CN106921658A - A kind of router device safety protecting method and system - Google Patents

A kind of router device safety protecting method and system Download PDF

Info

Publication number
CN106921658A
CN106921658A CN201710079278.6A CN201710079278A CN106921658A CN 106921658 A CN106921658 A CN 106921658A CN 201710079278 A CN201710079278 A CN 201710079278A CN 106921658 A CN106921658 A CN 106921658A
Authority
CN
China
Prior art keywords
router
visitor
face
module
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710079278.6A
Other languages
Chinese (zh)
Inventor
何海洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Feixun Data Communication Technology Co Ltd
Original Assignee
Shanghai Feixun Data Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Feixun Data Communication Technology Co Ltd filed Critical Shanghai Feixun Data Communication Technology Co Ltd
Priority to CN201710079278.6A priority Critical patent/CN106921658A/en
Publication of CN106921658A publication Critical patent/CN106921658A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • G06V40/168Feature extraction; Face representation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • General Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Human Computer Interaction (AREA)
  • Biomedical Technology (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Collating Specific Patterns (AREA)
  • Image Analysis (AREA)

Abstract

The invention discloses a kind of router device safety protecting method, including:Obtain visitor's facial image;Identification visitor's facial image, extracts face characteristic, and face characteristic is matched with the training face characteristic for prestoring, if can match, allows visitor to pass through router access network or remote bind;Otherwise, denied access person accesses or remote bind request.In addition router device security protection system is also disclosed, including at least one router, and the server being connected with router, also include being integrated in the image typing module in router or in the intelligent terminal being connected with router communication, server includes signal dispatcher module, memory module, face recognition module, and face recognition module is connected with signal dispatcher module, memory module respectively.Realize that routing device WIFI shares and apparatus bound using face recognition technology, effectively protected WIFI skeleton keys etc. present on market to crack the defect of router password.

