CN113596819A

CN113596819A - Network detection method, related device, equipment and storage medium

Info

Publication number: CN113596819A
Application number: CN202110048551.5A
Authority: CN
Inventors: 李宇翔; 伍惠宇
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2021-01-14
Filing date: 2021-01-14
Publication date: 2021-11-02

Abstract

The application discloses a network detection method applied to the technical field of cloud security, which is accessed to a long-distance wide area network LoRaWAN to be detected; acquiring test data aiming at LoRaWAN to be detected, wherein the test data comprises at least one of sensing network data and Ethernet data, the sensing network data comprises data of LoRaWAN node equipment and data of LoRaWAN gateway equipment, and the Ethernet data comprises data of LoRaWAN gateway equipment and data of a network server; and sending the test data to a server so that the server performs characteristic analysis on the test data to generate a network detection result aiming at the LoRaWAN to be detected, wherein the network detection result represents a detection result of network security. The embodiment of the application provides a relevant device, equipment and storage medium, and from the perspective of the whole network architecture, the key components in LoRaWAN are automatically detected, so that the risk caused by lack of safety experience or insufficient safety consciousness of project deployment personnel is compensated, and the reliability of LoRaWAN deployment is improved.

Description

Network detection method, related device, equipment and storage medium

Technical Field

The present application relates to the field of cloud security technologies, and in particular, to a network detection method, a related apparatus, a device, and a storage medium.

Background

With the introduction of new infrastructure concepts, more and more scenes are networked through internet of things communication, such as smart cities, smart industries, and smart agriculture. In these smart scenarios, the main communication technology is low-power wide-area network (LPWAN), and long distance (LoRa) is one of the most popular LPWAN technical solutions, and has the characteristics of low power consumption and long communication distance.

At present, the industry mainly focuses on protocol specification defects in security research on long range wide-area networks (LoRaWAN), i.e., some security implementation standards are provided for project deployment personnel, and further, the project deployment personnel are restricted from deploying LoRaWAN.

However, deployment of the LoRaWAN based on the security implementation standard depends on the security awareness of project deployment personnel, and the security awareness is a subjective concept, and the deployment situation of the LoRaWAN cannot be objectively evaluated.

Disclosure of Invention

The embodiment of the application provides a network detection method, a related device, equipment and a storage medium, and from the perspective of the whole network architecture, the method and the equipment automatically detect key components in LoRaWAN, make up for risks caused by lack of safety experience or insufficient safety consciousness of project deployment personnel, and accordingly improve the reliability of LoRaWAN deployment.

In view of the above, an aspect of the present application provides a method for network detection, including:

the method comprises the steps that the LoRaWAN is accessed to a long-distance wide area network to be detected, wherein the LoRaWAN to be detected is a communication network among LoRaWAN node equipment, LoRaWAN gateway equipment and a network server;

acquiring test data aiming at LoRaWAN to be detected, wherein the test data comprises at least one of sensing network data and Ethernet data, the sensing network data comprises data of LoRaWAN node equipment and data of LoRaWAN gateway equipment, and the Ethernet data comprises data of LoRaWAN gateway equipment and data of a network server;

and sending the test data to a server so that the server performs characteristic analysis on the test data to generate a network detection result aiming at the LoRaWAN to be detected, wherein the network detection result represents a detection result of network security.

Another aspect of the present application provides a network detection method, including:

when the terminal equipment is accessed to a long-distance wide area network LoRaWAN to be detected, receiving test data which are sent by the terminal equipment and aim at the LoRaWAN to be detected, wherein the LoRaWAN to be detected is a communication network among LoRaWAN node equipment, LoRaWAN gateway equipment and a network server, the test data comprise at least one of sensing network data and Ethernet network data, the sensing network data comprise data of the LoRaWAN node equipment and data of the LoRaWAN gateway equipment, and the Ethernet network data comprise data of the LoRaWAN gateway equipment and data of the network server;

and performing characteristic analysis on the test data to generate a network detection result aiming at the LoRaWAN to be detected, wherein the network detection result represents a detection result of network security.

Another aspect of the present application provides a network detection apparatus, including:

the system comprises an access module and a detection module, wherein the access module is used for accessing to a long-distance wide area network LoRaWAN to be detected, and the LoRaWAN to be detected is a communication network among LoRaWAN node equipment, LoRaWAN gateway equipment and a network server;

the acquisition module is used for acquiring test data aiming at the LoRaWAN to be detected, wherein the test data comprises at least one of sensing network data and Ethernet data, the sensing network data comprises data of LoRaWAN node equipment and data of LoRaWAN gateway equipment, and the Ethernet data comprises data of the LoRaWAN gateway equipment and data of a network server;

and the sending module is used for sending the test data to the server so that the server performs characteristic analysis on the test data to generate a network detection result aiming at the LoRaWAN to be detected, wherein the network detection result represents a detection result of network security.

In one possible design, in another implementation of another aspect of an embodiment of the present application,

the acquisition module is specifically used for acquiring Ethernet data if the LoRaWAN to be detected is accessed to the Ethernet;

if the LoRaWAN to be detected is accessed to a sensing network included in the LoRaWAN to be detected, acquiring sensing network data;

and if the LoRaWAN to be detected is accessed to the Ethernet and the sensing network, acquiring Ethernet data and sensing network data.

the acquisition module is specifically used for acquiring the network state of the LoRaWAN to be detected as test data when the equipment to be detected is in a starting network access state or a normal operation state, wherein the equipment to be detected is at least one of LoRaWAN node equipment, LoRaWAN gateway equipment and a network server.

In one possible design, in another implementation of another aspect of an embodiment of the present application, the test data includes sensor network data;

the acquisition module is specifically configured to acquire sensing network data of the LoRaWAN to be detected when the LoRaWAN node device is in a power-on network access state or a normal operation state, where the sensing network data includes at least one of a key negotiation data packet of the LoRaWAN node device and key encryption data.

the acquisition module is specifically used for generating a data packet corresponding to the target attack type;

sending a data packet corresponding to the target attack type to equipment to be detected in the LoRaWAN to be detected so that the equipment to be detected generates feedback data according to the data packet corresponding to the target attack type;

and receiving the feedback data as test data.

the acquisition module is specifically used for generating a data packet aiming at a public vulnerability and an exposed CVE type;

and sending a data packet for the CVE type to LoRaWAN node equipment in the LoRaWAN to be detected so that the LoRaWAN node equipment generates feedback data according to the data packet for the CVE type.

In one possible design, in another implementation of another aspect of the embodiments of the present application, the test data includes sensor network data or ethernet network data;

the acquisition module is specifically used for generating a data packet aiming at the dangerous port vulnerability;

or, generating a data packet for gateway authentication access;

if the data packet aiming at the dangerous port vulnerability is generated, the data packet aiming at the dangerous port vulnerability is sent to LoRaWAN gateway equipment in the LoRaWAN to be detected, so that the equipment to be detected generates feedback data according to the data packet aiming at the dangerous port vulnerability;

and if the data packet aiming at the gateway authentication access is generated, sending the data packet aiming at the gateway authentication access to LoRaWAN gateway equipment in the LoRaWAN to be detected so that the equipment to be detected generates feedback data according to the data packet aiming at the gateway authentication access.

In one possible design, in another implementation of another aspect of an embodiment of the present application, the test data includes ethernet data;

the acquisition module is specifically used for generating a data packet authorized to be accessed by a communication protocol;

or generating a data packet for Remote Procedure Call (RPC) authorized access;

or generating a data packet for password login;

or, generating a data packet for authorized access to the database;

if a data packet authorized to be accessed by the communication protocol is generated, the data packet authorized to be accessed by the communication protocol is sent to a network server in the LoRaWAN to be detected, so that the equipment to be detected generates feedback data according to the data packet authorized to be accessed by the communication protocol;

if a data packet for RPC authorized access is generated, sending the data packet for RPC authorized access to a network server in the LoRaWAN to be detected, so that the equipment to be detected generates feedback data according to the data packet for RPC authorized access;

if a data packet aiming at password login is generated, sending the data packet aiming at password login to a network server in the LoRaWAN to be detected so that the equipment to be detected generates feedback data according to the data packet aiming at password login;

and if the data packet for the authorized access of the database is generated, sending the data packet for the authorized access of the database to a network server in the LoRaWAN to be detected, so that the device to be detected generates feedback data according to the data packet for the authorized access of the database.

the receiving module is used for receiving test data which are sent by the terminal equipment and aim at the LoRaWAN to be detected when the terminal equipment is accessed to the LoRaWAN to be detected, wherein the LoRaWAN to be detected is a communication network among the LoRaWAN node equipment, the LoRaWAN gateway equipment and a network server, the test data comprise at least one of sensing network data and Ethernet network data, the sensing network data comprise data of the LoRaWAN node equipment and data of the LoRaWAN gateway equipment, and the Ethernet network data comprise data of the LoRaWAN gateway equipment and data of the network server;

and the generating module is used for performing characteristic analysis on the test data to generate a network detection result aiming at the LoRaWAN to be detected, wherein the network detection result represents a detection result of network security.

the LoRaWAN node equipment comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving sensing network data of the LoRaWAN to be detected, which is sent by the terminal equipment, when the LoRaWAN node equipment is in a starting-up network access state or a normal operation state, and the sensing network data comprises at least one of a key negotiation data message and key encryption data of the LoRaWAN node equipment;

and the generating module is specifically used for performing characteristic analysis on at least one of the key agreement data message and the key encryption data to generate a network detection result aiming at LoRaWAN node equipment in the LoRaWAN to be detected.

In one possible design, in another implementation of another aspect of the embodiments of the present application, the test data includes sensor network data and ethernet network data;

the receiving module is specifically used for receiving test data which are sent by the terminal equipment and correspond to public loopholes and exposed CVE types, dangerous port loopholes, gateway authentication access, communication protocol authorization access, Remote Procedure Call (RPC) authorization access, password login and database authorization access in the LoRaWAN to be detected;

and the generation module is specifically used for generating network detection results aiming at LoRaWAN node equipment, LoRaWAN gateway equipment and a network server in the LoRaWAN to be detected according to test data corresponding to the CVE type, the loophole of the dangerous port, gateway authentication access, communication protocol authorization access, RPC authorization access, password login and database authorization access.

Another aspect of the present application provides a terminal device, including: a memory, a processor, and a bus system;

wherein, the memory is used for storing programs;

a processor for executing the program in the memory, the processor for performing the above-described aspects of the method according to instructions in the program code;

the bus system is used for connecting the memory and the processor so as to enable the memory and the processor to communicate.

Another aspect of the present application provides a server, including: a memory, a processor, and a bus system;

wherein, the memory is used for storing programs;

Another aspect of the present application provides a computer-readable storage medium having stored therein instructions, which when executed on a computer, cause the computer to perform the method of the above-described aspects.

In another aspect of the application, a computer program product or computer program is provided, the computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the method provided by the above aspects.

