform according to a decision value of virus data invading an uplink and downlink data transmission channel of each terminal in the target internet of things platform and a decision value of whether a data calculated amount of each terminal in the target internet of things platform is consistent with an uplink and downlink data traffic thereof includes:
calculating the virus attack degree value of the ith terminal in the target Internet of things platform according to the following formula:
Figure BDA0003133564090000041
wherein λ is i Representing the virus attack degree value p of the ith terminal in the target Internet of things platform i A judgment value representing that virus data invades an uplink data channel and a downlink data channel of the ith terminal in the target Internet of things platform; w i A judgment value representing whether the data calculated amount of the ith terminal in the target Internet of things platform is consistent with the uplink and downlink data flow of the ith terminal; δ () represents a unit impulse function, and the function value is 1 when the value in parentheses is equal to 0 and 0 when the value in parentheses is not equal to 0.
In an optional embodiment, the calculating, according to the virus attack degree value of each terminal in the target internet of things platform, a range specific gravity value of the target internet of things platform under virus attack includes:
calculating the specific gravity value of the target Internet of things platform attacked by the virus according to the following formula:
Figure BDA0003133564090000042
the target internet of things platform comprises a plurality of terminals, wherein B represents a specific gravity value of the target internet of things platform in a virus attack range, m is the total number of the terminals in the target internet of things platform, and i is 1,2, 3.
In an optional embodiment, the calculating, according to the virus attack degree value of each terminal in the target internet of things platform and the virus-attacked range specific gravity value of the target internet of things platform, a power-on enabling control value of each terminal in the target internet of things platform includes:
calculating a power-on enabling control value of the ith terminal in the target Internet of things platform according to the following formula:
Figure BDA0003133564090000051
wherein I i Representing a power-on enabling control value of an ith terminal in the target Internet of things platform; u () represents a step function, and the function value is 1 when the value in the parentheses is 0 or more and 0 when the value in the parentheses is less than 0.
In an optional embodiment, the controlling the power on/off of each terminal according to the power on enable control value and the control policy of each terminal in the platform of the internet of things includes:
judging whether the power-on enabling control value of the kth terminal in the target Internet of things platform is equal to a preset value or not; wherein k is 1,2,3, …, m, and the initial value is 1;
if the power-on enabling control value of the kth terminal in the target Internet of things platform is equal to a preset value, controlling the kth terminal in the target Internet of things platform to be powered off;
if the power-on enabling control value of the kth terminal in the Internet of things platform is not equal to the preset value, controlling the kth terminal in the target Internet of things platform to be powered on;
and after controlling the power-off/power-on of the kth terminal in the target Internet of things platform, setting k to be k +1, and returning to execute the step of judging whether the power-on enabling control value of the kth terminal in the target Internet of things platform is equal to a preset value or not until k is larger than m.
According to the illegal attack monitoring method of the Internet of things platform, firstly, the virus attack degree value of each terminal is calculated according to the uplink and downlink data flow, the data calculated amount and the network speed of each terminal in the Internet of things platform, and the state of each terminal under virus attack is known; then, according to the virus attack degree value of each terminal, calculating the specific gravity value of the range of the platform of the Internet of things attacked by the virus, and knowing the range of the platform of the Internet of things attacked by the virus; and finally, calculating the power-on enabling control value of each terminal according to the virus attack degree value of the terminal and the specific gravity value of the range of the Internet of things platform attacked by the virus, so that the power-on/off processing is carried out on the terminal according to the power-on enabling control value, the terminal is fully automatically controlled after the virus attack is monitored and monitored, the artificial dependency is low, the target Internet of things can quickly react when being attacked, and the safety of the Internet of things platform is improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a method for monitoring an abnormal operation state of an internet of things platform according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for obtaining a virus attack degree value of a terminal;
fig. 3 is a flowchart of a method of controlling power on/off of terminals.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of a method for monitoring an operation abnormal state of an internet of things platform according to an embodiment of the present invention. Referring to fig. 1, the method includes the following steps S101-S104:
s101: and calculating the virus attack degree value of each terminal in the target Internet of things platform according to the uplink and downlink data traffic, the data calculated amount and the network speed of each terminal in the target Internet of things platform.
In an alternative embodiment, step S101 may be preceded by the steps of: and detecting the uplink and downlink data flow, the data calculated amount and the network speed of each terminal in the target Internet of things platform.
In this embodiment, as an alternative embodiment, as shown in fig. 2, step S101 may include steps S201 to S203:
s201: and calculating a judgment value of the virus data invading the uplink and downlink data transmission channels of each terminal in the target Internet of things platform according to the uplink and downlink data traffic and the network speed of each terminal in the target Internet of things platform.
Preferably, a judgment value of the virus data invading the uplink and downlink data transmission channel of the ith terminal in the target internet of things platform is calculated according to the following formula (1):
Figure BDA0003133564090000071
wherein p is i Platform for expressing invasion of virus data into target Internet of thingsA decision value of an uplink and downlink data transmission channel of the ith terminal; q i (t) represents the network speed of the ith terminal in the target Internet of things platform, t 0 The starting time of starting to detect the uplink and downlink data flow of the ith terminal in the target Internet of things platform is shown, and T is the starting time from T 0 Duration from time to current detection time, S j,up Representing the uplink data traffic of j channels of the ith terminal in the target Internet of things platform in T time; s j,down Representing downlink data traffic of j channels of an ith terminal in the target internet of things platform in T time, wherein n represents the total number of the channels of the ith terminal in the target internet of things platform, and j is 1,2, 3. δ () represents a unit impulse function, and the function value is 1 when the value in parentheses is equal to 0 and 0 when the value in parentheses is not equal to 0.
Obviously, assuming that the network speed of the ith terminal in the target internet of things platform is always 1Mb/s, the flow of the number of the ith terminal that can transmit should be 1Mb/s × 10s — 10Mb (i.e. 10 s) in 10s
Figure BDA0003133564090000072
) If all the channels of the ith terminal have the uplink and downlink data traffic of 10Mb in the 10s time (i.e. the data traffic of the ith terminal is 10 Mb)
Figure BDA0003133564090000073
Figure BDA0003133564090000074
Indicating that no virus invades the uplink and downlink channel of the ith terminal currently; if the virus encroaches on the channel, it shows that some of the current network speed transmitted traffic is used by virus, so this time
Figure BDA0003133564090000075
The value must be less than 10Mb, which results in fast network speed but small upstream and downstream data traffic in the ith terminal 10s, because the data transmission channel of the ith terminal is stuck due to virus encroachment.
From the formula (1) It can be seen that, for the ith terminal in the target internet of things platform, when the sum of the uplink data traffic and the downlink data traffic of all channels of the terminal in the T time is equal to the traffic of the channel in the same time period calculated according to the network speed, that is, p is i When δ (δ (0)) ═ δ (1) ═ 0, the data transmission channel of the ith terminal in the target internet of things platform is not invaded by virus data. And when the sum of the uplink data traffic and the downlink data traffic of all channels of the ith terminal in the target Internet of things platform in the T time is smaller than the traffic in the same time period calculated according to the network speed, such as p i And δ (δ (10-8)) - δ (0) -1, which indicates that virus data invade a data transmission channel of the ith terminal in the target internet of things platform.
S202: calculating a judgment value of whether the data calculated amount of each terminal in the target Internet of things platform is consistent with the uplink and downlink data flow of each terminal in the target Internet of things platform according to the uplink and downlink data flow and the data calculated amount of each terminal in the target Internet of things platform;
calculating a judgment value of whether the ith terminal data calculated amount in the target Internet of things platform is consistent with the uplink and downlink data flow according to the following formula (2):
Figure BDA0003133564090000081
wherein, W i A judgment value representing whether the ith terminal data calculated amount in the target Internet of things platform is consistent with the uplink and downlink data flow of the ith terminal data calculated amount; d i Representing the data calculation times of the ith terminal in the target Internet of things platform; d i Representing the number of times of data calculation of the ith terminal in the target internet of things platform, for example: the target internet of things platform ith terminal has a plurality of uplink channels to send data in T time, then judges which data need to be calculated through the frame head and the frame tail of the data, and judges which data need to be calculated together through the frame head and the frame tail, for example, the operation of the ith terminal is summation operation, the uplink input data is 1,2,3, 4, 5 and 6, wherein the data pass throughThe frame head and the frame tail judge that 1,2 and 3 are operated together and 4, 5 and 6 are operated together, so that the ith terminal has two platform operations, and D is calculated at the moment i =2。