Description

A kind of router device safety protecting method and system
Technical field
The present invention relates to router field, more particularly to a kind of router device safety protecting method and system.
Background technology
2016 is the artificial intelligence first year, and " 13 " planning outline proposes " artificial intelligence " once first, will be intelligent hard Part, artificial intelligence are classified as strategic industry development ranks.And especially intelligent router in Intelligent hardware, as broadband it is shared in extremely It is crucial hinge, it is indispensable in smart home, user can be helped to realize the shared of network bandwidth resources.But existing skill Seldom Intelligent routing guard system, application number/Patent No. CN200710099615 can be realized using artificial intelligence technology in art Patent《Wireless adsl routers based on wapi》, there is provided the adsl router of WAPI standards, what compatible country proposed WAPI encryption methods, can allow the more safe and reliable use Wi-Fi bandwidth resources of user to be shared.But the password of the invention Cipher mode is complicated, and majority WIFI decomposers still are able to decryption, network intrusions is carried out to router, or carry out illegal Handset binding.Additionally, when user forgets login password, it is necessary to restarter and carry out password and reset.
The content of the invention
The present invention provides a kind of router device safety protecting method and system, is used to solve protection system of the prior art System defect, has effectively protected WIFI skeleton keys etc. present on market to crack the defect of router password, while user is no longer Worry is forgotten to access WIFI passwords, the present invention, it is intended to realize that routing device WIFI is shared and equipment is tied up using face recognition technology It is fixed, the security protection of enhanced routers equipment.
A kind of router device safety protecting method of the present invention, including step:
S100 obtains visitor's facial image;
S200 recognizes visitor's facial image, face characteristic is extracted, by the face characteristic and the training of human for prestoring Face feature is matched, if can match, into step S300, otherwise, into step S400;
S300 allows the visitor to pass through router access network or remote bind;
S400 refuses Accessor Access's network or remote bind request.
Face recognition technology is applied into Router Security protection above, effectively protects WIFI present on market omnipotent Key etc. cracks the defect of router password, while user no longer worries to forget to access WIFI passwords, only needs brush face to be capable of achieving Log in.Consumer's Experience is greatly enhanced.
Further, also including step:
The pre- typings of S010 allow the multiple images of the user for accessing network or remote bind as training sample and test specimens This;
S020 trains the figure of the user for allowing to access as training sample using the algorithm model of model conversion layer As block matrix, same subscriber test sample image block eigenvalue and training sample image block eigenvalue are obtained, according to the test Sample image block eigenvalue and the average root-mean-square error of training sample image block eigenvalue, obtain level threshold value.
Typing allows the multiple images of the user for accessing network or remote bind to carry out learning training, obtains the image of user Characteristic, is easy to set criterion.
Further, the step S200 includes step:
S210 carries out decomposition dimensionality reduction to visitor's facial image using Non-negative Matrix Factorization method, obtains the visitor The characteristic value of facial image block;
The characteristic value that S220 calculates the facial image block of the visitor is square with the training sample image characteristic value Root error;
Whether S230 judges the root-mean-square error less than or equal to the level threshold value, if so, then enter step S300, Otherwise enter step S400.
This programme employs Non-negative Matrix Factorization method and decomposition dimensionality reduction is carried out to facial image, introduces unsupervised canonical feature Extraction scheme, extracts to face characteristic;By sub-space feature matching mechanisms, the user's face bound and connect will be allowed Feature into base, characteristic matching is carried out with outer visitor.If the characteristic value of the facial image block of visitor and the training sample The root-mean-square error of image feature value then allows the visitor being total to using the router less than or equal to the level threshold value for setting Enjoy broadband resource or remote bind function.
Further, the step S010 includes:
S011 shoots the user for allowing to access network or remote bind by camera, obtains face image data, as Training sample and test sample;
S012 sends to WEB server the face image data through load equalizer;
S013 is stored to HDFS the face image data by message queue Kafka clusters;
S014 flows real-time processing data by the Spark Streaming, and by the data output after treatment to RDS industry Business database.
In WEB server, each single server storage is limited, therefore using HDFS (Hadoop Distributed File System) integrated member file distribution systems, view data storage is in WEB server (cloud service Device) in each server in.Load equalizer be responsible for human face data request be distributed in a service cluster can With server get on storage process, Kafka is distributed post-subscription message system.It is initially developed by LinkedIn companies, Kafka is one distributed, can be divided, persistent log services of redundancy backup.It is mainly for the treatment of active Stream data.By using Kafka message systems in this programme, it is ensured that the accuracy of data transfer, loss of data is prevented. Spark Streaming are a kind of real-time Computational frame of structure on Spark, and it extends Spark and processes extensive streaming The ability of data.Data processing speed is enhanced by flowing real-time processing data using Spark Streaming, is reached in real time It is required that.Data storage after treatment is easy in RDS (Remote Data Service remote date transmissions) Service Database Face identification system is called.
Further, step is also included after the step S400:
S450 counts the visiting number of times of the visitor, judges whether the visiting number of times of the visitor is pre- more than the router If count value, if so, then enter step S460;
The visitor is drawn in blacklist by S460, carries out invasion shielding.
Invasion shielding mechanism, the multiple invader of automatic defensive are set.
On the other hand, present invention also offers a kind of router device security protection system, including at least one router, And the server being connected with the router, also including image typing module, described image typing module is integrated in router Or in the intelligent terminal being connected with the router communication, for shooting typing facial image, wherein, the server Including signal dispatcher module, memory module, face recognition module, the face recognition module receives and dispatches mould with described information respectively Block, memory module are connected, and:
The router obtains visitor's facial image by described image typing module, and by visitor's face figure Signal dispatcher module as being transferred to the server;