According to the technical scheme, the embodiment of the application has the following advantages:

in the embodiment of the application, a network detection method is provided, and the method includes that first, a terminal device is accessed to a LoRaWAN to be detected, then test data aiming at the LoRaWAN to be detected is obtained, the test data comprises at least one of sensing network data and Ethernet network data, finally, the terminal device sends the test data to a server, and the server performs characteristic analysis on the test data to generate a network detection result aiming at the LoRaWAN to be detected. Through the mode, the LoRaWAN node equipment, the LoRaWAN gateway equipment and the network server are detected based on the sensing network data and the Ethernet data, namely, from the perspective of the whole network architecture, the key components in the LoRaWAN are automatically detected, the risk caused by lack of safety experience or insufficient safety consciousness of project deployment personnel is made up, and therefore the reliability of LoRaWAN deployment is improved.

Drawings

Fig. 1 is a schematic diagram of a network architecture of a LoRaWAN in an embodiment of the present application;

FIG. 2 is a schematic diagram of a network architecture of a network detection system according to an embodiment of the present application;

FIG. 3 is a schematic diagram of an embodiment of a network detection method in an embodiment of the present application;

FIG. 4 is a schematic view of a workflow of a terminal test end in an embodiment of the present application;

fig. 5 is a schematic diagram of network access of a LoRaWAN node device based on over-the-air activation according to an embodiment of the present application;

FIG. 6 is a schematic diagram of an interface showing network detection results in an embodiment of the present application;

fig. 7 is a schematic diagram of another embodiment of a network detection method in the embodiment of the present application;

fig. 8 is a schematic diagram of a framework for cloud analytics feedback in an embodiment of the present application;

FIG. 9 is a schematic diagram of an embodiment of a network detection apparatus in an embodiment of the present application;

fig. 10 is a schematic diagram of another embodiment of a network detection device in the embodiment of the present application;

fig. 11 is a schematic structural diagram of a terminal device in an embodiment of the present application;

fig. 12 is a schematic structural diagram of a server in an embodiment of the present application.

Detailed Description

The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "corresponding" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

With the rapid development of the internet of things technology, the scale and the application of the internet of things technology are wider, more and more control points are accessed, and the use of a long-distance wide-area network (LoRaWAN) becomes a trend. LoRaWAN is a set of communication protocol and system architecture designed for long-distance (LoRa) communication network, and LoRa is one of the most mainstream low-power wide-area network (LPWAN) technical schemes, and has the characteristics of low power consumption and long communication distance. LPWAN is also called low-power wide area (lpwa) or low-power network (LPN), which is a wireless network used in the internet of things (e.g., battery-powered sensors) and capable of communicating over long distances at low bit rates.

LoRaWAN defines how data is transmitted in LoRaWAN in protocol (the network refers to LoRaWAN node equipment, LoRaWAN gateway equipment and network server), and defines message type, data frame structure and security encryption method. In the design of a protocol and a network architecture, LoRaWAN fully considers several factors such as node power consumption, network capacity, Quality of Service (QoS), security, network application diversity and the like.

For convenience of understanding, please refer to fig. 1, where fig. 1 is a schematic diagram of a network architecture of a LoRaWAN in the embodiment of the present application, and as shown in the figure, specifically, the LoRaWAN network architecture includes four portions, namely, a LoRaWAN node device, a LoRaWAN gateway device, a Network Server (NS), and an application server. A star network topology is adopted between the LoRaWAN node equipment and the LoRaWAN gateway equipment, and single-hop transmission is used between the LoRaWAN node equipment and the LoRaWAN gateway equipment due to the long-distance characteristic of LoRa. As shown in fig. 1, the LoRaWAN node device may send to multiple LoRaWAN gateway devices at the same time, and the LoRaWAN gateway devices forward LoRaWAN Protocol data between the network server and the LoRaWAN node device, and respectively load the LoRaWAN data on LoRa radio frequency Transmission and Transmission Control Protocol/Internet Protocol (TCP/IP), where a network transmitting data through LoRa radio frequency is a sensor network, and a network transmitting data through TCP/IP is an ethernet network. Four types of devices included in the LoRaWAN network architecture will be described separately below.

Firstly, LoRaWAN node equipment;

LoRaWAN node devices, which may also be referred to as end nodes (endnodes), are often used in conjunction with sensors to collect various information from the environment, such as smoke or weather. The LoRaWAN node equipment needs to randomly switch channels every time a data packet is sent so as to reduce co-channel interference and radio signal attenuation.

The LoRaWAN protocol defines three types of LoRaWAN node equipment, and a user can flexibly select the optimal type according to an application scene, energy-saving requirements and awakening time delay. The LoRaWAN node equipment of the first type belongs to class A of mainstream, an application entity of the class A is a battery power supply sensor, the LoRaWAN node equipment has the advantage of energy conservation, but downlink communication time delay is large. Class a LoRaWAN node devices include, but are not limited to, trash can monitoring, smoke alarms, and other monitors, among others. The LoRaWAN node equipment of the second type belongs to a class B (class B), and an application entity of the class B is a battery-powered actuator, so that the LoRaWAN node equipment has the advantages of energy conservation and controllable awakening delay, but the implementation cost is high. The LoRaWAN node equipment in the B category comprises but is not limited to a valve control water gas electric meter and the like. It should be noted that the protocol allows the LoRaWAN node device to perform the switching between the a class and the B class as needed during the operation. The LoRaWAN node equipment of the third type belongs to class C, and an application entity of the class C is a mains supply actuator, so that the LoRaWAN node equipment has the advantage of waking up communication at any time, but consumes large energy. Class C LoRaWAN node devices include, but are not limited to, street light control, etc.

Second, LoRaWAN gateway device;

the LoRaWAN gateway device is used for forwarding data between the LoRaWAN node device and the network server. LoRaWAN gateway equipment and LoRaWAN node equipment are not bound, data of the same LoRaWAN node equipment can be received by the LoRaWAN gateway equipment, sensing networks are adopted between the LoRaWAN node equipment and the LoRaWAN gateway equipment for data transmission, and at present, 470 megahertz (MHz) frequency bands are adopted domestically.

Thirdly, a network server;

the network server is used for forwarding the data generated by the LoRaWAN node equipment to the corresponding application server and providing authentication and authorization for the LoRaWAN node equipment. And a TCP/IP protocol stack is used between the LoRaWAN gateway equipment and the network server, and transparent transmission is adopted. Common protocols include packet forwarder (packetization), Message Queue Telemetry Transport (MQTT), restricted Application Protocol (CoAP), and native (Protobuf) protocols.

Fourthly, an application server;

the application server is designed according to user requirements, and generally comprises presentation of data (such as data statistics and abnormal data alarms) of the LoRaWAN node equipment, remote control of the LoRaWAN node equipment and the like.

As shown in fig. 1, the data transmission process includes that data acquired by the LoRaWAN node device is directly transmitted to the LoRaWAN gateway device through the sensor network, and the LoRaWAN gateway device forwards the data to the network server for processing. The process of transmitting data from the LoRaWAN node device to the network server is referred to as an uplink process, and the process of transmitting data from the network server to the LoRaWAN node device is referred to as a downlink process.

In recent years, various technologies of the internet of things worldwide emerge endlessly, and low-power-consumption wide area access technologies develop very rapidly, which causes more security problems, and at present, the possible security problems include the following reasons:

the method comprises the following steps of providing free frequency bands and open standards for the first reason;

the LoRa technology selects an unauthorized frequency band at the beginning of birth, which is beneficial to large-scale popularization of LoRa networks, but is hidden danger for network security. LoRaWAN works in Industrial, Scientific and Medical (ISM) free frequency band, and the protocol specification of LoRaWAN is open, which brings about the problem of easy attack.

One way of attack is "malicious congestion". An attacker using a LoRa device sends a maximum length preamble at 125 kilohertz (kHz) bandwidth, and the channel will be maliciously occupied. As long as the attacker adheres to the duty cycle and the transmission power, the attack is considered legitimate.

The second reason is that LoRaWAN node equipment is a weak terminal;

LoRaWAN node equipment does not have a secure storage medium similar to a Subscriber Identity Module (SIM), and the security needs to depend on the physical protection of the terminal, so that the risk of key leakage exists for a weak terminal. Weak terminals (such as LoRaWAN node equipment such as intelligent electric water meters and the like) are easily contacted by the near end of an attacker, if identity is leaked, a malicious terminal can be caused to imitate a legal terminal to access a network or a cloud platform, the legal terminal is imitated to report error data, and enterprises or users can be caused to suffer economic loss.

Reason three, the key management is weak;

in terms of key management, both the LoRa network layer and the application transport layer are generated by the AES algorithm from the same root key and random number, and the security level and encryption strength of encryption and integrity protection depend on an application key (AppKey) stored in the device, so that if the secure key storage is not implemented according to the specification, there may be a risk of key leakage, resulting in data privacy leakage and data tampering.

The reason is four, the deployment scale is large;

with the wide use of the LoRa technology, for example, in the application scenarios such as smart cities, smart environmental protection, smart agriculture, smart medical care, and smart home, the larger the number of terminals and networks deployed by LoRa is, the larger the security problem and risk challenge will be.

For the reasons, in practical application, the safety of equipment deployment needs to be improved, once deployment personnel neglect a safety specification, a safety risk may exist when the deployment personnel finally deploy the project, and meanwhile, when a receiver receives the project, whether the current deployment situation meets the safety specification may not be truly and effectively judged due to lack of relevant safety knowledge. In view of the above deficiencies of the solution, the present application proposes a network detection method for LoRaWAN, mainly from the perspective of security detection.

Specifically, please refer to fig. 2, fig. 2 is a schematic diagram of a network architecture of a network detection system in an embodiment of the present disclosure, and as shown in the drawing, the network detection system includes two parts, a terminal test end and a cloud analysis feedback end, where the terminal test end may be in a terminal device form, and the cloud analysis feedback end may be in a server form. The server related to the application can be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, and can also be a cloud server providing basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, Network service, cloud communication, middleware service, domain name service, safety service, Content Delivery Network (CDN), big data and an artificial intelligence platform.

The Cloud server is a server realized based on Cloud technology (Cloud technology), and the Cloud technology refers to a hosting technology for unifying series resources such as hardware, software and network in a wide area network or a local area network to realize calculation, storage, processing and sharing of data. The cloud technology is based on the general names of network technology, information technology, integration technology, management platform technology, application technology and the like applied in the cloud computing business model, can form a resource pool, is used as required, and is flexible and convenient. Cloud computing technology will become an important support. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, picture-like websites and more web portals. With the high development and application of the internet industry, each article may have its own identification mark and needs to be transmitted to a background system for logic processing, data in different levels are processed separately, and various industrial data need strong system background support and can only be realized through cloud computing.

The terminal device and the server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein. The number of servers and terminal devices is not limited.

The terminal equipment serving as a terminal test end mainly comprises a data sniffing module, a data test evaluation module and a feedback reporting module. Wherein, data sniffing module is the most basic data collection device, and this module need insert LoRaWAN's test environment, and after inserting test environment, data sniffing module can sniff sensing network data and ethernet network data respectively. The data test evaluation module is a key module of the terminal test end and is used for sending the data information and the network feedback state to the feedback reporting module. The feedback reporting module mainly receives a feedback data packet from the data testing and evaluating module, reports the feedback data packet to the cloud end through the network, and the cloud end performs subsequent analysis processing.