In formula (2), J () is an extraction function for extracting the number of data to be calculated in data, J (S) j,up ) The total data number participating in calculation in the uplink data flow of the jth channel of the ith terminal in the target Internet of things platform in the T time is extracted; j (S) j,down ) The total data number of the j channel of the ith terminal in the target Internet of things platform participating in calculation in the downlink data traffic in the T time is extracted; n represents the total number of channels of the ith terminal in the target internet of things platform, and j is 1,2, 3. For example, if the uplink data in the jth channel T time is a string of data string 111100012222, the frame header in the data string is 1111, the frame trailer is 2222, the frame header and the frame trailer are used for data calibration, and the data really entering the target internet of things platform for calculation is 0001, the J function determines whether the data 0001 is the data entering the platform for calculation by analyzing the frame header and the frame trailer, and if so, extracts the calculation data, J (S) j,up ) 1, representing that 1 data participates in calculation in the data string of the current jth channel, if judging that the data 0001 is not the data participating in calculation in the platform, not extracting the calculation data, and enabling J (S) j,up ) And 0, indicating that the current jth channel has 0 data participating in calculation in the data string.
In the formula (2), a represents the quantity of uplink data required by the operation of the ith terminal in the target Internet of things platform for one time; and b represents the quantity of downlink data required by the operation of the ith terminal in the target Internet of things platform. For example, the ith terminal in the target internet of things platform does not necessarily output only one result when performing one operation, and although the ith terminal performs one operation, the operation formula in the terminal may be two, for example, the ith terminal performs one operation and has two formulas inside, one is a summation formula, one is a multiplication formula, and two input data are needed for performing one terminal operation, for example, the input data is inputIf the input calculated data is 1,2, after a calculation at the i-th terminal, two values, one 1+ 2-3 and one 1-2, are output, and then output via two downstream channels, where a-2 and b-2. In combination with the second formula, the uplink data is input
Figure BDA0003133564090000091
The data to be calculated is then input by a data required to be calculated each time in the terminal calculation, and the uplink data is found to be the data required to be calculated by the terminal according to the number of the uplink data
Figure BDA0003133564090000092
The times can be all calculated, and then the number D of the real calculation of the ith terminal is calculated i And comparing, if the uplink data are consistent with each other, only the uplink data participate in calculation, if the uplink data are inconsistent with each other, the virus invades, the operation times of the ith terminal are increased, the downlink data are the same, but if the uplink data do not have the virus invasion, the downlink data are absolutely not output errors.
As can be seen from the formula (2), since the value of the δ () function is either 0 or 1, the consistency W between the data calculation amount of the ith terminal and the uplink and downlink data traffic in the current target internet of things platform i Can only take on three values of 0, 1 and 2, if W is i 2 indicates that the data calculation amount of the ith terminal in the current target Internet of things platform is consistent with the uplink and downlink data flow; if W i The data calculation amount of the ith terminal in the current target Internet of things platform is consistent with the downlink data traffic, but the data calculation amount of the ith terminal in the current target Internet of things platform is inconsistent with the uplink data traffic; if W i And 0 represents that the data calculation amount of the ith terminal in the current target Internet of things platform is inconsistent with the uplink and downlink data traffic.
S203: and calculating the virus attack degree value of each terminal in the target Internet of things platform according to the judgment value of the virus data invading the uplink and downlink data transmission channels of each terminal in the target Internet of things platform and the judgment value of whether the data calculation amount of each terminal in the target Internet of things platform is consistent with the uplink and downlink data flow.
Preferably, the virus attack degree value of the ith terminal in the target internet of things platform is calculated according to the following formula (3):
Figure BDA0003133564090000101