The face recognition module of the server recognizes visitor's facial image, face characteristic is extracted, by the people The training face characteristic that face feature prestores with the memory module is matched, and matching result is received and dispatched into mould by described information Block informs the router, if can match, the router allow the visitor by router access network or Person's remote bind, otherwise, refuses Accessor Access's network or remote bind request.
Further, the face recognition module of the server includes training unit, wherein:
Described image typing module typing allows the multiple images of the user for accessing network or remote bind as the people Face identification module is used for training sample and the test sample trained and test;
The training sample and test sample of described image typing module typing are transferred to the clothes by the router The memory module of business device is stored;
The training unit using model conversion layer algorithm model training it is described as training sample allow access The image block matrix of user, obtains same subscriber test sample image block eigenvalue and training sample image block eigenvalue, according to The test sample image block eigenvalue and the average root-mean-square error of training sample image block eigenvalue, obtain level threshold value.
Further, the face recognition module of the server also includes recognition unit and judging unit, the identification list Unit is connected with the training unit and judging unit respectively, wherein:
The recognition unit carries out decomposition dimensionality reduction to visitor's facial image using Non-negative Matrix Factorization method, obtains institute State the characteristic value of visitor's facial image block;
The recognition unit calculates the characteristic value and the training sample image feature of the facial image block of the visitor The root-mean-square error of value;
The judging unit judges whether the root-mean-square error is less than or equal to the threshold value of the standard, and sentences described Disconnected result informs the router by described information transceiver module, if the root-mean-square error is less than or equal to the standard Threshold value, then the router permission visitor is by router access network or remote bind, otherwise, the refusal visit The person of asking accesses network or remote bind request.
Further, the server also includes the data processing module being connected with the memory module, wherein, the clothes Business device is WEB server, and:
The data processing module of the WEB server flows real-time processing visitor people by the Spark Streaming Face image data, and the data after treatment are stored by the memory module.
Further, whether the visiting number of times of visitor described in the router statistics, judge the visiting number of times of the visitor More than the default count value of the router, if so, the visitor then is drawn in into blacklist, invasion shielding is carried out.
It is of the invention compared with existing best technique, the present invention has the beneficial effect that:
1st, the access router WiFi technology of the cipher mode of password, the use of novelty of the present invention are input into for WPA etc. Face recognition technology, carries out face matching, effectively makes up similar WIFI skeleton keys and cracks WIFI passwords, and then access router Or carry out illegal handset binding operation.
2nd, the face recognition scheme that the invention is used, as the guard system of router, when user forgets Password, only needs Will be by intelligent APP or intelligent router typing face information.
3 and artificial intelligence agreeing with background, integrated with industry development direction, it is the intelligence that there is password leakage with universality Can the consistent methodology of hardware offer.
4th, creative introducing invasion shielding count value is proposed, Intelligent hardware business can help user certainly using the program Move or shield foreign invaders manually.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be to that will make needed for embodiment description Accompanying drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill in field, without having to pay creative labor, it can also be obtained according to these accompanying drawings His accompanying drawing.
Fig. 1 is the flow chart of router device safety protecting method embodiment one of the present invention;
Fig. 2 is another embodiment flow chart of router device safety protecting method of the present invention;
Fig. 3 is router device security protection system embodiment block diagram of the present invention;
Fig. 4 is that the system framework in router device security protection system embodiment of the present invention builds schematic diagram;
Fig. 5 is that the face in router device security protection system embodiment of the present invention asks real-time typing layer framework to be illustrated Figure;
Fig. 6 is threshold value setting mechanism flow chart in router device safety protecting method embodiment of the present invention.
Specific embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing the present invention is made into One step ground is described in detail, it is clear that described embodiment is only some embodiments of the invention, rather than whole implementation Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made All other embodiment, belongs to the scope of protection of the invention.
A kind of router device safety protecting method of the present invention, embodiment one is as shown in figure 1, including step:
S100 obtains visitor's facial image;
S200 recognizes visitor's facial image, face characteristic is extracted, by the face characteristic and the training of human for prestoring Face feature is matched, if can match, into step S300, otherwise, into step S400;
S300 allows the visitor to pass through router access network or remote bind;
S400 refuses Accessor Access's network or remote bind request.
The user's face characteristic bound and connect will be allowed to prestore storage in the present embodiment, spy is carried out with outer visitor's feature Matching is levied, if can match, allows the user to use the shared bandwidth resources and remote bind function of the router.This implementation Face recognition technology of the example based on artificial intelligence is combined with router, by face recognition technology, can be very good protection outer Router is conducted interviews to invade visitor, takes the broadband resource of user, and remote handset bindings can be carried out.The present invention There is good protective action to the means that skeleton key etc. cracks WIFI passwords.
Preferably, in above-described embodiment, also including step:
The pre- typings of S010 allow the multiple images of the user for accessing network or remote bind as training sample and test specimens This;
S020 trains the figure of the user for allowing to access as training sample using the algorithm model of model conversion layer As block matrix, same subscriber test sample image block eigenvalue and training sample image block eigenvalue are obtained, according to the test Sample image block eigenvalue and the average root-mean-square error of training sample image block eigenvalue, obtain level threshold value.