The server serving as the cloud analysis feedback end mainly comprises a characteristic analysis module and a result display module. The feature analysis module detects risk features according to the uploaded feedback data, and before analysis, detection features are loaded through the feature database. And the result display module is used for displaying the analysis result of the characteristic analysis module, giving different risk prompts according to different safety risks and giving user repair suggestions.

The network detection method provided by the application can be applied to the field of Cloud Security (Cloud Security), and the Cloud Security refers to a general name of Security software, hardware, users, mechanisms and Security Cloud platforms applied based on a Cloud computing business mode. The cloud security integrates emerging technologies and concepts such as parallel processing, grid computing and unknown virus behavior judgment, abnormal monitoring of software behaviors in the network is achieved through a large number of meshed clients, the latest information of trojans and malicious programs in the internet is obtained and sent to the server for automatic analysis and processing, and then the virus and trojan solution is distributed to each client.

The main research directions of cloud security include: 1. the cloud computing security mainly researches how to guarantee the security of the cloud and various applications on the cloud, including the security of a cloud computer system, the secure storage and isolation of user data, user access authentication, information transmission security, network attack protection, compliance audit and the like; 2. the cloud of the security infrastructure mainly researches how to adopt cloud computing to newly build and integrate security infrastructure resources and optimize a security protection mechanism, and comprises the steps of constructing a super-large-scale security event and an information acquisition and processing platform through a cloud computing technology, realizing the acquisition and correlation analysis of mass information, and improving the handling control capability and the risk control capability of the security event of the whole network; 3. the cloud security service mainly researches various security services, such as anti-virus services and the like, provided for users based on a cloud computing platform.

With reference to fig. 3, a method for network detection in the present application will be described below, where an embodiment of the method for network detection in the present application includes:

101. the method comprises the steps that terminal equipment is accessed to a to-be-detected long-distance wide area network LoRaWAN, wherein the to-be-detected LoRaWAN is a communication network among LoRaWAN node equipment, LoRaWAN gateway equipment and a network server;

in this embodiment, the terminal device serving as the terminal test end needs to be first accessed to the LoRaWAN to be detected. The LoRaWAN to be detected comprises a sensing Network and an Ethernet, the sensing Network can be a Wireless Sensor Network (WSN), the WSN is a multi-hop self-organized Network system formed in a Wireless communication mode and is used for cooperatively sensing, acquiring and processing information of a sensing object in a Network coverage area, wherein the WSN is composed of a large number of Sensor nodes deployed in the monitoring area. The ethernet network may be a TCP/IP network, the IP of the network layer specifying the address of each server connected to the internet, and the TCP of the transport layer responsible for the transmission of data.

102. The method comprises the steps that terminal equipment acquires test data aiming at the LoRaWAN to be detected, wherein the test data comprises at least one of sensing network data and Ethernet data, the sensing network data comprises data of LoRaWAN node equipment and data of LoRaWAN gateway equipment, and the Ethernet data comprises data of the LoRaWAN gateway equipment and data of a network server;

in this embodiment, after the terminal device accesses the LoRaWAN to be detected, test data for the LoRaWAN to be detected may be acquired. As described in step 101, the LoRaWAN to be detected may include a sensor network and an ethernet network, and the sensor network data may be extracted based on the sensor network, and the ethernet network data may be extracted based on the ethernet network. The sensing network data comprises data of LoRaWAN node equipment and data of LoRaWAN gateway equipment, and the Ethernet data comprises data of LoRaWAN gateway equipment and data of a network server.

It can be understood that, since the LoRaWAN gateway device can communicate with both the LoRaWAN node device and the network server, the data of the LoRaWAN gateway device belongs to both the sensor network data and the ethernet network data, which is not limited herein.

It should be noted that the types of functions of the LoRaWAN node device, the LoRaWAN gateway device, and the network server are described in the foregoing, and therefore are not described herein again.

103. The terminal device sends the test data to the server so that the server performs characteristic analysis on the test data to generate a network detection result aiming at the LoRaWAN to be detected, wherein the network detection result represents a detection result of network security.

In this embodiment, the terminal device feeds back the collected test data to the server serving as the cloud analysis feedback end, and the server further performs characteristic analysis on the test data to generate a network detection result for the LoRaWAN to be detected, where the network detection result is used to indicate a detection result of network security, for example, a security detection result of the LoRaWAN node device, a security detection result of the LoRaWAN gateway device, and a security detection result of the network server. Specifically, the server may generate detection results for each component (i.e., the LoRaWAN node device, the LoRaWAN gateway device, and the network server) in the LoRaWAN to be detected.

For easy understanding, please refer to fig. 4, where fig. 4 is a schematic diagram of a working flow of the terminal testing end in the embodiment of the present application, and as shown in the figure, specifically:

in step S1, the terminal device invokes a function of the data sniffing module, the data sniffing module is configured to collect data, and the data acquisition function of the data sniffing module can be invoked after the LoRaWAN to be detected is accessed.

In step S2, the terminal device determines whether to access the ethernet included in the LoRaWAN to be detected, and if the ethernet is accessed, the process proceeds to step S5, and if the ethernet is not accessed, step S3 is performed.

In step S3, if the ethernet network is not accessed, it is determined whether the sensor network included in the LoRaWAN to be detected is accessed, if the sensor network is accessed, step S4 is executed, and if the sensor network is not accessed, the detection process of the LoRaWAN to be detected is ended.

It should be noted that, the execution sequence between step S2 and step S3 may also be that it is determined whether to access the sensor network included in the to-be-detected LoRaWAN first, if the sensor network is accessed, step S4 is executed, if the sensor network is not accessed, it is continuously determined whether to access the ethernet network included in the to-be-detected LoRaWAN, if the ethernet network is accessed, step S5 is executed, and if the ethernet network is not accessed, the detection flow of the to-be-detected LoRaWAN is ended.

Further, step S2 and step S3 may be executed simultaneously, so the access order of the network is not limited here.

In step S4, if the sensor network is accessed, the data sniffing module may grab sensor network data, where the sensor network data includes data of the LoRaWAN node device and data of the LoRaWAN gateway device.

In step S5, if the ethernet network is accessed, the data sniffing module may grab ethernet network data, wherein the ethernet network data includes data of the LoRaWAN gateway device and data of the network server.

In step S6, the terminal device invokes a function of the data test evaluation module, and the data test evaluation module is divided into two modes, namely an active mode and a passive mode.

In step S7, the passive mode is entered.

In step S8, in the passive mode, corresponding test data is generated mainly according to the ethernet data and the sensor network data fed back by the data sniffing module, that is, the network state of the to-be-detected LoRaWAN is obtained as the test data.

In step S9, the active mode is entered.

In step S10, in the active mode, a data packet of a corresponding attack type is generated according to a preset detection policy and rule, and then the data packet is sent to a component of the LoRaWAN to be detected, where the component may be one or more of a LoRaWAN node device, a LoRaWAN gateway device, and a network server.

In step S11, it is waited for the components in the LoRaWAN to be detected to feed back the test data.

In step S12, after the test evaluation in the active mode and the passive mode, the data test evaluation module sends the test data (e.g., data information and network feedback status) to the feedback reporting module.

In step S13, the feedback reporting module mainly receives the test data sent by the data test evaluation module, and reports the test data to the cloud via the network, and the cloud analysis feedback end performs subsequent analysis processing.

Optionally, on the basis of the embodiment corresponding to fig. 3, in another optional embodiment provided in the embodiment of the present application, the acquiring, by the terminal device, the test data for the to-be-detected LoRaWAN may include:

if the LoRaWAN to be detected is accessed to the Ethernet, the terminal equipment acquires Ethernet data;

if the LoRaWAN to be detected is accessed to the sensing network, the terminal equipment acquires sensing network data;

and if the access is to the Ethernet and the sensing network included in the LoRaWAN to be detected, the terminal equipment acquires Ethernet data and sensing network data.

In this embodiment, a method for obtaining test data based on a network access condition is introduced. The terminal device serving as the terminal testing end needs to be first accessed to the LoRaWAN to be tested, which includes the sensing network and the ethernet network, as described in the foregoing embodiments.

Firstly, a sensing network;

the sensing network may be a WSN. The sensor network integrates a microelectronic technology, an embedded computing technology, a wireless communication technology, a distributed information processing technology and the like, can cooperatively monitor, sense and acquire information of various environments or monitored objects in a network coverage area in real time and process the information, and the processed information is sent in a wireless mode and is transmitted to an observer in an ad hoc multi-hop network mode.

A sensor network typically includes sensor nodes, sink nodes, and management nodes. The sensor nodes are randomly distributed in a certain monitoring area, the nodes form a network in a self-organizing mode, monitoring data are transmitted to the sink nodes in a multi-hop relay mode, and finally monitoring information is transmitted to the management nodes in an internet or other network communication modes. Similarly, the user can inform the sensor node to collect monitoring information through issuing commands by the management node.

In the sensor network, a terminal device serving as a terminal test end can acquire sensor network data through a data sniffing module, the sensor network data is represented as a radio air interface packet and mainly is communication data of LoRaWAN node equipment and LoRaWAN gateway equipment, namely the terminal device can acquire data of the LoRaWAN node equipment and also can acquire data of the LoRaWAN gateway equipment.

Secondly, Ethernet;

the ethernet network may employ TCP/IP, which is one type of local area network. From the network level, the lan protocol mainly focuses on the lower layers (including the physical layer and the data link layer), the ethernet protocol mainly focuses on the definition of the data link layer, and the TCP/IP adopted by the internet mainly focuses on the middle layers (including the network layer and the transport layer).

In the ethernet network, a terminal device serving as a terminal test end can acquire ethernet network data through a data sniffing module, the ethernet network data is expressed as a TCP/IP data packet, and mainly is communication data of the LoRaWAN gateway device and the network server, that is, the terminal device can acquire not only data of the LoRaWAN gateway device but also data of the network server.

In connection with the above description, in a data transmission process in a sensor-based network, the LoRaWAN node device is generally connected to a sensor node and used to collect data from the sensor, for example, collect air humidity, and then the LoRaWAN node device transmits the collected data (for example, air humidity) of the sensor to the LoRaWAN gateway device. The LoRaWAN gateway equipment is used for sending data of the sensor to the network server, namely conversion of the data from a LoRa mode to a network mode is completed, wherein the LoRaWAN gateway equipment does not process the data, only packages the data and then sends the data to the network server. The web server may choose to send data to the user, i.e. the user may view the data through an Application (APP) or other means, e.g. view the air humidity.

Secondly, in the embodiment of the application, a mode for acquiring test data based on a network access condition is provided, through the above mode, the terminal device can determine one or more specific network types according to the accessed LoRaWAN to be detected, if only the sensor network is accessed, the terminal device only detects data related to the LoRaWAN node device and the LoRaWAN gateway device in the subsequent process, and if only the Ethernet network is accessed, the terminal device only detects data related to the server and the LoRaWAN gateway device in the subsequent process, so that the flexibility of detection can be improved, device detection can be realized aiming at the ground, and the diversity of the scheme is improved.