wherein λ is i Representing the virus attack degree value p of the ith terminal in the target Internet of things platform i A decision value representing that virus data invades an uplink and downlink data channel of the ith terminal in the target Internet of things platform; w i A judgment value representing whether the data calculation amount of the ith terminal in the target Internet of things platform is consistent with the uplink and downlink data traffic of the ith terminal; δ () represents a unit impulse function, and the function value is 1 when the value in the parentheses is equal to 0 and 0 when the value in the parentheses is not equal to 0.
S102: and calculating the specific gravity value of the target Internet of things platform in the range attacked by the virus according to the virus attack degree value of each terminal in the target Internet of things platform.
Preferably, the specific gravity value of the target internet of things platform attacked by the virus is calculated according to the following formula (4):
Figure BDA0003133564090000102
the target internet of things platform comprises a plurality of terminals, wherein B represents a specific gravity value of a range of the target internet of things platform attacked by viruses, m is the total number of the terminals in the target internet of things platform, and i is 1,2, 3.
S103: and calculating the power-on enabling control value of each terminal in the target Internet of things platform according to the virus attack degree value of each terminal in the target Internet of things platform and the virus attack range specific gravity value of the target Internet of things platform.
Preferably, the power-on enabling control value of the ith terminal in the target internet of things platform is calculated according to the following formula (5):
Figure BDA0003133564090000103
in which I i Representing a power-on enabling control value of the ith terminal in the target Internet of things platform; u () represents a step function, and the function value is 1 when the value in the parentheses is 0 or more and 0 when the value in the parentheses is less than 0.
S104: and controlling the power on/off of each terminal according to the power on enabling control value and the control strategy of each terminal in the target Internet of things platform.
In an alternative embodiment, as shown in fig. 3, step S104 may include S301-S305:
s301: judging whether the power-on enabling control value of the kth terminal in the target Internet of things platform is equal to a preset value or not; wherein, k is 1,2, 3.., m, and the initial value is 1; if yes, go to step S302, otherwise go to step S303.
Wherein the preset value is 1.
According to the formula (5), when the target Internet of things platform is attacked by viruses, the specific gravity value exceeds the range
Figure BDA0003133564090000111
When k represents which terminal, it
Figure BDA0003133564090000112
Figure BDA0003133564090000113
Namely, all terminals in the target Internet of things platform need to be powered off; when the target Internet of things platform is attacked by viruses, the specific gravity value does not exceed the range
Figure BDA0003133564090000114
When is like
Figure BDA0003133564090000115
When it is, then
Figure BDA0003133564090000116
Controlling the k terminal in the target Internet of things platform to be electrified; such as
Figure BDA0003133564090000117
Controlling the k terminal in the target internet of things platform to be powered off.
S302: controlling the kth terminal in the target Internet of things platform to be powered off, and then executing the step S304;
s303: controlling the kth terminal in the target Internet of things platform to be electrified, and then executing the step S304;
s304: let k be k + 1;
s305: and judging whether k is larger than m, if so, exiting the process, and otherwise, executing the step S301.
In this embodiment, for each terminal in the target internet of things platform, the power-on enabling control value of the terminal needs to be calculated according to the method, and then it is determined whether the power-on enabling control value of each terminal is equal to 1 according to the method described in fig. 3, if so, the corresponding terminal is controlled to be powered off, and if not, the corresponding terminal is controlled to be powered on (i.e., 0).
According to the illegal attack monitoring method for the Internet of things platform, firstly, a virus attack degree value of each terminal is calculated according to uplink and downlink data flow, data calculated amount and network speed of each terminal in the Internet of things platform, and the state of each terminal under virus attack is known; then, according to the virus attack degree value of each terminal, calculating the specific gravity value of the range of the platform of the Internet of things attacked by the virus, and knowing the range of the platform of the Internet of things attacked by the virus; and finally, calculating the power-on enabling control value of each terminal according to the virus attack degree value of the terminal and the specific gravity value of the range of the Internet of things platform attacked by the virus, so that the terminal is subjected to power-on/power-off processing according to the power-on enabling control value, the target Internet of things platform can quickly react when receiving the virus attack, and the overall safety of the Internet of things platform is improved.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations. The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (2)