Before recognition of face is carried out to visitor, the user of study permission network or remote bind need to be first trained (below Abbreviation validated user) image.By the training of great amount of images, the face information to validated user carries out feature learning, training.Tool Body, Algorithms of Non-Negative Matrix Factorization, NMF are employed, full name is non-negative matrix factorization, Chinese It is " Non-negative Matrix Factorization ".The thought of NMF:V=WH (W weight matrix, H eigenmatrixes, V original matrixs), by calculating from original Matrix extracts two different matrixes of weight and feature out.Belong to an algorithm for unsupervised learning, wherein restrictive condition just It is that all elements in W and H will be more than 0.
The adaptable fields of NMF are very wide, and coming from its local characteristics to things has explanation well.In numerous applications In, NMF can be used to find the characteristics of image in database, be easy to fast automatic identification application;It can be found that the semanteme of document The degree of correlation, for information automatic indexing and extraction;Gene etc. can be recognized in DNA array analysis.We will be to this work one A little descriptions substantially.But maximally effective is exactly image processing field, be image procossing Data Dimensionality Reduction and feature extraction one Plant effective ways.Image includes substantial amounts of data in itself, and computer is typically deposited the information of image according to the form of matrix Put, the identification, analysis and treatment for image are also to be carried out on the basis of matrix.These features enable NMF methods very It is combined with image analysis processing well.
Model conversion layer:The image block nonnegative matrix collection V=[v of the user of the given user data for allowing to access1, v2..., vm], vU, i∈Rm×n, give set matrix R=[r1, r2..., rm], rU, i∈ R, to may have access to WIFI or allow long-range work( The user images block matrix that can be bound.Face recognition algorithms based on Non-negative Matrix Factorization, it is intended to structure forecast matrix Obviously,It is made up of factor W, H of two low-ranks, intrinsic dimensionality is f.Its Mathematical Modeling is to minimize object function to scheme observation As block matrix matrix is minimum with the minimum variance of the prediction matrix for allowing to access, its object function mathematical form is as follows:
Wherein, b is scoring linear bias, and mu is calibrated for constant.
The system uses face recognition technology, in essence, it is intended to which the original face information of typing is carried out into subspace Feature learning, training, whether the WIFI or the face information of apparatus bound of carrying out to be identified is really to be reconstructed after with feature learning Face information matched.The system given threshold discrimination technology, according to large-scale data trained values (same subscriber test specimens The average root-mean-square error of this image value and training sample image value) set the level threshold value of judgement, subsequently to be known Do not judge.
A kind of another embodiment of router device safety protecting method of the present invention, as shown in Fig. 2 including step:
The pre- typings of S010 allow the multiple images of the user for accessing network or remote bind as training sample and test specimens This;
S020 trains the figure of the user for allowing to access as training sample using the algorithm model of model conversion layer As block matrix, same subscriber test sample image block eigenvalue and training sample image block eigenvalue are obtained, according to the test Sample image block eigenvalue and the average root-mean-square error of training sample image block eigenvalue, obtain level threshold value.
S100 obtains visitor's facial image;
S210 carries out decomposition dimensionality reduction to visitor's facial image using Non-negative Matrix Factorization method, obtains the visitor The characteristic value of facial image block;
The characteristic value that S220 calculates the facial image block of the visitor is square with the training sample image characteristic value Root error;
Whether S230 judges the root-mean-square error less than or equal to the level threshold value, if so, then enter step S300, Otherwise enter step S400.
S300 allows the visitor to pass through router access network or remote bind;
S400 refuses Accessor Access's network or remote bind request.
In the present embodiment, after training the characteristic data value and threshold value that learn to get validated user, unknown access Person equally can carry out decomposition cooling to the visitor when application is accessed using Non-negative Matrix Factorization method, extract facial image block Feature, obtains the characteristic value of the facial image block of the visitor.Then the facial image block eigenvalue and instruction of the visitor are calculated Whether the root-mean-square error of the face characteristic value of experienced validated user, judge the error less than or equal to level threshold value, if small In or then judge that the visitor is validated user if being equal to, it is allowed to it passes through router access network or the remote bind road By device, otherwise judge that the user is not validated user, refuse its request.
It is further preferred that the step S010 includes:
S011 shoots the user for allowing to access network or remote bind by camera, obtains face image data, as Training sample and test sample;
S012 sends to WEB server the face image data through load equalizer;
S013 is stored to HDFS the face image data by message queue Kafka clusters;
S014 flows real-time processing data by the Spark Streaming, and by the data output after treatment to RDS industry Business database.
Above-mentioned camera can be the camera on the built-in camera of router, or intelligent terminal, such as The user directly logged in by APP can directly be imaged by mobile phone camera.The present invention is on the basis of router Intelligent hardware On, the mobile phone A PP image input functions using mobile Internet of Things of novelty, with the ingenious combination of face recognition technology, can promote The fast development of current Intelligent hardware.
Load equalizer is used to network request be distributed to available server in a service cluster up, these services The cluster that device is constituted may be collectively referred to as Cloud Server or WEB server, in order to ensure data transfer accuracy, prevent data from losing Lose, the present embodiment additionally uses the distributed message systems of Kafka, by message queue Kafka clusters by the facial image Data storage is to HDFS.HDFS (Hadoop Distributed File System) is a distributed file system.Finally, Additionally use the face request of Spark Streaming stream real-time processing visitors, compared to traditional batch processing, this programme Real-time is higher, can acceleration treatment, real time processed images data.Data storage after treatment is in RDS (Remote Data Service remote date transmissions) in Service Database, even if the benefit of RDS is wherein one server being out of order, also will not The recognition of face of whole system is influenceed, can be by other server process.Data storage after treatment is in RDS Service Databases In after give again face identification system be identified treatment.
Preferably, on the basis of any of the above-described embodiment, step is also included after the step S400:
S450 counts the visiting number of times of the visitor, judges whether the visiting number of times of the visitor is pre- more than the router If count value, if so, then enter step S460;
The visitor is drawn in blacklist by S460, carries out invasion shielding.
The invention introduce invasion shielding count value, to exotic invasive, visitor counts, when count value reach it is pre- If numerical value after, router carries out associated shield.Intelligent hardware business can help the shielding of user's automatic or manual using the program Foreign invaders.
Based on same invention thought, present invention also offers a kind of router device security protection system, the system can Using the safety protecting method in any of the above-described embodiment, specifically, as shown in figure 3, security protection system of the present invention is included extremely A few router 200, and the server 300 being connected with the router 200, also including image typing module 100, the figure As typing module 100 is integrated in router 200 or in the intelligent terminal communicated to connect with the router 200, use In shooting typing facial image, wherein, the server 300 includes signal dispatcher module 310, memory module 330, recognition of face Module 320, the face recognition module 320 is connected with described information transceiver module 310, memory module 330 respectively, and:
The router 200 obtains visitor's facial image by described image typing module 100, and by the visitor Facial image is transferred to the signal dispatcher module 310 of the server 300;
The face recognition module 320 of the server 300 recognizes visitor's facial image, extracts face characteristic, will The training face characteristic that the face characteristic prestores with the memory module 330 is matched, and by matching result by described Signal dispatcher module 310 informs the router 200, if can match, the router 200 allows the visitor to lead to Cross router 200 and access network or remote bind, otherwise, refuse Accessor Access's network or remote bind request.
By face recognition technology come the security protection of enhanced routers equipment, user need to only take the photograph by the way that router is built-in As the APP on head or intelligent terminal carries out captured in real-time upload, router and its server using the camera for carrying Complete the authentication of user, by with prestore allow to access network or bind the validated user image of the router compared It is right, see whether belong to validated user therein, you can determine whether that there is access network or remote bind authority.By recognition of face Technology is applied in the security protection of router, is solved and what majority WIFI decomposer energy decryptions were invaded network Problem, additionally, user is when login password is forgotten, without restarter 200 and carries out password reset, only needs brush face Certification is realized, it is simple and quick, effectively and safe.
Preferably, the face recognition module 320 of the server 300 includes training unit 321, wherein:
The typing of described image typing module 100 allows the multiple images of the user for accessing network or remote bind as described Face recognition module 320 is used for training sample and the test sample trained and test;
Be transferred to for the training sample and test sample of the typing of described image typing module 100 by the router 200 The memory module 330 of the server 300 is stored;
The training unit 321 using model conversion layer algorithm model training it is described as training sample allow access User image block matrix, obtain same subscriber test sample image block eigenvalue and training sample image block eigenvalue, root According to the test sample image block eigenvalue and the average root-mean-square error of training sample image block eigenvalue, standard threshold is obtained Value.
It is worth noting that, level threshold value here, is exactly not necessarily the test sample image block eigenvalue of same subscriber With the average root-mean-square error of training sample image block eigenvalue, the simply reasonable set according to this average root-mean-square error One level threshold value.Certainly, we also can just using this average root-mean-square error as level threshold value.
It is further preferred that the face recognition module 320 of the server 300 also includes recognition unit 322 and judges single Unit 323, the recognition unit 322 is connected with the training unit 321 and judging unit 323 respectively, wherein:
The recognition unit 322 carries out decomposition dimensionality reduction using Non-negative Matrix Factorization method to visitor's facial image, obtains Take the characteristic value of visitor's facial image block;
The characteristic value that the recognition unit 322 calculates the facial image block of the visitor is special with the training sample image The root-mean-square error of value indicative;
The judging unit 323 judge the root-mean-square error whether less than or equal to the standard threshold value, and by institute State judged result and the router 200 is informed by described information transceiver module 310, if the root-mean-square error is less than or equal to The threshold value of the standard, then the router 200 allow the visitor to be accessed by router 200 network or remotely to tie up It is fixed, otherwise, refuse Accessor Access's network or remote bind request.
The present embodiment is specifically described and the technical scheme of recognition of face is carried out by nonnegative matrix, including system training Practise, the setting mechanism of threshold value and follow-up visitor's face judge identification.
Preferably, the server 300 also includes the data processing module 340 being connected with the memory module 330, its In, the server 300 is WEB server, and:
The data processing module 340 of the WEB server flows real-time processing visitor by the Spark Streaming Face image data, and the data after treatment are stored by the memory module 330.
In the present embodiment, server is WEB server 300, that is, Cloud Server, the server big equivalent to Group, due to the not just router that we face, and the memory capacity of individual server is also limited, such as, if largely Router when being required to typing and allowing to login user's face information of router access network or remote bind, then Ke Yitong Overload balanced device is allocated, and assigns it to be processed in the different server in Cloud Server.In order to ensure number According to accuracy, prevent loss of data, can introduce distributed information system, data are through message queue Kafka clusters by face Data storage is to HDFS.Memory space can reasonably be utilized by HDFS.Finally, flowed by Spark Streaming real-time Treatment face image data, and by the data storage after treatment in RDS Service Databases, it is easy to follow-up recognition of face to judge to adjust With.
Preferably, in any of the above-described security protection system embodiment, also including:The router 200 counts the visit Whether the person of asking comes to visit number of times, the visiting number of times of the visitor is judged more than the default count value of the router 200, if so, then The visitor is drawn in into blacklist, invasion shielding is carried out.