Optionally, on the basis of the embodiment corresponding to fig. 3, in another optional embodiment provided in the embodiment of the present application, the acquiring, by the terminal device, the test data for the to-be-detected LoRaWAN may specifically include:

when the device to be detected is in a starting network access state or a normal operation state, the terminal device acquires a network state of the LoRaWAN to be detected as test data, wherein the device to be detected is at least one of LoRaWAN node equipment, LoRaWAN gateway equipment and a network server.

In this embodiment, a method for generating test data in a passive mode is described. In the passive mode, the terminal device serving as a terminal test end sniffs network state data (for example, packet loss rate, transmitted data packet) of the device to be tested during startup, network access and normal operation through the data sniffing module, and sends the network state data serving as test data to the feedback reporting module. It should be noted that the device to be detected may be one or more of a LoRaWAN node device, a LoRaWAN gateway device, and a network server, which is not limited herein.

Specifically, the device to be detected has a certain risk of being attacked in the processes of starting up, accessing the network and in the normal operation state. Taking the example of the network access by starting the LoRaWAN node device, two network access modes of the LoRaWAN node device will be described below.

Mode one, independent Activation (ABP);

in the ABP mode, the traffic encryption key is pre-programmed into the LoRaWAN node device, and the LoRaWAN node device has been pre-registered on the network. When the LoRaWAN node equipment wants to communicate, the LoRaWAN node equipment directly uses a preset secret key to initiate an encrypted communication process without the need of over-the-air network access activation.

The core principle of the ABP is that both the LoRaWAN node device and the Network server store the same three parameters, namely, a device address (DevAddr) with 32 bits, a Network Session Key (NwkSKey) with 128 bits, and an Application Session Key (appkey) with 128 bits. These three parameters remain unchanged throughout the life cycle.

Specifically, each LoRaWAN node Device has a Device Extended Unique Identifier (Device), obtains a Serial Number (SN) of a Micro Control Unit (MCU), obtains a 64-bit Device after algorithm processing, and then obtains a DevAddr, an NwkSKey, and an appkey after algorithm processing of the Device. If the adopted algorithm is too simple, the algorithm is easy to guess by an attacker, and then the false LoRaWAN node equipment can be forged by using the values.

Mode two, Over-the-Air Activation (OTAA);

OTAA is an air network access mode of LoRaWAN, LoRaWAN node equipment can communicate with a network server when being powered on, and finally a communication encryption key is negotiated to realize equipment activation network access. The security is guaranteed only by adopting an OTAA activation process, and an OTAA mode needs to prepare three parameters, namely DevEUI, Application Extended Unique Identifier (AppEUI) and Application key (AppKey). Among them, DevEUI is used to identify a unique terminal device, and appui is used to identify a unique application provider, for example, a trash can detection application or a smoke alarm application of each home, etc., all have a unique identification. APPKey is assigned to the LoRaWAN node device by the application owner.

For convenience of understanding, please refer to fig. 5, where fig. 5 is a schematic diagram of network access of a LoRaWAN node device based on over-the-air activation in the embodiment of the present application, and as shown in the figure, after a network access procedure is initiated, the LoRaWAN node device sends an access command, and after a network server confirms that no error exists, the network server performs an access reply to the LoRaWAN node device, allocates a DevAddr, and both sides generate nwkksey and AppKey by using relevant information in the access reply and AppKey, and encrypt and verify data by using an application.

In the embodiment of the application, a mode for generating test data in a passive mode is provided, and in the mode, terminal equipment serving as a terminal test end can perform data sniffing according to a currently deployed network, and finally the safety of the LoRaWAN to be detected is judged according to the sniffed test data, so that the safety evaluation of project deployment personnel and acceptance personnel can be accurately and objectively helped, or the safety detection of an existing network scheme is performed, and the safety of an intelligent scene is improved. In addition, in the passive mode, the terminal device waits for test data actively fed back from the LoRaWAN to be detected, so that on one hand, the test efficiency is improved, and on the other hand, the terminal device does not need to actively send instructions and the like to each component in the LoRaWAN to be detected, and therefore the power consumption of the terminal device is saved, and processing resources are reduced.

Optionally, on the basis of the embodiment corresponding to fig. 3, in another optional embodiment provided in the embodiment of the present application, the test data includes sensor network data;

when the device to be detected is in a power-on network access state or a normal operation state, the terminal device acquires a network state of the LoRaWAN to be detected, and as test data, the method specifically includes:

when LoRaWAN node equipment is in a starting network access state or a normal operation state, the terminal equipment acquires sensing network data of the LoRaWAN to be detected, wherein the sensing network data comprises at least one item of a key negotiation data message and key encryption data of the LoRaWAN node equipment.

In this embodiment, a method for generating test data for a LoRaWAN node device is described. Taking the device to be detected as the LoRaWAN node device as an example, when the LoRaWAN node device is in a power-on network access state or a normal operation state, the terminal device may obtain test data of the LoRaWAN to be detected, where the sensing network data includes sensing network data, where the sensing network data includes at least one of a key negotiation data packet and key encryption data of the LoRaWAN node device.

Specifically, the terminal device serving as the terminal test end may capture a key negotiation data packet of the LoRaWAN node device, where the key negotiation data packet is used to negotiate a session key, and includes NwkSKey and AppSKey, and based on characteristics of the key negotiation data packet, it may be detected whether the LoRaWAN node device uses OTAA key negotiation, and if the key negotiation data packet is detected, it indicates that the LoRaWAN node device has used OTAA key negotiation. And if the key negotiation data message is not detected, indicating that the LoRaWAN node equipment does not use OTAA key negotiation. Under the condition that the LoRaWAN node equipment does not use OTAA key negotiation, a security hole may exist.

The terminal device serving as the terminal test end can capture a key negotiation data message and key encryption data of the LoRaWAN node device, based on the key negotiation data message and the key encryption data, whether the LoRaWAN node device uses the OTAA weak key can be detected according to protocol specifications and a known weak key, and if the calculation result of the weak key is consistent with the content of the key encryption data of the LoRaWAN node device, the LoRaWAN node device is indicated to use the OTAA weak key. And if the result of the calculation by adopting the weak key is inconsistent with the content of the key-encrypted data of the LoRaWAN node equipment, indicating that the LoRaWAN node equipment does not use the OTAA weak key. In the case that the LoRaWAN node device uses the OTAA weak key, there may be a security hole.

Further, in the embodiment of the present application, a method for generating test data for a LoRaWAN node device is provided, and in view of that, for key detection, the LoRaWAN node device usually does not actively feed back data, so that a passive mode may be adopted to wait for the LoRaWAN node device to send back at least one of a key agreement data packet and key encryption data, thereby improving reliability of detection. In addition, the passive test can also be used for monitoring whether an attack condition exists in real time, so that the safety of component communication in LoRaWAN is improved.

the terminal equipment generates a data packet corresponding to the target attack type;

the method comprises the steps that terminal equipment sends a data packet corresponding to a target attack type to equipment to be detected in a LoRaWAN to be detected, so that the equipment to be detected generates feedback data according to the data packet corresponding to the target attack type;

and the terminal equipment receives the feedback data as test data.

In this embodiment, a method for obtaining test data in an active mode is described. In an active mode, a terminal device serving as a terminal test end generates a corresponding data packet according to a target attack type, then sends the data packet corresponding to the target attack type to a device to be tested in a LoRaWAN to be tested, the device to be tested generates different feedback data packets based on different attack data packets to obtain feedback data, and finally the device to be tested sends the feedback data to the terminal device, namely the terminal device obtains the feedback data through a data sniffing module and takes the feedback data as test data. It should be noted that the device to be detected may be one or more of a LoRaWAN node device, a LoRaWAN gateway device, and a network server, which is not limited herein.

Specifically, in the active mode, the LoRaWAN gateway device can be simulated to access to the LoRaWAN network to be tested, and a network test scanning attack is initiated to the network server, the LoRaWAN gateway device and the LoRaWAN node device of the LoRaWAN to be tested. And when the active mode sends the safety detection flow to each test link, the feedback data state is collected and sent to the feedback reporting module.

The network test scanning attack means that a plurality of data packets are continuously sent to a device to be tested within a period of time, for example, the data packets are sent to 10 different ports of the same IP address once every 500 microseconds, and at this time, port scanning is performed once. Through network test scanning attack, the functional completeness of the protocol and the existence of a bug can be effectively verified, and the performance of equipment and the like can also be verified.

It should be noted that, in practical application, the attack type may also be extended, that is, the detection feature function is supported to be extended at any time, and once a new security risk exists, the new security risk may be quickly added to the detection rule. Due to the support of the extended custom check rules and contents, an efficient and iteratively updatable LoRaWAN security detection framework is further provided.

In the embodiment of the application, a mode of acquiring test data in an active mode is provided, and through the mode, terminal equipment serving as a terminal test end can generate and send a test data packet according to a currently deployed network, and finally the safety of the LoRaWAN to be detected is judged according to received feedback data, so that the safety evaluation of project deployment personnel and acceptance personnel can be accurately and objectively facilitated, or the safety detection of an existing network scheme is performed, and the safety of an intelligent scene is improved. In addition, in the active mode, the terminal device can actively detect the content to be detected, thereby improving the flexibility and diversity of detection.

the generating, by the terminal device, the data packet corresponding to the target attack type may specifically include:

the terminal equipment generates a data packet aiming at the public vulnerability and the exposed CVE type;

the method for generating the feedback data by the terminal equipment comprises the following steps that the terminal equipment sends a data packet corresponding to a target attack type to equipment to be detected in a LoRaWAN to be detected, so that the equipment to be detected generates the feedback data according to the data packet corresponding to the target attack type, and the method comprises the following steps:

and the terminal equipment sends the data packet aiming at the CVE type to LoRaWAN node equipment in the LoRaWAN to be detected, so that the LoRaWAN node equipment generates feedback data according to the data packet aiming at the CVE type.

In this embodiment, a method for generating feedback data for a LoRaWAN node device is described. Taking the device to be detected as the LoRaWAN node device as an example, first, the terminal device needs to generate a data packet corresponding to a target attack type based on a project to be detected, then, the terminal device sends the data packet for the target attack type to the LoRaWAN node device in the LoRaWAN to be detected, and the LoRaWAN node device generates feedback data under the target attack type.

Specifically, assuming that the target attack type is a Common Vulnerabilities and Exposure (CVE) type, based on this, the terminal device as the terminal testing end generates a data packet for the CVE type, where the CVE type may be a CVE-2020 + 11068 type, that is, an attack type of CVE-2020 + 11068 is simulated. And sending the data packets simulating the CVE-2020 and 11068 types to LoRaWAN node equipment, generating corresponding feedback data by the LoRaWAN node equipment, and feeding the corresponding feedback data back to the terminal equipment.

Illustratively, feedback data generated by the LoRaWAN node device may be used as test data, for example, the feedback data includes network traffic, delay jitter, resource utilization rate, and the like, and the feedback data may be used to analyze whether the LoRaWAN node device has CVE-2020 and 11068 security vulnerabilities.