1. The Internet of things platform illegal attack monitoring method is characterized by comprising the following steps:
calculating a virus attack degree value of each terminal in a target Internet of things platform according to uplink and downlink data traffic, data calculation amount and network speed of each terminal in the target Internet of things platform;
calculating the specific gravity value of the target Internet of things platform in the range attacked by the virus according to the virus attack degree value of each terminal in the target Internet of things platform;
calculating a power-on enabling control value of each terminal in the target Internet of things platform according to the virus attack degree value of each terminal in the target Internet of things platform and the specific gravity value of the range of the target Internet of things platform attacked by the virus;
controlling the power on/off of each terminal according to the power on enabling control value and the control strategy of each terminal in the target Internet of things platform;
before the uplink and downlink data traffic, the data calculation amount and the network speed of each terminal in the platform of the internet of things according to the standard, the method further comprises the following steps: detecting uplink and downlink data flow, data calculated amount and network speed of each terminal in the target Internet of things platform;
the method for calculating the virus attack degree value of each terminal in the target Internet of things platform according to the uplink and downlink data traffic, the data calculation amount and the network speed of each terminal in the target Internet of things platform comprises the following steps:
calculating a decision value of virus data encroaching an uplink and downlink data transmission channel of each terminal in the target Internet of things platform according to the uplink and downlink data traffic and the network speed of each terminal in the target Internet of things platform; calculating a judgment value of whether the data calculated amount of each terminal in the target Internet of things platform is consistent with the uplink and downlink data flow of each terminal in the target Internet of things platform according to the uplink and downlink data flow and the data calculated amount of each terminal in the target Internet of things platform;
calculating a virus attack degree value of each terminal in the target Internet of things platform according to a judgment value of the virus data invading an uplink and downlink data transmission channel of each terminal in the target Internet of things platform and a judgment value of whether the data calculation amount of each terminal in the target Internet of things platform is consistent with the uplink and downlink data flow;
the calculating a judgment value of the virus data invading the uplink and downlink data transmission channels of each terminal in the target internet of things platform according to the uplink and downlink data traffic and the network speed of each terminal in the target internet of things platform comprises the following steps:
calculating a judgment value of the virus data invading an uplink and downlink data transmission channel of the ith terminal in the target Internet of things platform according to the following formula:
Figure FDA0003710817260000021
wherein p is i A judgment value representing that virus data invades an uplink and downlink data transmission channel of the ith terminal in the target Internet of things platform; q i (t) represents the network speed of the ith terminal in the target Internet of things platform, t 0 The starting time of starting to detect the uplink and downlink data flow of the ith terminal in the target Internet of things platform is shown, and T is the starting time from T 0 Duration from time to current detection time, S j,up Representing the uplink data traffic of j channels of the ith terminal in the target Internet of things platform in T time; s j,down Representing downlink data traffic of j channels of an ith terminal in the target internet of things platform in T time, wherein n represents the total number of the channels of the ith terminal in the target internet of things platform, and j is 1,2, 3. δ () represents a unit impulse function, and the function value is 1 when the value in parentheses is equal to 0 and is 0 when the value in parentheses is not equal to 0;
the method for calculating the judgment value of whether the data calculated amount of each terminal in the target internet of things platform is consistent with the uplink and downlink data traffic of each terminal in the target internet of things platform according to the uplink and downlink data traffic and the data calculated amount of each terminal in the target internet of things platform comprises the following steps:
calculating a judgment value whether the ith terminal data calculated amount in the target Internet of things platform is consistent with the uplink and downlink data flow according to the following formula:
Figure FDA0003710817260000022