Specifically, if visitor A attempts to access that network, if judging after entering recognition of face certification, the visitor A does not possess Access rights, then the visiting number of times of visitor request will be recorded, notify that server end retains the face of the visitor Information, the visitor often comes to visit once, will add up visiting number of times, if visiting number of times reached default count value when Wait, the visitor A will be piped off and be shielded.
Last embodiment of the invention, router device security protection system of the invention uses safety of the invention Means of defence, specifically, including the following aspects:
1st, guard system technology realizes layer:
Framework establishment schematic diagram is as shown in figure 4, implementing process and being:
A () opens router as user, the present invention will limit online or remote bind cell-phone number and carry out the people of remote-control Face information is put in storage that (user directly logged in by APP can be direct by mobile phone camera by the router of built-in camera Storage);
B () present invention is by operation system using face information typing to Service Database as face information to be identified.When When user wishes to be surfed the Net by WIFI next time, it is only necessary to open camera function, typing face information, industry by mobile phone A PP Business this face information of Input of Data;
C () is associated with face information to be identified, calculates according to the recognizer of face system, when identification progress More than defined threshold scope, then user is allowed to access the router or carry out remote bind function.
2nd, face asks real-time typing layer framework map schematic diagram, specific as shown in Figure 5:
A () present invention is by face real time data typing through load equalizer to WEB server;
B (), to ensure data transfer accuracy, data are through message queue Kafka clusters by human face data storage value HDFS;
C () Spark Streaming flow real-time processing data, and by digital output value RDS Service Databases.
3rd, face system solution:
(1) model conversion layer:The image block nonnegative matrix collection V=[v of the user of the given user data for allowing to access1, v2..., vm], vU, i∈Rm×n, give set matrix R=[r1, r2..., rm], rU, i∈ R, to may have access to WIFI or allow long-range work( The user images block matrix that can be bound.Face recognition algorithms based on Non-negative Matrix Factorization, it is intended to structure forecast matrix Obviously,It is made up of factor W, H of two low-ranks, intrinsic dimensionality is f.Its Mathematical Modeling is to minimize object function to scheme observation As block matrix matrix is minimum with the minimum variance of the prediction matrix for allowing to access, its object function mathematical form is as follows:
Wherein, b is scoring linear bias, and mu is calibrated for constant.
(2) threshold value setting and setting count value mechanism
The system uses face recognition technology, in essence, it is intended to which the original face information of typing is carried out into subspace Feature learning, training, whether the WIFI or the face information of apparatus bound of carrying out to be identified is really to be reconstructed after with feature learning Face information matched.The system given threshold discrimination technology, given threshold (according to large-scale data trained values), when logical Cross face identification system calculating threshold value (using the facial image characteristic block value of facial image block value to be identified and typing training, Calculate average root-mean-square error ∝, as threshold value) less than or equal to regulation level threshold value φ, then allow user access WIFI or Remote bind function is allowed, the user of the level threshold value φ for threshold value less than regulation carries out isolated user counting, router master Can sets itself count value be used for protect multiple illegal invasion person, setting count value ∈ (system meeting of the system according to router master Reference value is set), carry out invasion shielding, the multiple invader of automatic protection.Threshold value set mechanism flow chart as shown in fig. 6, including:
S610 reads facial image block value r to be identifiedu,i
S620 calculates ru,iWith the face characteristic value w of the reconstruct of trainingu,khk,iAverage root-mean-square error;
Whether S630 judges the average root-mean-square error ∝ less than or equal to training threshold value (i.e. level threshold value) Φ, if Then enter step S640, otherwise into step S650;
S640 allows user to access WIFI or remote bind;
S650 refuses the guest request, and the visitor is carried out to count μ times;
Whether S660 judges μ more than router master ga(u)ge devise a stratagem numerical value ∈;
If the counting μ values of the S670 visitors are devised a stratagem numerical value ∈ more than router master ga(u)ge, the visitor is shielded.
(3) the selected mechanism of facial image and Threshold-training:
A. the present invention needs the face number of advance typing
Router device guard system based on face recognition technology needs advance typing and trains face characteristic, so Typing allows to access the user of WIFI or remote bind, it is necessary to typing multiple facial image.
B. the Threshold-training value φ of training in advance of the invention
Before the system is realized, the threshold value that can accurately distinguish different faces need to be gone out from magnanimity human face data concentration training. The accuracy of the threshold value, has substantial connection with the size of data sample, and its strategy is:The sample of selected recognition of face to be trained Collection, carries out large-scale training, and calculate the observation people that can recognize that identical face using the algorithm model of model conversion layer Face image value and prediction facial image value average root-mean-square error, the threshold value φ that the value is judged as system, while calculating The observation face value of non-equal facial image and average root-mean-square the error ∝, wherein φ of prediction facial image>∝.
Guard system face identification system realizes that layer false code is as follows:
The present invention provides a kind of smart routing devices guard system of the face recognition technology based on artificial intelligence, using people Face identification technology, can be very good protection exotic invasive visitor and router is conducted interviews, and take the broadband resource of user, and can Remote handset bindings can be carried out.The present invention has good protective action to the means that skeleton key etc. cracks WIFI passwords, Additionally, the system is on the basis of router Intelligent hardware, the mobile phone A PP image typing work(using mobile Internet of Things of novelty Can, with the ingenious combination of face recognition technology, the fast development of current Intelligent hardware can be promoted.
, but those skilled in the art once know basic creation although preferred embodiments of the present invention have been described Property concept, then can make other change and modification to these embodiments.So, appended claims are intended to be construed to include excellent Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out various changes and modification without deviating from essence of the invention to the present invention God and scope.So, if these modifications of the invention and modification belong to the scope of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to comprising these changes and modification.

Claims (10)

1. a kind of router device safety protecting method, it is characterised in that including step:
S100 obtains visitor's facial image;
S200 recognizes visitor's facial image, extracts face characteristic, and the face characteristic is special with the training face for prestoring Levy and matched, if can match, into step S300, otherwise, into step S400;
S300 allows the visitor to pass through router access network or remote bind;
S400 refuses Accessor Access's network or remote bind request.
2. a kind of router device safety protecting method according to claim 1, it is characterised in that also including step:
The pre- typings of S010 allow the multiple images of the user for accessing network or remote bind as training sample and test sample;
S020 trains the image block of the user for allowing to access as training sample using the algorithm model of model conversion layer Matrix, obtains same subscriber test sample image block eigenvalue and training sample image block eigenvalue, according to the test sample Image block characteristics value and the average root-mean-square error of training sample image block eigenvalue, obtain level threshold value.
3. a kind of router device safety protecting method according to claim 2, it is characterised in that the step S200 bags Include step:
S210 carries out decomposition dimensionality reduction to visitor's facial image using Non-negative Matrix Factorization method, obtains visitor's face The characteristic value of image block;
The root mean square of characteristic value and the training sample image characteristic value that S220 calculates the facial image block of the visitor is missed Difference;
Whether S230 judges the root-mean-square error less than or equal to the level threshold value, if so, then enter step S300, otherwise Into step S400.
4. a kind of router device safety protecting method according to claim 2, it is characterised in that the step S010 bags Include:
S011 shoots the user for allowing to access network or remote bind by camera, face image data is obtained, as training Sample and test sample;
S012 sends to WEB server the face image data through load equalizer;
S013 is stored to HDFS the face image data by message queue Kafka clusters;
S014 flows real-time processing data by the Spark Streaming, and by the data output after treatment to RDS business numbers According to storehouse.
5. a kind of router device safety protecting method according to claim any one of 1-4, it is characterised in that described Also include step after step S400:
S450 counts the visiting number of times of the visitor, judges whether the visiting number of times of the visitor is default more than the router Count value, if so, then entering step S460;
The visitor is drawn in blacklist by S460, carries out invasion shielding.
6. a kind of router device security protection system, it is characterised in that including at least one router, and with the router Connected server, also including image typing module, described image typing module be integrated in router or positioned at it is described In the intelligent terminal of router communication connection, for shooting typing facial image, wherein, the server includes information transmit-receive mould Block, memory module, face recognition module, the face recognition module are connected with described information transceiver module, memory module respectively, And:
The router obtains visitor's facial image by described image typing module, and visitor's facial image is passed It is defeated by the signal dispatcher module of the server;
The face recognition module of the server recognizes visitor's facial image, extracts face characteristic, and the face is special Levy the training face characteristic prestored with the memory module to be matched, and matching result is accused by described information transceiver module Know the router, if can match, the router allows the visitor by router access network or remote Journey is bound, and otherwise, refuses Accessor Access's network or remote bind request.
7. a kind of router device security protection system according to claim 6, it is characterised in that the people of the server Face identification module includes training unit, wherein:
Described image typing module typing allows the multiple images of the user for accessing network or remote bind to know as the face Other module is used for training sample and the test sample trained and test;
The training sample and test sample of described image typing module typing are transferred to the server by the router Memory module stored;
The training unit trains the user for allowing to access as training sample using the algorithm model of model conversion layer Image block matrix, same subscriber test sample image block eigenvalue and training sample image block eigenvalue are obtained, according to described Test sample image block eigenvalue and the average root-mean-square error of training sample image block eigenvalue, obtain level threshold value.
8. a kind of router device security protection system according to claim 7, it is characterised in that the people of the server Face identification module also include recognition unit and judging unit, the recognition unit respectively with the training unit and judging unit phase Connect, wherein:
The recognition unit carries out decomposition dimensionality reduction to visitor's facial image using Non-negative Matrix Factorization method, obtains the visit The characteristic value of the person's of asking facial image block;
The recognition unit calculates the characteristic value and the training sample image characteristic value of the facial image block of the visitor Root-mean-square error;
The judging unit judges whether the root-mean-square error is less than or equal to the threshold value of the standard, and judges to tie by described Fruit informs the router by described information transceiver module, if the root-mean-square error is less than or equal to the threshold of the standard Value, then the router permission visitor is by router access network or remote bind, otherwise, the refusal access Person accesses network or remote bind request.
9. a kind of router device security protection system according to claim 7, it is characterised in that the server is also wrapped The data processing module being connected with the memory module is included, wherein, the server is WEB server, and:
The data processing module of the WEB server flows real-time processing visitor's face figure by the Spark Streaming As data, and the data after treatment are stored by the memory module.
10. a kind of router device security protection system according to claim any one of 6-9, it is characterised in that
Whether visitor described in the router statistics comes to visit number of times, judge the visiting number of times of the visitor more than the router Default count value, if so, the visitor then is drawn in into blacklist, carries out invasion shielding.
CN201710079278.6A 2017-02-14 2017-02-14 A kind of router device safety protecting method and system Pending CN106921658A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710079278.6A CN106921658A (en) 2017-02-14 2017-02-14 A kind of router device safety protecting method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710079278.6A CN106921658A (en) 2017-02-14 2017-02-14 A kind of router device safety protecting method and system

Publications (1)

Publication Number Publication Date
CN106921658A true CN106921658A (en) 2017-07-04

Family

ID=59453702

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710079278.6A Pending CN106921658A (en) 2017-02-14 2017-02-14 A kind of router device safety protecting method and system

Country Status (1)

Country Link
CN (1) CN106921658A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107302804A (en) * 2017-08-09 2017-10-27 无锡北斗星通信息科技有限公司 Adaptive WIFI link screening arrangements
CN107733804A (en) * 2017-11-06 2018-02-23 戴惠英 Multifunctional monitoring type wireless router
CN107995122A (en) * 2017-12-08 2018-05-04 深圳市田言智能科技有限公司 A kind of energy-conserving intelligent router
CN107992798A (en) * 2017-11-08 2018-05-04 广东格兰仕集团有限公司 Utilize the application method of image recognition technology bound device
CN113132372A (en) * 2021-04-13 2021-07-16 深圳市奇虎智能科技有限公司 Security monitoring method and system for networking equipment of router, storage medium and computer equipment
CN117880564A (en) * 2024-01-12 2024-04-12 江苏睿鸿网络技术股份有限公司 Intelligent processing system for video application program access request

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060120604A1 (en) * 2004-12-07 2006-06-08 Samsung Electronics Co., Ltd. Method and apparatus for detecting multi-view faces
CN103294199A (en) * 2013-06-09 2013-09-11 华东理工大学 Silent information identifying system based on facial muscle sound signals
CN103402203A (en) * 2013-07-30 2013-11-20 深圳市中兴移动通信有限公司 Biological recognition-based rapid access method and device
CN204392290U (en) * 2015-02-12 2015-06-10 厦门众联世纪科技有限公司 A kind of recognition of face router
CN106255109A (en) * 2016-09-14 2016-12-21 上海斐讯数据通信技术有限公司 Router purview certification method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060120604A1 (en) * 2004-12-07 2006-06-08 Samsung Electronics Co., Ltd. Method and apparatus for detecting multi-view faces
CN103294199A (en) * 2013-06-09 2013-09-11 华东理工大学 Silent information identifying system based on facial muscle sound signals
CN103402203A (en) * 2013-07-30 2013-11-20 深圳市中兴移动通信有限公司 Biological recognition-based rapid access method and device
CN204392290U (en) * 2015-02-12 2015-06-10 厦门众联世纪科技有限公司 A kind of recognition of face router
CN106255109A (en) * 2016-09-14 2016-12-21 上海斐讯数据通信技术有限公司 Router purview certification method and system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107302804A (en) * 2017-08-09 2017-10-27 无锡北斗星通信息科技有限公司 Adaptive WIFI link screening arrangements
CN107302804B (en) * 2017-08-09 2018-06-19 厦门久凌创新科技有限公司 Adaptive WIFI link screening arrangements
CN107733804A (en) * 2017-11-06 2018-02-23 戴惠英 Multifunctional monitoring type wireless router
CN107733804B (en) * 2017-11-06 2018-05-29 北京百卓网络技术有限公司 Multifunctional monitoring type wireless router
CN107992798A (en) * 2017-11-08 2018-05-04 广东格兰仕集团有限公司 Utilize the application method of image recognition technology bound device
CN107995122A (en) * 2017-12-08 2018-05-04 深圳市田言智能科技有限公司 A kind of energy-conserving intelligent router
CN113132372A (en) * 2021-04-13 2021-07-16 深圳市奇虎智能科技有限公司 Security monitoring method and system for networking equipment of router, storage medium and computer equipment
CN117880564A (en) * 2024-01-12 2024-04-12 江苏睿鸿网络技术股份有限公司 Intelligent processing system for video application program access request
CN117880564B (en) * 2024-01-12 2024-06-11 江苏睿鸿网络技术股份有限公司 Intelligent processing system for video application program access request

Similar Documents

Publication Publication Date Title
CN106921658A (en) A kind of router device safety protecting method and system
CN107770263A (en) A kind of internet-of-things terminal safety access method and system based on edge calculations
CN104539598B (en) A kind of improvement Tor secure anonymous network communicating system and method
CN112667717B (en) Transformer substation inspection information processing method and device, computer equipment and storage medium
CN108306887A (en) Internet of Things safety based on block chain protects system with data-privacy
CN109495476A (en) A kind of data flow difference method for secret protection and system based on edge calculations
CN113225736B (en) Unmanned aerial vehicle cluster node authentication method and device, storage medium and computer equipment
CN108810026A (en) A kind of terminal device access authentication method and system based on edge calculations
Wang et al. Disaster relief wireless networks: Challenges and solutions
CN111241561B (en) User certifiable outsourcing image denoising method based on privacy protection
CN107454064A (en) A kind of visitor's authentication method and system based on public number
CN107454040A (en) The login method and device of application
CN108121902A (en) Recognition of face identity Self-certified method and system
CN114024744A (en) Information protection method and artificial intelligence platform based on cloud computing and block chain service
CN109995769A (en) A kind of trans-regional full actual time safety management-control method of multi-tier Heterogeneous
Weng et al. A lightweight anonymous authentication and secure communication scheme for fog computing services
US8386777B2 (en) Method and equipment for controlling access to multicast IP flows
CN115802357B (en) 5G distribution network feeder automation control method, device and storage medium
CN115134080B (en) Data transmission method and device based on security encryption chip
CN106161499A (en) Off-line acquisition system for WLAN
CN116170806B (en) Smart power grid LWM2M protocol security access control method and system
CN107995616A (en) The processing method and device of user behavior data
CN108183906B (en) Time bank management method, server, terminal, storage medium and electronic device
CN116155592A (en) AMI network intrusion detection method based on DCGAN federal semi-supervised learning
CN114124512B (en) WeChat small program supervision method, system and equipment based on flow behavior analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170704