It should be noted that the CVE-2020 and 11068 bugs indicate that a receive buffer overflow may occur due to the unchecked buffer size. In addition, whether other CVE type vulnerabilities exist in the LoRaWAN node equipment can be detected, the CVE determines a unique name for each vulnerability and exposure, and a standardized description is given to each vulnerability and exposure.

Further, in the embodiment of the present application, a method for generating feedback data for a LoRaWAN node device is provided, and in view of that, for CVE vulnerability detection, the LoRaWAN node device usually actively feeds back data, so that an active mode may be adopted to send a data packet for a CVE type to the LoRaWAN node device, so that the LoRaWAN node device generates the feedback data according to the data packet for the CVE type, thereby improving flexibility of detection, simulating a real network attack, and improving reliability of detection.

Optionally, on the basis of the embodiment corresponding to fig. 3, in another optional embodiment provided in the embodiment of the present application, the test data includes sensor network data or ethernet network data;

the terminal equipment generates a data packet aiming at the dangerous port loophole;

or the terminal equipment generates a data packet aiming at gateway authentication access;

the method includes that a terminal device sends a data packet corresponding to a target attack type to a device to be detected in a LoRaWAN to be detected, so that the device to be detected generates feedback data according to the data packet corresponding to the target attack type, and specifically includes:

if the data packet aiming at the dangerous port vulnerability is generated, the terminal equipment sends the data packet aiming at the dangerous port vulnerability to LoRaWAN gateway equipment in the LoRaWAN to be detected, so that the equipment to be detected generates feedback data according to the data packet aiming at the dangerous port vulnerability;

and if the data packet aiming at the gateway authentication access is generated, the terminal equipment sends the data packet aiming at the gateway authentication access to LoRaWAN gateway equipment in the LoRaWAN to be detected, so that the equipment to be detected generates feedback data according to the data packet aiming at the gateway authentication access.

In this embodiment, a method for generating feedback data for a LoRaWAN gateway device is described. Taking the device to be detected as a LoRaWAN gateway device as an example, first, the terminal device needs to generate a data packet corresponding to a target attack type based on a project to be detected, then, the terminal device sends the data packet for the target attack type to the LoRaWAN node device in the LoRaWAN to be detected, and the LoRaWAN node device generates feedback data in the target attack type.

Specifically, assuming that the target attack type is a dangerous port vulnerability, based on this, the terminal device as the terminal testing end generates a data packet aiming at the dangerous port vulnerability, wherein the dangerous port includes but is not limited to TCP 20, TCP 21, TCP 22, TCP 25, TCP 53, TCP 69, TCP 443, TCP 110, and the like. The terminal device may initiate an attack on one or more dangerous ports, that is, send a data packet to one or more high-risk ports of the LoRaWAN gateway device, generate corresponding feedback data by the LoRaWAN gateway device, and feed the feedback data back to the terminal device.

For example, feedback data generated by the LoRaWAN gateway device may be used as test data, for example, the feedback data includes vulnerability characteristic information, network traffic, delay jitter, resource utilization rate, and the like, and the feedback data may be used to analyze whether the LoRaWAN gateway device has a vulnerability of high risk port opening.

Specifically, assuming that the target attack type is gateway authentication access, based on this, the terminal device serving as the terminal test terminal generates a data packet for the gateway authentication access. The terminal equipment can initiate an attack aiming at gateway authentication access, namely, a data packet which is not authenticated by the gateway is sent to the LoRaWAN gateway equipment, and the LoRaWAN gateway equipment generates corresponding feedback data and feeds the feedback data back to the terminal equipment.

For example, feedback data generated by the LoRaWAN gateway device may be used as test data, for example, the feedback data includes vulnerability characteristic information, network traffic, delay jitter, resource utilization rate, and the like, and the feedback data may be used to analyze whether the LoRaWAN gateway device has a vulnerability that is not accessed through authentication.

Further, in the embodiment of the present application, a method for generating feedback data for a LoRaWAN gateway device is provided, and in view of that for detection of a dangerous port vulnerability and detection of gateway authentication access, the LoRaWAN node device usually actively feeds back data, so that a data packet for detection of the dangerous port vulnerability and detection of gateway authentication access can be sent to the LoRaWAN node device in an active mode, so that the LoRaWAN node device generates feedback data according to the data packet for detection of the dangerous port vulnerability and detection of gateway authentication access, thereby improving detection flexibility, simulating a real network attack, and improving detection reliability.

Optionally, on the basis of the embodiment corresponding to fig. 3, in another optional embodiment provided in the embodiment of the present application, the test data includes ethernet data;

the terminal equipment generates a data packet authorized to access by a communication protocol;

or the terminal equipment generates a data packet for Remote Procedure Call (RPC) authorized access;

or the terminal equipment generates a data packet aiming at password login;

or the terminal equipment generates a data packet for authorizing access to the database;

if a data packet authorized to be accessed by the communication protocol is generated, the terminal equipment sends the data packet authorized to be accessed by the communication protocol to a network server in the LoRaWAN to be detected, so that the equipment to be detected generates feedback data according to the data packet authorized to be accessed by the communication protocol;

if a data packet for RPC authorized access is generated, the terminal equipment sends the data packet for RPC authorized access to a network server in the LoRaWAN to be detected, so that the equipment to be detected generates feedback data according to the data packet for RPC authorized access;

if a data packet aiming at password login is generated, the terminal equipment sends the data packet aiming at password login to a network server in the LoRaWAN to be detected, so that the equipment to be detected generates feedback data according to the data packet aiming at password login;

and if the data packet for the authorized access of the database is generated, the terminal equipment sends the data packet for the authorized access of the database to a network server in the LoRaWAN to be detected, so that the equipment to be detected generates feedback data according to the data packet for the authorized access of the database.

In this embodiment, a method for generating feedback data for a network server is described. Taking the device to be detected as a network server as an example, firstly, the terminal device needs to generate a data packet corresponding to a target attack type based on a project to be detected, then, the terminal device sends the data packet corresponding to the target attack type to the network server in the LoRaWAN to be detected, and the network server generates feedback data under the target attack type.

Specifically, assuming that the target attack type is communication protocol authorized access, based on this, the terminal device serving as the terminal testing end generates a data packet for the communication protocol authorized access, where the communication protocol authorized access may be authorized access to a Message Queue Telemetry Transport (MQTT) protocol. The terminal equipment can initiate an attack aiming at the authorized access of the MQTT protocol, and the network server generates corresponding feedback data and feeds the feedback data back to the terminal equipment.

Illustratively, feedback data generated by the network server may be used as test data, for example, the feedback data includes vulnerability characteristic information, network traffic, delay jitter, resource utilization rate, and the like, and the feedback data may be used to analyze whether the network server has a vulnerability unauthorized to access by the MQTT protocol.

Assuming that the target attack type is Remote Procedure Call (RPC) authorized access, based on this, the terminal device serving as the terminal test end generates a data packet for RPC authorized access, where RPC authorized access may refer to authorized access to Google Remote Procedure Call (gRPC). The terminal equipment can initiate an attack aiming at the authorized access of the gRPC, and the network server generates corresponding feedback data and feeds the feedback data back to the terminal equipment.

Illustratively, feedback data generated by the network server may be used as test data, for example, the feedback data includes vulnerability characteristic information, network traffic, delay jitter, resource utilization rate, and the like, and the feedback data may be used for analyzing whether the network server has a vulnerability of unauthorized access of the gRPC.

Assuming that the target attack type is a password login type, based on this, the terminal device serving as a terminal test end generates a data packet for password login, where the password login may be a weak password login of a hypertext Transfer Protocol (HTTP) backend server. The terminal equipment can initiate an attack aiming at weak password login of the HTTP background server, and the network server generates corresponding feedback data which are fed back to the terminal equipment.

Illustratively, feedback data generated by the web server may be used as test data, for example, the feedback data includes vulnerability characteristic information, network traffic, delay jitter, resource utilization rate, and the like, and the feedback data may be used to analyze whether the web server has a vulnerability of the HTTP backend server weak password login.

Assuming that the target attack type is authorized access of the database, based on the target attack type, the terminal device serving as a terminal test end generates a data packet for authorized access of the database, the terminal device can initiate an attack for authorized access of the database, and the network server generates corresponding feedback data and feeds the feedback data back to the terminal device.

Illustratively, feedback data generated by the network server may be used as test data, for example, the feedback data includes vulnerability characteristic information, network traffic, delay jitter, resource utilization rate, and the like, and the feedback data may be used to analyze whether the network server has a vulnerability of unauthorized access to the database.

Further, in the embodiment of the present application, a manner for generating feedback data for a network server is provided, and in view of that, for communication protocol authorization detection, RPC authorization access detection, password login detection, and database authorization access detection, a LoRaWAN node device usually actively feeds back data, so that a data packet for the communication protocol authorization detection, RPC authorization access detection, password login detection, and database authorization access detection may be sent to the LoRaWAN node device in an active mode, so that the LoRaWAN node device generates feedback data according to the data packet for the communication protocol authorization detection, RPC authorization access detection, password login detection, and database authorization access detection, thereby improving detection flexibility, simulating a real network attack, and improving detection reliability.

For convenience of understanding, please refer to fig. 6, where fig. 6 is an interface schematic diagram showing a network detection result in the embodiment of the present application, as shown in the figure, the server may further feed the network detection result back to the terminal device, and the terminal device displays corresponding detection content through the interface, for example, "the node is not using the OTAA key negotiation detection" and is safe, "the HTTP backend server is logged in with a weak password" and is dangerous, and if a deployment worker needs to further view specific detection data, the module of "view details" may be clicked.

With reference to fig. 7, a method for network detection in the present application will be described below, and another embodiment of the network detection method in the present application includes:

201. when the terminal equipment is accessed to a long-distance wide area network LoRaWAN to be detected, the server receives test data which are sent by the terminal equipment and aim at the LoRaWAN to be detected, wherein the LoRaWAN to be detected is a communication network among LoRaWAN node equipment, LoRaWAN gateway equipment and a network server, the test data comprise at least one of sensing network data and Ethernet data, the sensing network data comprise data of the LoRaWAN node equipment and data of the LoRaWAN gateway equipment, and the Ethernet data comprise data of the LoRaWAN gateway equipment and data of the network server;

in this embodiment, the terminal device serving as the terminal test end needs to be first accessed to the LoRaWAN to be detected. The LoRaWAN to be detected comprises a sensing network and an Ethernet, wherein the sensing network can be a WSN, and the Ethernet can be a TCP/IP network. After the terminal equipment is accessed to the LoRaWAN to be detected, the test data aiming at the LoRaWAN to be detected can be obtained, the sensing network data can be extracted based on the sensing network, and the Ethernet data can be extracted based on the Ethernet. The sensing network data comprises data of LoRaWAN node equipment and data of LoRaWAN gateway equipment, and the Ethernet data comprises data of LoRaWAN gateway equipment and data of a network server.

202. And the server performs characteristic analysis on the test data to generate a network detection result aiming at the LoRaWAN to be detected, wherein the network detection result represents a detection result of network security.