wherein, W i A judgment value representing whether the ith terminal data calculated amount in the target Internet of things platform is consistent with the uplink and downlink data flow of the ith terminal data calculated amount; d i Representing the data calculation times of the ith terminal in the target Internet of things platform; j () is the extract function, J (S) j,up ) The total data number participating in calculation in the uplink data flow of the jth channel of the ith terminal in the target Internet of things platform in the T time is extracted; j (S) j,down ) The total data number of the j channel of the ith terminal in the target Internet of things platform participating in calculation in the downlink data traffic in the T time is extracted; n represents the total number of channels of the ith terminal in the target Internet of things platform, and j is 1,2, 3. a represents the quantity of uplink data required by the operation of the ith terminal in the target Internet of things platform; b represents the quantity of downlink data required by the operation of the ith terminal in the target Internet of things platform;
the calculating the virus attack degree value of each terminal in the target internet of things platform according to the judgment value of the virus data invading the uplink and downlink data transmission channel of each terminal in the target internet of things platform and the judgment value of whether the data calculation amount of each terminal in the target internet of things platform is consistent with the uplink and downlink data traffic comprises the following steps:
calculating the virus attack degree value of the ith terminal in the target Internet of things platform according to the following formula:
Figure FDA0003710817260000031
wherein λ is i Express the second in the target thing networking platformValue of degree of viral attack, p, for i terminals i A decision value representing that virus data invades an uplink and downlink data channel of the ith terminal in the target Internet of things platform; w i A judgment value representing whether the data calculation amount of the ith terminal in the target Internet of things platform is consistent with the uplink and downlink data traffic of the ith terminal; δ () represents a unit impulse function, and the function value is 1 when the value in the parentheses is equal to 0 and is 0 when the value in the parentheses is not equal to 0;
the method for calculating the range specific gravity value of the target Internet of things platform attacked by the virus according to the virus attack degree value of each terminal in the target Internet of things platform comprises the following steps:
calculating the specific gravity value of the target Internet of things platform attacked by the virus according to the following formula:
Figure FDA0003710817260000032
b represents a specific gravity value of the target Internet of things platform in a range attacked by viruses, m is the total number of terminals in the target Internet of things platform, and i is 1,2,3, … and m;
wherein, the calculating the power-on enabling control value of each terminal in the target internet of things platform according to the virus attack degree value of each terminal in the target internet of things platform and the virus-attacked range specific gravity value of the target internet of things platform comprises:
calculating a power-on enabling control value of the ith terminal in the target Internet of things platform according to the following formula:
Figure FDA0003710817260000033
wherein I i Representing a power-on enabling control value of an ith terminal in the target Internet of things platform; u () represents a step function, and the function value is 1 when the value in the parentheses is 0 or more and 0 when the value in the parentheses is less than 0.
2. The method for monitoring illegal attacks on platforms of the internet of things according to claim 1, wherein the step of controlling the power on/off of each terminal according to the power on enabling control value and the control strategy of each terminal in the platforms of the internet of things comprises the steps of:
judging whether the power-on enabling control value of the kth terminal in the target Internet of things platform is equal to a preset value or not; wherein k is 1,2,3, …, m, and the initial value is 1;
if the power-on enabling control value of the kth terminal in the target Internet of things platform is equal to a preset value, controlling the kth terminal in the target Internet of things platform to be powered off;
if the power-on enabling control value of the kth terminal in the Internet of things platform is not equal to a preset value, controlling the kth terminal in the target Internet of things platform to be powered on;
and after controlling the power-off/power-on of the kth terminal in the target Internet of things platform, setting k to be k +1, and returning to execute the step of judging whether the power-on enabling control value of the kth terminal in the target Internet of things platform is equal to a preset value or not until k is larger than m.
CN202110710574.8A 2021-06-25 2021-06-25 Illegal attack monitoring method for Internet of things platform Active CN113507456B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110710574.8A CN113507456B (en) 2021-06-25 2021-06-25 Illegal attack monitoring method for Internet of things platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110710574.8A CN113507456B (en) 2021-06-25 2021-06-25 Illegal attack monitoring method for Internet of things platform