In this embodiment, the terminal device feeds back the collected test data to the server serving as the cloud analysis feedback end, and the server further performs characteristic analysis on the test data to generate a network detection result for the to-be-detected LoRaWAN. Specifically, the server may generate detection results for each component (i.e., the LoRaWAN node device, the LoRaWAN gateway device, and the network server) in the LoRaWAN to be detected.

Different detection rules are stored in a database at the server side, and can be maintained regularly, and the different detection rules can be freely customized according to different safety requirements or abnormal data detection requirements. When a new type of vulnerability or security risk exists, the rules can be autonomously expanded to meet the security detection of dynamic requirements. Meanwhile, network flow analysis and clustering processing can be performed based on the reported test data, and the reported test data can be complemented with the detection rules of the database by combining a machine learning algorithm, so that a flexible detection mechanism is provided.

In the embodiment of the application, another network detection method is provided, and first, when a terminal device is accessed to a long-distance wide area network to be detected LoRaWAN, a server receives test data, which is sent by the terminal device and is specific to the LoRaWAN to be detected, where the test data includes at least one of sensing network data and ethernet network data, the sensing network data includes data of LoRaWAN node devices and data of LoRaWAN gateway devices, and the ethernet network data includes data of LoRaWAN gateway devices and data of a network server, and thus, the server performs feature analysis on the test data to generate a network detection result specific to the LoRaWAN to be detected. Through the mode, the LoRaWAN node equipment, the LoRaWAN gateway equipment and the network server are detected based on the sensing network data and the Ethernet data, namely, from the perspective of the whole network architecture, the key components in the LoRaWAN are automatically detected, the risk caused by lack of safety experience or insufficient safety consciousness of project deployment personnel is made up, and therefore the reliability of LoRaWAN deployment is improved.

Optionally, on the basis of the embodiment corresponding to fig. 7, in another optional embodiment provided in the embodiment of the present application, the test data includes sensor network data;

the method for receiving the test data, which is sent by the terminal device and is specific to the to-be-detected LoRaWAN, by the server may specifically include:

when LoRaWAN node equipment is in a starting network access state or a normal operation state, receiving sensing network data of the LoRaWAN to be detected, wherein the sensing network data comprises at least one item of a key negotiation data message and key encryption data of the LoRaWAN node equipment;

the server performs feature analysis on the test data to generate a network detection result for the to-be-detected LoRaWAN, and the method specifically includes:

and the server performs characteristic analysis on at least one item of the key negotiation data message and the key encryption data to generate a network detection result aiming at LoRaWAN node equipment in the LoRaWAN to be detected.

In this embodiment, a method for generating test data in a passive mode is described. In the passive mode, the terminal equipment serving as a terminal test end sniffs data of the equipment to be detected during startup network access and normal operation through the data sniffing module, takes the data as test data, and sends the test data to the feedback reporting module. It should be noted that the device to be detected may be one or more of a LoRaWAN node device, a LoRaWAN gateway device, and a network server, which is not limited herein.

Specifically, assuming that the test data includes a key agreement data packet, after the server receives the key agreement data packet sent by the terminal device, it may be detected whether the LoRaWAN node device uses OTAA key agreement based on the characteristics of the key agreement data packet, and if the key agreement data packet is detected, it indicates that the LoRaWAN node device has used OTAA key agreement. If the key negotiation data message is not detected, it indicates that the LoRaWAN node device does not use the OTAA key negotiation, that is, there is a security vulnerability.

Assuming that the test data includes key encryption data, after the server receives the key encryption data sent by the terminal device, based on the content of the key encryption data, whether the LoRaWAN node device uses the OTAA weak key can be detected according to the protocol specification and the known weak key, and if the result of the calculation using the weak key is consistent with the content of the key encryption data of the LoRaWAN node device, it indicates that the LoRaWAN node device has used the OTAA weak key. And if the result of the calculation by adopting the weak key is inconsistent with the content of the key encryption data of the LoRaWAN node equipment, indicating that the LoRaWAN node equipment does not use the OTAA weak key. In the case that the LoRaWAN node device uses the OTAA weak key, there may be a security hole.

Secondly, in this application embodiment, a mode of generating test data under passive mode is provided, through the aforesaid mode, the terminal equipment who is regarded as the terminal test end can carry out data sniffing according to the network of current deployment, finally judges the security of waiting to detect LoRaWAN according to the test data who sniffs to can help the project deployment personnel and acceptance staff to carry out safety assessment accurately and objectively, or carry out safety inspection to the present network scheme, promote the security in intelligent scene. In addition, in the passive mode, the terminal device waits for test data actively fed back from the LoRaWAN to be detected, so that on one hand, the test efficiency is improved, and on the other hand, the terminal device does not need to actively send instructions and the like to each component in the LoRaWAN to be detected, and therefore the power consumption of the terminal device is saved, and processing resources are reduced.

Optionally, on the basis of the embodiment corresponding to fig. 7, in another optional embodiment provided in the embodiment of the present application, the test data includes sensor network data and ethernet network data;

the method comprises the steps that a server receives test data which are sent by a terminal device and correspond to public loopholes and exposed CVE types, dangerous port loopholes, gateway authentication access, communication protocol authorization access, Remote Procedure Call (RPC) authorization access, password login and database authorization access in a LoRaWAN to be detected;

and the server generates network detection results aiming at LoRaWAN node equipment, LoRaWAN gateway equipment and a network server in the LoRaWAN to be detected according to the test data corresponding to the CVE type, the dangerous port loophole, gateway authentication access, communication protocol authorization access, RPC authorization access, password login and database authorization access.

In this embodiment, a method for generating test data in an active mode is described. In the active mode, a terminal device serving as a terminal test end generates a corresponding data packet according to a target attack type, then sends the data packet corresponding to the target attack type to a device to be tested in the LoRaWAN to be tested, and the device to be tested generates a response based on the data packet, namely generates feedback data, wherein the feedback data can be used as test data. And finally, the equipment to be detected sends feedback data to the terminal equipment, namely the terminal equipment acquires the feedback data through the data sniffing module. It should be noted that the device to be detected may be one or more of a LoRaWAN node device, a LoRaWAN gateway device, and a network server, which is not limited herein.

Specifically, assuming that after the CVE-2020 and 11068 data packet for the LoRaWAN node device is sent, the feedback data includes the vulnerability detection result of the CVE-2020 and 11068 types, the server may determine whether the LoRaWAN node device has a vulnerability of the CVE-2020 and 11068 types based on the vulnerability detection result of the CVE-2020 and 11068 types.

After the data packet for the opening of the high-risk port of the LoRaWAN gateway is sent, the feedback data comprises a detection result of the opening of the high-risk port, and the server can determine whether the LoRaWAN gateway equipment opens the high-risk port or not based on the detection result of the opening of the high-risk port.

After the data packet for the LoRaWAN gateway which is not authenticated and accessed is supposed to be sent, the feedback data comprises the vulnerability detection result of the unauthorized access, and the server can determine whether the LoRaWAN gateway equipment has the vulnerability of the unauthorized access or not based on the vulnerability detection result of the unauthorized access.

After the data packet which is not authorized to be accessed by the MQTT protocol and is aimed at the LoRaWAN network server is sent, the feedback data comprises the detection result of the unauthorized access of the MQTT protocol, and the server can determine whether the vulnerability of the unauthorized access of the MQTT protocol exists in the network server or not based on the detection result of the unauthorized access of the MQTT protocol.

Assuming that after the gRPC unauthorized access data packet for the LoRaWAN network server is sent, the feedback data includes a detection result of unauthorized access of the gRPC, and the server may determine whether the network server has a vulnerability of unauthorized access of the gRPC based on the detection result of unauthorized access of the gRPC.

After the weak password login test data packet for the LoRaWAN network server is supposed to be sent, the feedback data comprise the detection result of the weak password login of the HTTP background server, and the server can determine whether the vulnerability of the weak password login of the HTTP background server exists in the network server or not based on the detection result of the weak password login of the HTTP background server.

After the database unauthorized access test data packet for the LoRaWAN network server is sent, the feedback data comprises a detection result of the database unauthorized access, and the server can determine whether the network server has a vulnerability of the database unauthorized access based on the detection result of the database unauthorized access.

Secondly, in the embodiment of the application, a mode for generating test data in an active mode is provided, through the above mode, the terminal device serving as a terminal test end can generate and send a test data packet according to a currently deployed network, and finally, the security of the LoRaWAN to be detected is judged according to received feedback data, so that the security evaluation of project deployment personnel and acceptance personnel can be accurately and objectively facilitated, or the security detection of an existing network scheme is performed, and the security of an intelligent scene is improved. In addition, in the active mode, the terminal device can actively detect the content to be detected, thereby improving the flexibility and diversity of detection.

For convenience of understanding, please refer to fig. 8, where fig. 8 is a schematic diagram of a framework of cloud analysis feedback in the embodiment of the present application, and as shown in the figure, the feature analysis module may perform detection on the LoRaWAN node device, detection on the LoRaWAN gateway device, and detection on the network server, where the detection contents are as described in the foregoing embodiments, and thus are not described herein again. And the result display module displays the network detection result in a mailbox mode or a platform mode and the like, the network detection result can respectively give different risk prompts according to different safety risks, and a user repair suggestion is given. The safety of the LoRaWAN is reasonably and objectively evaluated by the checking and accepting members, the existing network safety risk can be verified, a reinforcement suggestion is provided, the safety of the whole LoRaWAN project is improved, and the deployment quality is guaranteed.

Compared with the safety research of the LoRaWAN network at present, the LoRaWAN network safety defect assessment method and the LoRaWAN safety defect assessment system fill up the current situation that no LoRaWAN safety defect assessment detection tool or scheme exists in the market, and meanwhile, the LoRaWAN safety defect assessment method and the LoRaWAN safety defect assessment system can be used for acceptance check or detection of the safety of the LoRaWAN network project deployment.

Referring to fig. 9, fig. 9 is a schematic diagram of an embodiment of a network detection apparatus in an embodiment of the present application, where the network detection apparatus 30 includes:

the access module 301 is used for accessing to a long-distance wide area network to be detected, namely LoRaWAN, wherein the LoRaWAN to be detected is a communication network among LoRaWAN node equipment, LoRaWAN gateway equipment and a network server;

an obtaining module 302, configured to obtain test data for a to-be-detected LoRaWAN, where the test data includes at least one of sensing network data and ethernet network data, the sensing network data includes data of a LoRaWAN node device and data of a LoRaWAN gateway device, and the ethernet network data includes data of the LoRaWAN gateway device and data of a network server;

the sending module 303 is configured to send the test data to the server, so that the server performs feature analysis on the test data to generate a network detection result for the to-be-detected LoRaWAN, where the network detection result indicates a detection result of network security.

In the embodiment of the application, a network detection device is provided, and by adopting the device, based on sensing network data and ethernet data, LoRaWAN node equipment, LoRaWAN gateway equipment and a network server are detected, namely, from the perspective of the whole network architecture, key components in LoRaWAN are automatically detected, risks caused by lack of safety experience or insufficient safety consciousness of project deployment personnel are made up, and therefore the reliability of LoRaWAN deployment is improved.

Alternatively, on the basis of the above-mentioned embodiment of fig. 9, in another embodiment of the network detection apparatus 30 provided in the embodiment of the present application,

an obtaining module 302, configured to obtain ethernet data if the access to the ethernet included in the to-be-detected LoRaWAN is detected;

In the embodiment of the application, a network detection device is provided, and by using the device, a terminal device can determine one or more specific network types according to an accessed LoRaWAN to be detected, if only a sensor network is accessed, the terminal device only detects data related to LoRaWAN node equipment and LoRaWAN gateway equipment in the subsequent process, and if only an Ethernet network is accessed, the terminal device only detects data related to a server and LoRaWAN gateway equipment in the subsequent process, so that the detection flexibility can be improved, equipment detection can be realized aiming at the ground, and the diversity of a scheme is improved.

the obtaining module 302 is specifically configured to obtain a network state of the LoRaWAN to be detected as test data when the device to be detected is in a power-on network access state or a normal operation state, where the device to be detected is at least one of a LoRaWAN node device, a LoRaWAN gateway device, and a network server.

In the embodiment of the application, a network detection device is provided, adopt above-mentioned device, the terminal equipment as terminal test end can carry out data according to the network of current deployment and sniff, finally judges the security of waiting to detect LoRaWAN according to the test data who sniffs to can help project deployment personnel and acceptance staff accurately and objectively carry out safety assessment, or carry out safety inspection to the present network scheme, promote the security in intelligent scene. In addition, in the passive mode, the terminal device waits for test data actively fed back from the LoRaWAN to be detected, so that on one hand, the test efficiency is improved, and on the other hand, the terminal device does not need to actively send instructions and the like to each component in the LoRaWAN to be detected, and therefore the power consumption of the terminal device is saved, and processing resources are reduced.

Optionally, on the basis of the embodiment of fig. 9, in another embodiment of the network detection apparatus 30 provided in the embodiment of the present application, the test data includes sensor network data;

the obtaining module 302 is specifically configured to obtain sensor network data of the LoRaWAN to be detected when the LoRaWAN node device is in a power-on network access state or a normal operation state, where the sensor network data includes at least one of a key agreement data packet and key encryption data of the LoRaWAN node device.

In the embodiment of the present application, a network detection apparatus is provided, and with the above apparatus, considering that for key detection, a LoRaWAN node device generally does not actively feed back data, therefore, a passive mode may be adopted to wait for the LoRaWAN node device to send back at least one of a key agreement data packet and key encryption data, thereby improving reliability of detection. In addition, the passive test can also be used for monitoring whether an attack condition exists in real time, so that the safety of component communication in LoRaWAN is improved.

an obtaining module 302, configured to specifically generate a data packet corresponding to a target attack type;

and receiving the feedback data as test data.

In the embodiment of the application, a network detection device is provided, and by adopting the device, terminal equipment serving as a terminal test end can generate and send a test data packet according to a currently deployed network, and finally judges the security of the LoRaWAN to be detected according to received feedback data, so that the security evaluation of project deployment personnel and acceptance personnel can be accurately and objectively assisted, or the security detection is carried out on an existing network scheme, and the security of an intelligent scene is improved. In addition, in the active mode, the terminal device can actively detect the content to be detected, thereby improving the flexibility and diversity of detection.

an obtaining module 302, configured to generate a data packet for a common vulnerability and an exposed CVE type;

In the embodiment of the application, a network detection device is provided, and by using the device, it is considered that for CVE vulnerability detection, a LoRaWAN node device generally feeds back data actively, so that a data packet for a CVE type can be sent to the LoRaWAN node device in an active mode, so that the LoRaWAN node device generates feedback data according to the data packet for the CVE type, thereby improving detection flexibility, simulating real network attack, and improving detection reliability.

Optionally, on the basis of the embodiment of fig. 9, in another embodiment of the network detection apparatus 30 provided in the embodiment of the present application, the test data includes sensing network data or ethernet network data;

an obtaining module 302, specifically configured to generate a data packet for a dangerous port vulnerability;

or, generating a data packet for gateway authentication access;

In the embodiment of the application, a network detection device is provided, and by using the above device, it is considered that for detection of a dangerous port vulnerability and detection of gateway authentication access, data is usually actively fed back by a LoRaWAN node device, so that a data packet aiming at detection of the dangerous port vulnerability and detection of gateway authentication access can be sent to the LoRaWAN node device in an active mode, so that the LoRaWAN node device generates test data according to the data packet aiming at detection of the dangerous port vulnerability and detection of gateway authentication access, thereby improving detection flexibility, simulating real network attack, and improving detection reliability.

Optionally, on the basis of the embodiment of fig. 9, in another embodiment of the network detection apparatus 30 provided in the embodiment of the present application, the test data includes ethernet data;

an obtaining module 302, specifically configured to generate a data packet authorized to be accessed by a communication protocol;

or generating a data packet for Remote Procedure Call (RPC) authorized access;

or generating a data packet for password login;

or, generating a data packet for authorized access to the database;

In the embodiment of the application, a network detection device is provided, and by using the device, it is considered that for communication protocol authorization detection, RPC authorization access detection, password login detection and database authorization access detection, data is usually actively fed back by a LoRaWAN node device, so that a data packet aiming at the communication protocol authorization detection, the RPC authorization access detection, the password login detection and the database authorization access detection can be sent to the LoRaWAN node device in an active mode, so that the LoRaWAN node device generates test data according to the data packet aiming at the communication protocol authorization detection, the RPC authorization access detection, the password login detection and the database authorization access detection, thereby improving the flexibility of detection, simulating real network attack and improving the reliability of detection.

Referring to fig. 10, fig. 10 is a schematic diagram of an embodiment of a network detection apparatus in an embodiment of the present application, where the network detection apparatus 40 includes:

the receiving module 401 is configured to receive test data, which is sent by a terminal device and is directed to a to-be-detected LoRaWAN when the terminal device is accessed to the to-be-detected long-distance wide area network LoRaWAN, where the to-be-detected LoRaWAN is a network communicated among LoRaWAN node devices, LoRaWAN gateway devices, and a network server, the test data includes at least one of sensing network data and ethernet network data, the sensing network data includes data of the LoRaWAN node devices and data of the LoRaWAN gateway devices, and the ethernet network data includes data of the LoRaWAN gateway devices and data of the network server;

a generating module 402, configured to perform feature analysis on the test data to generate a network detection result for the to-be-detected LoRaWAN, where the network detection result indicates a detection result of network security.

Optionally, on the basis of the embodiment of fig. 10, in another embodiment of the network detection apparatus 40 provided in the embodiment of the present application, the test data includes sensor network data;

the receiving module 401 is specifically configured to receive, when the LoRaWAN node device is in a power-on network access state or a normal operation state, sensing network data of the LoRaWAN to be detected, where the sensing network data includes at least one of a key negotiation data packet of the LoRaWAN node device and key encryption data, and the sensing network data is sent by the terminal device;

the generating module 402 is specifically configured to perform feature analysis on at least one of the key agreement data packet and the key encryption data to generate a network detection result for the LoRaWAN node device in the LoRaWAN to be detected.

Optionally, on the basis of the embodiment of fig. 10, in another embodiment of the network detection apparatus 40 provided in the embodiment of the present application, the test data includes sensing network data and ethernet network data;

the receiving module 401 is specifically configured to receive test data, which is sent by the terminal device and corresponds to public vulnerabilities and exposed CVE types, vulnerability ports, gateway authentication access, communication protocol authorization access, Remote Procedure Call (RPC) authorization access, password login, and database authorization access in the to-be-detected LoRaWAN;

the generating module 402 is specifically configured to generate a network detection result for a LoRaWAN node device, a LoRaWAN gateway device, and a network server in a LoRaWAN to be detected according to test data corresponding to a CVE type, a vulnerability of a dangerous port, gateway authentication access, communication protocol authorization access, RPC authorization access, password login, and database authorization access.

The embodiment of the present application further provides another network detection apparatus, which may be deployed in a terminal device, as shown in fig. 11, for convenience of description, only a portion related to the embodiment of the present application is shown, and details of the specific technology are not disclosed, please refer to the method portion of the embodiment of the present application. The terminal device may be any terminal device including a mobile phone, a tablet computer, a Personal Digital Assistant (PDA), a Point of Sales (POS), a vehicle-mounted computer, and the like, taking the terminal device as a Personal computer as an example:

fig. 11 is a block diagram showing a partial structure of a personal computer related to a terminal device provided in an embodiment of the present application. Referring to fig. 11, the personal computer includes: radio Frequency (RF) circuit 510, memory 520, input unit 530, display unit 540, sensor 550, audio circuit 560, wireless fidelity (WiFi) module 570, processor 580, and power supply 590. Those skilled in the art will appreciate that the personal computer configuration shown in FIG. 11 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.

The following describes each component of the personal computer with reference to fig. 11:

RF circuit 510 may be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, for processing downlink information of a base station after receiving the downlink information to processor 580; in addition, the data for designing uplink is transmitted to the base station. In general, RF circuit 510 includes, but is not limited to, an antenna, at least one Amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, RF circuit 510 may also communicate with networks and other devices via wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to Global System for Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, Short Messaging Service (SMS), and the like.

The memory 520 may be used to store software programs and modules, and the processor 580 may execute various functional applications of the personal computer and data processing by operating the software programs and modules stored in the memory 520. The memory 520 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the personal computer, and the like. Further, the memory 520 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The input unit 530 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the personal computer. Specifically, the input unit 530 may include a touch panel 531 and other input devices 532. The touch panel 531, also called a touch screen, can collect touch operations of a user on or near the touch panel 531 (for example, operations of the user on or near the touch panel 531 by using any suitable object or accessory such as a finger or a stylus pen), and drive the corresponding connection device according to a preset program. Alternatively, the touch panel 531 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, and sends the touch point coordinates to the processor 580, and can receive and execute commands sent by the processor 580. In addition, the touch panel 531 may be implemented by various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The input unit 530 may include other input devices 532 in addition to the touch panel 531. In particular, other input devices 532 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.

The display unit 540 may be used to display information input by a user or information provided to the user and various menus of the personal computer. The Display unit 540 may include a Display panel 541, and optionally, the Display panel 541 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch panel 531 may cover the display panel 541, and when the touch panel 531 detects a touch operation on or near the touch panel 531, the touch panel is transmitted to the processor 580 to determine the type of the touch event, and then the processor 580 provides a corresponding visual output on the display panel 541 according to the type of the touch event. Although the touch panel 531 and the display panel 541 are shown as two separate components in fig. 11 to implement the input and output functions of the pc, in some embodiments, the touch panel 531 and the display panel 541 may be integrated to implement the input and output functions of the pc.

The personal computer may also include at least one sensor 550, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor for adjusting the brightness of the display panel 541 according to the brightness of ambient light, and a proximity sensor for turning off the display panel 541 and/or the backlight when the personal computer is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used for applications (such as horizontal and vertical screen switching, related games, magnetometer attitude calibration) for identifying the attitude of a personal computer, and related functions (such as pedometer and tapping) for vibration identification; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured in the pc, the description thereof is omitted.

Audio circuitry 560, speaker 561, and microphone 562 may provide an audio interface between a user and a personal computer. The audio circuit 560 may transmit the electrical signal converted from the received audio data to the speaker 561, and convert the electrical signal into a sound signal by the speaker 561 for output; on the other hand, the microphone 562 converts the collected sound signal into an electrical signal, which is received by the audio circuit 560 and converted into audio data, which is then processed by the audio data output processor 580, and then transmitted to, for example, another personal computer via the RF circuit 510, or output to the memory 520 for further processing.

WiFi belongs to a short-distance wireless transmission technology, and a personal computer can help a user send and receive e-mails, browse webpages, access streaming media and the like through the WiFi module 570, and provides wireless broadband internet access for the user. Although fig. 11 shows the WiFi module 570, it is understood that it does not belong to the essential constitution of the personal computer, and may be omitted entirely as needed within the scope not changing the essence of the invention.

The processor 580 is a control center of the personal computer, connects various parts of the entire personal computer by various interfaces and lines, performs various functions of the personal computer and processes data by operating or executing software programs and/or modules stored in the memory 520 and calling data stored in the memory 520, thereby monitoring the personal computer as a whole. Alternatively, processor 580 may include one or more processing units; optionally, processor 580 may integrate an application processor, which handles primarily the operating system, user interface, applications, etc., and a modem processor, which handles primarily the wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 580.

The personal computer also includes a power supply 590 (e.g., a battery) for powering the various components, which may optionally be logically coupled to the processor 580 via a power management system, such that the power management system may be used to manage charging, discharging, and power consumption.

Although not shown, the personal computer may further include a camera, a bluetooth module, etc., which will not be described herein.

The steps performed by the terminal device in the above-described embodiment may be based on the terminal device structure shown in fig. 11.

Fig. 12 is a schematic structural diagram of a server according to an embodiment of the present application, where the server 600 may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 622 (e.g., one or more processors) and a memory 632, and one or more storage media 630 (e.g., one or more mass storage devices) for storing applications 642 or data 644. Memory 632 and storage medium 630 may be, among other things, transient or persistent storage. The program stored in the storage medium 630 may include one or more modules (not shown), each of which may include a series of instruction operations for the server. Still further, the central processor 622 may be configured to communicate with the storage medium 630 and execute a series of instruction operations in the storage medium 630 on the server 600.

The Server 600 may also include one or more power supplies 626, one or more wired or wireless network interfaces 650, one or more input-output interfaces 658, and/or one or more operating systems 641, such as a Windows Server^TM，Mac OS X^TM，Unix^TM,Linux^TM，FreeBSD^TMAnd so on.

The steps performed by the server in the above embodiment may be based on the server structure shown in fig. 12.

Embodiments of the present application also provide a computer-readable storage medium, in which a computer program is stored, and when the computer program runs on a computer, the computer is caused to execute the method described in the foregoing embodiments.

Embodiments of the present application also provide a computer program product including a program, which, when run on a computer, causes the computer to perform the methods described in the foregoing embodiments.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims

1. A method of network detection, comprising:

acquiring test data aiming at the LoRaWAN to be detected, wherein the test data comprises at least one of sensing network data and Ethernet data, the sensing network data comprises data of the LoRaWAN node equipment and data of the LoRaWAN gateway equipment, and the Ethernet data comprises data of the LoRaWAN gateway equipment and data of the network server;

2. The method of claim 1, wherein the obtaining test data for the LoRaWAN to be detected comprises:

if the LoRaWAN to be detected is accessed to the Ethernet, acquiring the Ethernet data;

if the LoRaWAN to be detected is accessed to the sensing network included in the LoRaWAN to be detected, acquiring the data of the sensing network;

and if the LoRaWAN to be detected is accessed to the Ethernet and the sensing network, acquiring the Ethernet data and the sensing network data.

3. The method according to claim 1 or 2, wherein the obtaining test data for the LoRaWAN to be detected comprises:

and when the equipment to be detected is in a starting network access state or a normal operation state, acquiring the network state of the LoRaWAN to be detected as the test data, wherein the equipment to be detected is at least one of the LoRaWAN node equipment, the LoRaWAN gateway equipment and the network server.

4. The method of claim 3, wherein the test data comprises the sensor network data;

when the device to be detected is in a power-on network access state or a normal operation state, acquiring a network state of the LoRaWAN to be detected as the test data, including:

and when the LoRaWAN node equipment is in a starting network access state or a normal operation state, acquiring the sensing network data of the LoRaWAN to be detected, wherein the sensing network data comprises at least one item of key negotiation data messages and key encryption data of the LoRaWAN node equipment.

5. The method according to claim 1 or 2, wherein the obtaining test data for the LoRaWAN to be detected comprises:

generating a data packet corresponding to the target attack type;

sending a data packet corresponding to the target attack type to a device to be detected in the LoRaWAN to be detected, so that the device to be detected generates feedback data according to the data packet corresponding to the target attack type;

and receiving the feedback data as the test data.

6. The method of claim 5, wherein the test data comprises the sensor network data;

the generating of the data packet corresponding to the target attack type includes:

generating a data packet for a common vulnerability and an exposed CVE type;

the sending the data packet corresponding to the target attack type to the device to be detected in the LoRaWAN to be detected so that the device to be detected generates feedback data according to the data packet corresponding to the target attack type includes:

and sending a data packet aiming at the CVE type to the LoRaWAN node equipment in the LoRaWAN to be detected, so that the LoRaWAN node equipment generates the feedback data according to the data packet aiming at the CVE type.

7. The method of claim 5, wherein the test data comprises the sensor network data or the Ethernet network data;

generating a data packet for the dangerous port vulnerability;

or, generating a data packet for gateway authentication access;

if a data packet aiming at the dangerous port vulnerability is generated, sending the data packet aiming at the dangerous port vulnerability to LoRaWAN gateway equipment in the LoRaWAN to be detected, so that the equipment to be detected generates the feedback data according to the data packet aiming at the dangerous port vulnerability;

and if the data packet for the gateway authentication access is generated, sending the data packet for the gateway authentication access to the LoRaWAN gateway equipment in the LoRaWAN to be detected, so that the equipment to be detected generates the feedback data according to the data packet for the gateway authentication access.

8. The method of claim 5, wherein the test data comprises the Ethernet data;

generating a data packet for authorized access to the communication protocol;

or generating a data packet for Remote Procedure Call (RPC) authorized access;

or generating a data packet for password login;

or, generating a data packet for authorized access to the database;

if a data packet for the communication protocol authorized access is generated, sending the data packet for the communication protocol authorized access to the network server in the LoRaWAN to be detected, so that the equipment to be detected generates the feedback data according to the data packet for the communication protocol authorized access;

if a data packet for the RPC authorized access is generated, sending the data packet for the RPC authorized access to the network server in the LoRaWAN to be detected, so that the equipment to be detected generates the feedback data according to the data packet for the RPC authorized access;

if a data packet for password login is generated, sending the data packet for password login to the network server in the LoRaWAN to be detected, so that the equipment to be detected generates the feedback data according to the data packet for password login;

and if the data packet for the authorized access of the database is generated, sending the data packet for the authorized access of the database to the network server in the LoRaWAN to be detected, so that the device to be detected generates the feedback data according to the data packet for the authorized access of the database.

9. A method of network detection, comprising:

when a terminal device is accessed to a long-distance wide area network LoRaWAN to be detected, receiving test data which are sent by the terminal device and aim at the LoRaWAN to be detected, wherein the LoRaWAN to be detected is a communication network among LoRaWAN node devices, LoRaWAN gateway devices and a network server, the test data comprise at least one of sensing network data and Ethernet network data, the sensing network data comprise data of the LoRaWAN node devices and data of the LoRaWAN gateway devices, and the Ethernet network data comprise data of the LoRaWAN gateway devices and data of the network server;

10. The method of claim 9, wherein the test data comprises the sensor network data;

the receiving of the test data, which is sent by the terminal device and is specific to the to-be-detected LoRaWAN, includes:

when the LoRaWAN node equipment is in a starting-up network access state or a normal operation state, receiving the sensing network data of the LoRaWAN to be detected, which is sent by the terminal equipment, wherein the sensing network data comprises at least one of a key negotiation data message and key encryption data of the LoRaWAN node equipment;

the performing feature analysis on the test data to generate a network detection result for the to-be-detected LoRaWAN includes:

and performing characteristic analysis on at least one of the key negotiation data message and the key encryption data to generate a network detection result aiming at the LoRaWAN node equipment in the LoRaWAN to be detected.

11. The method of claim 9, wherein the test data includes the sensor network data and the ethernet network data;

receiving test data which are sent by the terminal equipment and correspond to public loopholes and exposed CVE types, dangerous port loopholes, gateway authentication access, communication protocol authorization access, Remote Procedure Call (RPC) authorization access, password login and database authorization access in a LoRaWAN to be detected;

and generating network detection results aiming at the LoRaWAN node equipment, the LoRaWAN gateway equipment and the network server in the LoRaWAN to be detected according to the CVE type, the dangerous port loophole, the gateway authentication access, the communication protocol authorized access, the RPC authorized access, the password login and the test data corresponding to the database authorized access.

12. A network sensing apparatus, comprising:

the acquisition module is used for acquiring test data aiming at the LoRaWAN to be detected, wherein the test data comprises at least one of sensing network data and Ethernet data, the sensing network data comprises data of the LoRaWAN node equipment and data of the LoRaWAN gateway equipment, and the Ethernet data comprises data of the LoRaWAN gateway equipment and data of the network server;

and the sending module is used for sending the test data to a server so that the server performs characteristic analysis on the test data to generate a network detection result aiming at the LoRaWAN to be detected, wherein the network detection result represents a detection result of network security.

13. A network sensing apparatus, comprising:

the receiving module is used for receiving test data which are sent by the terminal equipment and aim at the LoRaWAN to be detected when the terminal equipment is accessed to a long-distance wide area network LoRaWAN to be detected, wherein the LoRaWAN to be detected is a communication network among LoRaWAN node equipment, LoRaWAN gateway equipment and a network server, the test data comprise at least one of sensing network data and Ethernet data, the sensing network data comprise data of the LoRaWAN node equipment and data of the LoRaWAN gateway equipment, and the Ethernet data comprise data of the LoRaWAN gateway equipment and data of the network server;

14. A terminal device, comprising: a memory, a processor, and a bus system;

wherein the memory is used for storing programs;

the processor for executing the program in the memory, the processor for performing the method of any one of claims 1 to 8 according to instructions in program code;

15. A server, comprising: a memory, a processor, and a bus system;

wherein the memory is used for storing programs;

the processor for executing the program in the memory, the processor for performing the method of any of claims 9 to 11 according to instructions in program code;

16. A computer-readable storage medium comprising instructions which, when executed on a computer, cause the computer to perform the method of any of claims 1 to 8, or perform the method of any of claims 9 to 11.