Publications (2)

Publication Number Publication Date
CN113507456A CN113507456A (en) 2021-10-15
CN113507456B true CN113507456B (en) 2022-08-19

Family

ID=78011045

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110710574.8A Active CN113507456B (en) 2021-06-25 2021-06-25 Illegal attack monitoring method for Internet of things platform

Country Status (1)

Country Link
CN (1) CN113507456B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101621019B1 (en) * 2015-01-28 2016-05-13 한국인터넷진흥원 Method for detecting attack suspected anomal event
CN111130945A (en) * 2019-12-30 2020-05-08 江苏万佳科技开发股份有限公司 Data monitoring cloud platform and use method
CN112351010A (en) * 2020-10-27 2021-02-09 滨州学院 Network security situation sensing system and method based on local area network
CN112989350A (en) * 2021-05-07 2021-06-18 杭州海康威视数字技术股份有限公司 Method, device and system for processing malicious attack behaviors of Internet of things

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4545647B2 (en) * 2005-06-17 2010-09-15 富士通株式会社 Attack detection / protection system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101621019B1 (en) * 2015-01-28 2016-05-13 한국인터넷진흥원 Method for detecting attack suspected anomal event
CN111130945A (en) * 2019-12-30 2020-05-08 江苏万佳科技开发股份有限公司 Data monitoring cloud platform and use method
CN112351010A (en) * 2020-10-27 2021-02-09 滨州学院 Network security situation sensing system and method based on local area network
CN112989350A (en) * 2021-05-07 2021-06-18 杭州海康威视数字技术股份有限公司 Method, device and system for processing malicious attack behaviors of Internet of things

Also Published As

Publication number Publication date
CN113507456A (en) 2021-10-15

Similar Documents

Publication Publication Date Title
CN102663288B (en) Virus killing method and device thereof
KR102210627B1 (en) Method, apparatus and system for detecting malicious process behavior
CN104899513B (en) A kind of datagram detection method of industrial control system malicious data attack
CN110381041B (en) Distributed denial of service attack situation detection method and device
CN107682317B (en) method for establishing data detection model, data detection method and equipment
US11514365B2 (en) Immutable watermarking for authenticating and verifying AI-generated output
CN111970229B (en) CAN bus data anomaly detection method aiming at multiple attack modes
US20190182272A1 (en) Probing and Responding to Computer Network Security Breaches
CN111654482B (en) Abnormal flow detection method, device, equipment and medium
CN113507456B (en) Illegal attack monitoring method for Internet of things platform
JP2005523508A5 (en)
CN103139219B (en) Based on the attack detection method of the Spanning-Tree Protocol of credible switchboard
US20230196121A1 (en) Federated learning method, device, and system
CN105488394B (en) A kind of method and system that intrusion behavior identification and classification are carried out towards honey pot system
CN113452696B (en) Method and system for monitoring abnormal operation state of platform of Internet of things
CN101262373A (en) A computer network instrument location system and method
CN105138321B (en) The control method and system of terminal
CN115906184A (en) Method, device, medium and electronic equipment for controlling process to access file
CN113225356B (en) TTP-based network security threat hunting method and network equipment
KR101606090B1 (en) Apparatus and method for protecting network
KR102595383B1 (en) A hybrid anomaly detection method combining signature-based and behavior-based anomaly detection methods
CN112583635B (en) Method, device, terminal equipment and storage medium for detecting state of video networking network
CN112989336A (en) Method, device and system for detecting mining behavior of host in cloud platform
TWI814555B (en) Internet of vehicles message flow detection system and method thereof for analyzing malicious behavior
TWI823657B (en) Monitoring system and monitoring method for abnormal behavior of user equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant